Prosím o kontrolu logu

Zpráva

Michellin · #1 Příspěvek od **Michellin** » 04 kvě 2014 20:40

V poslední době mě trápí velmi zpomalený internet, nevím, jestli je to připojením nebo starým PC (5 let), má mi přijít na kontrolu technik od provozovatele, tak jsem chtěla poprosit, zda mi někdo mrkne na log, aby to nakonec nebylo třeba nějakým virem. Díky moc
****

Logfile of random's system information tool 1.09 (written by random/random)
Run by Michaela at 2014-05-04 21:35:55
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 225 GB (37%) free of 610 GB
Total RAM: 3582 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:36:31, on 4.5.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\PDF24\pdf24.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Michaela\Plocha\RSIT.exe
C:\Program Files\trend micro\Michaela.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {93a3111f-4f74-4ed8-895e-d9708497629e} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: TBSB02843 - {22E4A387-EBFC-442B-B46A-4E7957176FE0} - (no file)
O2 - BHO: Toolbar BHO - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbar.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Search Assistant BHO - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [VideoDownloadConverter Search Scope Monitor] "C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe
O4 - HKLM\..\Run: [mshepaSrv] C:\WINDOWS\inf\mshepa.vbe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; Facicons; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C)" -"http://cs.playmillion.com/lp/005-cs/"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: PHOTOfunSTUDIO HD Edition.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
O8 - Extra context menu item: &Search - http://tbedits.videodownloadconverter.c ... 60809&cv=4
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0 ... rol_32.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4965744125
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{20F6FBEB-FE90-4D47-8588-F7517BF188EF}: NameServer = 89.203.192.1,89.203.192.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{F77C75AD-F6BE-4155-87B1-C4E621A9AC1F}: NameServer = 77.236.211.129,77.236.211.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{20F6FBEB-FE90-4D47-8588-F7517BF188EF}: NameServer = 89.203.192.1,89.203.192.2
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: Služba Google Update (gupdate1c9de285d16a7d6) (gupdate1c9de285d16a7d6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: VideoDownloadConverterService (VideoDownloadConverter_4zService) - COMPANYVERS_NAME - C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbarsvc.exe

--
End of file - 10304 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Michaela\Data aplikací\Mozilla\Firefox\Profiles\jza5elh4.default-1385280420078

prefs.js - "browser.startup.homepage" - "www.fler.cz"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"4zffxtbr@VideoDownloadConverter_4z.com"=C:\Program Files\VideoDownloadConverter_4z\bar\1.bin

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.206 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69]
"Description"=6.0.12.69
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin]
"Description"=VideoDownloadConverter Plugin
"Path"=C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll

C:\Documents and Settings\Michaela\Data aplikací\Mozilla\Firefox\Profiles\jza5elh4.default-1385280420078\extensions\
{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22E4A387-EBFC-442B-B46A-4E7957176FE0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9}]
Toolbar BHO - C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbar.dll [2013-06-08 708168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-08-30 201784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b}]
Search Assistant BHO - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll [2013-06-08 62864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-08-30 201784]
{48586425-6bb7-4f51-8dc6-38c88e3ebb58} - VideoDownloadConverter - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll [2013-06-08 708168]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-08-29 1966080]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-07-16 61440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-04-17 98616]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-08-02 500208]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-08-30 4858968]
"VideoDownloadConverter Search Scope Monitor"=C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zsrchmn.exe [2013-06-08 44784]
"PDFPrint"=C:\Program Files\PDF24\pdf24.exe [2013-06-10 162856]
"mshepaSrv"=C:\WINDOWS\inf\mshepa.vbe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe /automount []
"GoogleDriveSync"=C:\Program Files\Google\Drive\googledrivesync.exe [2014-01-30 21822128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe [2009-03-19 460216]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PHOTOfunSTUDIO HD Edition.lnk - C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-08-01 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2009-01-30 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\GIGABYTE\GEST\run.exe"="C:\Program Files\GIGABYTE\GEST\run.exe:*:Enabled:update"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.DIVX"=divx.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=LameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"vidc.lags"=lagarith.dll
"msacm.ac3filter"=ac3filter.acm
"msacm.divxa32"=DivXa32.acm

======List of files/folders created in the last 1 month======

2014-04-26 17:49:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\VSO
2014-04-10 12:04:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2922229$

