Kontrola - facebok vir

[Tommy Puerto]

Čau, dnes mi facebook začal posílat lidem do chatu viry. Pak mi zablokoval účet a mám pomocí Trend Micro HouseCallu odstranit problém, jenže když to stáhnu nic se nestane. Už jsem vyzkoušel postup podle viruskasino ale nejde mi spustit Malwarebytes.
info.txt logfile of random's system information tool 1.10 2014-09-04 02:49:49

======MBR======

0x33C08ED0BC007CFB5007501FFCBE1B7CBF1B065057B9E501F3A4CBBDBE07B104386E007C09751383C510E2F4CD188BF583C610497419382C74F6A0B507B4078BF0AC3C0074FCBB0700B40ECD10EBF2884E10E84600732AFE4610807E040B740B807E040C7405A0B60775D2804602068346080683560A00E821007305A0B607EBBC813EFE7D55AA740B807E100074C8A0B707EBA98BFC1E578BF5CBBF05008A5600B408CD1372238AC1243F988ADE8AFC43F7E38BD186D6B106D2EE42F7E239560A77237205394608731CB80102BB007C8B4E028B5600CD1373514F744E32E48A5600CD13EBE48A560060BBAA55B441CD13723681FB55AA7530F6C101742B61606A006A00FF760AFF76086A0068007C6A016A10B4428BF4CD136161730E4F740B32E48A5600CD13EBD661F9C34E65706C61746EA020746162756C6B61206F6464A16C850043687962612070FD69206E619FA174A06EA1206F706572619F6EA1686F2073797374826D75004F706572619F6EA12073797374826D206E656E616C657A656E00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002C446A66A666A6000080000F0007FEFFFF0E000000C6E8491700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AA

