Prosím o kontrolu po napadení Mobogenie

Zpráva

VladoR · #1 Příspěvek od **VladoR** » 26 črc 2014 08:29

Prosím o kontrolu PC po napadení virem win32:Mobogenie-R
Avast PC vyčistil ale nevím jak dokonale.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-07-2014
Ran by Vlado (administrator) on PCWLADO on 26-07-2014 09:25:17
Running from C:\Documents and Settings\Vlado\Plocha
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Logitech Inc.) C:\WINDOWS\system32\LVCOMSX.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Opera Software) C:\Program Files\Opera\opera.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-1706690015-2632010906-3760738202-1005\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\S-1-5-21-1706690015-2632010906-3760738202-1005\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
IFEO\backitup.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\cdspeed.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\chrome.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\coverdes.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\drivespeed.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\infotool.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\kiesagent.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\kmplayer_3-8-0-121-1-.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\nero.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\neroburnrights.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\neromediahome.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\nerostartsmart.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\neroupgrade.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\nerovision.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\photosnap.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\photosnapviewer.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\regmech.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\setup.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\setupx.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\showtime.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Vlado\Data aplikací\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Vlado\Data aplikací\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Vlado\Data aplikací\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Vlado\Data aplikací\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKLM - DefaultScope value is missing.
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/wind ... 9942549062
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 9942595250
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{BC5A24A4-0575-46D3-A8C0-EA80163B7103}: [NameServer]212.111.0.10,194.213.32.237

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Vlado\Data aplikací\Mozilla\Firefox\Profiles\aplsenba.default
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Adblock Plus - C:\Documents and Settings\Vlado\Data aplikací\Mozilla\Firefox\Profiles\aplsenba.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-10-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-06]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: yahoo.com
CHR DefaultSearchProvider: Yahoo!
CHR DefaultSearchURL: http://search.yahoo.com/search?fr=chr-g ... earchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Vlado\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-18]
CHR Extension: (Disk Google) - C:\Documents and Settings\Vlado\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-18]
CHR Extension: (YouTube) - C:\Documents and Settings\Vlado\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-16]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\Vlado\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-16]
CHR Extension: (avast! Online Security) - C:\Documents and Settings\Vlado\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-06]
CHR Extension: (Peněženka Google) - C:\Documents and Settings\Vlado\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-18]
CHR Extension: (Gmail) - C:\Documents and Settings\Vlado\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-16]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-08]
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.0.crx [2014-07-08]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\errorassistant_1.1.crx [2014-07-08]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx [2014-07-08]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2014-07-08]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-08] (AVAST Software)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-26] (Oracle Corporation)
R2 NwSapAgent; C:\WINDOWS\System32\ipxsap.dll [66560 2004-08-18] (Microsoft Corporation)
S4 PanService; C:\Program Files\PANDORA.TV\PanService\KMPService.exe [1922600 2013-07-08] (Pandora.TV)
S4 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2011-12-12] (PC Tools)
S4 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [353792 2008-02-12] (Nokia.) [File not signed]
S4 TestHandler; C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [307200 2008-02-29] (Fujitsu Siemens Computers) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1528672 2012-05-29] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S0 adpu320; C:\WINDOWS\System32\DRIVERS\adpu320.sys [132608 2004-02-17] (Adaptec, Inc.) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-08] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-08] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-08] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-08] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-07-08] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-08] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-08] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-08] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [41216 2007-04-04] (Infineon Technologies AG)
S3 KMWDFILTER; C:\WINDOWS\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
R3 LVUSBSta; C:\WINDOWS\System32\drivers\lvusbsta.sys [22016 2005-05-27] (Logitech Inc.)
R3 MarvinBus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-18] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-18] (Microsoft Corporation)
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [46592 2008-04-14] (Microsoft Corporation)
R3 pepifilter; C:\WINDOWS\System32\DRIVERS\lv302af.sys [7136 2005-05-27] (Logitech Inc.)
R3 PID_08A0; C:\WINDOWS\System32\DRIVERS\LV302AV.SYS [913280 2005-05-27] (Logitech Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2011-12-12] (TuneUp Software)
S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [31273 2003-02-23] (Microsoft Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-26 09:25 - 2014-07-26 09:25 - 00018827 _____ () C:\Documents and Settings\Vlado\Plocha\FRST.txt
2014-07-26 09:25 - 2014-07-26 09:25 - 00000000 ____D () C:\FRST
2014-07-26 09:23 - 2014-07-26 09:23 - 01084416 _____ (Farbar) C:\Documents and Settings\Vlado\Plocha\FRST.exe
2014-07-19 18:50 - 2014-07-19 18:51 - 00000000 ____D () C:\Documents and Settings\Vlado\Plocha\55555555555555
2014-07-08 19:38 - 2014-07-08 19:38 - 00000000 ____D () C:\Documents and Settings\Vlado\Local Settings\Data aplikací\Adobe
2014-07-08 07:43 - 2014-07-08 07:43 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-07-08 07:38 - 2014-07-08 07:38 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-06-29 16:14 - 2014-06-29 16:23 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-06-29 16:07 - 2014-07-23 16:23 - 00017605 _____ () C:\WINDOWS\setupapi.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-26 09:25 - 2014-07-26 09:25 - 00018827 _____ () C:\Documents and Settings\Vlado\Plocha\FRST.txt
2014-07-26 09:25 - 2014-07-26 09:25 - 00000000 ____D () C:\FRST
2014-07-26 09:25 - 2012-10-11 09:32 - 00000000 ____D () C:\Documents and Settings\Vlado\Plocha
2014-07-26 09:25 - 2012-10-11 09:32 - 00000000 ____D () C:\Documents and Settings\Vlado\Local Settings\Temp
2014-07-26 09:23 - 2014-07-26 09:23 - 01084416 _____ (Farbar) C:\Documents and Settings\Vlado\Plocha\FRST.exe
2014-07-26 08:30 - 2013-10-14 13:54 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-26 08:08 - 2014-04-06 09:42 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-07-26 08:06 - 2012-10-11 11:05 - 00000000 ____D () C:\Program Files\Opera
2014-07-26 08:03 - 2013-03-13 00:08 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-07-26 08:03 - 2012-12-04 18:12 - 00000431 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2014-07-26 08:03 - 2004-09-08 16:50 - 01830165 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-26 08:03 - 2004-09-08 16:27 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-07-26 08:02 - 2014-03-07 20:28 - 00000222 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-07-26 08:02 - 2013-03-13 00:08 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-07-26 08:02 - 2004-09-08 17:00 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-25 23:19 - 2012-11-20 16:35 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 21:14 - 2012-10-11 15:29 - 00131072 _____ () C:\WINDOWS\system32\config\TuneUp.evt
2014-07-25 21:14 - 2012-10-11 09:32 - 00000178 ___SH () C:\Documents and Settings\Vlado\ntuser.ini
2014-07-25 21:14 - 2012-10-11 09:32 - 00000000 ____D () C:\Documents and Settings\Vlado
2014-07-25 21:14 - 2004-09-08 17:00 - 00032478 _____ () C:\WINDOWS\SchedLgU.Txt
2014-07-24 03:01 - 2012-11-20 16:35 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Microsoft Silverlight
2014-07-23 18:50 - 2012-10-11 09:32 - 00000000 ___RD () C:\Documents and Settings\Vlado\Dokumenty\Obrázky
2014-07-23 18:31 - 2013-10-17 15:03 - 00002667 _____ () C:\Documents and Settings\All Users\Plocha\CorelDRAW Home & Student X6.lnk
2014-07-23 18:22 - 2013-10-17 15:03 - 00002601 _____ () C:\Documents and Settings\All Users\Plocha\Corel PHOTO-PAINT Home & Student X6.lnk
2014-07-23 16:23 - 2014-06-29 16:07 - 00017605 _____ () C:\WINDOWS\setupapi.log
2014-07-21 14:39 - 2012-10-12 13:14 - 00065536 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2014-07-19 18:51 - 2014-07-19 18:50 - 00000000 ____D () C:\Documents and Settings\Vlado\Plocha\55555555555555
2014-07-16 01:59 - 2012-11-05 17:14 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-07-15 16:28 - 2012-10-11 11:15 - 00000000 ____D () C:\Documents and Settings\Vlado\Data aplikací\Winamp
2014-07-12 00:55 - 2013-10-18 04:59 - 01293591 _____ () C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-1706690015-2632010906-3760738202-1005-0.dat
2014-07-12 00:55 - 2013-10-18 04:59 - 00397098 _____ () C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
2014-07-10 07:45 - 2007-08-01 17:15 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2014-07-10 07:41 - 2013-10-10 03:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-10 07:38 - 2012-10-11 10:55 - 93585272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-09 10:30 - 2012-10-12 13:46 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-07-09 10:30 - 2012-10-11 09:51 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-07-08 19:38 - 2014-07-08 19:38 - 00000000 ____D () C:\Documents and Settings\Vlado\Local Settings\Data aplikací\Adobe
2014-07-08 19:38 - 2012-10-11 09:32 - 00000000 ___HD () C:\Documents and Settings\Vlado\Local Settings\Data aplikací
2014-07-08 19:01 - 2007-08-01 17:15 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-07-08 19:01 - 2007-08-01 17:15 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
2014-07-08 19:01 - 2007-08-01 17:15 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-07-08 19:01 - 2007-08-01 17:15 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-07-08 18:21 - 2012-10-12 15:16 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
2014-07-08 18:17 - 2012-10-11 09:32 - 00000000 ___RD () C:\Documents and Settings\Vlado\Dokumenty
2014-07-08 15:00 - 2014-03-07 20:28 - 00000216 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-07-08 07:43 - 2014-07-08 07:43 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-07-08 07:39 - 2014-05-09 07:26 - 00001739 _____ () C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
2014-07-08 07:39 - 2014-04-06 09:41 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-07-08 07:38 - 2014-07-08 07:38 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-07-08 07:38 - 2014-04-22 07:23 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-07-08 07:38 - 2014-04-06 09:41 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-07-08 07:38 - 2014-04-06 09:41 - 00276432 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-07-08 07:38 - 2014-04-06 09:41 - 00192352 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-07-08 07:38 - 2014-04-06 09:41 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-07-08 07:38 - 2014-04-06 09:41 - 00057800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-07-08 07:38 - 2014-04-06 09:41 - 00055112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys
2014-07-08 07:38 - 2014-04-06 09:41 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-06-29 16:23 - 2014-06-29 16:14 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-06-26 22:20 - 2012-10-12 13:33 - 00002463 _____ () C:\Documents and Settings\Vlado\Plocha\Microsoft Excel 2010 (2).lnk
2014-06-26 07:29 - 2012-10-11 10:02 - 00000000 __SHD () C:\Documents and Settings\Vlado\UserData

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

#2 Příspěvek od **Rudy** » 26 črc 2014 09:39

Zdravím!
Otevřte poznámkový blok a zkopírujte do něj:

Start
IFEO\backitup.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\cdspeed.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\chrome.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\coverdes.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\drivespeed.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\infotool.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\kiesagent.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\kmplayer_3-8-0-121-1-.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\nero.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\neroburnrights.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\neromediahome.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\nerostartsmart.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\neroupgrade.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\nerovision.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\photosnap.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\photosnapviewer.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\regmech.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\setup.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\setupx.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\showtime.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
SearchScopes: HKLM - DefaultScope value is missing.
End

Uložte na plochu jako fixlist.txt. Pak znovu spusťte FRST a klikněte na >Fix<. Zkopírujte sem pak log, který se na závěr vytvoří.

VladoR · #3 Příspěvek od **VladoR** » 26 črc 2014 09:46

uděláno

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-07-2014
Ran by Vlado at 2014-07-26 10:45:02 Run:1
Running from C:\Documents and Settings\Vlado\Plocha
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
IFEO\backitup.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\cdspeed.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\chrome.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\coverdes.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\drivespeed.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\infotool.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\kiesagent.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\kmplayer_3-8-0-121-1-.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\nero.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\neroburnrights.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\neromediahome.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\nerostartsmart.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\neroupgrade.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\nerovision.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\photosnap.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\photosnapviewer.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\regmech.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\setup.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\setupx.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\showtime.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
SearchScopes: HKLM - DefaultScope value is missing.
End
*****************

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\backitup.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cdspeed.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\chrome.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\coverdes.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\drivespeed.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\infotool.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\kiesagent.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\kmplayer_3-8-0-121-1-.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nero.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\neroburnrights.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\neromediahome.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nerostartsmart.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\neroupgrade.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nerovision.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\photosnap.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\photosnapviewer.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\regmech.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\setup.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\setupx.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\showtime.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\skype.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\unins000.exe" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

==== End of Fixlog ====

#4 Příspěvek od **Rudy** » 26 črc 2014 10:18

Vše smazáno, log je již OK.

VladoR · #5 Příspěvek od **VladoR** » 26 črc 2014 10:47

Díky za pomoc.

#6 Příspěvek od **Rudy** » 26 črc 2014 12:29

Rádo se stalo!

VIRY.CZ

Prosím o kontrolu po napadení Mobogenie

Prosím o kontrolu po napadení Mobogenie

Re: Prosím o kontrolu po napadení Mobogenie

Re: Prosím o kontrolu po napadení Mobogenie

Re: Prosím o kontrolu po napadení Mobogenie

Re: Prosím o kontrolu po napadení Mobogenie

Re: Prosím o kontrolu po napadení Mobogenie