======List of files/folders modified in the last 1 month======

2014-05-04 21:36:25 ----D---- C:\Program Files\trend micro
2014-05-04 21:36:10 ----D---- C:\WINDOWS\Temp
2014-05-04 21:36:02 ----D---- C:\WINDOWS\Prefetch
2014-05-04 21:35:38 ----D---- C:\Documents and Settings\Michaela\Data aplikací\Vso
2014-05-04 13:20:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-05-04 08:26:57 ----D---- C:\WINDOWS\system32\config
2014-05-04 08:26:50 ----D---- C:\WINDOWS
2014-05-04 08:26:30 ----D---- C:\WINDOWS\system32
2014-05-04 01:32:48 ----HD---- C:\WINDOWS\inf
2014-05-04 01:32:45 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-05-04 01:32:40 ----D---- C:\WINDOWS\ie8updates
2014-05-04 01:31:37 ----D---- C:\WINDOWS\system32\CatRoot2
2014-04-30 10:12:55 ----A---- C:\WINDOWS\system32\mshtml.dll
2014-04-28 23:13:20 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-04-27 20:48:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\firebird
2014-04-26 17:49:45 ----A---- C:\Documents and Settings\Michaela\Data aplikací\inst.exe
2014-04-26 02:09:01 ----RD---- C:\Program Files
2014-04-26 02:08:05 ----D---- C:\Program Files\Google
2014-04-23 23:15:52 ----SHD---- C:\System Volume Information
2014-04-17 17:12:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-10 12:34:46 ----D---- C:\Program Files\Internet Explorer
2014-04-10 12:04:15 ----A---- C:\WINDOWS\imsins.BAK
2014-04-10 12:04:06 ----SHD---- C:\WINDOWS\Installer
2014-04-10 12:02:00 ----D---- C:\WINDOWS\system32\MRT
2014-04-10 12:01:47 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2013-08-30 49376]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2013-08-30 177864]
R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2007-09-29 65024]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2004-09-23 20576]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-11-15 685816]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2013-08-30 21576]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2013-08-30 49760]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2013-08-30 770344]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2013-08-30 369584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2013-08-30 56080]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2006-02-20 33408]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2013-08-30 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-08-01 3266560]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-05-21 93696]
R3 BCM43XX;ASUS 802.11 ovladač síťového adaptéru; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-02-11 371712]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2013-07-17 60160]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2013-07-17 123008]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2011-06-16 76088]
S3 ET5Drv;ET5Drv; \??\C:\WINDOWS\system32\Drivers\ET5Drv.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 grmnusb;Garmin USB Driver; C:\WINDOWS\system32\drivers\grmnusb.sys [2012-04-18 15720]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-11-15 47360]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2010-12-21 98560]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2010-12-21 14848]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2010-12-21 123776]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2011-06-16 181432]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudserd.sys [2011-06-16 181432]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2009-01-30 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-04-16 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-04-17 102712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-08-01 573440]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-08-30 46808]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2007-06-15 145504]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-07-31 593920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate1c9de285d16a7d6;Služba Google Update (gupdate1c9de285d16a7d6); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-26 133104]
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe []
S2 VideoDownloadConverter_4zService;VideoDownloadConverterService; C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbarsvc.exe [2013-06-08 42504]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-28 257712]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GEST Service;GEST Service for program management.; C:\Program Files\GIGABYTE\GEST\GSvr.exe [2007-12-14 47624]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-26 133104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-03-29 119408]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-02-04 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **Márty84** » 05 kvě 2014 03:17

Zdravim

Neco tam vidim

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Spustte ho.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.

Udelejte !!!kompletni!!! kontrolu s MBAM http://www.bleepingcomputer.com/downloa ... re/dl/241/ a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce. Navod zde http://forum.viry.cz/viewtopic.php?f=29&t=115222

Michellin · #3 Příspěvek od **Michellin** » 05 kvě 2014 21:49

# AdwCleaner v3.207 - Report created 05/05/2014 at 17:14:50
# Updated 05/05/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Michaela - CENTURION
# Running from : C:\Documents and Settings\Michaela\Plocha\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : VideoDownloadConverter_4zService

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\VideoDownloadConverter_4z
Folder Deleted : C:\Program Files\Common Files\Spigot
Folder Deleted : C:\Documents and Settings\Michaela\Local Settings\Data aplikací\iac
Folder Deleted : C:\Documents and Settings\Michaela\Data aplikací\Toolbar4
Folder Deleted : C:\Documents and Settings\Michaela\Data aplikací\VideoDownloadConverter_4z