======Uninstall list======

-->MsiExec /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->MsiExec.exe /I{A8D40741-490C-4190-82F2-62909891414B}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
50 FREE MP3s +1 Free Audiobook!-->"C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 14 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_14_0_0_145_Plugin.exe -maintain plugin
Adobe Reader X (10.1.0) - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AA1000000001}
Adobe Shockwave Player 12.1-->"C:\WINDOWS\system32\Adobe\Shockwave 12\uninstaller.exe"
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
Advertising Center-->MsiExec.exe /X{b2ec4a38-b545-4a00-8214-13fe0e915e6d}
Aktualizace NVIDIA 1.10.8-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{91C4477E-9318-4AB7-BE4B-FDA73E368F43}\NVI2.DLL",UninstallPackage Display.Update
Aktualizace systému Windows XP (KB2934207)-->"C:\WINDOWS\$NtUninstallKB2934207$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2909210)-->"C:\WINDOWS\ie8updates\KB2909210-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2909921)-->"C:\WINDOWS\ie8updates\KB2909921-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2925418)-->"C:\WINDOWS\ie8updates\KB2925418-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2936068)-->"C:\WINDOWS\ie8updates\KB2936068-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2964358)-->"C:\WINDOWS\ie8updates\KB2964358-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2914368)-->"C:\WINDOWS\$NtUninstallKB2914368$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2916036)-->"C:\WINDOWS\$NtUninstallKB2916036$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2922229)-->"C:\WINDOWS\$NtUninstallKB2922229$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2929961)-->"C:\WINDOWS\$NtUninstallKB2929961$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2930275)-->"C:\WINDOWS\$NtUninstallKB2930275$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\Setup\Instup.exe /control_panel /instop:uninstall
Battle.net-->"C:\Documents and Settings\All Users\Data aplikací\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=enGB --uid=battle.net --displayname="Battle.net"
BSPlayer-->"C:\Program Files\Webteh\BSplayer\uninstall.exe"
Budik v.11-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Budik v.11\DeIsL1.isu" -c"C:\Program Files\Budik v.11\_ISREG32.DLL"
Call of Duty(R) 2 Patch 1.3-->C:\Program Files\Activision\Call of Duty 2\Uninst_Call of Duty(R) 2 Patch 1.3.exe /U "C:\Program Files\Activision\Call of Duty 2\Uninst_Call of Duty(R) 2 Patch 1.3.log"
Call of Duty(R) 2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l2057
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CoD 2 čeština-->"C:\Program Files\Activision\Call of Duty 2\unins000.exe"
Colin McRae Rally 2005-->"C:\Program Files\GOG.com\Colin McRae Rally 2005\unins000.exe"
Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
DAEMON Tools Lite-->C:\Program Files\DAEMON Tools Lite\uninst.exe
Dual-Core Optimizer-->MsiExec.exe /X{9FD6F1A8-5550-46AF-8509-271DF0E768B5}
EAX4 Unified Redist-->MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
Facebook Video Calling 1.2.0.287-->MsiExec.exe /X{B92C5909-1D37-4C51-8397-A28BB28E5DC3}
FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
Free YouTube Downloader Converter-->C:\PROGRA~1\FREEYO~1\UNWISE.EXE C:\PROGRA~1\FREEYO~1\INSTALL.LOG
GamePark klient 2.0.9.0-->"C:\Program Files\GamePark2\unins000.exe"
GIMP 2.6.11-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Glary Utilities 2.42.0.1389-->"C:\Program Files\Glary Utilities\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\36.0.1985.143\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Gothic II Gold-->C:\Program Files\InstallShield Installation Information\{8B95673D-2D4C-4216-ADA2-3660973700BF}\setup.exe -runfromtemp -l0x0405
GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Cheat Engine 6.3-->"C:\Program Files\Cheat Engine 6.3\unins000.exe"
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
Intel(R) Network Connections 16.3.48.0-->MsiExec.exe /i{44663264-E108-4938-BF9E-A767315072C9} ARPREMOVE=1
Java 7 Update 67-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217025FF}
K-Lite Codec Pack 7.2.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Malwarebytes Anti-Malware verze 2.0.2.1012-->"C:\Program Files\Malwarebytes Anti-Malware\unins000.exe"
Medal of Honor Allied Assault-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x9
Microsoft .NET Framework 1.1 Czech Language Pack-->MsiExec.exe /X{5E65E94D-69F2-4850-9E93-6459C53A0F50}
Microsoft .NET Framework 1.1 Security Update (KB2833941)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2833941\M2833941Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY-->MsiExec.exe /I{A2C9CD1B-2551-3AED-B244-6698FB929FA6}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY-->MsiExec.exe /I{546C143E-68DC-314D-97BC-1E454E3BA429}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - csy-->MsiExec.exe /I{DD73CA82-EA82-38AA-863D-9A24A018DC96}
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - csy\setup.exe
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft .NET Framework 4 Extended-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{B578C85A-A84C-4230-A177-C5B2AF565B8C}
Microsoft Office Access MUI (Czech) 2007-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office Excel Viewer-->MsiExec.exe /I{95120000-003F-0405-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2007-->MsiExec.exe /X{90120000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2007-->MsiExec.exe /X{90120000-0044-0405-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2007-->MsiExec.exe /X{90120000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Czech) 2007-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850405-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP3 Parser (KB2758694)-->MsiExec.exe /I{1D95BA90-F4F8-47EC-A882-441C99D30C1E}
MSXML 4.0 SP3 Parser-->MsiExec.exe /I{196467F1-C11F-4F76-858B-5812ADC83B94}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
Nero 9 Essentials-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="XM02-508X-MHAT-19WU-9Z3Z-0CH0-3U6E-85W5-MMHH-6647-1Z5L-7M8C-0U45-758P-0000"
Nero ControlCenter-->MsiExec.exe /X{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}
Nero Installer-->MsiExec.exe /X{e8a80433-302b-4ff1-815d-fcc8eac482ff}
Nero Online Upgrade-->MsiExec.exe /X{dba84796-8503-4ff0-af57-1747dd9a166d}
Nero StartSmart OEM-->MsiExec.exe /X{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}
Nero StartSmart-->MsiExec.exe /X{7748ac8c-18e3-43bb-959b-088faea16fb2}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA nView 136.53-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{91C4477E-9318-4AB7-BE4B-FDA73E368F43}\NVI2.DLL",UninstallPackage Display.NView
NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA Ovladače grafiky 307.90-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{91C4477E-9318-4AB7-BE4B-FDA73E368F43}\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA PhysX-->MsiExec.exe /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}
OpenAL-->"C:\Program Files\OpenAL\OpenALwEAX.exe" /U
Opera 12.16-->"C:\Program Files\Opera\Opera.exe" /uninstall
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
Plus500-->C:\Program Files\Plus500\Plus500.exe /uninstall
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
PPS - UnInstall-->c:\PPS\UnInstall.EXE
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x5 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x5 -removeonly
RZ Video Converter-->"C:\Program Files\InstallShield Installation Information\{4C30C148-335B-4514-8CAC-A773BD57E840}\setup.exe" -runfromtemp -l0x0009 -removeonly
Sada Compatibility Pack pro systém Office 2007-->MsiExec.exe /X{90120000-0020-0405-0000-0000000FF1CE}
Samsung Kies-->"C:\Program Files\InstallShield Installation Information\{758C8301-2696-4855-AF45-534B1200980A}\setup.exe" -runfromtemp -l0x0409 -removeonly
Samsung Kies-->MsiExec.exe /I{758C8301-2696-4855-AF45-534B1200980A}
SAMSUNG USB Driver for Mobile Phones-->C:\Program Files\Samsung\USB Drivers\Uninstall.exe
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {94EFE014-E577-310B-B2D5-6973A21D8A90} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {939AF4BC-EC42-38D1-AE82-91D4A7ED8911} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8433C01-319F-3370-850E-87C35496299A} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {48B0C142-A0F4-3263-90E1-1984CBB8DD18} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {67A5F99B-5EBA-3812-8D2E-BC251490DD3F} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {CD6D9B8A-BBC4-3FA7-B24D-D74CE90630CF} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FCBF8C05-F031-381A-8B7F-45403B55ADF5} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {ECBEE23D-AB7E-3DAA-B66B-CD52003198F1} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {788818B1-B191-3217-A210-7ACFDE19CE4A} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B7C20E16-9A3A-3F05-A6B5-E15AA09200E0} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {576C07F8-777C-3981-B8BF-063A6B57254E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {1E88AFAE-CEF7-3540-8FF6-6D00877B2767} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8BA4E34D-95C5-3907-87E4-62FBB31A2190} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {21AEAFE4-6F0E-3169-A09C-9FB37C77E555} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {A6DE5FA9-FB19-3045-92FD-85B22CB16EB8} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {229E3EA4-C2A3-3031-86A5-9BC8396F945B} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {42A3562E-8B4E-39A4-B82D-CC12F82889E3} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {FCBF8C05-F031-381A-8B7F-45403B55ADF5} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {788818B1-B191-3217-A210-7ACFDE19CE4A} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {8BA4E34D-95C5-3907-87E4-62FBB31A2190} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {229E3EA4-C2A3-3031-86A5-9BC8396F945B} /parameterfolder Extended
Skype Click to Call-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}
SMV Converter Tool 3.0-->MsiExec.exe /I{1DBB1B09-8A5C-4CEA-8623-3EE473D4530E}
swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
System Requirements Lab Detection-->MsiExec.exe /X{932C2DAC-E92C-441A-86E2-95B94FE0811A}
System Requirements Lab for Intel-->MsiExec.exe /I{53C63F43-B827-42D9-8886-4698D91EA33B}
TDP x-Ray-->C:\Program Files\xRay\uninst.exe
TeamSpeak 3 Client-->"C:\Program Files\TeamSpeak 3 Client\uninstall.exe"
Text-To-Speech-Runtime-->MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}
TmNationsForever-->"C:\Program Files\TmNationsForever\unins000.exe"
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Total Recorder 8.5 Professional Edition-->"C:\Program Files\HighCriteria\TotalRecorder\setup.exe" U
Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D9961AC-7C99-36A2-9EF0-34678AED5384} /parameterfolder Client
Update for Microsoft .NET Framework 4 Extended (KB2468871)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Extended
Update for Microsoft .NET Framework 4 Extended (KB2533523)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Extended
Update for Microsoft .NET Framework 4 Extended (KB2600217)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {5D9961AC-7C99-36A2-9EF0-34678AED5384} /parameterfolder Extended
VLC media player 2.0.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Management Framework Core-->"C:\WINDOWS\$968930Uinstall_KB968930$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR 4.00 (32-bit)-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->"C:\Documents and Settings\All Users\Data aplikací\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=enGB --uid=wow_engb --displayname="World of Warcraft"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
XMLinst-->MsiExec.exe /I{EA23971F-2CEE-48FC-B64D-7F74A6EF90F0}

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: avast! Antivirus

======System event log======

Computer Name: TOMOVASVATYNE
Event Code: 7035
Message: Řídící příkaz Zastaveno byl službě PnkBstrB úspěšně odeslán.

