Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Zdravím, poprosil bych o kontrolu.

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
kulisek523
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 08 lis 2014 20:17

Zdravím, poprosil bych o kontrolu.

#1 Příspěvek od kulisek523 »

Logfile of random's system information tool 1.10 (written by random/random)
Run by User at 2014-11-11 18:22:53
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (16%) free of 24 GB
Total RAM: 1015 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:23:00, on 11.11.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\User\Data aplikací\Seznam.cz\bin\szndesktop.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rts.dsrlte.com?affID=na
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Documents and Settings\User\Data aplikací\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Documents and Settings\User\Data aplikací\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - globalUpdate - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 7337 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\46f7cf9a-8167-44ad-8818-86d68ce518b4-11.job - C:\Program Files\Internet Speed Checker\46f7cf9a-8167-44ad-8818-86d68ce518b4-11.exe /rawdata=QMcMVzEvdNGP/ABdpi3N45GmBHf3lTeN1brTooOlPBTNagKEvz9zrvfnsuLYLxeSYP+TIm8c3xRXcaynVbxZKgiM4kQhltVPVvByYAZJsvXFvSjQNKfArFCsHI9ukz//6FXzLAh+C2HwbUTVJZfagFVLJwu7eS84kXoMk0bRlUwRrfUaPLPLC2FadvNfphuI52xQRphdhTqACDFWiAA7J9Z3J0BI4mzaHKpyhRhPGdvTkG71jJGH+s2rcNBFFyKdEdF/DfcTMBxZ2MeRRCx9H6UQ8J7EJKHob4d9c+N9lfpDxm4PCrg+cfmV5MHq9XBsiq6mPOrUNmwwYM6ZHjFyhZewROi0FyziCDJhSeqQor/p52Yxm+m+gQurxXGgZbbr17feFF4JHeOHQ+2zo7t6KRLetvsGKKe3tj1ReqZqZnZ0otG6IUWuL5TR3qWdP0FSQwyDwFBRQQfaoAH2uVzOP6OnjfR3wuIDj3nBav4l4SufkWUJHvHUsxZsJ3rD4jPSrekGPTRUcIuQTjXoYmjswxMqe9IQ3n5iBCn1fPY6xhRIq/bD6AMeduEGNKMSdyJNyLAcIu/Zr2DzjwIIKlKE4n2F9TGIvoz0JviXdxOLq88X1PqoJWza4MDyQByK3YhFKHquDevzP8FgKA75GLb6C8xk5Z/5J2trR9mTl0qn/BKVgooHUbBhru3wgVhqTctVmjcREz2Zbg2Jhv93Mltj8fCoxCEuhhLVmIyKW+j2YCrEQONfjOEED37hespM6iyE4PFlUPhyCHd50p6GHIHCJ8dJ0AzkaVAcB0xE8BFa6L2JXUPMGdTVZ6foYHSoDmMm1KDxFhQl5UiieIFkBTc666JFLHG3VXjZWUYzrMuesjzwO09CaqBndjfb4O5vhYpTAjNdtK0o+EGiLd/58NmMrkv4KZO7utKGo5Ordzb4uHWzInlaIlEmP6BrrnSIdPvAUMnZfMxR4I6LJ/5DVOxm2LTQfW2tWYu8956ADGeU3Iph2pwSlTx5CTeyEkTFOQ9RK4kxZ4v2dlxLi9uj4WQlxbkeR5CCr7uDBVinqO1sDb0piLIbw1LGzsyf1rHyqphRD9ZKbJ7rnZa2u92FwMal5EgiNc7seNsrEIwJgfypNtV/sJR9qJqnSleOWYA1Xk2LooussKDkZi1jws1QPKhhZKsTcGIlmzjiD9dunKAMU9lwt5Ni4BxfScTooWMAgTJZLlgqCLEhAIs0rsH5ZU2IzOgDFZew50rpblz4TttVbA0x/j9xovb3J+HmPCQXe2q4JHl/BGhY3+kwkMRjA2qba3rJGQLZUBjxm9cRgP5fIJ2lzcl+v5YfhPun0KIk8AUHXfJx2SjdsspORS2OCWwei3rUqixvWeQckrsH2HIBDfSgr26ZIV/asC1VVxaFxAUwEreWNqK8Vk4vT+CjP+Nh8LfVNYQgYnNt5U2iJ25QPRnLKz7llIu4QV1vHWZrz3giFaFDmdilB0GQ/5P6wdeH4z0KvrA//l1HqUN4NiaEvK+fJjfyB3hlXMODDB/HobY/wrsszGNtZpSIyPJ3TwfPH/v5WBDJMl3QjK2BQX0hveaogB2uPNc9NYh6PzmQ8WUl6K4tMnKh2CU4EL63eV7lxqzMcu+0dwluhhgQDi9Xyo078EdBrWy/UaGzn/koJqDixhoNFsPREL+bDdqJuXWG1wMCoRHnz4JBRWO1BGy67KcGIb5D8FKmcia0cm/5ssmo++N0gp9KiZAui84ruj6y1Y8aWoSVMm9RclbxNjFO1u/YkKdXxPckZb6+GeoMVjm+3l0XSyoG36ziubPHzmJdTSwIc5DYSX0UeTybs+wF1GN+sJciEn1zcWdx4gntCFSWz31QoI45juMDPcsARBXdJVEwlNXyQnT/BlZZ8VMeCiOwi3pRkyrfX9GjjOI/dIUJzn8rJTmMmiGcN6PSDwEfPtFPNswmMwe+JX07Cvt8vW45vDO8b12Xw8qiYdOdK0jr3p2m2uhycIRatgpY5F6+D7+BUaGF99fP2hsTbFk6jjSdqBj7bgqaouECjl+grx1PwEu1kdsoV1CXzttUKX3PtXHB1qrX0iy16nrqG/nY3b+gqyzigc7o0hjLOp4zdJzU80T6Z3HHX8qq1iYo/vI3BOzDbnyYzjUMYBFHz0p7WHthh2dgwTB9olu2oLUjhH6csGXuVasIpmHnAygJW6prTzTbMt+fZJMakXejjuUNWsGwlHmfEsXYuxBRyamRwDTsMLPHIdphUwiFCMooSuHVsfyZ8TaP3sJhjg1oqDhIT8Uue0JLnsDHNollVr+8Lp3e/oR6Fef84t2GbXjQnqhgfJxM1hBZ1IPBkcittA4O5bwTx8QulPApzgBIlSzL8n1GlEf2oamUvU5xEVoyn1vNmA==
C:\WINDOWS\tasks\46f7cf9a-8167-44ad-8818-86d68ce518b4-4.job - C:\Program Files\Internet Speed Checker\46f7cf9a-8167-44ad-8818-86d68ce518b4-4.exe /rawdata=YCvp9gh3rmekKBK8f/AeIkv/RYjNuaAnF26uVGTRRRN7MuCL/P63mToWuftzzdrK9o7o918wdP0WESsGOQHIBOtWZYt3zWTJbWNmdNv09fuFc41GibTXoDdkpi8p2sa9pXQYV+64dPF/88FYVpcY5OECJ1Js6zv2jT0TW6UpBwBjC71JO1jRyfIzSLyczik63xvmdtUVUwhcxsfxb/PXg3mv1IS3KQMhldLWk1gmdANdHruWiMGcDHVZcq2wpw/7joqdEbT/pHN5QGlW5bs5kJQmmrCRdN0fo1Y39c0KSDfp5UJ2vtwC8n1lpbvtbr2QcrQiB+Wr7P84h6f3JF8NBj/l6OCRNErqTyil/ya9YMqGRfE4BYWnOCvTetyF/qLtVNw+ffSB6OiJzHTOdOwSHtqnW2YGk9sy6U2kD7BgtIQltEH3D+dU0c7QilC4k69QMWWLVJiTVrSc7GHXjEoSt3mqnxnFfQcxW+WKB3oc3EFcwlykd4QfWkcI+WE/GsgsXCqkpPyXFGqKqS30AAUk7vxuAU327ybUG42XWvJPaGatG18ZqGIV4mZbS49JpBno9Oen8J5J++n2u0FIczy3HHchybKrKStEMNBwAul2Tkm3v4g3ypKf5Y8W6emYitGpP9KDmeSrr15NFm9SVZ6CYX2wiqfTANpz3KVvbxyScmOqfFEbG2ju+kjzDKruF8eQLiyl4QKJdvPQ0UOJ6FM3xjv+0wmyHA36pf9Ellxb3zvzU2tL/guj6X9/HbYcipeD8b3VLaWx9iFw3DPllYhKrlSSAdjQFBe4JiW7amuFLFqaeZQvg1lPkisFV4eWvHoCp/H8PCjqfPJ2X7uydjvSI3MpRPpYLDaRyA+Ycit3gj7Bs+PWe9vNsQq6ee5DKAYSYX1RNvr5golDzHDV/enIo8+pAuSSmZNR+/fV4V/FdvVgFLHm0oNPhqrXrRlL9ywsXlGJ61LdyTNcuYtHi9Hy7FYeaTDlILs6sFgGaF+ohR1M88yKb9A1c1pphBT12t+wh2dhl7aKlxh9GmFcvQS2+mIzeyR9S/Yt6A0AYNvsJ24SF9MYIG7N/6PzczkHwSPG9RQPEnWij7SbyF8egIwQtBFfmxQAGeygMOsyAAA1e1N4F4Ypl+WLATg76+BvfhFWRYkcBUzqqhkAX9MD+egYZmHsxOTSwDyZ9ff2dlKqqYIP5paA1bv1oIpXphuIyLEU9KZiJ4EJA9txCSnKU5mFVRgiZh4KpGiofT8DSatj6TLSmnsMlzUHYHuUeW4V51h6cgRwpRg/yR/rGF/o47Na8Ir5Kz41PwFuFgfGngCHqqA9C2qP+hJYZe86BdySdFtOlPJFT24V6PskSh8sA0KrUATFgxHxmaRxrmRA4BodH0ilI+Fpt5YNC35c/hugQvSCm6sDjl4vrqEQzckM7o/7cH65n4Nbq0IdBBmyivjCg08s4DsiS3X/apkfziW6iX51Z3+Q8h2VkZhMFuoQ9WVhvZRQgbn0QYI8ypz2Ifuj9QKqxjGJ6bzl3tD9q0Verwv8Bxb/aKuZb79AWHqh9KyMwtOoEu3SGdqgH7pGaeVLe6z5Cvf/e2Alo0RkZvv5cGQ/AbJp+ne9U5eqqPUQ8y+niTRclJ1h99iSDAtnhRnMVPDe1FnbATSWIsrBLAVNhxBbzAC+uQDwU2hl2gPrdA/N7D8hgqd60IMwSznS8mt7BRdXRSjfmYQLMcAwVDbCN/KcnlzTCZ2FJIcweObmM9lRlfNx8ZS/ZVU3OlMcKIBaOEeHOaJyN6EZtib/Mpn0YoFm8fVvMfneTyFWyoZDYQkyuhEEJWZKdRoIb9EmDFTBGxSx9gFkB2x5pWT/n5EIcfM8aTXBpsilS8a6KvlKWH58qQ==
C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\d47bd50f-7472-49c0-a46a-79132ec670bd.job - C:\Program Files\Internet Speed Checker\d47bd50f-7472-49c0-a46a-79132ec670bd.exe 001726 517271C2AA514AD8A539CBEE792F0DD3IE 61752 1413129002 93-0,102-0,104-0,178-288,179-288,180-288,223-288,263-24 Internet Speed Checker
C:\WINDOWS\tasks\globalUpdateUpdateTaskMachineCore.job - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\globalUpdateUpdateTaskMachineUA.job - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-18 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-11-06 142104]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-11-06 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-11-06 138008]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-11-06 16384512]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-11-06 1826816]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-06-26 888832]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-03-21 174872]
"HControl"=C:\WINDOWS\ATK0100\HControl.exe [2006-02-23 106496]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2012-09-13 1009288]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
cz.seznam.software.autoupdate"=C:\Documents and Settings\User\Data aplikací\Seznam.cz\szninstall.exe [2013-05-16 1062472]
cz.seznam.software.szndesktop"=C:\Documents and Settings\User\Data aplikací\Seznam.cz\bin\wszndesktop.exe [2013-04-12 92664]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2014-10-30 4826904]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-11-06 204800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\User\Data aplikací\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\User\Data aplikací\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Google\Chrome\Application\chrome.exe"="C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Program Files\AVG\AVG2015\avgmfapx.exe"="C:\Program Files\AVG\AVG2015\avgmfapx.exe:*:Enabled:Instalátor AVG"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======List of files/folders created in the last 1 month======