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.DynamicBarButton
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.DynamicBarButton.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.MultipleButton
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.MultipleButton.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.Radio
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.Radio.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ScriptButton
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ScriptButton.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SkinLauncher
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SkinLauncher.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SkinLauncherSettings
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SkinLauncherSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.UrlAlertButton
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.UrlAlertButton.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.XMLSessionPlugin
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.XMLSessionPlugin.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A1260C1-2964-453F-B0BA-FA429472EB5F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{363D5C92-10DC-4287-93E5-1832EECC48EC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3719959C-1CCD-4FA7-8EBB-7D9DED86FCCB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B41BE90-F731-4137-AFF3-2CA951E7F0D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3D429207-4689-492D-A0E5-CDC5DFBB5005}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4128C64D-F0DD-4811-9405-D22294E8151F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66292684-B2C2-4C7C-B3D2-BF446E30744C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69407823-3494-4400-8D49-612549E8F4EE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6BFF4BCB-7A73-45A7-AC4C-389A34E1D1EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{84B7B98F-E018-4DBB-AB4C-4DDD3DFCB5FB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8FCA5302-6D6D-4645-BF99-D43CF76CE474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99E1F6FD-2E94-4CF6-8344-1BA63CD3BD9B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A86782D8-7B41-452F-A217-1854F72DBA54}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD385519-22E7-4BE2-8A8D-35C66DF4858E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED345812-2722-4DCA-9976-D01832DB44EE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FF48DBA6-5DD8-4D10-9EB0-0FA968502E66}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9083CE-8758-4704-BA57-3C891D7452BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{192F487E-E812-40C0-B0DE-CB4BFA20F37B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D3826A1-F3E8-45D6-94B5-C26D8EC0073B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{37923200-6887-4B44-95D4-CAE8F83ECFEE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3EE17DD1-E28B-4AED-A3B2-9C29CB2C19D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79332472-47F3-4E32-B07F-CF8DF4C58499}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{886F93AD-3CBB-4424-8442-A7340243540F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AA289DBC-59B6-40A5-AC7D-C90DF850289C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BC153A3C-0BB7-4EED-83AE-28E6E398F56E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CA723163-6FAD-43D4-8B93-0D8C52BD9974}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F1F328EB-F5A5-432B-A54C-05F3EF5B0BD8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FB0E8A09-F08C-44CF-9E15-97ADAC016248}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FE8DBB09-C3D3-4477-80CB-D38914B94BB8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{93A3111F-4F74-4ED8-895E-D9708497629E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99E1F6FD-2E94-4CF6-8344-1BA63CD3BD9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A86782D8-7B41-452F-A217-1854F72DBA54}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ED345812-2722-4DCA-9976-D01832DB44EE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D9083CE-8758-4704-BA57-3C891D7452BD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D429207-4689-492D-A0E5-CDC5DFBB5005}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF6E4B1C-DBDE-457E-9CEF-AB8ECAC8A5E8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF6E4B1C-DBDE-457E-9CEF-AB8ECAC8A5E8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{48586425-6BB7-4F51-8DC6-38C88E3EBB58}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{48586425-6BB7-4F51-8DC6-38C88E3EBB58}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{93A3111F-4F74-4ED8-895E-D9708497629E}]
Key Deleted : HKCU\Software\VideoDownloadConverter_4z
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\VideoDownloadConverter_4z
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloadConverter_4zbar Uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VideoDownloadConverter_4zbar Uninstall

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v28.0 (cs)

[ File : C:\Documents and Settings\Michaela\Data aplikací\Mozilla\Firefox\Profiles\jza5elh4.default-1385280420078\prefs.js ]

*************************

AdwCleaner[R0].txt - [13902 octets] - [05/05/2014 17:13:53]
AdwCleaner[S0].txt - [14138 octets] - [05/05/2014 17:14:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14199 octets] ##########

************************************************************************************************

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2014.05.05.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Michaela :: CENTURION [administrátor]