Record Number: 18756
Source Name: Service Control Manager
Time Written: 20140814212524.000000+120
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: TOMOVASVATYNE
Event Code: 7036
Message: Stav služby PnkBstrB byl změněn na: Zastaveno

Record Number: 18755
Source Name: Service Control Manager
Time Written: 20140814212524.000000+120
Event Type: Informace
User:

Computer Name: TOMOVASVATYNE
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě PnkBstrB úspěšně odeslán.

Record Number: 18754
Source Name: Service Control Manager
Time Written: 20140814212329.000000+120
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: TOMOVASVATYNE
Event Code: 7036
Message: Stav služby PnkBstrB byl změněn na: Spuštěno

Record Number: 18753
Source Name: Service Control Manager
Time Written: 20140814212329.000000+120
Event Type: Informace
User:

Computer Name: TOMOVASVATYNE
Event Code: 7035
Message: Řídící příkaz Zastaveno byl službě PnkBstrB úspěšně odeslán.

Record Number: 18752
Source Name: Service Control Manager
Time Written: 20140814212324.000000+120
Event Type: Informace
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: TOMOVASVATYNE
Event Code: 1005
Message: Služba Windows Installer vyvolala restart systému k dokončení či pokračování konfigurace Microsoft .NET Framework 1.1.
Record Number: 5
Source Name: MsiInstaller
Time Written: 20140109124735.000000+060
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: TOMOVASVATYNE
Event Code: 11728
Message: Produkt: Microsoft .NET Framework 1.1 - Configuration completed successfully.

Record Number: 4
Source Name: MsiInstaller
Time Written: 20140109124735.000000+060
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: TOMOVASVATYNE
Event Code: 1022
Message: Aktualizace {C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0} produktu Microsoft .NET Framework 1.1 byla úspěšně nainstalována.

Record Number: 3
Source Name: MsiInstaller
Time Written: 20140109124735.000000+060
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: TOMOVASVATYNE
Event Code: 1002
Message: Čítače výkonu služby .NETFramework (.NETFramework) jsou již v registru výkonu zaznamenány.
Není třeba je instalovat znovu.

Record Number: 2
Source Name: LoadPerf
Time Written: 20140109124733.000000+060
Event Type: Informace
User:

Computer Name: TOMOVASVATYNE
Event Code: 1025
Message: Produkt Microsoft .NET Framework 1.1: Soubor C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll je používán jiným procesem (Název: jqs , ID: 1844).

Record Number: 1
Source Name: MsiInstaller
Time Written: 20140109124722.000000+060
Event Type: Informace
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32\WindowsPowerShell\v1.0
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"PSModulePath"=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
"LocalAppData"=C:\Documents and Settings\PanPič\Local Settings\Data aplikací