2014-11-11 18:22:53 ----D---- C:\rsit
2014-11-11 18:22:53 ----D---- C:\Program Files\trend micro
2014-11-10 23:55:01 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\AVG2015
2014-11-10 23:43:51 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\MFAData
2014-11-08 18:08:19 ----SHD---- C:\RECYCLER
2014-11-08 16:02:56 ----A---- C:\WINDOWS\zip.exe
2014-11-08 16:02:56 ----A---- C:\WINDOWS\SWXCACLS.exe
2014-11-08 16:02:56 ----A---- C:\WINDOWS\SWSC.exe
2014-11-08 16:02:56 ----A---- C:\WINDOWS\SWREG.exe
2014-11-08 16:02:56 ----A---- C:\WINDOWS\sed.exe
2014-11-08 16:02:56 ----A---- C:\WINDOWS\PEV.exe
2014-11-08 16:02:56 ----A---- C:\WINDOWS\NIRCMD.exe
2014-11-08 16:02:56 ----A---- C:\WINDOWS\MBR.exe
2014-11-08 16:02:56 ----A---- C:\WINDOWS\grep.exe
2014-11-08 16:02:49 ----D---- C:\ComboFix-1
2014-11-08 15:58:33 ----D---- C:\WINDOWS\ERDNT
2014-11-08 15:58:28 ----D---- C:\Qoobox
2014-11-08 15:41:27 ----D---- C:\Program Files\CCleaner
2014-10-29 12:33:46 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\524e839f-d90b-4fed-b642-f367c31c677f
2014-10-28 15:38:19 ----D---- C:\Documents and Settings\User\Data aplikací\Pay-By-Ads
2014-10-12 19:43:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-10-12 16:50:13 ----D---- C:\Program Files\globalUpdate
2014-10-12 16:50:09 ----D---- C:\Program Files\Internet Speed Checker
2014-10-12 16:40:07 ----D---- C:\Documents and Settings\User\Data aplikací\QuickScan

======List of files/folders modified in the last 1 month======

2014-11-11 18:22:53 ----D---- C:\Program Files
2014-11-11 18:21:50 ----D---- C:\WINDOWS\Prefetch
2014-11-11 18:11:41 ----D---- C:\WINDOWS\Temp
2014-11-11 18:11:35 ----D---- C:\WINDOWS
2014-11-11 18:11:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-11-11 18:11:21 ----D---- C:\WINDOWS\system32\CatRoot2
2014-11-11 18:11:13 ----D---- C:\WINDOWS\system32
2014-11-11 18:10:02 ----D---- C:\Config.Msi
2014-11-11 18:09:54 ----HD---- C:\WINDOWS\inf
2014-11-11 18:09:54 ----D---- C:\WINDOWS\system32\drivers
2014-11-11 18:09:20 ----SHD---- C:\WINDOWS\Installer
2014-11-11 17:19:01 ----D---- C:\WINDOWS\SoftwareDistribution
2014-11-11 17:18:58 ----D---- C:\WINDOWS\Help
2014-11-11 03:18:52 ----D---- C:\Documents and Settings\User\Data aplikací\vlc
2014-11-11 00:57:37 ----D---- C:\Program Files\Web Assistant
2014-11-11 00:54:34 ----D---- C:\Program Files\Optimizer Pro
2014-11-10 23:56:21 ----D---- C:\Program Files\outobox
2014-11-10 23:55:27 ----D---- C:\Documents and Settings\User\Data aplikací\TuneUp Software
2014-11-10 23:51:35 ----A---- C:\WINDOWS\win.ini
2014-11-10 23:50:38 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\AVAST Software
2014-11-10 23:47:10 ----SD---- C:\WINDOWS\Tasks
2014-11-10 23:46:06 ----SD---- C:\WINDOWS\system32\Microsoft
2014-11-08 18:01:09 ----A---- C:\WINDOWS\system.ini
2014-11-08 18:00:54 ----D---- C:\WINDOWS\system32\drivers\etc
2014-11-08 16:44:43 ----D---- C:\WINDOWS\system32\config
2014-11-08 16:40:48 ----D---- C:\WINDOWS\AppPatch
2014-11-08 16:40:46 ----D---- C:\Program Files\Common Files
2014-11-04 20:34:59 ----D---- C:\WINDOWS\Debug
2014-10-27 16:41:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-22 21:52:19 ----D---- C:\WINDOWS\Minidump
2014-10-20 19:12:39 ----D---- C:\Documents and Settings\User\Data aplikací\wrapper

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2007-03-21 304920]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2007-11-06 1161888]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-11-06 5761760]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-11-06 4608000]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2005-02-17 5632]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2007-11-06 85120]
R3 RTL8187B;Síťový adaptér Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2010-03-31 342784]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-11-06 209280]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 catchme;catchme; \??\C:\ComboFix-1\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2007-11-06 9216]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-03-21 355096]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-12-18 182696]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-29 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23 267440]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 globalUpdatem;globalUpdate Update Service (globalUpdatem); C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-10-12 68608]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-29 116648]

-----------------EOF-----------------
Nahoru
kulisek523
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 08 lis 2014 20:17

Re: Zdravím, poprosil bych o kontrolu.

#2 Příspěvek od kulisek523 »

V ntb vyskakují reklamy je spomalený a antivir furt nachazi nějake viry. Předem díky za pomoc:)
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Zdravím, poprosil bych o kontrolu.

#3 Příspěvek od vyosek »

Zdravim :)

:arrow: Co se tyce ComboFixu, ktery jste pouzil, tak na zaklade licence a pravidel fora ptam, umite s nim pracovat (spusteni, rozlusteni logu, napsani skriptu) :???:

:arrow: Licencni podminky ComboFixu hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby"
Obrázek

:arrow: Nebezpeci CFka
  • Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
  • Maze stopy po haveti, takze v logu z RSIT neni nic videt
  • Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
  • CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
  • CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal
:arrow: Log z CF byste nasel, mel by byt c:\combofix.txt
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
kulisek523
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 08 lis 2014 20:17

Re: Zdravím, poprosil bych o kontrolu.

#4 Příspěvek od kulisek523 »

Combofix jsem použil jako nezkušený uživatel, už je to dávno, kdy jsem s nim pracoval na mojem straším PC, který byl totalně zavirovaný tak jsem ho chtěl použit i tedkom, ale nebyl jsem si vědom následků tohoto programu...
Tady přikládám log :)