Ochrana: Povolena

5.5.2014 17:29:56
MBAM-log-2014-05-05 (22-48-48).txt

Typ: Kompletní kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 522703
Uplynulý čas: 5 hodin, 18 minut, 1 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|VideoDownloadConverter Search Scope Monitor (PUP.Optional.MindSpark) -> Data: "C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|mshepaSrv (Trojan.Agent.VBSGen) -> Data: C:\WINDOWS\inf\mshepa.vbe -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|4zffxtbr@VideoDownloadConverter_4z.com (PUP.Optional.MindSpark.A) -> Data: C:\Program Files\VideoDownloadConverter_4z\bar\1.bin -> Nebyla provedena žádná instrukce.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 10
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe.vir (PUP.Optional.AudioToAudioToolBar.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Michaela\Dokumenty\Photoshop_CS5\Adobe CS5 - Česky\Adobe.Photoshop.CS5.Extended.v12.0.Keymaker-EMBRACE.exe (Malware.Gen) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Michaela\Dokumenty\My Downloads\bs_IE7pro.exe (PUP.Optional.Conduit) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Michaela\Local Settings\Temp\~+JF3128252170990799464.tmp (Trojan.CryptoDefense) -> Nebyla provedena žádná instrukce.
C:\Program Files\Adobe\Photoshop\Adobe Photoshop CS3 10 CZ\KG + Patch\Extended Version\Option 1\sapscs3.zip (RiskWare.Tool.HCK) -> Nebyla provedena žádná instrukce.
C:\Program Files\Adobe\Photoshop\Adobe Photoshop CS3 10 CZ\KG + Patch\Extended Version\Option 3\Adobe_PhotoShop_CS3_Extended_Patch_By_P!mPdOG.zip (PUP.Hacktool.Patcher) -> Nebyla provedena žádná instrukce.
C:\Program Files\Adobe\Photoshop\Adobe Photoshop CS3 10 CZ\KG + Patch\Standard Version\zwpscs3s.zip (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
C:\Program Files\ConvertXToDVD_3.2.0.52\keygen\Keygen.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{84707723-4404-47A6-956F-5A3051251140}\RP1175\A0262499.exe (PUP.Optional.AudioToAudioToolBar.A) -> Nebyla provedena žádná instrukce.
C:\WINDOWS\inf\mslpgspnu\mslpgspnu.exe (BitcoinMiner) -> Nebyla provedena žádná instrukce.

(konec)

#4 Příspěvek od **Márty84** » 06 kvě 2014 03:19

Postupujte presne v tomto poradi.
1) MBAM nezavirejte, jen minimalizujte.
2) Vymazte/Vypnete vytvareni bodu obnovy http://forum.viry.cz/viewtopic.php?f=46&t=47040 , ale nerestartujte pc.
3) Ted nechte nalezy MBAM odstranit a restartujte pc.
4) Udelejte novy test s MBAM a dejte sem vysledky.

Michellin · #5 Příspěvek od **Michellin** » 08 kvě 2014 14:28

Prosím, mám nechat odstranit jen ty, které program sám zaškrtnul nebo mám zatrhnout všechny?
Díky

#6 Příspěvek od **Márty84** » 08 kvě 2014 14:31

Doporucuji odstranit vsechno

Michellin · #7 Příspěvek od **Michellin** » 08 kvě 2014 19:50

Mám teď ty nalezené věci v záložce "karanténa", mám i tam kliknout na "odstranit"?

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
http://www.malwarebytes.org

Verze: v2014.05.08.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Michaela :: CENTURION [administrátor]

Ochrana: Povolena

8.5.2014 16:08:04
mbam-log-2014-05-08 (16-08-04).txt

Typ: Kompletní kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 524271
Uplynulý čas: 4 hodin, 41 minut, 53 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

#8 Příspěvek od **Márty84** » 09 kvě 2014 02:45

Karantenu muzete vymazat, pak MBAM odinstalujte.

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu a spustte.
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte

Michellin · #9 Příspěvek od **Michellin** » 09 kvě 2014 17:56

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Michaela [Práva správce]
Mód : Kontrola -- Datum : 05/09/2014 18:55:43
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 8 ¤¤¤
[DNS][PUM] HKLM\[...]\CCSet\[...]\{20F6FBEB-FE90-4D47-8588-F7517BF188EF} : NameServer (89.203.192.1,89.203.192.2 [(Unknown Country?) (XX) - (Unknown Country?) (XX)]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CCSet\[...]\{F77C75AD-F6BE-4155-87B1-C4E621A9AC1F} : NameServer (77.236.211.129,77.236.211.130 [CZECH REPUBLIC (CZ) - CZECH REPUBLIC (CZ)]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CS001\[...]\{20F6FBEB-FE90-4D47-8588-F7517BF188EF} : NameServer (89.203.192.1,89.203.192.2 [(Unknown Country?) (XX) - (Unknown Country?) (XX)]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CS001\[...]\{F77C75AD-F6BE-4155-87B1-C4E621A9AC1F} : NameServer (77.236.211.129,77.236.211.130 [CZECH REPUBLIC (CZ) - CZECH REPUBLIC (CZ)]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CS003\[...]\{20F6FBEB-FE90-4D47-8588-F7517BF188EF} : NameServer (89.203.192.1,89.203.192.2 [(Unknown Country?) (XX) - (Unknown Country?) (XX)]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CS003\[...]\{F77C75AD-F6BE-4155-87B1-C4E621A9AC1F} : NameServer (77.236.211.129,77.236.211.130 [CZECH REPUBLIC (CZ) - CZECH REPUBLIC (CZ)]) -> NALEZENO
[HJ][PUM] HKLM\[...]\SystemRestore : DisableSR (1) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 2 ¤¤¤
[All Users][SUSP UNIC] Adobe Reader Speed Launch.lnk : C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk @C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [-][7] -> NALEZENO
[All Users][SUSP UNIC] PHOTOfunSTUDIO HD Edition.lnk : C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\PHOTOfunSTUDIO HD Edition.lnk @C:\PROGRA~1\PANASO~1\PHOTOF~1\PHAUTO~1.EXE [-][-] -> NALEZENO