-----------------EOF-----------------


Combofix
ComboFix 14-08-31.01 - PanPič 04.09.2014 0:23.4.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.396 [GMT 2:00]
Spuštěný z: c:\documents and settings\PanPič\Dokumenty\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-08-03 do 2014-09-03 )))))))))))))))))))))))))))))))
.
.
2014-09-03 21:55 . 2014-05-12 05:26 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-03 21:55 . 2014-05-12 05:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-03 21:50 . 2014-09-03 21:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-09-03 21:46 . 2014-09-03 21:46 33512 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-09-03 21:46 . 2014-09-03 21:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RogueKiller
2014-09-03 21:27 . 2014-09-03 21:56 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-09-03 21:27 . 2014-09-03 21:23 263072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2014-09-03 21:19 . 2014-09-03 21:19 -------- d-----w- c:\documents and settings\PanPič\Data aplikací\Malwarebytes
2014-09-03 21:18 . 2014-09-03 21:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2014-09-02 13:41 . 2014-09-02 13:41 -------- d-----w- c:\program files\Battle.net
2014-09-01 16:56 . 2014-09-01 16:56 -------- d-----w- c:\documents and settings\PanPič\Local Settings\Data aplikací\Samsung
2014-09-01 16:56 . 2014-09-01 16:56 -------- d-----w- c:\documents and settings\PanPič\Data aplikací\Samsung
2014-09-01 16:52 . 2014-02-07 14:33 4659712 ----a-w- c:\windows\system32\Redemption.dll
2014-09-01 16:52 . 2014-01-23 16:31 821824 ----a-w- c:\windows\system32\dgderapi.dll
2014-09-01 16:52 . 2014-01-23 16:31 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2014-09-01 16:52 . 2014-01-23 16:31 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2014-09-01 16:49 . 2014-09-01 16:54 -------- d-----w- c:\program files\Samsung
2014-09-01 16:49 . 2014-09-01 16:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Samsung
2014-09-01 16:41 . 2001-10-24 10:25 5632 ----a-w- c:\windows\system32\ptpusb.dll
2014-09-01 16:41 . 2008-04-14 03:21 159232 ----a-w- c:\windows\system32\ptpusd.dll
2014-08-26 21:31 . 2014-08-26 21:31 -------- d-----w- c:\program files\WinDirStat
2014-08-26 21:24 . 2014-08-26 21:24 -------- d-----w- c:\program files\xRay
2014-08-26 19:53 . 2014-08-26 19:53 -------- d-----w- c:\documents and settings\PanPič\Data aplikací\Nero
2014-08-26 01:28 . 2014-08-26 01:30 -------- d-----w- c:\program files\Nero
2014-08-26 01:28 . 2014-08-26 01:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Nero
2014-08-26 01:28 . 2014-08-26 01:30 -------- d-----w- c:\program files\Common Files\Nero
2014-08-21 22:15 . 2014-08-21 22:16 -------- d-----w- c:\documents and settings\PanPič\Data aplikací\TotalRecorder
2014-08-21 22:13 . 2014-04-30 13:38 95432 ----a-w- c:\windows\system32\drivers\TotRec8.sys
2014-08-21 22:13 . 2014-08-21 22:13 -------- d-----w- c:\program files\HighCriteria
2014-08-21 00:40 . 2014-08-21 00:40 -------- d-----w- c:\program files\Common Files\Java
2014-08-21 00:40 . 2014-07-25 10:26 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-08-21 00:40 . 2014-07-25 10:55 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-08-20 21:53 . 2014-08-20 21:53 -------- d-----w- c:\documents and settings\PanPič\Local Settings\Data aplikací\CrashRpt
2014-08-14 22:41 . 2014-08-14 22:41 -------- d-----w- c:\documents and settings\PanPič\Local Settings\Data aplikací\SKIDROW
2014-08-14 22:41 . 2014-08-14 22:41 -------- d-----w- c:\documents and settings\PanPič\Local Settings\Data aplikací\2K Games
2014-08-14 22:26 . 2014-08-14 22:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\2308189059
2014-08-14 21:03 . 2014-09-03 21:44 -------- d-----w- c:\documents and settings\PanPič\Data aplikací\Seznam.cz
2014-08-14 21:00 . 2014-08-14 21:00 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-08-14 21:00 . 2014-08-21 15:34 -------- d-----w- c:\documents and settings\PanPič\Data aplikací\DAEMON Tools Lite
2014-08-14 21:00 . 2014-08-14 21:00 -------- d-----w- c:\program files\DAEMON Tools Lite
2014-08-14 21:00 . 2014-08-14 21:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2014-08-14 20:03 . 2007-06-29 12:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2014-08-14 20:03 . 2014-08-14 20:03 -------- d-----w- c:\program files\AMD
2014-08-14 20:02 . 2014-09-01 16:47 -------- d-----w- c:\documents and settings\PanPič\Local Settings\Data aplikací\Downloaded Installations
2014-08-14 19:07 . 2014-08-21 10:29 -------- d-----w- c:\program files\2K Games
2014-08-05 13:54 . 2014-08-05 13:55 -------- d-----w- c:\program files\Dropbox
2014-08-05 13:52 . 2014-08-05 13:56 -------- d-----w- c:\documents and settings\PanPič\Data aplikací\Dropbox
2014-08-05 13:46 . 2014-08-05 13:46 -------- d-----w- c:\windows\jumpshot.com
2014-08-05 00:41 . 2014-08-05 00:41 20480 ----a-w- c:\windows\system32\H@tKeysH@@k.DLL
2014-08-05 00:29 . 2014-08-05 00:29 0 ----a-r- C:\logwmemory.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-14 19:54 . 2014-05-08 22:29 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2014-08-14 19:49 . 2014-05-08 22:31 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2014-08-14 19:49 . 2014-05-08 22:29 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2014-08-04 16:51 . 2014-01-07 16:47 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-08-04 16:51 . 2014-08-04 16:51 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-04 16:51 . 2014-01-07 16:47 57800 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-08-04 16:51 . 2014-01-07 16:47 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-04 16:51 . 2014-01-07 16:47 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-08-04 16:51 . 2014-01-07 16:47 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-08-04 16:51 . 2014-01-07 16:47 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-04 16:51 . 2014-01-07 16:47 55112 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-08-04 16:51 . 2014-08-04 16:51 43152 ----a-w- c:\windows\avastSS.scr
2014-08-04 16:51 . 2014-01-07 16:47 276432 ----a-w- c:\windows\system32\aswBoot.exe
2014-07-09 00:06 . 2012-10-22 18:46 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-09 00:06 . 2011-06-21 16:47 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 00:06 . 2014-07-09 00:06 11204096 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-04 16:51 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\PanPič\Data aplikací\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\PanPič\Data aplikací\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\PanPič\Data aplikací\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\PanPič\Data aplikací\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2014-02-07 1564992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-04 4085896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-03-21 15517984]
"NvMediaCenter"="NvMCTray.dll" [2013-03-21 108832]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-03-23 1982312]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2014-02-07 311616]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
GamePark klient 2.lnk - c:\program files\GamePark2\gpcl.exe [2012-12-27 409088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Codemasters\\F1 2010\\F1_2010_game.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Documents and Settings\\PanPič\\Local Settings\\Data aplikací\\Torch\\Plugins\\Torrent\\TorchTorrent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Electronic Arts\\Need For Speed World\\Data\\nfsw.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\PanPič\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.3235\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.3286\\Agent.exe"=
"c:\\Program Files\\Battle.net\\Battle.net.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
"56340:TCP"= 56340:TCP:Pando Media Booster
"56340:UDP"= 56340:UDP:Pando Media Booster
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [7.1.2014 18:47 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [7.1.2014 18:47 192352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7.1.2014 18:47 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [7.1.2014 18:47 414520]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [14.8.2014 23:00 243128]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [4.8.2014 18:51 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [7.1.2014 18:47 67824]
R2 Update Surftastic;Update Surftastic;c:\program files\Surftastic\updateSurftastic.exe [4.4.2014 22:44 350496]
R2 Util Surftastic;Util Surftastic;c:\program files\Surftastic\bin\utilSurftastic.exe [6.4.2014 19:00 350496]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [7.1.2014 23:06 1730776]
R3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [22.8.2014 0:13 95432]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [9.10.2013 11:58 3275136]
S2 TorchCrashHandler;Torch Crash Handler;c:\documents and settings\PanPič\Local Settings\Data aplikací\Torch\Update\TorchCrashHandler.exe [30.7.2013 13:12 1207648]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [1.9.2014 18:52 20032]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 ijlvbejd;ijlvbejd; [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [22.4.2012 19:37 47360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-17 16:03 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-22 00:06]
.
2014-09-03 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-04 16:51]
.
2014-09-03 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2012-02-18 18:33]
.
2014-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-10 14:31]
.
2014-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-10 14:31]
.
2014-08-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-21 23:28]
.
2014-09-03 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-21 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = about:blank
uInternet Settings,ProxyOverride = localhost;127.0.0.1
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter
Trusted Zone: 4game.com
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.1.15.100
TCP: Interfaces\{5927BF33-1D90-4BE9-82BA-112EF3E8FF1B}: NameServer = 8.8.8.8,8.8.4.4
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe
AddRemove-Audacity_is1 - c:\program files\Audacity\unins000.exe
AddRemove-{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1 - c:\program files\Electronic Arts\Need For Speed World\unins000.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-09-04 00:37
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Celkový čas: 2014-09-04 00:41:17
ComboFix-quarantined-files.txt 2014-09-03 22:41
.
Před spuštěním: Volných bajtů: 71 293 276 160
Po spuštění: Volných bajtů: 71 271 051 264
.
- - End Of File - - A5447F99D8C5511EFC0FC1CA50915DE4
413FC2A0C716421B3158746D63736515

[Roli]

Zdravím, pod Windows XP spustíš pouze Mbam ve verzi 1.75.


Odinstaluj Media Booster (Pando Networks)


V Naplánovaných úlohách smaž :

Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP
Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP


Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

Folder:: 
c:\program files\Common Files\Spigot

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SearchSettings"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56340:TCP"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56340:UDP"=-

Driver::
ijlvbejd

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[Tommy Puerto]

Díky za odpověď. Taky díky za Malwarebytes už mi to jde. Tady je log

ComboFix 14-09-05.01 - PanPič 05.09.2014 1:56.6.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1296 [GMT 2:00]
Spuštěný z: c:\documents and settings\PanPič\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\PanPič\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ijlvbejd
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-08-05 do 2014-09-05 )))))))))))))))))))))))))))))))
.
.
2014-09-04 23:47 . 2014-09-04 23:47 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-09-04 23:47 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-04 10:19 . 2014-09-04 10:23 -------- d-----w- C:\AdwCleaner
2014-09-04 00:49 . 2014-09-04 00:49 -------- d-----w- c:\program files\trend micro
2014-09-04 00:49 . 2014-09-04 00:49 -------- d-----w- C:\rsit
2014-09-04 00:42 . 2014-09-04 00:42 -------- d-----w- c:\documents and settings\PanPič\Local Settings\Data aplikací\Trend Micro
2014-09-04 00:37 . 2014-09-04 00:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Trend Micro Installer
2014-09-03 21:50 . 2014-09-04 23:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-09-03 21:46 . 2014-09-03 21:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RogueKiller
2014-09-03 21:27 . 2014-09-03 21:23 263072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2014-09-03 21:19 . 2014-09-03 21:19 -------- d-----w- c:\documents and settings\PanPič\Data aplikací\Malwarebytes
2014-09-03 21:18 . 2014-09-03 21:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2014-09-02 13:41 . 2014-09-02 13:41 -------- d-----w- c:\program files\Battle.net
2014-09-01 16:56 . 2014-09-01 16:56 -------- d-----w- c:\documents and settings\PanPič\Local Settings\Data aplikací\Samsung
2014-09-01 16:56 . 2014-09-01 16:56 -------- d-----w- c:\documents and settings\PanPič\Data aplikací\Samsung
2014-09-01 16:52 . 2014-02-07 14:33 4659712 ----a-w- c:\windows\system32\Redemption.dll
2014-09-01 16:52 . 2014-01-23 16:31 821824 ----a-w- c:\windows\system32\dgderapi.dll
2014-09-01 16:52 . 2014-01-23 16:31 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2014-09-01 16:52 . 2014-01-23 16:31 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2014-09-01 16:49 . 2014-09-01 16:54 -------- d-----w- c:\program files\Samsung
2014-09-01 16:49 . 2014-09-01 16:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Samsung
2014-09-01 16:41 . 2001-10-24 10:25 5632 ----a-w- c:\windows\system32\ptpusb.dll
2014-09-01 16:41 . 2008-04-14 03:21 159232 ----a-w- c:\windows\system32\ptpusd.dll
2014-08-26 21:31 . 2014-08-26 21:31 -------- d-----w- c:\program files\WinDirStat
2014-08-26 21:24 . 2014-08-26 21:24 -------- d-----w- c:\program files\xRay
2014-08-26 19:53 . 2014-08-26 19:53 -------- d-----w- c:\documents and settings\PanPič\Data aplikací\Nero
2014-08-26 01:28 . 2014-08-26 01:30 -------- d-----w- c:\program files\Nero
2014-08-26 01:28 . 2014-08-26 01:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Nero
2014-08-26 01:28 . 2014-08-26 01:30 -------- d-----w- c:\program files\Common Files\Nero
2014-08-21 22:15 . 2014-08-21 22:16 -------- d-----w- c:\documents and settings\PanPič\Data aplikací\TotalRecorder
2014-08-21 22:13 . 2014-04-30 13:38 95432 ----a-w- c:\windows\system32\drivers\TotRec8.sys
2014-08-21 22:13 . 2014-08-21 22:13 -------- d-----w- c:\program files\HighCriteria
2014-08-21 00:40 . 2014-08-21 00:40 -------- d-----w- c:\program files\Common Files\Java
2014-08-21 00:40 . 2014-07-25 10:26 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-08-21 00:40 . 2014-07-25 10:55 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-08-20 21:53 . 2014-08-20 21:53 -------- d-----w- c:\documents and settings\PanPič\Local Settings\Data aplikací\CrashRpt
2014-08-14 22:41 . 2014-08-14 22:41 -------- d-----w- c:\documents and settings\PanPič\Local Settings\Data aplikací\SKIDROW
2014-08-14 22:41 . 2014-08-14 22:41 -------- d-----w- c:\documents and settings\PanPič\Local Settings\Data aplikací\2K Games
2014-08-14 21:03 . 2014-09-03 21:44 -------- d-----w- c:\documents and settings\PanPič\Data aplikací\Seznam.cz
2014-08-14 21:00 . 2014-08-14 21:00 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-08-14 21:00 . 2014-08-21 15:34 -------- d-----w- c:\documents and settings\PanPič\Data aplikací\DAEMON Tools Lite
2014-08-14 21:00 . 2014-08-14 21:00 -------- d-----w- c:\program files\DAEMON Tools Lite
2014-08-14 21:00 . 2014-08-14 21:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2014-08-14 20:03 . 2007-06-29 12:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2014-08-14 20:03 . 2014-08-14 20:03 -------- d-----w- c:\program files\AMD
2014-08-14 20:02 . 2014-09-01 16:47 -------- d-----w- c:\documents and settings\PanPič\Local Settings\Data aplikací\Downloaded Installations
2014-08-14 19:07 . 2014-08-21 10:29 -------- d-----w- c:\program files\2K Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-14 19:54 . 2014-05-08 22:29 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2014-08-14 19:49 . 2014-05-08 22:31 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2014-08-14 19:49 . 2014-05-08 22:29 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2014-08-05 00:41 . 2014-08-05 00:41 20480 ----a-w- c:\windows\system32\H@tKeysH@@k.DLL
2014-08-04 16:51 . 2014-01-07 16:47 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-08-04 16:51 . 2014-08-04 16:51 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-04 16:51 . 2014-01-07 16:47 57800 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-08-04 16:51 . 2014-01-07 16:47 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-04 16:51 . 2014-01-07 16:47 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-08-04 16:51 . 2014-01-07 16:47 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-08-04 16:51 . 2014-01-07 16:47 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-04 16:51 . 2014-01-07 16:47 55112 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-08-04 16:51 . 2014-08-04 16:51 43152 ----a-w- c:\windows\avastSS.scr
2014-08-04 16:51 . 2014-01-07 16:47 276432 ----a-w- c:\windows\system32\aswBoot.exe
2014-07-09 00:06 . 2012-10-22 18:46 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-09 00:06 . 2011-06-21 16:47 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 00:06 . 2014-07-09 00:06 11204096 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-04 16:51 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\PanPič\Data aplikací\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\PanPič\Data aplikací\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\PanPič\Data aplikací\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\PanPič\Data aplikací\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2014-02-07 1564992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-04 4085896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-03-21 15517984]
"NvMediaCenter"="NvMCTray.dll" [2013-03-21 108832]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-03-23 1982312]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2014-02-07 311616]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
GamePark klient 2.lnk - c:\program files\GamePark2\gpcl.exe [2012-12-27 409088]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Codemasters\\F1 2010\\F1_2010_game.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Electronic Arts\\Need For Speed World\\Data\\nfsw.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\PanPič\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.3235\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.3286\\Agent.exe"=
"c:\\Program Files\\Battle.net\\Battle.net.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [7.1.2014 18:47 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [7.1.2014 18:47 192352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7.1.2014 18:47 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [7.1.2014 18:47 414520]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [14.8.2014 23:00 243128]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [4.8.2014 18:51 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [7.1.2014 18:47 67824]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5.9.2014 1:47 701512]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [9.10.2013 11:58 3275136]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [7.1.2014 23:06 1730776]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5.9.2014 1:47 22856]
R3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [22.8.2014 0:13 95432]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [1.9.2014 18:52 20032]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5.9.2014 1:47 40776]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [22.4.2012 19:37 47360]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMSCHEDULER
*NewlyCreated* - MBAMSERVICE
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-04 17:01 1096520 ----a-w- c:\program files\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-22 00:06]
.
2014-09-05 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-04 16:51]
.
2014-09-05 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2012-02-18 18:33]
.
2014-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-10 14:31]
.
2014-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-10 14:31]
.
2014-08-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-21 23:28]
.
2014-09-05 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-21 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = about:blank
uInternet Settings,ProxyOverride = localhost;127.0.0.1
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter
Trusted Zone: 4game.com
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.1.15.100
TCP: Interfaces\{5927BF33-1D90-4BE9-82BA-112EF3E8FF1B}: NameServer = 8.8.8.8,8.8.4.4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-09-05 02:05
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3080)
c:\documents and settings\PanPič\Data aplikací\Dropbox\bin\DropboxExt.22.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\VideoLAN\VLC\vlc.exe
.
**************************************************************************
.
Celkový čas: 2014-09-05 02:12:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-09-05 00:12
.
Před spuštěním: Volných bajtů: 76 458 106 880
Po spuštění: Volných bajtů: 76 486 684 672
.
- - End Of File - - 5A1F38A0D0913E41FCD2D15D37805BFC
413FC2A0C716421B3158746D63736515

[Roli]

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Stáhni a ulož na plochu AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem spusť,

objeví se okno kde vlevo nahoře klikni na Scan.

Po té proběhne sken a po jeho skončení klikni na Report a to co na Tebe vypadne mi sem zkopíruj.


Plus k tomu přidej aktuální log.txt z Rsit.

[Tommy Puerto]

# AdwCleaner v3.309 - Report created 05/09/2014 at 16:40:24
# Updated 02/09/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : PanPič - TOMOVASVATYNE
# Running from : C:\Documents and Settings\PanPič\Dokumenty\Downloads\adwcleaner_3.309 (3).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v

-\\ Google Chrome v37.0.2062.103

[ File : C:\Documents and Settings\PanPič\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R1].txt - [899 octets] - [05/09/2014 16:17:38]
AdwCleaner[R2].txt - [1017 octets] - [05/09/2014 16:32:09]
AdwCleaner[R3].txt - [880 octets] - [05/09/2014 16:40:24]
AdwCleaner[S1].txt - [507 octets] - [05/09/2014 16:21:34]
AdwCleaner[S2].txt - [507 octets] - [05/09/2014 16:33:16]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1057 octets] ##########



Logfile of random's system information tool 1.10 (written by random/random)
Run by PanPič at 2014-09-05 16:42:10
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 73 GB (38%) free of 191 GB
Total RAM: 2047 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:42:23, on 5.9.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GamePark2\gpcl.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PanPič\Dokumenty\Downloads\RSIT (2).exe
C:\Program Files\trend micro\PanPič.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1606980848-1708537768-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: GamePark klient 2.lnk = C:\Program Files\GamePark2\gpcl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.co ... 5.15.0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5927BF33-1D90-4BE9-82BA-112EF3E8FF1B}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe

--
End of file - 8543 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\avast! Emergency Update.job - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\WINDOWS\tasks\GlaryInitialize.job - C:\Program Files\Glary Utilities\initialize.exe
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe -c

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-25 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-08-04 457712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09 4502400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-25 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-08-04 4085896]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2013-03-22 15517984]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2013-03-23 1982312]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-07-25 256896]
"KiesTrayAgent"=C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2014-02-07 311616]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2014-03-04 3696912]
"KiesPreload"=C:\Program Files\Samsung\Kies\Kies.exe [2014-02-07 1564992]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
GamePark klient 2.lnk - C:\Program Files\GamePark2\gpcl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\Program Files\BitTorrent\BitTorrent.exe"="C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Codemasters\F1 2010\F1_2010_game.exe"="C:\Program Files\Codemasters\F1 2010\F1_2010_game.exe:*:Enabled:F1 2010 Executable"
"C:\WINDOWS\system32\msiexec.exe"="C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Documents and Settings\All Users\Data aplikací\Electronic Arts\Need For Speed World\Data\nfsw.exe"="C:\Documents and Settings\All Users\Data aplikací\Electronic Arts\Need For Speed World\Data\nfsw.exe:*:Enabled:Need for Speed World"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Google\Chrome\Application\chrome.exe"="C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Documents and Settings\PanPič\Data aplikací\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\PanPič\Data aplikací\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
"C:\Documents and Settings\All Users\Data aplikací\Battle.net\Agent\Agent.3235\Agent.exe"="C:\Documents and Settings\All Users\Data aplikací\Battle.net\Agent\Agent.3235\Agent.exe:*:Enabled:Battle.net Update Agent"
"C:\Documents and Settings\All Users\Data aplikací\Battle.net\Agent\Agent.3286\Agent.exe"="C:\Documents and Settings\All Users\Data aplikací\Battle.net\Agent\Agent.3286\Agent.exe:*:Enabled:Battle.net Update Agent"
"C:\Program Files\Battle.net\Battle.net.exe"="C:\Program Files\Battle.net\Battle.net.exe:*:Enabled:Battle.net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codecp.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"vidc.LSCR"=C:\PROGRA~1\COMMON~1\ZEALME~1\decoder\LCODCS~1.DLL
"MSVideo8"=VfWWDM32.dll
"msacm.vorbis"=vorbis.acm

======List of files/folders created in the last 1 month======

2014-09-05 16:17:20 ----D---- C:\rsit
2014-09-05 16:16:48 ----D---- C:\AdwCleaner
2014-09-05 01:47:20 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2014-09-04 02:49:22 ----D---- C:\Program Files\trend micro
2014-09-04 02:37:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Trend Micro Installer
2014-09-03 23:50:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2014-09-03 23:46:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\RogueKiller
2014-09-03 23:27:18 ----A---- C:\WINDOWS\system32\drivers\tmcomm.sys
2014-09-03 23:19:02 ----D---- C:\Documents and Settings\PanPič\Data aplikací\Malwarebytes
2014-09-03 23:18:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-09-02 15:41:35 ----D---- C:\Program Files\Battle.net
2014-09-01 18:56:36 ----D---- C:\Documents and Settings\PanPič\Data aplikací\Samsung
2014-09-01 18:52:35 ----A---- C:\WINDOWS\system32\Redemption.dll
2014-09-01 18:52:15 ----A---- C:\WINDOWS\system32\drivers\dgderdrv.sys
2014-09-01 18:52:15 ----A---- C:\WINDOWS\system32\DIFxAPI.dll
2014-09-01 18:52:15 ----A---- C:\WINDOWS\system32\dgderapi.dll
2014-09-01 18:49:19 ----D---- C:\Program Files\Samsung
2014-09-01 18:49:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\Samsung
2014-09-01 18:41:38 ----A---- C:\WINDOWS\system32\ptpusb.dll
2014-09-01 18:41:24 ----A---- C:\WINDOWS\system32\ptpusd.dll
2014-08-26 23:31:02 ----D---- C:\Program Files\WinDirStat
2014-08-26 23:24:23 ----D---- C:\Program Files\xRay
2014-08-26 21:53:00 ----D---- C:\Documents and Settings\PanPič\Data aplikací\Nero
2014-08-26 03:28:31 ----D---- C:\Program Files\Nero
2014-08-26 03:28:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nero
2014-08-26 03:28:14 ----D---- C:\Program Files\Common Files\Nero
2014-08-22 00:15:38 ----D---- C:\Documents and Settings\PanPič\Data aplikací\TotalRecorder
2014-08-22 00:13:29 ----A---- C:\WINDOWS\system32\drivers\TotRec8.sys
2014-08-22 00:13:25 ----D---- C:\Program Files\HighCriteria
2014-08-21 02:40:35 ----D---- C:\Program Files\Common Files\Java
2014-08-21 02:40:25 ----A---- C:\WINDOWS\system32\javaws.exe
2014-08-21 02:40:19 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-08-21 02:40:19 ----A---- C:\WINDOWS\system32\javaw.exe
2014-08-21 02:40:19 ----A---- C:\WINDOWS\system32\java.exe
2014-08-14 23:03:06 ----D---- C:\Documents and Settings\PanPič\Data aplikací\Seznam.cz
2014-08-14 23:00:56 ----A---- C:\WINDOWS\system32\drivers\dtsoftbus01.sys
2014-08-14 23:00:50 ----D---- C:\Documents and Settings\PanPič\Data aplikací\DAEMON Tools Lite
2014-08-14 23:00:45 ----D---- C:\Program Files\DAEMON Tools Lite
2014-08-14 23:00:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2014-08-14 22:03:18 ----A---- C:\WINDOWS\system32\drivers\AmdLLD.sys
2014-08-14 22:03:12 ----D---- C:\Program Files\AMD
2014-08-14 21:07:05 ----D---- C:\Program Files\2K Games