ComboFix 14-11-03.01 - User 08.11.2014 16:33:48.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1015.544 [GMT 1:00]
Spuštěný z: c:\documents and settings\User\Plocha\ComboFix-1.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Eliska\Application Data\Mozilla\Firefox\Profiles\1kciukq9.default-1362346409718\extensions\2gfua@ifmx.org
c:\documents and settings\Eliska\Application Data\Mozilla\Firefox\Profiles\1kciukq9.default-1362346409718\extensions\2gfua@ifmx.org\bootstrap.js
c:\documents and settings\Eliska\Application Data\Mozilla\Firefox\Profiles\1kciukq9.default-1362346409718\extensions\2gfua@ifmx.org\content\zy.xul
c:\documents and settings\Eliska\Application Data\Mozilla\Firefox\Profiles\1kciukq9.default-1362346409718\extensions\2gfua@ifmx.org\chrome.manifest
c:\documents and settings\Eliska\Application Data\Mozilla\Firefox\Profiles\1kciukq9.default-1362346409718\extensions\2gfua@ifmx.org\install.rdf
c:\documents and settings\Eliska\Application Data\Mozilla\Firefox\Profiles\1kciukq9.default-1362346409718\extensions\zrd.2iu@gjua-yiaa.org
c:\documents and settings\Eliska\Application Data\Mozilla\Firefox\Profiles\1kciukq9.default-1362346409718\extensions\zrd.2iu@gjua-yiaa.org\bootstrap.js
c:\documents and settings\Eliska\Application Data\Mozilla\Firefox\Profiles\1kciukq9.default-1362346409718\extensions\zrd.2iu@gjua-yiaa.org\content\zy.xul
c:\documents and settings\Eliska\Application Data\Mozilla\Firefox\Profiles\1kciukq9.default-1362346409718\extensions\zrd.2iu@gjua-yiaa.org\chrome.manifest
c:\documents and settings\Eliska\Application Data\Mozilla\Firefox\Profiles\1kciukq9.default-1362346409718\extensions\zrd.2iu@gjua-yiaa.org\install.rdf
c:\documents and settings\Eliska\Application Data\PriceGong
c:\documents and settings\Eliska\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Eliska\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Eliska\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Eliska\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Eliska\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Eliska\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Eliska\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Eliska\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Eliska\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Eliska\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Eliska\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Eliska\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Eliska\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Eliska\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Eliska\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Eliska\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Eliska\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Eliska\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Eliska\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Eliska\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Eliska\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Eliska\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Eliska\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Eliska\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Eliska\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Eliska\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Eliska\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Eliska\Application Data\SearchProtect
c:\documents and settings\Eliska\Application Data\SearchProtect\bin\msvcp100.dll
c:\documents and settings\Eliska\Application Data\SearchProtect\bin\msvcr100.dll
c:\documents and settings\Eliska\Application Data\SearchProtect\bin\rep.dat
c:\documents and settings\Eliska\Application Data\SearchProtect\Dialogs\dialogsApi.js
c:\documents and settings\Eliska\Application Data\SearchProtect\Dialogs\lib\jquery.min.js
c:\documents and settings\Eliska\Application Data\SearchProtect\Dialogs\lib\json2.js
c:\documents and settings\Eliska\Application Data\SearchProtect\Dialogs\spbd\bubble.css
c:\documents and settings\Eliska\Application Data\SearchProtect\Dialogs\spbd\bubble.js
c:\documents and settings\Eliska\Application Data\SearchProtect\Dialogs\spbd\images\information.png
c:\documents and settings\Eliska\Application Data\SearchProtect\Dialogs\spbd\images\x-default-LTR.png
c:\documents and settings\Eliska\Application Data\SearchProtect\Dialogs\spbd\images\x-default-RTL.png
c:\documents and settings\Eliska\Application Data\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png
c:\documents and settings\Eliska\Application Data\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png
c:\documents and settings\Eliska\Application Data\SearchProtect\Dialogs\spbd\main.html
c:\documents and settings\Eliska\Application Data\SearchProtect\Dialogs\spsd\images\ok-button.png
c:\documents and settings\Eliska\Application Data\SearchProtect\Dialogs\spsd\images\separation-line.png
c:\documents and settings\Eliska\Application Data\SearchProtect\Dialogs\spsd\images\warning.png
c:\documents and settings\Eliska\Application Data\SearchProtect\Dialogs\spsd\main.html
c:\documents and settings\Eliska\Application Data\SearchProtect\Dialogs\spsd\SearchProtector.css
c:\documents and settings\Eliska\Application Data\SearchProtect\Dialogs\spsd\settings.js
c:\documents and settings\Eliska\Application Data\SearchProtect\ffprotect\abstraction.js
c:\documents and settings\Eliska\Application Data\SearchProtect\ffprotect\application.js
c:\documents and settings\Eliska\Application Data\SearchProtect\ffprotect\Dialogs\dialogsApi.js
c:\documents and settings\Eliska\Application Data\SearchProtect\ffprotect\Dialogs\lib\jquery.min.js
c:\documents and settings\Eliska\Application Data\SearchProtect\ffprotect\Dialogs\lib\json2.js
c:\documents and settings\Eliska\Application Data\SearchProtect\ffprotect\Dialogs\spbd\bubble.css
c:\documents and settings\Eliska\Application Data\SearchProtect\ffprotect\Dialogs\spbd\bubble.js
c:\documents and settings\Eliska\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\information.png
c:\documents and settings\Eliska\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-LTR.png
c:\documents and settings\Eliska\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-RTL.png
c:\documents and settings\Eliska\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-LTR.png
c:\documents and settings\Eliska\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-RTL.png
c:\documents and settings\Eliska\Application Data\SearchProtect\ffprotect\Dialogs\spbd\main.html
c:\documents and settings\Eliska\Application Data\SearchProtect\ffprotect\Dialogs\spsd\images\ok-button.png
c:\documents and settings\Eliska\Application Data\SearchProtect\ffprotect\Dialogs\spsd\images\separation-line.png
c:\documents and settings\Eliska\Application Data\SearchProtect\ffprotect\Dialogs\spsd\images\warning.png
c:\documents and settings\Eliska\Application Data\SearchProtect\ffprotect\Dialogs\spsd\main.html
c:\documents and settings\Eliska\Application Data\SearchProtect\ffprotect\Dialogs\spsd\SearchProtector.css
c:\documents and settings\Eliska\Application Data\SearchProtect\ffprotect\Dialogs\spsd\settings.js
c:\documents and settings\Eliska\Application Data\SearchProtect\ffprotect\popupTransparent.xul
c:\documents and settings\Eliska\Application Data\SearchProtect\ffprotect\SProtectorRepository\EN
c:\documents and settings\Eliska\Application Data\SearchProtect\ffprotect\SProtectorRepository\searchProtectorData
c:\documents and settings\Eliska\Start Menu\Programs\Wajam
c:\documents and settings\Eliska\Start Menu\Programs\Wajam\uninstall.lnk
c:\documents and settings\Eliska\WINDOWS
c:\documents and settings\Host\Application Data\SearchProtect
c:\documents and settings\Host\Application Data\SearchProtect\bin\msvcp100.dll
c:\documents and settings\Host\Application Data\SearchProtect\bin\msvcr100.dll
c:\documents and settings\Host\Application Data\SearchProtect\bin\rep.dat
c:\documents and settings\Host\Application Data\SearchProtect\bin\uninstall.exe
c:\documents and settings\Host\Application Data\SearchProtect\Dialogs\dialogsApi.js
c:\documents and settings\Host\Application Data\SearchProtect\Dialogs\lib\jquery.min.js
c:\documents and settings\Host\Application Data\SearchProtect\Dialogs\lib\json2.js
c:\documents and settings\Host\Application Data\SearchProtect\Dialogs\spbd\bubble.css
c:\documents and settings\Host\Application Data\SearchProtect\Dialogs\spbd\bubble.js
c:\documents and settings\Host\Application Data\SearchProtect\Dialogs\spbd\images\information.png
c:\documents and settings\Host\Application Data\SearchProtect\Dialogs\spbd\images\x-default-LTR.png
c:\documents and settings\Host\Application Data\SearchProtect\Dialogs\spbd\images\x-default-RTL.png
c:\documents and settings\Host\Application Data\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png
c:\documents and settings\Host\Application Data\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png
c:\documents and settings\Host\Application Data\SearchProtect\Dialogs\spbd\main.html
c:\documents and settings\Host\Application Data\SearchProtect\Dialogs\spsd\images\ok-button.png
c:\documents and settings\Host\Application Data\SearchProtect\Dialogs\spsd\images\separation-line.png
c:\documents and settings\Host\Application Data\SearchProtect\Dialogs\spsd\images\warning.png
c:\documents and settings\Host\Application Data\SearchProtect\Dialogs\spsd\main.html
c:\documents and settings\Host\Application Data\SearchProtect\Dialogs\spsd\SearchProtector.css
c:\documents and settings\Host\Application Data\SearchProtect\Dialogs\spsd\settings.js
c:\documents and settings\Host\Application Data\SearchProtect\ffprotect\abstraction.js
c:\documents and settings\Host\Application Data\SearchProtect\ffprotect\application.js
c:\program files\SearchProtect
c:\program files\SearchProtect\bin\msvcp100.dll
c:\program files\SearchProtect\bin\msvcr100.dll
c:\program files\SearchProtect\bin\rep.dat
c:\program files\SearchProtect\bin\uninstall.exe
c:\program files\SearchProtect\Dialogs\dialogsApi.js
c:\program files\SearchProtect\Dialogs\lib\jquery.min.js
c:\program files\SearchProtect\Dialogs\lib\json2.js
c:\program files\SearchProtect\Dialogs\spbd\bubble.css
c:\program files\SearchProtect\Dialogs\spbd\bubble.js
c:\program files\SearchProtect\Dialogs\spbd\images\information.png
c:\program files\SearchProtect\Dialogs\spbd\images\x-default-LTR.png
c:\program files\SearchProtect\Dialogs\spbd\images\x-default-RTL.png
c:\program files\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png
c:\program files\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png
c:\program files\SearchProtect\Dialogs\spbd\main.html
c:\program files\SearchProtect\Dialogs\spsd\images\ok-button.png
c:\program files\SearchProtect\Dialogs\spsd\images\separation-line.png
c:\program files\SearchProtect\Dialogs\spsd\images\warning.png
c:\program files\SearchProtect\Dialogs\spsd\main.html
c:\program files\SearchProtect\Dialogs\spsd\SearchProtector.css
c:\program files\SearchProtect\Dialogs\spsd\settings.js
c:\program files\SearchProtect\EULA.txt
c:\program files\SearchProtect\ffprotect\abstraction.js
c:\program files\SearchProtect\ffprotect\application.js
c:\program files\SearchProtect\Main\rep\SystemRepository.dat
c:\program files\SearchProtect\SearchProtect\bin\SPVC32.dll
c:\program files\SearchProtect\SearchProtect\bin\SPVC64.dll
c:\program files\Wajam
c:\program files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
c:\program files\Wajam\IE\favicon.ico
c:\program files\Wajam\IE\priam_bho.dll
c:\program files\Wajam\IE\wajamLogo.bmp
c:\program files\Wajam\uninstall.exe
c:\program files\Wajam\Updater\update.exe
c:\program files\Wajam\Updater\WajamUpdater.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CLTMNGSVC
-------\Legacy_GLOBALUPDATE
-------\Service_globalUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-10-08 do 2014-11-08 )))))))))))))))))))))))))))))))
.
.
2014-11-08 14:41 . 2014-11-08 14:41 -------- d-----w- c:\program files\CCleaner
2014-10-29 11:33 . 2014-11-04 17:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\524e839f-d90b-4fed-b642-f367c31c677f
2014-10-28 14:38 . 2014-10-28 14:38 -------- d-----w- c:\documents and settings\User\Data aplikací\Pay-By-Ads
2014-10-15 15:35 . 2014-10-15 06:00 55816 ----a-w- c:\windows\system32\drivers\{1a147621-8c9a-4d6b-a557-6513a40d3207}t.sys
2014-10-12 15:51 . 2014-10-12 15:51 -------- d-----w- c:\documents and settings\User\Local Settings\Data aplikací\Internet Speed Checker
2014-10-12 15:50 . 2014-10-12 15:50 -------- d-----w- c:\program files\globalUpdate
2014-10-12 15:50 . 2014-10-12 15:50 -------- d-----w- c:\documents and settings\User\Local Settings\Data aplikací\globalUpdate
2014-10-12 15:50 . 2014-10-20 17:49 -------- d-----w- c:\program files\Internet Speed Checker
2014-10-12 15:40 . 2014-10-12 15:40 -------- d-----w- c:\documents and settings\User\Data aplikací\QuickScan
2014-10-12 15:40 . 2014-10-12 15:40 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Data aplikací\QuickScan
2014-10-11 20:29 . 2014-10-11 20:29 -------- d-----w- c:\windows\jumpshot.com
2014-10-11 20:24 . 2014-10-11 20:24 43152 ----a-w- c:\windows\avastSS.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-11 20:25 . 2013-03-29 11:36 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-10-11 20:24 . 2013-03-29 11:36 779536 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-10-11 20:24 . 2013-03-29 11:36 57800 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-10-11 20:24 . 2013-03-29 11:36 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-10-11 20:24 . 2014-04-19 20:37 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-10-11 20:24 . 2013-03-29 11:36 55112 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2014-10-11 20:24 . 2013-03-29 11:36 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-10-11 20:24 . 2013-03-29 11:36 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-10-11 20:24 . 2013-03-29 11:36 276432 ----a-w- c:\windows\system32\aswBoot.exe
2014-10-11 20:24 . 2013-05-13 23:33 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-09-23 21:08 . 2013-03-29 12:06 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-23 21:08 . 2013-03-29 12:06 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-23 21:08 . 2014-09-23 21:08 3675824 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-03-21 08:50 . 2012-03-21 08:50 910112 ----a-w- c:\program files\jxpiinstall.exe
2010-02-08 20:58 . 2010-02-08 20:57 5865064 ----a-w- c:\program files\SweetImSetup.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-03-29 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-10-11 20:24 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\User\Data aplikací\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\User\Data aplikací\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\User\Data aplikací\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\User\Data aplikací\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-10-21 16:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-10-21 16:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-10-21 16:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-10-21 16:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-10-21 16:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-10-21 16:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cz.seznam.software.autoupdate"="c:\documents and settings\User\Data aplikací\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\documents and settings\User\Data aplikací\Seznam.cz\bin\wszndesktop.exe" [2013-04-12 92664]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-10-30 4826904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-06 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-06 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-06 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-06 16384512]
"SkyTel"="SkyTel.EXE" [2007-11-06 1826816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-26 888832]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-02-23 106496]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2012-09-13 1009288]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-10-11 4085896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2012-01-02 128512]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\User\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [29.3.2013 12:36 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [29.3.2013 12:36 192352]
R1 {1a147621-8c9a-4d6b-a557-6513a40d3207}t;{1a147621-8c9a-4d6b-a557-6513a40d3207}t;c:\windows\system32\drivers\{1a147621-8c9a-4d6b-a557-6513a40d3207}t.sys [15.10.2014 16:35 55816]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [14.5.2013 0:33 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [29.3.2013 12:36 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [29.3.2013 12:36 414520]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [19.4.2014 21:37 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [29.3.2013 12:36 67824]
R2 MaintainerSvc2.02.6806356;MaintainerSvc2.02.6806356;c:\documents and settings\All Users.WINDOWS\Data aplikací\524e839f-d90b-4fed-b642-f367c31c677f\maintainer.exe [29.10.2014 0:57 123624]
R2 Update outobox;Update outobox;c:\program files\outobox\updateoutobox.exe [7.12.2013 2:25 523496]
R2 Util outobox;Util outobox;c:\program files\outobox\bin\utiloutobox.exe [6.1.2014 21:32 523496]
R3 RTL8187B;Síťový adaptér Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0;c:\windows\system32\drivers\RTL8187B.sys [29.3.2013 12:11 342784]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [23.10.2013 7:15 172192]
S3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files\globalUpdate\Update\GoogleUpdate.exe [12.10.2014 16:50 68608]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-28 19:37 1089352 ----a-w- c:\program files\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-11-08 c:\windows\Tasks\46f7cf9a-8167-44ad-8818-86d68ce518b4-11.job
- c:\program files\Internet Speed Checker\46f7cf9a-8167-44ad-8818-86d68ce518b4-11.exe [2014-10-12 15:50]
.
2014-11-08 c:\windows\Tasks\46f7cf9a-8167-44ad-8818-86d68ce518b4-4.job
- c:\program files\Internet Speed Checker\46f7cf9a-8167-44ad-8818-86d68ce518b4-4.exe [2014-10-12 15:50]
.
2014-11-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-29 21:08]
.
2014-11-08 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-11 20:24]
.
2014-11-08 c:\windows\Tasks\d47bd50f-7472-49c0-a46a-79132ec670bd.job
- c:\program files\Internet Speed Checker\d47bd50f-7472-49c0-a46a-79132ec670bd.exe [2014-10-12 15:50]
.
2014-11-08 c:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
- c:\program files\globalUpdate\Update\GoogleUpdate.exe [2014-10-12 15:50]
.
2014-11-08 c:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
- c:\program files\globalUpdate\Update\GoogleUpdate.exe [2014-10-12 15:50]
.
2014-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-29 11:36]
.
2014-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-29 11:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://rts.dsrlte.com?affID=na
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll
HKU-Default-RunOnce-nltide2 - rundll32 advpack.dll
c:\documents and settings\Eliska\Start Menu\Programs\Startup\Stardock ObjectDock.lnk - d:\stardock\ObjectDock\ObjectDock.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-11-08 18:01
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\avast! sandbox
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2540)
c:\documents and settings\User\Data aplikací\Seznam.cz\bin\10871libfoxloader.dll
c:\windows\system32\msi.dll
c:\documents and settings\User\Data aplikací\Dropbox\bin\DropboxExt.22.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\documents and settings\User\Data aplikací\Seznam.cz\bin\szndesktop.exe
c:\windows\ATK0100\ATKOSD.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2014-11-08 18:04:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-11-08 17:04
.
Před spuštěním: 3 545 333 760
Po spuštění: 3 479 769 088
.
- - End Of File - - 1EF362567E1A91B3C2949988FCB58197
413FC2A0C716421B3158746D63736515
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Zdravím, poprosil bych o kontrolu.