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Address] EAT @firefox.exe (FREEBL_GetVector) : nssckbi.dll -> HOOKED (C:\Program Files\Mozilla Firefox\freebl3.dll @ 0x0AF01000)

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HD642JJ +++++
--- User ---
[MBR] 3cb278c9698fd7c9cbd1f9d6509ca1bc
[BSP] e87f4d493d868eb75fb91fa194742748 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 610337 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Kindle Internal Storage USB Device +++++
--- User ---
[MBR] ba408919ab03f60ea1b1adb3483f10bb
[BSP] ced091d473ecb1169aa8e78119adf123 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 16 | Size: 3217 MB
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )

Dokončeno : << RKreport[0]_S_05092014_185543.txt >>

#10 Příspěvek od **Márty84** » 10 kvě 2014 00:17

Znovu spustte RogueKiller (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.

Michellin · #11 Příspěvek od **Michellin** » 10 kvě 2014 11:57

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Michaela [Práva správce]
Mód : Odebrat -- Datum : 05/10/2014 12:56:21
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 2 ¤¤¤
[HJ][PUM] HKLM\[...]\SystemRestore : DisableSR (1) -> NAHRAZENO (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 2 ¤¤¤
[All Users][SUSP UNIC] Adobe Reader Speed Launch.lnk : C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk @C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [-][7] -> VYMAZÁNO
[All Users][SUSP UNIC] PHOTOfunSTUDIO HD Edition.lnk : C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\PHOTOfunSTUDIO HD Edition.lnk @C:\PROGRA~1\PANASO~1\PHOTOF~1\PHAUTO~1.EXE [-][-] -> VYMAZÁNO

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Address] EAT @firefox.exe (FREEBL_GetVector) : nssckbi.dll -> HOOKED (C:\Program Files\Mozilla Firefox\freebl3.dll @ 0x0B001000)

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HD642JJ +++++
--- User ---
[MBR] 3cb278c9698fd7c9cbd1f9d6509ca1bc
[BSP] e87f4d493d868eb75fb91fa194742748 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 610337 MB
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_D_05102014_125621.txt >>
RKreport[0]_S_05092014_185543.txt;RKreport[0]_S_05102014_125527.txt

+++

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Michaela [Práva správce]
Mód : Oprava HOSTS -- Datum : 05/10/2014 12:56:58
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost

Dokončeno : << RKreport[0]_H_05102014_125658.txt >>
RKreport[0]_D_05102014_125621.txt;RKreport[0]_S_05092014_185543.txt;RKreport[0]_S_05102014_125527.txt

#12 Příspěvek od **Márty84** » 10 kvě 2014 12:33

Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte ComboFix.
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