======List of files/folders modified in the last 1 month======

2014-09-05 16:38:17 ----D---- C:\WINDOWS\Temp
2014-09-05 16:28:38 ----D---- C:\WINDOWS
2014-09-05 16:28:25 ----SHD---- C:\System Volume Information
2014-09-05 16:28:25 ----D---- C:\WINDOWS\system32\Restore
2014-09-05 16:27:43 ----D---- C:\WINDOWS\system32\drivers
2014-09-05 16:27:43 ----D---- C:\WINDOWS\ime
2014-09-05 09:06:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-09-05 02:38:59 ----D---- C:\Documents and Settings\PanPič\Data aplikací\vlc
2014-09-05 02:30:48 ----D---- C:\WINDOWS\system32
2014-09-05 02:12:27 ----D---- C:\WINDOWS\Prefetch
2014-09-05 02:10:45 ----D---- C:\WINDOWS\system32\CatRoot2
2014-09-05 02:05:17 ----A---- C:\WINDOWS\system.ini
2014-09-05 02:04:40 ----D---- C:\WINDOWS\system32\drivers\etc
2014-09-05 02:04:25 ----D---- C:\Program Files
2014-09-05 02:03:20 ----D---- C:\Documents and Settings\PanPič\Data aplikací\BitTorrent
2014-09-05 02:03:03 ----D---- C:\WINDOWS\system32\config
2014-09-05 02:00:27 ----D---- C:\WINDOWS\AppPatch
2014-09-05 02:00:25 ----D---- C:\Program Files\Common Files
2014-09-04 00:14:08 ----D---- C:\Documents and Settings\PanPič\Data aplikací\Winamp
2014-09-03 14:41:13 ----D---- C:\Documents and Settings\PanPič\Data aplikací\gtk-2.0
2014-09-02 15:43:15 ----D---- C:\Program Files\World of Warcraft
2014-09-02 15:41:49 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2014-09-01 19:08:30 ----HD---- C:\WINDOWS\inf
2014-09-01 19:08:30 ----DC---- C:\WINDOWS\system32\DRVSTORE
2014-09-01 19:03:44 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2014-09-01 19:03:44 ----D---- C:\WINDOWS\system32\drivers\umdf
2014-09-01 18:59:03 ----RSD---- C:\WINDOWS\assembly
2014-09-01 18:59:03 ----D---- C:\WINDOWS\Microsoft.NET
2014-09-01 18:52:08 ----SHD---- C:\WINDOWS\Installer
2014-09-01 18:52:08 ----HD---- C:\Program Files\InstallShield Installation Information
2014-09-01 18:41:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-08-27 00:39:17 ----D---- C:\Games
2014-08-27 00:38:22 ----D---- C:\Riot Games
2014-08-27 00:07:25 ----D---- C:\Program Files\Cenega Czech
2014-08-27 00:06:39 ----D---- C:\Program Files\Codemasters
2014-08-27 00:04:42 ----D---- C:\Program Files\EA GAMES
2014-08-26 23:12:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2014-08-26 23:12:17 ----RD---- C:\Program Files\Skype
2014-08-26 23:11:13 ----D---- C:\Documents and Settings\PanPič\Data aplikací\Skype
2014-08-26 18:23:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-22 00:21:48 ----D---- C:\Documents and Settings\PanPič\Data aplikací\Audacity
2014-08-21 12:55:41 ----D---- C:\WINDOWS\system32\DirectX
2014-08-21 02:44:18 ----D---- C:\Program Files\SystemRequirementsLab
2014-08-21 02:40:17 ----D---- C:\Program Files\Java
2014-08-15 03:05:42 ----D---- C:\WINDOWS\system32\MRT
2014-08-15 03:00:37 ----A---- C:\WINDOWS\system32\MRT.exe
2014-08-14 22:49:58 ----SHD---- C:\WINDOWS\system32\AI_RecycleBin
2014-08-14 22:47:22 ----D---- C:\Program Files\Counter-Strike 1.6 Non-Steam
2014-08-14 22:03:54 ----RSH---- C:\boot.ini
2014-08-14 21:49:30 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2014-08-14 21:37:03 ----D---- C:\Program Files\NVIDIA Corporation
2014-08-13 20:11:12 ----D---- C:\Documents and Settings\PanPič\Data aplikací\TS3Client
2014-08-06 15:29:38 ----D---- C:\Program Files\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2014-08-04 49944]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2014-08-04 192352]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-03-03 48640]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-02-23 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2004-12-03 20544]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2014-08-04 55112]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2014-08-04 779536]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2014-08-04 414520]
R1 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2014-08-04 57800]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2014-08-14 243128]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2014-08-04 24184]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2014-08-04 67824]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2010-03-26 243928]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture; C:\WINDOWS\system32\drivers\HCW85BDA.sys [2013-11-06 1730776]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-06-14 6359656]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2013-03-23 12653120]
R3 SMBios;Intel (R) System Management BIOS Service; C:\WINDOWS\system32\DRIVERS\SMBios.sys [2003-10-14 36484]
R3 TotRec8;Total Recorder WDM audio filter driver; \??\C:\WINDOWS\system32\drivers\TotRec8.sys []
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dgderdrv;dgderdrv; C:\WINDOWS\System32\drivers\dgderdrv.sys [2014-01-23 20032]
S3 EagleNT;EagleNT; C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2012-04-22 47360]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 taphss;Anchorfree HSS Adapter; C:\WINDOWS\system32\DRIVERS\taphss.sys [2012-01-05 32768]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-08-04 50344]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2014-07-25 182696]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2013-03-22 156448]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-03-23 1259296]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2014-05-09 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2014-08-14 214520]
R2 Skype C2C Service;Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-10 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09 262320]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-10 136176]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[Roli]

Tohle fixni v HJT :

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-21-1606980848-1708537768-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

HJT najdeš zde :

C:\Program Files\trend micro\PanPič.exe

Fix znamená že spustíš HJT jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :

Služba Google Update (gupdate)
Služba Google Update (gupdatem)
Nero BackItUp Scheduler 4.0

dvojklikem se otevře karta kde nejprve službu zastav tlačítkem Zastavit u položky Typ spouštění vyber Zakázáno a klik na OK.


V Naplánovaných úlohách smaž :

Google Update bude to tam několikrát
Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP
Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP


Pak dej vědět jaký je stav PC.

[Tommy Puerto]

Tak ten vir z facebooku asi furt funguje, sice mi Facebook jde spustit na Opeře ale na chromu mi to píše
We've detected a virus on your computer
Follow the instructions below to remove the virus from your browser.
1.

Step 1 : Press CTRL+SHIFT+Delete
2.

Step 2 : Select "the beginning of time" and check "Cookies and other site and plug-in data" (uncheck others)
3.

Step 3 : Click "Clear Browsing Data".

Už jsem to udělal dvakrát ale furt nic.

[Roli]

Spusť skener Cure It podle TOHOTO návodu

po skončení skenu chci sem výsledky.

(Upozornění je úchylně pomalý a je zapotřebí ho sledovat občas se na něco ptá)

[Tommy Puerto]

[Roli]

Bezva, vše zlikvidovat a napsat stav PC.

[Tommy Puerto]

Na tom facebooku mi to píše furt to samé, vše jsem smazal kromě jednoho toho How to Train Dragon 2, omylem jsem dal Léčit.

[Roli]

A co ten Mbam našel něco ?

[Tommy Puerto]

Spustil jsem Mbam našlo to 2 věci smazal jsem je, a jde to Děkuji moc za pomoc a za čas. Zase někdy, nebo snad radši ne?

[Roli]

Děkuji moc za pomoc a za čas

Není zač a