#5 Příspěvek od vyosek »

:arrow: Priste CF az na radu nekoho zkuseneho :wink:

:arrow: Nasledujici soubory otestujte na VirusTotalu https://www.virustotal.com/cs/
  • c:\windows\system32\sfcfiles.dll
  • Kliknete na Choose file
  • Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
  • Kliknete na Scan It
  • Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
    Obrázek
  • Vysledek analyzy sem vlozte (jako odkaz)
:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Po spusteni probehne stazeni databaze
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
kulisek523
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 08 lis 2014 20:17

Re: Zdravím, poprosil bych o kontrolu.

#6 Příspěvek od kulisek523 »

jo tady je ten odkaz https://www.virustotal.com/cs/file/7ab3 ... 415802878/
a tady je ten log :)

# AdwCleaner v4.101 - Report created 12/11/2014 at 16:01:26
# Updated 09/11/2014 by Xplode
# Database : 2014-11-07.1 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User - USER-BD2C8E4903
# Running from : C:\Documents and Settings\User\Plocha\adwcleaner_4.101.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : globalUpdatem

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\BrowseToSave
Folder Deleted : C:\Program Files\Conduit
[!] Folder Deleted : C:\Program Files\globalUpdate
Folder Deleted : C:\Program Files\MocaFlix
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\Optimizer Pro
Folder Deleted : C:\Program Files\outobox
Folder Deleted : C:\Program Files\registry mechanic
Folder Deleted : C:\Program Files\SmartTweak
Folder Deleted : C:\Program Files\Web Assistant
Folder Deleted : C:\Program Files\Internet Speed Checker
Folder Deleted : C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\WINDOWS\system32\ARFC
Folder Deleted : C:\WINDOWS\system32\WNLT
Folder Deleted : C:\Documents and Settings\User\Local Settings\Data aplikací\genienext
Folder Deleted : C:\Documents and Settings\User\Local Settings\Data aplikací\globalUpdate
Folder Deleted : C:\Documents and Settings\User\Local Settings\Data aplikací\Mobogenie
Folder Deleted : C:\Documents and Settings\User\Local Settings\Data aplikací\SearchProtect
Folder Deleted : C:\Documents and Settings\User\Local Settings\Data aplikací\Internet Speed Checker
Folder Deleted : C:\Documents and Settings\User\Data aplikací\newnext.me
Folder Deleted : C:\Documents and Settings\User\Data aplikací\OpenCandy
Folder Deleted : C:\Documents and Settings\User\Data aplikací\pay-by-ads
[!] Folder Deleted : C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\fjpdnoojnohifgekbkmnfbiobhcbedka
File Deleted : C:\Documents and Settings\User\daemonprocess.txt

***** [ Scheduled Tasks ] *****

Task Deleted : globalUpdateUpdateTaskMachineCore
Task Deleted : globalUpdateUpdateTaskMachineUA
Task Deleted : 46f7cf9a-8167-44ad-8818-86d68ce518b4-11
Task Deleted : 46f7cf9a-8167-44ad-8818-86d68ce518b4-4
Task Deleted : d47bd50f-7472-49c0-a46a-79132ec670bd

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fjpdnoojnohifgekbkmnfbiobhcbedka
Key Deleted : HKCU\Software\Classes\iLivid.torrent
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\iLivid.torrent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172252}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B82DC472-6D22-4560-9B11-DD05A986F69F}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\outobox
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\Internet Speed Checker
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\outobox
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\torch
Key Deleted : HKLM\SOFTWARE\Internet Speed Checker
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\outobox
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Speed Checker
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\outobox
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Speed Checker
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Google Chrome v38.0.2125.111


-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [10056 octets] - [12/11/2014 15:56:19]
AdwCleaner[S0].txt - [10169 octets] - [12/11/2014 16:01:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10230 octets] ##########
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Zdravím, poprosil bych o kontrolu.

#7 Příspěvek od vyosek »

:arrow: Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do okna vlozte skript nize

  • Kód: Vybrat vše

    autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;
  • Nasledne kliknete na Run Script
  • PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
kulisek523
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 08 lis 2014 20:17

Re: Zdravím, poprosil bych o kontrolu.

#8 Příspěvek od kulisek523 »

tady to je :)

Zoek.exe v5.0.0.0 Updated 11-November-2014
Tool run by User on st 12.11.2014 at 18:33:09,26.
Systém Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\User\Plocha\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

12.11.2014 18:38:32 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1957994488-220523388-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-1957994488-220523388-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1957994488-220523388-1417001333-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully

==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\DOCUME~1\ALLUSE~1.WIN\DATAAP~1\524e839f-d90b-4fed-b642-f367c31c677f deleted
C:\Program Files\UpMedia deleted
C:\Documents and Settings\User\.android deleted
C:\Program Files\ComPlus Applications deleted
C:\Program Files\Yahoo! deleted
C:\DOCUME~1\ALLUSE~1.WIN\DATAAP~1\Yahoo! Companion deleted
C:\Documents and Settings\User\Local Settings\Data aplikací\cache deleted
C:\WINDOWS\system32\GroupPolicy\Machine deleted
C:\WINDOWS\system32\GroupPolicy\gpt.ini deleted
"C:\DOCUME~1\ALLUSE~1.WIN\DATAAP~1\?pidla Data Processing, s.r.o" not deleted
"C:\DOCUME~1\ALLUSE~1.WIN\DATAAP~1\Špidla Data Processing, s.r.o" deleted
"C:\DOCUME~1\ALLUSE~1.WIN\DATAAP~1\? pidla Data Processing, s.r.o" not deleted

==== Chromium Look ======================

Seznam LištiÄŤka - Rychlá volba - Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\eibfgbclmgnmffinenpipoibfdoblond
Seznam LištiÄŤka - Email - Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\fkfpcckoflkdgjdobdkpclgngaahgbpi
Seznam LištiÄŤka - SlovnĂ­k - Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ghoooididkjbjjldgojdgceoinbhbjmh
avast Online Security - Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Seznam LištiÄŤka - Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lelcohngbjgpiibagnfmncojacafbbpg
Internet Speed Checker - User\Data aplikací\Opera Software\Opera Stable\Extensions\bbglkiiiofelplniblholffbhhjmdhhi
The Weather - User\Data aplikací\Opera Software\Opera Stable\Extensions\lnejmennopimdkhecilfhkmmjolebocd

==== Chromium Startpages ======================

C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com",
"startup_urls": [ "http://www.google.com" ],


==== Chromium Fix ======================

C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\eibfgbclmgnmffinenpipoibfdoblond deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\fkfpcckoflkdgjdobdkpclgngaahgbpi deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ghoooididkjbjjldgojdgceoinbhbjmh deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lelcohngbjgpiibagnfmncojacafbbpg deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda deleted successfully
C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake deleted successfully
C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf deleted successfully
C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo deleted successfully
C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf deleted successfully
C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda deleted successfully
C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia deleted successfully
C:\Documents and Settings\User\Data aplikací\Opera Software\Opera Stable\Extensions\bbglkiiiofelplniblholffbhhjmdhhi deleted successfully
C:\Documents and Settings\User\Data aplikací\Opera Software\Opera Stable\Extensions\lnejmennopimdkhecilfhkmmjolebocd deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\https_api.outobox.net_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\https_api.outobox.net_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\https_c.mscimg.com_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\https_c.mscimg.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\https_connexity.net_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\https_connexity.net_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\https_hdapp1008-a.akamaihd.net_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\https_hdapp1008-a.akamaihd.net_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\https_ls.hit.gemius.pl_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\https_ls.hit.gemius.pl_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\https_s3.amazonaws.com_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\https_s3.amazonaws.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\https_www.facebook.com_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\https_www.facebook.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\https_www.google.cz_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\https_www.google.cz_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_adcash.ladypopular.cz_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_adcash.ladypopular.cz_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_cds.w5z3f4n9.hwcdn.net_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_cds.w5z3f4n9.hwcdn.net_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_connexity.net_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_connexity.net_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_eshop.kola-radotin.cz_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_eshop.kola-radotin.cz_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_googleads.g.doubleclick.net_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_googleads.g.doubleclick.net_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_horska-kola.hledejceny.cz_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_horska-kola.hledejceny.cz_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_imagesrv.adition.com_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_imagesrv.adition.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_jizdni-kola.heureka.cz_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_jizdni-kola.heureka.cz_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_ls.hit.gemius.pl_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_ls.hit.gemius.pl_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_partner.edarling.cz_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_partner.edarling.cz_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_playgame.travian.cz_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_playgame.travian.cz_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_pstatic.datafastguru.info_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_pstatic.datafastguru.info_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_search.seznam.cz_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_search.seznam.cz_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_shortp.com_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_shortp.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_static.kusham00.kusham.net_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_static.kusham00.kusham.net_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_static.tanzuki00.tanzuki.net_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_static.tanzuki00.tanzuki.net_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_vube.com_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_vube.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_www.7art.cz_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_www.7art.cz_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_www.adcash.com_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_www.adcash.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_www.bluewin.ch_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_www.bluewin.ch_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_www.heureka.cz_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_www.heureka.cz_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_www.kolakola.cz_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_www.kolakola.cz_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_www.seznam.cz_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_www.seznam.cz_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_www.sledujuserialy.cz_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_www.sledujuserialy.cz_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_www.teamsport.cz_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_www.teamsport.cz_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_www.youtube.com_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_www.youtube.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_www.zkouknito.cz_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_www.zkouknito.cz_0.localstorage-journal deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_www1.newbie-trading-guide.com_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_www1.newbie-trading-guide.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\chrome-devtools_devtools_0.localstorage deleted successfully
C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bgjpfhpjcgdppjbgnpnjllokbmcdllig_0.localstorage deleted successfully
C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\chrome-extension_blmojkbhnkkphngknkmgccmlenfaelkd_0.localstorage deleted successfully
C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fjpdnoojnohifgekbkmnfbiobhcbedka_0.localstorage deleted successfully
C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\chrome-extension_olfeabkoenfaoljndfecamgilllcpiak_0.localstorage deleted successfully
C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage deleted successfully
C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\https_mail.google.com_0.localstorage deleted successfully
C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\https_www.google.com_0.localstorage deleted successfully
C:\Documents and Settings\User\Data aplikací\Opera Software\Opera Stable\Local Storage\chrome-extension_lnejmennopimdkhecilfhkmmjolebocd_0.localstorage deleted successfully
C:\Documents and Settings\User\Data aplikací\Opera Software\Opera Stable\Local Storage\opera_discover_0.localstorage deleted successfully
C:\Documents and Settings\User\Data aplikací\Opera Software\Opera Stable\Local Storage\opera_startpage_0.localstorage deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\databases\http_www.zkouknito.cz_0 deleted successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh deleted successfully
C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Extension Settings\fjpdnoojnohifgekbkmnfbiobhcbedka deleted successfully
C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{1420CA1F-A923-48BD-924E-6B55B119FF6B}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="http://search.live.com/results.aspx?q={ ... orm=IE8SRC"
{0F3DD4CE-2373-4C5B-94EB-CC25EF9705C4} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTer ... arch_12454"
{0FA31FE5-F6BC-4572-9641-C5AF3F108DB7} Mapy.cz Url="http://www.mapy.cz/?query={searchTerms} ... arch_12454"
{1420CA1F-A923-48BD-924E-6B55B119FF6B} Bing Url="http://www.bing.com/search?FORM=UP97DF& ... -SearchBox"
{15D5C82E-5BC8-4CCE-A5CE-E7BA171EED15} Seznam Url="http://search.seznam.cz/?q={searchTerms ... arch_12454"
{1928D278-3F3A-4F9C-88FA-E5E31AA22C30} Novinky.cz Url="http://www.novinky.cz/hledej?w={searchT ... arch_12454"
{2014CDA0-1DDD-4C52-8A85-1F081229A92D} Firmy.cz Url="http://www.firmy.cz/phr/{searchTerms}?s ... arch_12454"
{3FA16D2A-27E5-454A-A8B0-658802E2C94C} Zboží.cz Url="http://www.zbozi.cz/?q={searchTerms}&r= ... arch_12454"
{486DB7C4-32DD-46B1-9D1B-928F36DA3A33} Slovník CZ/EN Url="http://slovnik.seznam.cz/?q={searchTerm ... arch_12454"
{56C3711C-D41A-4463-8878-C1C0E8F5889B} Encyklopedie Seznam Url="http://encyklopedie.seznam.cz/search?q= ... arch_12454"
{A80A656E-DCDD-4DEB-B9D3-0EA43926F5E6} Slovník EN/CZ Url="http://slovnik.seznam.cz/?q={searchTerm ... arch_12454"
{C90703AD-64E9-4D64-B00A-A2DDA18C07A5} Google Url="http://www.google.com/search?q={searchT ... VN_csCZ529"

==== Reset Google Chrome ======================

C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Documents and Settings\User\Data aplikací\Opera Software\Opera Stable\Preferences was reset successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Documents and Settings\User\Data aplikací\Opera Software\Opera Stable\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Default User.WINDOWS\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Documents and Settings\User\Local Settings\Data aplikací\Opera Software\Opera Stable\Cache emptied successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1234 folders=624 12088688 bytes)

==== Empty Temp Folders ======================

C:\Documents and Settings\Default User.WINDOWS\Local Settings\Temp emptied successfully
C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\temp emptied successfully
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\temp emptied successfully
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\temp emptied successfully
C:\Documents and Settings\User\Local Settings\temp will be emptied at reboot
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\User\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\DOCUME~1\ALLUSE~1.WIN\DATAAP~1\?pidla Data Processing, s.r.o" not deleted
"C:\DOCUME~1\ALLUSE~1.WIN\DATAAP~1\? pidla Data Processing, s.r.o" not found

==== EOF on st 12.11.2014 at 18:54:25,73 ======================
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Zdravím, poprosil bych o kontrolu.

#9 Příspěvek od vyosek »

Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=30&t=133101
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
kulisek523
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 08 lis 2014 20:17

Re: Zdravím, poprosil bych o kontrolu.

#10 Příspěvek od kulisek523 »

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-11-2014 01
Ran by User (administrator) on USER-BD2C8E4903 on 13-11-2014 22:24:36
Running from C:\Documents and Settings\User\Plocha
Loaded Profile: User (Available profiles: User & Host)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Agere Systems) C:\WINDOWS\system32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\WINDOWS\system32\WgaTray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
() C:\WINDOWS\ATK0100\HControl.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
() C:\Documents and Settings\User\Data aplikací\Seznam.cz\bin\szndesktop.exe
() C:\WINDOWS\ATK0100\ATKOSD.exe
(VideoLAN) D:\MIX\VLC\vlc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(forum.viry.cz) C:\Documents and Settings\User\Plocha\FRSTLauncher (4).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16384512 2007-11-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [1826816 2007-11-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [888832 2009-06-26] (Synaptics, Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-03-21] (Intel Corporation)
HKLM\...\Run: [HControl] => C:\WINDOWS\ATK0100\HControl.exe [106496 2006-02-23] ()
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2004-11-02] (Cyberlink Corp.)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1009288 2012-09-13] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5088456 2014-10-01] (ESET)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-1957994488-220523388-1417001333-1003\...\Run: [cz.seznam.software.autoupdate] => C:\Documents and Settings\User\Data aplikací\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1957994488-220523388-1417001333-1003\...\Run: [cz.seznam.software.szndesktop] => C:\Documents and Settings\User\Data aplikací\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-1957994488-220523388-1417001333-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4826904 2014-10-30] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Data aplikací\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Data aplikací\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Data aplikací\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Data aplikací\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1957994488-220523388-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0F3DD4CE-2373-4C5B-94EB-CC25EF9705C4} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_12454
SearchScopes: HKCU - {0FA31FE5-F6BC-4572-9641-C5AF3F108DB7} URL = http://www.mapy.cz/?query={searchTerms} ... arch_12454
SearchScopes: HKCU - {15D5C82E-5BC8-4CCE-A5CE-E7BA171EED15} URL = http://search.seznam.cz/?q={searchTerms ... arch_12454
SearchScopes: HKCU - {1928D278-3F3A-4F9C-88FA-E5E31AA22C30} URL = http://www.novinky.cz/hledej?w={searchT ... arch_12454
SearchScopes: HKCU - {2014CDA0-1DDD-4C52-8A85-1F081229A92D} URL = http://www.firmy.cz/phr/{searchTerms}?s ... arch_12454
SearchScopes: HKCU - {3FA16D2A-27E5-454A-A8B0-658802E2C94C} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_12454
SearchScopes: HKCU - {486DB7C4-32DD-46B1-9D1B-928F36DA3A33} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_12454
SearchScopes: HKCU - {56C3711C-D41A-4463-8878-C1C0E8F5889B} URL = http://encyklopedie.seznam.cz/search?q= ... arch_12454
SearchScopes: HKCU - {A80A656E-DCDD-4DEB-B9D3-0EA43926F5E6} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_12454
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\MIX\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://rts.dsrlte.com"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-12]
CHR Extension: (Tabulky Google) - C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-12]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1349576 2014-10-01] (ESET)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-09-26] (Oracle Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [191928 2014-10-10] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [135296 2014-10-10] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [119792 2014-10-10] (ESET)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ATKACPI.sys [5632 2005-02-17] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
R3 RTL8187B; C:\WINDOWS\System32\DRIVERS\RTL8187B.sys [342784 2010-03-31] (Realtek Semiconductor Corporation )
S3 catchme; \??\C:\ComboFix-1\catchme.sys [X]
S4 IntelIde; No ImagePath
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-13 22:24 - 2014-11-13 22:24 - 00012841 _____ () C:\Documents and Settings\User\Plocha\FRST.txt
2014-11-13 22:22 - 2014-11-13 22:24 - 00000000 ____D () C:\FRST
2014-11-13 22:20 - 2014-11-13 22:19 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\User\Plocha\FRSTLauncher (4).exe
2014-11-13 22:07 - 2014-11-13 22:06 - 01108480 _____ (Farbar) C:\Documents and Settings\User\Plocha\FRST.exe
2014-11-13 09:59 - 2014-11-13 09:59 - 00000220 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-11-13 09:59 - 2014-11-13 09:59 - 00000214 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-11-13 09:27 - 2014-11-13 09:27 - 00017528 _____ () C:\WINDOWS\KB2934207.log
2014-11-13 09:27 - 2014-11-13 09:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-11-13 09:26 - 2014-11-13 09:27 - 00020605 _____ () C:\WINDOWS\KB2345886.log
2014-11-13 09:26 - 2014-11-13 09:27 - 00020016 _____ () C:\WINDOWS\iis6.log
2014-11-13 09:26 - 2014-11-13 09:27 - 00018546 _____ () C:\WINDOWS\FaxSetup.log
2014-11-13 09:26 - 2014-11-13 09:27 - 00009945 _____ () C:\WINDOWS\ocgen.log
2014-11-13 09:26 - 2014-11-13 09:27 - 00008463 _____ () C:\WINDOWS\tsoc.log
2014-11-13 09:26 - 2014-11-13 09:27 - 00006125 _____ () C:\WINDOWS\comsetup.log
2014-11-13 09:26 - 2014-11-13 09:27 - 00005802 _____ () C:\WINDOWS\msmqinst.log
2014-11-13 09:26 - 2014-11-13 09:27 - 00003715 _____ () C:\WINDOWS\ntdtcsetup.log
2014-11-13 09:26 - 2014-11-13 09:27 - 00003249 _____ () C:\WINDOWS\netfxocm.log
2014-11-13 09:26 - 2014-11-13 09:27 - 00001393 _____ () C:\WINDOWS\imsins.log
2014-11-13 09:26 - 2014-11-13 09:27 - 00001393 _____ () C:\WINDOWS\imsins.BAK
2014-11-13 09:26 - 2014-11-13 09:27 - 00001275 _____ () C:\WINDOWS\MedCtrOC.log
2014-11-13 09:26 - 2014-11-13 09:27 - 00001158 _____ () C:\WINDOWS\ocmsn.log
2014-11-13 09:26 - 2014-11-13 09:27 - 00000933 _____ () C:\WINDOWS\tabletoc.log
2014-11-13 09:26 - 2014-11-13 09:27 - 00000927 _____ () C:\WINDOWS\msgsocm.log
2014-11-13 09:26 - 2014-11-13 09:26 - 00000871 _____ () C:\WINDOWS\updspapi.log
2014-11-13 09:26 - 2014-11-13 09:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB970430$
2014-11-13 09:26 - 2014-11-13 09:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2345886$
2014-11-13 09:26 - 2014-11-13 09:26 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-11-13 09:26 - 2014-11-13 09:26 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-11-12 18:54 - 2014-11-13 21:52 - 00142572 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-12 18:54 - 2014-11-13 18:15 - 00000211 _____ () C:\WINDOWS\wiadebug.log
2014-11-12 18:54 - 2014-11-13 09:58 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-12 18:54 - 2014-11-12 18:54 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-11-12 18:52 - 2014-11-13 22:24 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Temp
2014-11-12 18:52 - 2014-11-12 18:52 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\temp
2014-11-12 18:52 - 2014-11-12 18:52 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\temp
2014-11-12 18:52 - 2014-11-12 18:52 - 00000000 ____D () C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\temp
2014-11-12 18:52 - 2014-11-12 18:52 - 00000000 ____D () C:\Documents and Settings\Default User.WINDOWS\Local Settings\Temp
2014-11-12 18:52 - 2014-11-12 18:32 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-11-12 18:38 - 2014-11-12 18:54 - 00029825 _____ () C:\zoek-results.log
2014-11-12 18:33 - 2014-11-12 18:50 - 00000000 ____D () C:\zoek_backup
2014-11-12 18:32 - 2014-11-12 18:32 - 01294848 _____ () C:\Documents and Settings\User\Plocha\zoek.exe
2014-11-12 15:53 - 2014-11-12 16:02 - 00000000 ____D () C:\AdwCleaner
2014-11-12 15:51 - 2014-11-12 15:48 - 02140160 _____ () C:\Documents and Settings\User\Plocha\adwcleaner_4.101.exe
2014-11-12 13:50 - 2014-02-27 00:28 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-11-12 13:50 - 2014-02-27 00:28 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-11-12 10:38 - 2014-11-12 10:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB959426$
2014-11-12 10:38 - 2014-11-12 10:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952954$
2014-11-12 10:38 - 2014-11-12 10:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951376-v2$
2014-11-12 10:38 - 2014-11-12 10:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB946648$
2014-11-12 10:38 - 2014-11-12 10:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-11-12 10:38 - 2014-11-12 10:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868626$
2014-11-12 10:37 - 2014-11-12 10:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB960859$
2014-11-12 10:37 - 2014-11-12 10:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-11-12 10:37 - 2014-11-12 10:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2712808$
2014-11-12 10:37 - 2014-11-12 10:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2659262$
2014-11-12 10:37 - 2014-11-12 10:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2564958$
2014-11-12 10:37 - 2014-11-12 10:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2544893-v2$
2014-11-12 10:37 - 2014-11-12 10:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2479943$
2014-11-12 10:37 - 2014-11-12 10:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2478971$
2014-11-12 10:37 - 2014-11-12 10:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2387149$
2014-11-12 10:36 - 2014-11-12 10:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834886$
2014-11-12 10:36 - 2014-11-12 10:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2691442$
2014-11-12 10:36 - 2014-11-12 10:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2631813$
2014-11-12 10:36 - 2014-11-12 10:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2585542$
2014-11-12 10:36 - 2014-11-12 10:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2536276-v2$
2014-11-12 10:36 - 2014-11-12 10:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2296011$
2014-11-12 10:35 - 2014-11-12 10:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975558_WM8$
2014-11-12 10:35 - 2014-11-12 10:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB955759$
2014-11-12 10:35 - 2014-11-12 10:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2900986$
2014-11-12 10:35 - 2014-11-12 10:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2847311$
2014-11-12 10:35 - 2014-11-12 10:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2378111_WM9$
2014-11-12 10:35 - 2014-11-12 10:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2115168$
2014-11-12 10:34 - 2014-11-12 10:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974318$
2014-11-12 10:34 - 2014-11-12 10:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB969059$
2014-11-12 10:34 - 2014-11-12 10:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951978$
2014-11-12 10:34 - 2014-11-12 10:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB950974$
2014-11-12 10:34 - 2014-11-12 10:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2655992$
2014-11-12 10:34 - 2014-11-12 10:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2481109$
2014-11-12 10:34 - 2014-11-12 10:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2443105$
2014-11-12 10:34 - 2014-11-12 10:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2229593$
2014-11-12 10:33 - 2014-11-12 10:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB982132$
2014-11-12 10:33 - 2014-11-12 10:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975713$
2014-11-12 10:33 - 2014-11-12 10:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-11-12 10:33 - 2014-11-12 10:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
2014-11-12 10:33 - 2014-11-12 10:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862335$
2014-11-12 10:33 - 2014-11-12 10:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2686509$
2014-11-12 10:33 - 2014-11-12 10:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2598479$
2014-11-12 10:33 - 2014-11-12 10:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2485663$
2014-11-12 10:32 - 2014-11-12 10:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978338$
2014-11-12 10:32 - 2014-11-12 10:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974112$
2014-11-12 10:32 - 2014-11-12 10:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB972270$
2014-11-12 10:32 - 2014-11-12 10:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971657$
2014-11-12 10:32 - 2014-11-12 10:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB954155_WM9$
2014-11-12 10:32 - 2014-11-12 10:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2507938$
2014-11-12 10:31 - 2014-11-12 10:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956572$
2014-11-12 10:31 - 2014-11-12 10:31 - 00006744 _____ () C:\WINDOWS\system32\TZLog.log
2014-11-12 10:31 - 2014-11-12 10:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979687$
2014-11-12 10:31 - 2014-11-12 10:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956844$
2014-11-12 10:31 - 2014-11-12 10:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$
2014-11-12 10:31 - 2014-11-12 10:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876217$
2014-11-12 10:31 - 2014-11-12 10:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2483185$
2014-11-12 10:31 - 2014-11-12 10:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2347290$
2014-11-12 10:30 - 2014-11-12 10:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975025$
2014-11-12 10:30 - 2014-11-12 10:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974571$
2014-11-12 10:30 - 2014-11-12 10:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973869$
2014-11-12 10:30 - 2014-11-12 10:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952004$
2014-11-12 10:30 - 2014-11-12 10:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-11-12 10:30 - 2014-11-12 10:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2864063$
2014-11-12 10:30 - 2014-11-12 10:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862152$
2014-11-12 10:30 - 2014-11-12 10:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2719985$
2014-11-12 10:30 - 2014-11-12 10:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2592799$
2014-11-12 10:29 - 2014-11-12 10:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB977816$
2014-11-12 10:29 - 2014-11-12 10:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975560$
2014-11-12 10:29 - 2014-11-12 10:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973507$
2014-11-12 10:29 - 2014-11-12 10:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB950762$
2014-11-12 10:29 - 2014-11-12 10:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876331$
2014-11-12 10:29 - 2014-11-12 10:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2850869$
2014-11-12 10:29 - 2014-11-12 10:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2535512$
2014-11-12 10:28 - 2014-11-12 10:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2859537$
2014-11-12 10:28 - 2014-11-12 10:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978695_WM9$
2014-11-12 10:28 - 2014-11-12 10:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952287$
2014-11-12 10:28 - 2014-11-12 10:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868038$
2014-11-12 10:28 - 2014-11-12 10:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2820917$
2014-11-12 10:28 - 2014-11-12 10:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2570947$
2014-11-12 10:27 - 2014-11-12 10:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973904$
2014-11-12 10:27 - 2014-11-12 10:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2014-11-12 10:27 - 2014-11-12 10:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2603381$
2014-11-12 10:24 - 2014-11-12 10:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974392$
2014-11-12 10:24 - 2014-11-12 10:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973540_WM9$
2014-11-12 10:24 - 2014-11-12 10:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2653956$
2014-11-12 10:24 - 2014-11-12 10:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2508429$
2014-11-12 10:24 - 2014-11-12 10:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2419632$
2014-11-12 10:24 - 2008-04-14 05:52 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpns.dll
2014-11-12 10:23 - 2014-11-12 10:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB977914$
2014-11-12 10:23 - 2014-11-12 10:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971029$
2014-11-12 10:23 - 2014-11-12 10:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952069_WM9$
2014-11-12 10:23 - 2014-11-12 10:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
2014-11-12 10:23 - 2014-11-12 10:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2803821-v2_WM9$
2014-11-12 10:23 - 2014-11-12 10:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2705219-v2$
2014-11-12 10:23 - 2014-11-12 10:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2698365$
2014-11-12 10:23 - 2014-11-12 10:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2619339$
2014-11-12 10:23 - 2014-11-12 10:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2506212$
2014-11-12 10:22 - 2014-11-12 10:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB981997$
2014-11-12 10:22 - 2014-11-12 10:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979482$
2014-11-12 10:22 - 2014-11-12 10:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979309$
2014-11-12 10:22 - 2014-11-12 10:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978706$
2014-11-12 10:22 - 2014-11-12 10:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978542$
2014-11-12 10:22 - 2014-11-12 10:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973815$
2014-11-12 10:22 - 2014-11-12 10:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB960803$
2014-11-12 10:22 - 2014-11-12 10:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2723135-v2$
2014-11-12 10:21 - 2014-11-12 10:21 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862330$
2014-11-12 10:21 - 2014-11-12 10:21 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2813345$
2014-11-12 10:21 - 2014-11-12 10:21 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2676562$
2014-11-12 10:21 - 2014-11-12 10:21 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2509553$
2014-11-12 10:20 - 2014-11-12 10:20 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB982665$
2014-11-12 10:16 - 2014-11-12 10:20 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-12 10:15 - 2014-11-12 10:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB923561$
2014-11-12 10:15 - 2014-11-12 10:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2620712$
2014-11-12 10:15 - 2014-11-12 10:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2478960$
2014-11-12 10:15 - 2014-11-12 10:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2393802$
2014-11-12 10:15 - 2014-10-31 23:25 - 100445232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-12 10:14 - 2014-11-12 10:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2661637$
2014-11-12 10:14 - 2014-11-12 10:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2566454$
2014-11-12 10:13 - 2014-11-12 10:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975467$
2014-11-12 10:13 - 2014-11-12 10:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB968389$
2014-11-12 10:13 - 2014-11-12 10:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-11-12 10:13 - 2014-11-12 10:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2584146$
2014-11-12 10:13 - 2014-11-12 10:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2423089$
2014-11-11 23:08 - 2011-07-15 14:29 - 00456320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mrxsmb.sys
2014-11-11 23:06 - 2013-07-03 03:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2014-11-11 22:59 - 2013-07-17 01:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2014-11-11 22:59 - 2013-07-17 01:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2014-11-11 22:59 - 2013-02-12 01:32 - 00012928 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023x.sys
2014-11-11 22:56 - 2010-02-12 11:03 - 00293376 ____N (Microsoft Corporation) C:\WINDOWS\system32\browserchoice.exe
2014-11-11 22:51 - 2014-03-06 18:58 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-11-11 22:51 - 2014-03-06 18:58 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-11-11 22:51 - 2014-03-06 18:58 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-11-11 22:51 - 2014-03-06 18:58 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-11-11 22:51 - 2013-08-09 01:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2014-11-11 22:50 - 2014-03-06 18:58 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-11-11 22:50 - 2014-03-06 18:58 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-11-11 22:50 - 2014-03-06 18:58 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-11-11 22:50 - 2014-03-06 18:58 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-11-11 22:38 - 2014-11-11 22:38 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Java
2014-11-11 22:38 - 2014-11-11 22:38 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Java
2014-11-11 22:38 - 2014-09-26 18:42 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-11-11 22:38 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-11-11 22:38 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-11-11 22:38 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-11-11 22:38 - 2014-09-26 18:16 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-11-11 22:37 - 2008-06-14 18:35 - 00272128 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2014-11-11 22:37 - 2008-06-14 18:35 - 00272128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bthport.sys
2014-11-11 22:35 - 2014-11-11 22:38 - 00004217 _____ () C:\WINDOWS\system32\jupdate-1.7.0_71-b14.log
2014-11-11 22:34 - 2014-11-11 22:34 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Windows Genuine Advantage
2014-11-11 22:34 - 2014-11-11 22:34 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Windows Genuine Advantage
2014-11-11 22:30 - 2013-07-04 08:34 - 02195712 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2014-11-11 22:30 - 2013-07-04 08:34 - 02151936 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2014-11-11 22:30 - 2013-07-04 08:34 - 02072320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2014-11-11 22:30 - 2013-07-04 08:33 - 02030592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2014-11-11 22:30 - 2012-01-11 20:07 - 00003072 ____N () C:\WINDOWS\system32\iacenc.dll
2014-11-11 22:30 - 2012-01-11 20:07 - 00003072 ____C () C:\WINDOWS\system32\dllcache\iacenc.dll
2014-11-11 22:25 - 2011-08-12 13:51 - 00026488 _____ (Microsoft Corporation) C:\WINDOWS\system32\spupdsvc.exe
2014-11-11 19:17 - 2014-11-11 19:17 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Data aplikací\ESET
2014-11-11 19:08 - 2014-11-11 19:08 - 00000000 ____D () C:\Program Files\ESET
2014-11-11 19:08 - 2014-11-11 19:08 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\ESET
2014-11-11 19:08 - 2014-11-11 19:08 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\ESET
2014-11-11 19:08 - 2014-11-11 19:08 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ESET
2014-11-11 19:08 - 2014-11-11 19:08 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ESET
2014-11-11 18:22 - 2014-11-11 18:23 - 00000000 ____D () C:\rsit
2014-11-11 18:22 - 2014-11-11 18:23 - 00000000 ____D () C:\Program Files\trend micro
2014-11-11 17:53 - 2014-11-11 17:53 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Data aplikací\ESET
2014-11-10 23:55 - 2014-11-11 17:17 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\AVG2015
2014-11-10 23:55 - 2014-11-11 17:17 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\AVG2015
2014-11-10 23:43 - 2014-11-11 17:17 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\MFAData
2014-11-10 23:43 - 2014-11-11 17:17 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\MFAData
2014-11-10 23:43 - 2014-11-10 23:43 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Data aplikací\MFAData
2014-11-08 18:04 - 2014-11-08 18:04 - 00000000 ____D () C:\Documents and Settings\Host\Local Settings\temp
2014-11-08 18:04 - 2014-11-08 18:04 - 00000000 ____D () C:\Documents and Settings\Eliska\Local Settings\temp
2014-11-08 16:44 - 2014-11-08 16:44 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-11-08 16:44 - 2014-11-08 16:44 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-11-08 16:44 - 2014-11-08 16:44 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-11-08 16:44 - 2014-11-08 16:44 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-11-08 16:44 - 2014-11-08 16:44 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-11-08 16:02 - 2014-11-08 18:04 - 00000000 ____D () C:\ComboFix-1
2014-11-08 16:02 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-11-08 16:02 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-11-08 16:02 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-11-08 16:02 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-11-08 16:02 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-11-08 16:02 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-11-08 16:02 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-11-08 16:02 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-11-08 16:02 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-11-08 16:01 - 2014-11-08 16:00 - 05593178 ____R (Swearware) C:\Documents and Settings\User\Plocha\ComboFix-1.exe
2014-11-08 15:58 - 2014-11-08 18:04 - 00000000 ____D () C:\Qoobox
2014-11-08 15:58 - 2014-11-08 18:03 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-11-08 15:58 - 2014-11-08 15:58 - 00000000 ___RD () C:\Documents and Settings\User\Nabídka Start\Programy\Nástroje pro správu
2014-11-08 15:58 - 2014-11-08 15:58 - 00000000 ___RD () C:\Documents and Settings\User\Dokumenty\Filmy
2014-11-08 15:41 - 2014-11-08 15:41 - 00000693 _____ () C:\Documents and Settings\All Users.WINDOWS\Plocha\CCleaner.lnk
2014-11-08 15:41 - 2014-11-08 15:41 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-08 15:41 - 2014-11-08 15:41 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\CCleaner
2014-11-08 15:41 - 2014-11-08 15:41 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\CCleaner

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-13 22:25 - 2013-03-30 23:31 - 00000000 ____D () C:\Documents and Settings\User\Data aplikací\vlc
2014-11-13 22:24 - 2013-03-29 11:45 - 00000000 ____D () C:\Documents and Settings\User\Plocha
2014-11-13 22:21 - 2013-03-29 11:45 - 00000000 ___HD () C:\Documents and Settings\User\Local Settings\Data aplikací
2014-11-13 22:08 - 2013-03-29 13:06 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-13 21:37 - 2013-03-29 12:36 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-13 09:59 - 2013-03-29 12:36 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-13 09:59 - 2001-10-25 12:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-13 09:58 - 2013-03-29 11:43 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-13 09:57 - 2014-10-12 19:43 - 00011998 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-13 09:57 - 2013-03-29 11:45 - 00000272 ___SH () C:\Documents and Settings\User\ntuser.ini
2014-11-12 18:49 - 2014-09-17 08:34 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy
2014-11-12 18:49 - 2013-03-29 12:22 - 00000000 __RHD () C:\Documents and Settings\All Users.WINDOWS\Data aplikací
2014-11-12 18:08 - 2013-03-29 13:06 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-12 18:08 - 2013-03-29 13:06 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-12 16:02 - 2013-03-29 11:45 - 00000000 __RHD () C:\Documents and Settings\User\Data aplikací
2014-11-12 10:57 - 2013-03-29 12:22 - 00942806 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-12 10:53 - 2013-03-29 12:21 - 00243128 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-12 10:38 - 2009-04-17 22:08 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2014-11-12 10:38 - 2009-04-17 22:05 - 00000000 ____D () C:\Program Files\Messenger
2014-11-12 10:32 - 2013-02-14 14:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2780091$
2014-11-12 10:31 - 2010-02-19 21:25 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-11-12 10:29 - 2012-12-12 18:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2770660$
2014-11-12 10:28 - 2013-03-14 15:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2807986$
2014-11-12 10:24 - 2013-01-09 10:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2757638$
2014-11-12 10:24 - 2012-10-15 13:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2749655$
2014-11-12 10:22 - 2012-11-16 09:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2727528$
2014-11-12 10:22 - 2009-04-17 22:06 - 00000000 ____D () C:\Program Files\Outlook Express
2014-11-12 10:22 - 2009-04-17 22:06 - 00000000 ____D () C:\Program Files\Movie Maker
2014-11-12 10:21 - 2009-06-24 22:10 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-11-11 22:38 - 2009-09-03 17:08 - 00000000 ____D () C:\Program Files\Java
2014-11-11 22:35 - 2013-03-29 12:22 - 00000000 ___RD () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy
2014-11-11 22:35 - 2013-03-29 12:22 - 00000000 ___RD () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy
2014-11-11 17:53 - 2013-03-29 11:43 - 00000000 ___HD () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Data aplikací
2014-11-11 17:18 - 2009-04-17 22:53 - 00000000 ____D () C:\WINDOWS\Help
2014-11-11 17:15 - 2013-03-29 12:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Plocha
2014-11-11 00:02 - 2014-09-17 10:08 - 00000008 __RSH () C:\Documents and Settings\All Users.WINDOWS\ntuser.pol
2014-11-11 00:02 - 2013-03-29 12:21 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS
2014-11-10 23:55 - 2014-01-20 20:04 - 00000000 ____D () C:\Documents and Settings\User\Data aplikací\TuneUp Software
2014-11-10 23:51 - 2001-10-25 12:00 - 00000773 _____ () C:\WINDOWS\win.ini
2014-11-10 23:50 - 2013-11-09 20:00 - 00000000 __RHD () C:\Documents and Settings\Host.USER-BD2C8E4903\Data aplikací
2014-11-10 23:50 - 2013-03-29 12:34 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\AVAST Software
2014-11-10 23:50 - 2013-03-29 12:34 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\AVAST Software
2014-11-08 18:04 - 2009-04-17 22:12 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-11-08 18:01 - 2001-10-25 12:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-11-08 16:48 - 2013-03-29 12:21 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-11-08 16:48 - 2013-03-29 12:21 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.bak
2014-11-08 16:48 - 2013-03-29 12:20 - 24379392 _____ () C:\WINDOWS\system32\config\software.bak
2014-11-08 16:48 - 2013-03-29 12:20 - 04456448 _____ () C:\WINDOWS\system32\config\system.bak
2014-11-08 16:48 - 2013-03-29 12:20 - 00245760 _____ () C:\WINDOWS\system32\config\default.bak
2014-11-08 16:43 - 2009-04-17 22:14 - 00000000 ____D () C:\Documents and Settings\Eliska
2014-11-08 15:58 - 2014-01-03 23:39 - 00000000 ___RD () C:\Documents and Settings\User\Nabídka Start\Programy
2014-11-08 15:58 - 2013-03-29 11:45 - 00000000 ___RD () C:\Documents and Settings\User\Dokumenty
2014-11-07 01:38 - 2013-11-09 20:00 - 00000178 ___SH () C:\Documents and Settings\Host.USER-BD2C8E4903\ntuser.ini
2014-11-06 20:24 - 2013-03-30 03:36 - 00225792 _____ () C:\Documents and Settings\User\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-06 00:16 - 2014-01-28 17:01 - 00000000 ____D () C:\Documents and Settings\Host.USER-BD2C8E4903\Data aplikací\vlc
2014-11-05 20:37 - 2013-11-09 20:00 - 00000000 ___HD () C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací
2014-11-05 20:14 - 2013-11-09 20:00 - 00000000 ____D () C:\Documents and Settings\Host.USER-BD2C8E4903\Data aplikací\Seznam.cz
2014-11-05 19:55 - 2014-01-28 17:00 - 00008704 _____ () C:\Documents and Settings\Host.USER-BD2C8E4903\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-04 09:39 - 2013-05-14 10:23 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Google Drive
2014-11-04 09:39 - 2013-05-14 10:23 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Google Drive
2014-10-28 20:40 - 2013-03-29 12:37 - 00001882 _____ () C:\Documents and Settings\All Users.WINDOWS\Plocha\Google Chrome.lnk
2014-10-22 21:52 - 2010-01-22 15:06 - 00000000 ____D () C:\WINDOWS\Minidump
2014-10-20 19:12 - 2014-01-05 22:18 - 00000000 ____D () C:\Documents and Settings\User\Data aplikací\wrapper

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (System disk) (Fixed) (Total:23.89 GB) (Free:2.6 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (DISK D) (Fixed) (Total:87.89 GB) (Free:4.04 GB) NTFS
Drive e: (Treti princ) (CDROM) (Total:4.06 GB) (Free:0 GB) UDF
Drive g: () (Removable) (Total:3.65 GB) (Free:2.35 GB) FAT32

Available physical RAM: 338.48 MB
Total physical RAM: 1015.17 MB
Percentage of memory in use: 66%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 111.8 GB) (Disk ID: 2A78E034)
Partition 1: (Active) - (Size=23.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=87.9 GB) - (Type=OF Extended)
Disk: 1 (MBR Code: Windows XP) (Size: 3.7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0C)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: ESET NOD32 Antivirus 8.0 (Disabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\User\Plocha" je 9 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\User\\Data aplikac\\Dropbox\\bin\\Dropbox.exe"="C:\\Documents and Settings\\User\\Data aplikac\\Dropbox\\bin\\Dropbox.exe:*:Enabled:Dropbox"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"="C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe:*:Enabled:Google Chrome"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000


==================== End Of Log ==============================
Přílohy
Addition.rar
(7.03 KiB) Staženo 40 x
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Zdravím, poprosil bych o kontrolu.

#11 Příspěvek od vyosek »

:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    Start
CloseProcesses:

HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2004-11-02] (Cyberlink Corp.)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1009288 2012-09-13] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-1957994488-220523388-1417001333-1003\...\Run: [cz.seznam.software.autoupdate] => C:\Documents and Settings\User\Data aplikací\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1957994488-220523388-1417001333-1003\...\Run: [cz.seznam.software.szndesktop] => C:\Documents and Settings\User\Data aplikací\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1957994488-220523388-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

DisableService: JavaQuickStarterService

S3 catchme; \??\C:\ComboFix-1\catchme.sys [X]
S4 IntelIde; No ImagePath
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]

2014-11-13 22:24 - 2014-11-13 22:24 - 00012841 _____ () C:\Documents and Settings\User\Plocha\FRST.txt
2014-11-13 22:20 - 2014-11-13 22:19 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\User\Plocha\FRSTLauncher (4).exe
2014-11-12 18:52 - 2014-11-12 18:32 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-11-12 18:38 - 2014-11-12 18:54 - 00029825 _____ () C:\zoek-results.log
2014-11-12 18:33 - 2014-11-12 18:50 - 00000000 ____D () C:\zoek_backup
2014-11-12 18:32 - 2014-11-12 18:32 - 01294848 _____ () C:\Documents and Settings\User\Plocha\zoek.exe
2014-11-12 15:53 - 2014-11-12 16:02 - 00000000 ____D () C:\AdwCleaner
2014-11-12 15:51 - 2014-11-12 15:48 - 02140160 _____ () C:\Documents and Settings\User\Plocha\adwcleaner_4.101.exe
2014-11-12 13:50 - 2014-02-27 00:28 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-11-12 13:50 - 2014-02-27 00:28 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-11-08 16:02 - 2014-11-08 18:04 - 00000000 ____D () C:\ComboFix-1
2014-11-08 16:02 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-11-08 16:02 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-11-08 16:02 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-11-08 16:02 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-11-08 16:02 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-11-08 16:02 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-11-08 16:02 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-11-08 16:02 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-11-08 16:02 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-11-08 16:01 - 2014-11-08 16:00 - 05593178 ____R (Swearware) C:\Documents and Settings\User\Plocha\ComboFix-1.exe
2014-11-08 15:58 - 2014-11-08 18:04 - 00000000 ____D () C:\Qoobox
2014-11-08 15:58 - 2014-11-08 18:03 - 00000000 ____D () C:\WINDOWS\ERDNT

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe

Hosts:
EmptyTemp:
Reboot:
End
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny fixlist vedle FRST
:arrow: Spustte znovu FRST.exe
  • Kliknete na Fix
  • Probehne oprava a vytvori log Fixlog.txt
:arrow: Restart PC a dejte mi sem fixlog.txt
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“