Michellin · #13 Příspěvek od **Michellin** » 10 kvě 2014 21:04

ComboFix 14-05-10.01 - Michaela 10.05.2014 21:35:28.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3582.2614 [GMT 2:00]
Spuštěný z: c:\documents and settings\Michaela\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\_ctypes.pyd
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\_elementtree.pyd
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\_hashlib.pyd
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\_multiprocessing.pyd
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\_socket.pyd
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\_ssl.pyd
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\pyexpat.pyd
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\pysqlite2._sqlite.pyd
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\python27.dll
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\pythoncom27.dll
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\PyWinTypes27.dll
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\select.pyd
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\unicodedata.pyd
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\win32api.pyd
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\win32com.shell.shell.pyd
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\win32crypt.pyd
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\win32event.pyd
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\win32file.pyd
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\win32gui.pyd
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\win32inet.pyd
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\win32pdh.pyd
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\win32pipe.pyd
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\win32process.pyd
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\win32profile.pyd
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\win32security.pyd
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\win32ts.pyd
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\windows._lib_cacheinvalidation.pyd
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\wx._animate.pyd
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\wx._controls_.pyd
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\wx._core_.pyd
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\wx._gdi_.pyd
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\wx._html2.pyd
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\wx._misc_.pyd
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\wx._windows_.pyd
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\wx._wizard.pyd
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\wxbase294u_net_vc90.dll
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\wxbase294u_vc90.dll
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\wxmsw294u_adv_vc90.dll
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\wxmsw294u_core_vc90.dll
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\wxmsw294u_html_vc90.dll
c:\docume~1\Michaela\LOCALS~1\Temp\_MEI18687\wxmsw294u_webview_vc90.dll
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\_ctypes.pyd
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\_elementtree.pyd
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\_hashlib.pyd
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\_multiprocessing.pyd
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\_socket.pyd
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\_ssl.pyd
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\pyexpat.pyd
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\pysqlite2._sqlite.pyd
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\python27.dll
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\pythoncom27.dll
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\PyWinTypes27.dll
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\select.pyd
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\unicodedata.pyd
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\win32api.pyd
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\win32com.shell.shell.pyd
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\win32crypt.pyd
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\win32event.pyd
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\win32file.pyd
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\win32gui.pyd
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\win32inet.pyd
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\win32pdh.pyd
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\win32pipe.pyd
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\win32process.pyd
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\win32profile.pyd
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\win32security.pyd
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\win32ts.pyd
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\windows._lib_cacheinvalidation.pyd
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\wx._animate.pyd
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\wx._controls_.pyd
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\wx._core_.pyd
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\wx._gdi_.pyd
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\wx._html2.pyd
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\wx._misc_.pyd
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\wx._windows_.pyd
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\wx._wizard.pyd
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\wxbase294u_net_vc90.dll
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\wxbase294u_vc90.dll
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\wxmsw294u_adv_vc90.dll
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\wxmsw294u_core_vc90.dll
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\wxmsw294u_html_vc90.dll
c:\documents and settings\Michaela\Local Settings\Temp\_MEI18687\wxmsw294u_webview_vc90.dll
c:\documents and settings\Michaela\WINDOWS
c:\windows\IsUn0405.exe
c:\windows\msmqinst.log
c:\windows\system32\SET14D.tmp
c:\windows\system32\SET159.tmp
c:\windows\system32\SET166.tmp
c:\windows\system32\SET1F2B.tmp
c:\windows\system32\SET35B.tmp
c:\windows\system32\SET376.tmp
c:\windows\system32\SET378.tmp
c:\windows\system32\SET386.tmp
c:\windows\system32\SET8D.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-04-10 do 2014-05-10 )))))))))))))))))))))))))))))))
.
.
2014-05-10 10:26 . 2010-05-26 18:41 2106216 ----a-w- c:\program files\Mozilla Firefox\updated\D3DCompiler_43.dll
2014-05-10 10:26 . 2010-03-18 16:15 770384 ----a-w- c:\program files\Mozilla Firefox\updated\msvcr100.dll
2014-05-10 10:26 . 2010-03-18 16:15 421200 ----a-w- c:\program files\Mozilla Firefox\updated\msvcp100.dll
2014-05-09 10:30 . 2014-05-09 10:30 -------- d-----w- c:\documents and settings\Michaela\Data aplikací\AVAST Software
2014-05-08 22:25 . 2014-05-08 22:24 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-05-08 22:24 . 2014-05-08 22:24 43152 ----a-w- c:\windows\avastSS.scr
2014-05-05 15:12 . 2014-05-05 15:14 -------- d-----w- C:\AdwCleaner
2014-04-26 15:49 . 2014-04-26 15:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\VSO
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-08 22:24 . 2013-03-20 17:55 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-05-08 22:24 . 2013-03-20 17:55 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-05-08 22:24 . 2013-03-20 17:55 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-05-08 22:24 . 2012-12-01 19:52 411552 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-05-08 22:24 . 2012-12-01 19:51 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-05-08 22:24 . 2012-12-01 19:51 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-05-08 22:24 . 2012-12-01 19:51 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-05-08 22:24 . 2012-12-01 19:50 271264 ----a-w- c:\windows\system32\aswBoot.exe
2014-04-28 21:13 . 2012-09-14 15:42 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-28 21:13 . 2011-10-17 07:33 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-26 15:49 . 2008-11-15 05:04 87608 ----a-w- c:\documents and settings\Michaela\Data aplikací\inst.exe
2014-04-26 15:49 . 2008-11-15 05:04 47360 ----a-w- c:\documents and settings\Michaela\Data aplikací\pcouffin.sys
2014-03-06 17:58 . 2004-08-17 14:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-03-06 17:58 . 2004-08-17 14:49 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:58 . 2004-08-17 14:49 43520 ------w- c:\windows\system32\licmgr10.dll
2014-03-06 17:58 . 2004-08-17 14:49 18944 ----a-w- c:\windows\system32\corpol.dll
2014-03-06 00:46 . 2004-08-17 14:44 385024 ------w- c:\windows\system32\html.iec
2014-02-26 23:28 . 2014-03-27 05:22 13312 ------w- c:\windows\system32\xp_eos.exe
2011-06-04 08:42 . 2011-06-04 08:42 659456 ----a-w- c:\program files\MicrosoftFixit50530.msi
2009-01-06 15:51 . 2009-01-06 15:51 16127448 ----a-w- c:\program files\install_atlas_icq65.exe
2008-11-14 15:33 . 2008-11-14 15:33 22404904 ----a-w- c:\program files\SkypeSetup.exe
2008-11-01 14:55 . 2008-11-01 14:59 25787976 ----a-w- c:\program files\wmp11-windowsxp-x86-CS-CZ.exe
2008-11-01 14:54 . 2008-11-01 14:59 19130706 ----a-w- c:\program files\klmcodec425.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-08 22:24 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2014-04-25 22415552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-08-02 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2013-06-10 162856]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-05-08 3873704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\GIGABYTE\\GEST\\run.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [20.3.2013 19:55 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [20.3.2013 19:55 180632]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.11.2008 19:34 685816]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [11.9.2013 20:01 21576]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1.12.2012 21:51 776976]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1.12.2012 21:52 411552]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [9.5.2014 0:25 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [20.3.2013 19:55 67824]
S0 bnwtibk;bnwtibk;c:\windows\system32\drivers\ivdr.sys --> c:\windows\system32\drivers\ivdr.sys [?]
S2 gupdate1c9de285d16a7d6;Služba Google Update (gupdate1c9de285d16a7d6);c:\program files\Google\Update\GoogleUpdate.exe [26.5.2009 19:35 133104]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [17.7.2011 19:54 76088]
S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [31.10.2008 10:46 47624]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [15.11.2008 7:04 47360]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [17.7.2011 19:54 181432]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudserd.sys [17.7.2011 19:54 181432]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-09 13:23 1078088 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-14 21:13]
.
2014-05-10 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-08 22:24]
.
2014-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 17:35]
.
2014-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 17:35]
.
2014-05-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-27 23:28]
.
2014-05-10 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-27 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\sign
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojeplatba.cz\www
TCP: Interfaces\{20F6FBEB-FE90-4D47-8588-F7517BF188EF}: NameServer = 89.203.192.1,89.203.192.2
TCP: Interfaces\{F77C75AD-F6BE-4155-87B1-C4E621A9AC1F}: NameServer = 77.236.211.129,77.236.211.130
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
FF - ProfilePath - c:\documents and settings\Michaela\Data aplikací\Mozilla\Firefox\Profiles\jza5elh4.default-1385280420078\
FF - prefs.js: browser.startup.homepage - www.fler.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{22E4A387-EBFC-442B-B46A-4E7957176FE0} - (no file)
HKCU-Run-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-10 21:57
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1184)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1444)
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2014-05-10 22:02:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-05-10 20:02
.
Před spuštěním: Volných bajtů: 277 458 804 736
Po spuštění: Volných bajtů: 302 079 967 232
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 3BC69CEEAA18635D22C9D49C996458BB
413FC2A0C716421B3158746D63736515

#14 Příspěvek od **Márty84** » 11 kvě 2014 06:50

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

File::
c:\windows\system32\drivers\ivdr.sys

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"QuickTime Task"=-
"AdobeAAMUpdater-1.0"=-
"SwitchBoard"=-
"AdobeCS5ServiceManager"=-

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Driver::
gupdate1c9de285d16a7d6
SwitchBoard
bnwtibk

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

Michellin · #15 Příspěvek od **Michellin** » 11 kvě 2014 10:40

ComboFix 14-05-10.01 - Michaela 11.05.2014 11:19:42.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3582.2960 [GMT 2:00]
Spuštěný z: c:\documents and settings\Michaela\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Michaela\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\system32\drivers\ivdr.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE1C9DE285D16A7D6
-------\Service_bnwtibk
-------\Service_gupdate1c9de285d16a7d6
-------\Service_SwitchBoard
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-04-11 do 2014-05-11 )))))))))))))))))))))))))))))))
.
.
2014-05-09 10:30 . 2014-05-09 10:30 -------- d-----w- c:\documents and settings\Michaela\Data aplikací\AVAST Software
2014-05-08 22:25 . 2014-05-08 22:24 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-05-08 22:24 . 2014-05-08 22:24 43152 ----a-w- c:\windows\avastSS.scr
2014-05-05 15:12 . 2014-05-05 15:14 -------- d-----w- C:\AdwCleaner
2014-04-26 15:49 . 2014-04-26 15:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\VSO
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-08 22:24 . 2013-03-20 17:55 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-05-08 22:24 . 2013-03-20 17:55 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-05-08 22:24 . 2013-03-20 17:55 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-05-08 22:24 . 2012-12-01 19:52 411552 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-05-08 22:24 . 2012-12-01 19:51 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-05-08 22:24 . 2012-12-01 19:51 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-05-08 22:24 . 2012-12-01 19:51 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-05-08 22:24 . 2012-12-01 19:50 271264 ----a-w- c:\windows\system32\aswBoot.exe
2014-04-28 21:13 . 2012-09-14 15:42 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-28 21:13 . 2011-10-17 07:33 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-26 15:49 . 2008-11-15 05:04 87608 ----a-w- c:\documents and settings\Michaela\Data aplikací\inst.exe
2014-04-26 15:49 . 2008-11-15 05:04 47360 ----a-w- c:\documents and settings\Michaela\Data aplikací\pcouffin.sys
2014-03-06 17:58 . 2004-08-17 14:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-03-06 17:58 . 2004-08-17 14:49 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:58 . 2004-08-17 14:49 43520 ------w- c:\windows\system32\licmgr10.dll
2014-03-06 17:58 . 2004-08-17 14:49 18944 ----a-w- c:\windows\system32\corpol.dll
2014-03-06 00:46 . 2004-08-17 14:44 385024 ------w- c:\windows\system32\html.iec
2014-02-26 23:28 . 2014-03-27 05:22 13312 ------w- c:\windows\system32\xp_eos.exe
2011-06-04 08:42 . 2011-06-04 08:42 659456 ----a-w- c:\program files\MicrosoftFixit50530.msi
2009-01-06 15:51 . 2009-01-06 15:51 16127448 ----a-w- c:\program files\install_atlas_icq65.exe
2008-11-14 15:33 . 2008-11-14 15:33 22404904 ----a-w- c:\program files\SkypeSetup.exe
2008-11-01 14:55 . 2008-11-01 14:59 25787976 ----a-w- c:\program files\wmp11-windowsxp-x86-CS-CZ.exe
2008-11-01 14:54 . 2008-11-01 14:59 19130706 ----a-w- c:\program files\klmcodec425.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-08 22:24 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2013-06-10 162856]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-05-08 3873704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\GIGABYTE\\GEST\\run.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [20.3.2013 19:55 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [20.3.2013 19:55 180632]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.11.2008 19:34 685816]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [11.9.2013 20:01 21576]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1.12.2012 21:51 776976]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1.12.2012 21:52 411552]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [9.5.2014 0:25 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [20.3.2013 19:55 67824]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [17.7.2011 19:54 76088]
S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [31.10.2008 10:46 47624]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [15.11.2008 7:04 47360]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [17.7.2011 19:54 181432]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudserd.sys [17.7.2011 19:54 181432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-09 13:23 1078088 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-14 21:13]
.
2014-05-11 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-08 22:24]
.
2014-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 17:35]
.
2014-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 17:35]
.
2014-05-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-27 23:28]
.
2014-05-11 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-27 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\sign
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojeplatba.cz\www
TCP: Interfaces\{20F6FBEB-FE90-4D47-8588-F7517BF188EF}: NameServer = 89.203.192.1,89.203.192.2
TCP: Interfaces\{F77C75AD-F6BE-4155-87B1-C4E621A9AC1F}: NameServer = 77.236.211.129,77.236.211.130
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
FF - ProfilePath - c:\documents and settings\Michaela\Data aplikací\Mozilla\Firefox\Profiles\jza5elh4.default-1385280420078\
FF - prefs.js: browser.startup.homepage - www.fler.cz
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-11 11:30
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1184)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3268)
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2014-05-11 11:34:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-05-11 09:34
ComboFix2.txt 2014-05-10 20:02
.
Před spuštěním: Volných bajtů: 302 312 271 872
Po spuštění: Volných bajtů: 302 271 303 680
.
- - End Of File - - 4BB856D88BD0010ED5DEF1C6D06D4800
413FC2A0C716421B3158746D63736515

VIRY.CZ

Prosím o kontrolu logu

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu