nejde nainstalovat eset nefununguji stranky eset.com

Zpráva

jurda23 · #1 Příspěvek od **jurda23** » 11 úno 2015 22:36

prosím o kontrolu logu děkuji

Logfile of random's system information tool 1.10 (written by random/random)
Run by Administrator at 2015-02-11 22:31:02
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 55 GB (79%) free of 70 GB
Total RAM: 2039 MB (78% free)

HijackThis download failed

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\0vr6zw0o.default

prefs.js - "extensions.enabledItems" - "{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Web Player
"Path"=C:\Program Files\DivX\DivX Web Player\npdivx32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat

C:\Program Files\Mozilla Firefox\plugins\
npnul32.dll
NPOFF12.DLL
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\0vr6zw0o.default\extensions\
iobitascsurfingprotection@iobit.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
ExplorerWnd Helper - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2015-02-11 752960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{10921475-03CE-4E04-90CE-E2E7EF20C814} - ExplorerWnd Helper - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2015-02-11 752960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-05-06 716800]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-03 761948]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2015-01-23 31087200]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2015-01-20 5496600]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\WINDOWS\SMINST\Scheduler.exe"="C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler "
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Průvodce přenesením souborů a nastavení"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Program Files\Mozilla Firefox)"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FFDS"=ff_vfw.dll
"msacm.avis"=ff_acm.acm

======File associations======

.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2015-02-11 22:30:13 ----D---- C:\WINDOWS\LastGood
2015-02-11 22:26:22 ----D---- C:\Program Files\trend micro
2015-02-11 22:26:21 ----D---- C:\rsit
2015-02-11 22:13:56 ----D---- C:\AdwCleaner
2015-02-11 22:11:37 ----D---- C:\Program Files\CCleaner
2015-02-11 22:01:55 ----D---- C:\Program Files\ESET
2015-02-11 21:58:41 ----ASH---- C:\hiberfil.sys
2015-02-11 21:54:55 ----D---- C:\WINDOWS\CSC
2015-02-11 21:37:31 ----D---- C:\Documents and Settings\Administrator\Data aplikací\ProductData
2015-02-11 21:36:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-02-11 21:36:40 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Apple Computer
2015-02-11 21:36:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\ProductData
2015-02-11 21:36:27 ----D---- C:\Program Files\Common Files\IObit
2015-02-11 21:35:07 ----D---- C:\Documents and Settings\Administrator\Data aplikací\IObit
2015-02-11 21:34:52 ----D---- C:\Program Files\IObit
2015-02-11 21:34:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\IObit
2015-02-11 21:32:01 ----A---- C:\WINDOWS\system32\msonpmon.dll
2015-02-11 21:30:45 ----D---- C:\Program Files\Microsoft Works
2015-02-11 21:30:33 ----D---- C:\Program Files\MSBuild
2015-02-11 21:30:05 ----D---- C:\Program Files\Microsoft Visual Studio
2015-02-11 21:29:22 ----D---- C:\Program Files\Microsoft.NET
2015-02-11 21:27:23 ----D---- C:\Program Files\Mozilla Maintenance Service
2015-02-11 21:27:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Mozilla
2015-02-11 21:26:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2015-02-11 19:45:41 ----A---- C:\WINDOWS\system32\chg.exe
2015-02-06 14:52:07 ----AS---- C:\WINDOWS\system32\nircmdc.exe
2015-02-06 14:48:19 ----D---- C:\Documents and Settings\Administrator\Data aplikací\WinRAR
2015-02-06 14:48:15 ----D---- C:\Program Files\WinRAR
2015-02-06 14:47:09 ----D---- C:\Program Files\WinRar-v.4,01---32,-64bit-CZ,nvod-+-key - odzkouseno
2015-02-06 14:40:48 ----AS---- C:\WINDOWS\system32\lcpmncxjqa.exe
2015-02-06 14:40:48 ----AS---- C:\WINDOWS\system32\dcgmncxjqa.exe
2015-02-06 14:40:47 ----D---- C:\WINDOWS\system32\bitstreams
2015-02-06 14:40:47 ----AS---- C:\WINDOWS\system32\zlib1.dll
2015-02-06 14:40:47 ----AS---- C:\WINDOWS\system32\ssleay32.dll
2015-02-06 14:40:47 ----AS---- C:\WINDOWS\system32\pthreadVC2.dll
2015-02-06 14:40:47 ----AS---- C:\WINDOWS\system32\pthreadGC2.dll
2015-02-06 14:40:47 ----AS---- C:\WINDOWS\system32\libssh2.dll
2015-02-06 14:40:47 ----AS---- C:\WINDOWS\system32\librtmp.dll
2015-02-06 14:40:47 ----AS---- C:\WINDOWS\system32\libidn-11.dll
2015-02-06 14:40:47 ----AS---- C:\WINDOWS\system32\acumncxjqa.exe
2015-02-06 14:40:46 ----AS---- C:\WINDOWS\system32\libeay32.dll
2015-02-06 14:40:46 ----AS---- C:\WINDOWS\system32\libcurl-4.dll
2015-02-06 14:40:46 ----AS---- C:\WINDOWS\system32\cudart32_50_35.dll
2015-02-06 14:30:24 ----D---- C:\Program Files\Common Files\Skype
2015-02-06 14:30:20 ----RD---- C:\Program Files\Skype
2015-02-06 14:30:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2015-02-06 14:20:09 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Macromedia

======List of files/folders modified in the last 1 month======

2015-02-11 22:30:14 ----RD---- C:\Program Files
2015-02-11 22:30:13 ----D---- C:\WINDOWS\Temp
2015-02-11 22:30:13 ----D---- C:\WINDOWS
2015-02-11 22:28:40 ----SD---- C:\WINDOWS\Tasks
2015-02-11 22:27:06 ----D---- C:\WINDOWS\system32
2015-02-11 22:27:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-11 22:01:47 ----D---- C:\WINDOWS\system32\CatRoot2
2015-02-11 21:49:30 ----D---- C:\WINDOWS\Debug
2015-02-11 21:48:37 ----D---- C:\WINDOWS\system32\drivers\etc
2015-02-11 21:39:25 ----D---- C:\WINDOWS\system32\config
2015-02-11 21:36:27 ----D---- C:\Program Files\Common Files
2015-02-11 21:34:58 ----D---- C:\Program Files\Common Files\Microsoft Shared
2015-02-11 21:34:54 ----HD---- C:\WINDOWS\inf
2015-02-11 21:34:51 ----SHD---- C:\WINDOWS\Installer
2015-02-11 21:34:37 ----D---- C:\WINDOWS\ShellNew
2015-02-11 21:34:29 ----A---- C:\WINDOWS\win.ini
2015-02-11 21:34:28 ----D---- C:\Program Files\Common Files\System
2015-02-11 21:30:36 ----D---- C:\WINDOWS\WinSxS
2015-02-11 21:30:17 ----D---- C:\Program Files\Microsoft Office
2015-02-11 21:29:36 ----RSD---- C:\WINDOWS\Fonts
2015-02-11 21:27:14 ----D---- C:\Program Files\Mozilla Firefox
2015-02-11 21:10:33 ----D---- C:\WINDOWS\SMINST
2015-02-11 21:07:10 ----D---- C:\BUILDpower
2015-02-11 19:50:12 ----D---- C:\WINDOWS\Prefetch
2015-02-06 15:13:38 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\WINDOWS\System32\DRIVERS\iaStor.sys [2005-10-12 874240]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-09-27 61056]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-27 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-02-28 176128]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-06-07 152960]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-01-30 1120352]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-18 60800]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2006-03-30 130432]
R3 b57w2k;Broadcom NetLink (TM) Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-02-09 142720]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-01-18 1342570]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-01-18 57096]
R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2006-02-28 87808]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-10-21 36352]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-18 61824]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2005-12-21 76544]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-03 192736]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-04-19 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-01-19 1428096]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-10-24 35913]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-10 18944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-01-18 258103]
R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2004-08-18 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2004-08-18 117248]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
S2 LiveUpdateSvc;LiveUpdate; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2015-01-16 2724128]
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-05-08 98304]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2015-01-23 114800]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PCA;PC Angel; C:\WINDOWS\SMINST\PCAngel.exe [2006-01-12 294912]
S3 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2015-01-02 315488]

-----------------EOF-----------------

# AdwCleaner v4.110 - Logfile created 11/02/2015 at 22:21:16
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Local]
# Operating system : Microsoft Windows XP Service Pack 2 (x86)
# Username : Administrator - PC325251940422
# Running from : C:\Documents and Settings\Administrator\Plocha\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\0vr6zw0o.default\user.js

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}

***** [ Web browsers ] *****

-\\ Internet Explorer v6.0.2900.2180

-\\ Mozilla Firefox v35.0.1 (x86 cs)

*************************

AdwCleaner[R0].txt - [1223 bytes] - [11/02/2015 22:13:58]
AdwCleaner[S0].txt - [1158 bytes] - [11/02/2015 22:21:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1217 bytes] ##########

jurda23 · #2 Příspěvek od **jurda23** » 11 úno 2015 22:45

ještě při startu hláška Failed to get proc address for GetLogicalProcessorInformation (kernel32.dll)

#3 Příspěvek od **altrok** » 11 úno 2015 22:47

Zdravim

Dejte jeste logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101

Proc provozujete nezaplatovany system a nemate Service Pack 3, Internet Explorer 8 a dalsi dulezite zaplaty?

jurda23 · #4 Příspěvek od **jurda23** » 11 úno 2015 22:55

koupil jsem takhle na aukru

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-02-2015 02
Ran by Administrator at 2015-02-11 22:52:34
Running from C:\Documents and Settings\Administrator\Plocha
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.2.153.1 - Adobe Systems Incorporated)
Adobe Reader X - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - )
Aktualizace systému Windows XP (KB894391) (HKLM\...\KB894391) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB896727) (HKLM\...\KB896727) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB912945) (HKLM\...\KB912945) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení aplikace Windows Media Player (KB911564) (HKLM\...\KB911564) (Version: - Microsoft Corporation)
Aktualizace zabezpečení aplikace Windows Media Player 9 (KB911565) (HKLM\...\KB911565) (Version: - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB893066) (HKLM\...\KB893066) (Version: 2 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB896358) (HKLM\...\KB896358) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB896422) (HKLM\...\KB896422) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB896423) (HKLM\...\KB896423) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB901190) (HKLM\...\KB901190) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB901214) (HKLM\...\KB901214) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB903235) (HKLM\...\KB903235) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB904706) (HKLM\...\KB904706) (Version: 2 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB908519) (HKLM\...\KB908519) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB911927) (HKLM\...\KB911927) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB912919) (HKLM\...\KB912919) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB913446) (HKLM\...\KB913446) (Version: 1 - Microsoft Corporation)
Application Installer 4.00.B5 (HKLM\...\{E0DBC47C-ED3F-4A1B-A929-9A26DAAA14B3}) (Version: 4.00.B5 - Hewlett-Packard Company)
BUILDpower - klient LAN ver. 10.0.0.7. (HKLM\...\BUILDpower - klient LAN_is1) (Version: - )
BUILDpower - sestava Stavební Výroba ver. 10.0.0.7. (HKLM\...\BUILDpower - sestava Stavební Výroba_is1) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.5.0 - DivX,Inc.)
DWG TrueView (HKLM\...\{2CD6BBA0-17C8-4789-9B9B-B36F7E815F6A}) (Version: 16.2.54.20 - Autodesk)
ffdshow v1.1.3631 [2010-11-15] (HKLM\...\ffdshow_is1) (Version: 1.1.3631.0 - )
Fingerprint Sensor Minimum Install (Version: 6.5.1.4 - AuthenTec, Inc.) Hidden
HP Integrated Module with Bluetooth wireless technology (HKLM\...\{3F4EC965-28EF-45C3-B063-04B25D4E9679}) (Version: 4.0.1.3300 - HP)
HP Quick Launch Buttons 6.00 H1 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.00 H1 - Hewlett-Packard Company)
HP Support Phone Numbers (HKLM\...\{E7485CE5-C004-44D6-AA3E-7EE4DFE2B70E}) (Version: 1.00.0002 - Hewlett-Packard)
HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
ICQ6.5 (HKLM\...\{60DE4033-9503-48D1-A483-7846BD217CA9}) (Version: 6.5 - ICQ)
Instalátor programu HP Backup and Recovery Manager (HKLM\...\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}) (Version: 2.1Z - Společnost Hewlett-Packard )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4543 - )
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 4.2.6.2 - IObit)
Microsoft .NET Framework 1.1 Czech Language Pack (HKLM\...\{5E65E94D-69F2-4850-9E93-6459C53A0F50}) (Version: 1.1.4322 - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office XP Professional s aplikací FrontPage (HKLM\...\{90280405-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.11 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 cs) (HKLM\...\Mozilla Firefox 35.0.1 (x86 cs)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
Oprava Hotfix systému Windows XP (KB896243) (HKLM\...\KB896243) (Version: 6 - Microsoft Corporation)
Oprava Hotfix systému Windows XP (KB896256) (HKLM\...\KB896256) (Version: 3 - Microsoft Corporation)
Oprava Hotfix systému Windows XP (KB909095) (HKLM\...\KB909095) (Version: 1 - Microsoft Corporation)
Oprava Hotfix systému Windows XP (KB912436) (HKLM\...\KB912436) (Version: 1 - Microsoft Corporation)
Oprava Hotfix systému Windows XP (KB915326) (HKLM\...\KB915326) (Version: 1 - Microsoft Corporation)
Oprava Hotfix systému Windows XP (KB918005) (HKLM\...\KB918005) (Version: 2 - Microsoft Corporation)
Oprava Hotfix systému Windows XP číslo KB873333 (HKLM\...\KB873333) (Version: 20050114.005213 - Microsoft Corporation)
Oprava Hotfix systému Windows XP číslo KB883667 (HKLM\...\KB883667) (Version: 20040812.104354 - Microsoft Corporation)
Oprava Hotfix systému Windows XP číslo KB884575 (HKLM\...\KB884575) (Version: 20040827.145237 - Microsoft Corporation)
Oprava Hotfix systému Windows XP číslo KB885250 (HKLM\...\KB885250) (Version: 20050118.202711 - Microsoft Corporation)
Oprava Hotfix systému Windows XP číslo KB885464 (HKLM\...\KB885464) (Version: 20040927.152742 - Microsoft Corporation)
Oprava Hotfix systému Windows XP číslo KB885855 (HKLM\...\KB885855) (Version: 20040930.104104 - Microsoft Corporation)
Oprava Hotfix systému Windows XP číslo KB885884 (HKLM\...\KB885884) (Version: 20040924.025457 - Microsoft Corporation)
Oprava Hotfix systému Windows XP číslo KB886185 (HKLM\...\KB886185) (Version: 20041021.090540 - Microsoft Corporation)
Oprava Hotfix systému Windows XP číslo KB887472 (HKLM\...\KB887472) (Version: 20041014.162858 - Microsoft Corporation)
Oprava Hotfix systému Windows XP číslo KB888113 (HKLM\...\KB888113) (Version: 20041116.131036 - Microsoft Corporation)
Oprava Hotfix systému Windows XP číslo KB888239 (HKLM\...\KB888239) (Version: 20041124.162528 - Microsoft Corporation)
Oprava Hotfix systému Windows XP číslo KB888402 (HKLM\...\KB888402) (Version: 20041117.151732 - Microsoft Corporation)
Oprava Hotfix systému Windows XP číslo KB889673 (HKLM\...\KB889673) (Version: 20041116.085848 - Microsoft Corporation)
Oprava Hotfix systému Windows XP číslo KB891781 (HKLM\...\KB891781) (Version: 20050110.165439 - Microsoft Corporation)
Oprava Hotfix systému Windows XP číslo KB892559 (HKLM\...\KB892559) (Version: 2 - Microsoft Corporation)
Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.4321 - Analog Devices)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.2.16.4 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{48CF6549-B45D-4313-9927-EFCCC8A3493F}) (Version: 1.17.0000 - Texas Instruments Inc.)
TIPCI (Version: 1.17.0000 - Texas Instruments Inc.) Hidden
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0 - DivX, Inc) Hidden
Video Viewer (HKLM\...\Video Viewer) (Version: 0.1.0.7 - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 10 (HKLM\...\Windows Media Player) (Version: - )
WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2408928127-1656260268-524559132-500_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView\DWGVficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2408928127-1656260268-524559132-500_Classes\CLSID\{591E5416-DDC3-45E6-BE9D-C40D0B418F6E}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView\DWGViewr.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2408928127-1656260268-524559132-500_Classes\CLSID\{8E75D913-3D21-11D2-85C4-080009A0C626}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView\DWGViewr.exe (Autodesk, Inc.)

==================== Restore Points =========================

04-11-2014 08:27:53 Kontrolní bod systému
19-01-2015 16:23:05 Kontrolní bod systému
04-02-2015 22:33:41 Kontrolní bod systému
11-02-2015 21:24:45 Installed Microsoft Office Enterprise 2007
11-02-2015 21:31:59 Je nainstalován ovladač tiskárny Send To Microsoft OneNote Driv

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-18 09:00 - 2015-02-11 21:48 - 00000736 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Loaded Modules (whitelisted) ==============

2015-02-06 14:48 - 2011-05-28 22:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2015-02-06 14:48 - 2011-06-16 00:14 - 00331776 _____ () C:\Program Files\WinRAR\rarlng.dll
2015-01-21 03:06 - 2015-01-21 03:06 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2006-01-18 13:26 - 2006-01-18 13:26 - 00053248 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2015-02-11 21:36 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files\IObit\IObit Uninstaller\madExcept_.bpl
2015-02-11 21:36 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files\IObit\IObit Uninstaller\madBasic_.bpl
2015-02-11 21:36 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files\IObit\IObit Uninstaller\madDisAsm_.bpl

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2408928127-1656260268-524559132-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\HP Cityscape.bmp
DNS Servers: 77.48.100.254 - 77.48.254.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-2408928127-1656260268-524559132-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-2408928127-1656260268-524559132-1003 - Limited - Enabled)
Guest (S-1-5-21-2408928127-1656260268-524559132-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-2408928127-1656260268-524559132-1004 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-2408928127-1656260268-524559132-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/11/2015 10:30:51 PM) (Source: MsiInstaller) (EventID: 10005) (User: PC325251940422)
Description: Product: ESET NOD32 Antivirus -- ESET NOD32 Antivirus není možné nainstalovat na váš operační systém.

Error: (02/11/2015 10:03:13 PM) (Source: MsiInstaller) (EventID: 10005) (User: PC325251940422)
Description: Product: ESET NOD32 Antivirus -- ESET NOD32 Antivirus není možné nainstalovat na váš operační systém.

Error: (02/11/2015 09:36:04 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Načtení automatické aktualizace pořadového čísla kořenového seznamu jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt> se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error: (02/11/2015 09:36:03 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Načtení automatické aktualizace pořadového čísla kořenového seznamu jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt> se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error: (02/11/2015 09:36:03 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Načtení automatické aktualizace pořadového čísla kořenového seznamu jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt> se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error: (02/11/2015 09:36:03 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Načtení automatické aktualizace pořadového čísla kořenového seznamu jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt> se nezdařilo. Chyba: Nelze rozpoznat název nebo adresu serveru.

Error: (02/11/2015 09:34:48 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Načtení automatické aktualizace pořadového čísla kořenového seznamu jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt> se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error: (02/11/2015 09:34:48 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Načtení automatické aktualizace pořadového čísla kořenového seznamu jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt> se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error: (02/11/2015 09:34:48 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Načtení automatické aktualizace pořadového čísla kořenového seznamu jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt> se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error: (02/11/2015 09:34:48 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Načtení automatické aktualizace pořadového čísla kořenového seznamu jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt> se nezdařilo. Chyba: Takové síťové připojení neexistuje.

System errors:
=============
Error: (02/11/2015 10:43:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Monitor Microsoft byla ukončena s následující chybou:
%%1114

Error: (02/11/2015 10:43:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Boot Manager byla ukončena s následující chybou:
%%1114

Error: (02/11/2015 10:43:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Shell Task byla ukončena s následující chybou:
%%1114

Error: (02/11/2015 10:22:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Monitor Microsoft byla ukončena s následující chybou:
%%1114

Error: (02/11/2015 10:22:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Boot Manager byla ukončena s následující chybou:
%%1114

Error: (02/11/2015 10:22:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Shell Task byla ukončena s následující chybou:
%%1114

Error: (02/11/2015 09:59:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Monitor Microsoft byla ukončena s následující chybou:
%%1114

Error: (02/11/2015 09:59:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Boot Manager byla ukončena s následující chybou:
%%1114

Error: (02/11/2015 09:59:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Shell Task byla ukončena s následující chybou:
%%1114

Error: (02/11/2015 09:58:04 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Služba DCOM zjistila chybu %%1084 při pokusu o spuštění služby EventSystem s argumenty
za účelem spuštění serveru:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Microsoft Office Sessions:
=========================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-02-2015 02
Ran by Administrator (administrator) on PC325251940422 on 11-02-2015 22:52:00
Running from C:\Documents and Settings\Administrator\Plocha
Loaded Profiles: Administrator (Available profiles: Administrator)
Platform: Systém Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: Čeština
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\mqtgsvc.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
(forum.viry.cz) C:\Documents and Settings\Administrator\Plocha\FRSTLauncher.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\ping.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [925696 2005-05-20] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [716800 2005-05-06] (Analog Devices, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761948 2006-03-03] (Synaptics, Inc.)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-03-23] (Intel Corporation)
HKU\S-1-5-21-2408928127-1656260268-524559132-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-2408928127-1656260268-524559132-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-2408928127-1656260268-524559132-500\...\MountPoints2: F - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-2408928127-1656260268-524559132-500\...\MountPoints2: {33bc61c5-e5a6-11e3-adc4-0017a4ddfb12} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-2408928127-1656260268-524559132-500\...\MountPoints2: {4a4d0f32-2bfd-11e3-ada5-0017a4ddfb12} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-2408928127-1656260268-524559132-500\...\MountPoints2: {9dc88341-2c01-11e3-ada6-001302c3ae15} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-2408928127-1656260268-524559132-500\...\MountPoints2: {b047776c-3424-11e3-adac-0017a4ddfb12} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll (Autodesk)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... R}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-2408928127-1656260268-524559132-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
HKU\S-1-5-21-2408928127-1656260268-524559132-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
URLSearchHook: HKU\S-1-5-21-2408928127-1656260268-524559132-500 - Modul přiřazení adres URL - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Toolbar: HKLM - ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 77.48.100.254 77.48.254.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\0vr6zw0o.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\0vr6zw0o.default\Extensions\iobitascsurfingprotection@iobit.com [2015-02-11]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "jtgeg" service was unlocked successfully. <===== ATTENTION
Locked "tczpwsvy" service was unlocked successfully. <===== ATTENTION
Locked "uecmdied" service was unlocked successfully. <===== ATTENTION

S3 AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [98304 2006-05-08] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 aspnet_state; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [32768 2004-07-15] (Microsoft Corporation) [File not signed]
R2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [258103 2006-01-18] (Broadcom Corporation.) [File not signed]
S3 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 jtgeg; C:\WINDOWS\system32\cybbwuii.dll [167403 2004-08-18] () [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
R2 MSMQ; C:\WINDOWS\system32\mqsvc.exe [4608 2004-08-18] (Microsoft Corporation)
R2 MSMQTriggers; C:\WINDOWS\system32\mqtgsvc.exe [117248 2004-08-18] (Microsoft Corporation)
S3 PCA; C:\WINDOWS\SMINST\PCAngel.exe [294912 2006-01-12] (SoftThinks) [File not signed]
S2 tczpwsvy; C:\WINDOWS\system32\cybbwuii.dll [167403 2004-08-18] () [File not signed]
S2 uecmdied; C:\WINDOWS\system32\cybbwuii.dll [167403 2004-08-18] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AEAudioService; C:\WINDOWS\System32\drivers\AEAudio.sys [152960 2005-06-07] (Andrea Electronics Corporation)
R3 ATSWPDRV; C:\WINDOWS\System32\DRIVERS\ATSwpDrv.sys [130432 2006-03-30] (AuthenTec, Inc.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [1342570 2006-01-18] (Broadcom Corporation.) [File not signed]
R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [57096 2006-01-18] (Broadcom Corporation.) [File not signed]
R1 eabfiltr; C:\WINDOWS\System32\DRIVERS\eabfiltr.sys [7808 2005-09-19] (Hewlett-Packard Development Company, L.P.)
S3 eabusb; C:\WINDOWS\System32\DRIVERS\eabusb.sys [5760 2005-09-19] (Hewlett-Packard Development Company, L.P.)
R3 GTIPCI21; C:\WINDOWS\System32\DRIVERS\gtipci21.sys [87808 2006-02-28] (Texas Instruments)
R3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [36352 2005-10-21] (Infineon Technologies AG)
R3 MQAC; C:\WINDOWS\system32\drivers\mqac.sys [72960 2004-08-18] (Microsoft Corporation)
S3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-08-18] ()
S3 SMCIRDA; C:\WINDOWS\System32\DRIVERS\smcirda.sys [35913 2001-10-24] (SMC)
R3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1428096 2006-01-19] (Intel® Corporation)
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: tczpwsvy -> C:\WINDOWS\system32\cybbwuii.dll ()
NETSVC: uecmdied -> C:\WINDOWS\system32\cybbwuii.dll ()
NETSVC: jtgeg -> C:\WINDOWS\system32\cybbwuii.dll ()

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 22:52 - 2015-02-11 22:52 - 00011813 _____ () C:\Documents and Settings\Administrator\Plocha\FRST.txt
2015-02-11 22:51 - 2015-02-11 22:52 - 00000000 ____D () C:\FRST
2015-02-11 22:51 - 2015-02-11 22:51 - 00029696 _____ () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\MSGBOX.EXE
2015-02-11 22:51 - 2015-02-11 22:51 - 00015327 _____ () C:\Documents and Settings\Administrator\Plocha\LM.bat
2015-02-11 22:51 - 2015-02-11 22:48 - 01125376 _____ (Farbar) C:\Documents and Settings\Administrator\Plocha\FRST.exe
2015-02-11 22:51 - 2015-02-11 22:48 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Administrator\Plocha\FRSTLauncher.exe
2015-02-11 22:26 - 2015-02-11 22:32 - 00000000 ____D () C:\rsit
2015-02-11 22:26 - 2015-02-11 22:26 - 00000000 ____D () C:\Program Files\trend micro
2015-02-11 22:24 - 2015-02-11 22:17 - 01107968 _____ () C:\Documents and Settings\Administrator\Plocha\RSIT.exe
2015-02-11 22:21 - 2015-02-11 22:42 - 00000239 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-11 22:21 - 2015-02-11 22:21 - 00003903 _____ () C:\WINDOWS\setupapi.log
2015-02-11 22:21 - 2015-02-11 22:21 - 00000075 _____ () C:\WINDOWS\setupact.log
2015-02-11 22:21 - 2015-02-11 22:21 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-11 22:13 - 2015-02-11 22:21 - 00000000 ____D () C:\AdwCleaner
2015-02-11 22:11 - 2015-02-11 22:11 - 00000682 _____ () C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
2015-02-11 22:11 - 2015-02-11 22:11 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-11 22:08 - 2015-02-11 22:05 - 02112512 _____ () C:\Documents and Settings\Administrator\Plocha\adwcleaner_4.110.exe
2015-02-11 22:01 - 2015-02-11 22:01 - 00000000 ____D () C:\Program Files\ESET
2015-02-11 22:01 - 2015-02-11 21:57 - 02347384 _____ (ESET) C:\Documents and Settings\Administrator\Plocha\esetsmartinstaller_csy.exe
2015-02-11 21:59 - 2015-02-11 22:42 - 00000216 _____ () C:\WINDOWS\wiadebug.log
2015-02-11 21:59 - 2015-02-11 22:42 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-02-11 21:59 - 2015-02-11 21:59 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2015-02-11 21:54 - 2015-02-11 21:54 - 00000000 ____D () C:\WINDOWS\CSC
2015-02-11 21:39 - 2015-02-11 21:39 - 25255936 _____ () C:\WINDOWS\system32\config\software.iobit
2015-02-11 21:39 - 2015-02-11 21:39 - 00241664 _____ () C:\WINDOWS\system32\config\default.iobit
2015-02-11 21:39 - 2015-02-11 21:39 - 00049152 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
2015-02-11 21:39 - 2015-02-11 21:39 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.iobit
2015-02-11 21:37 - 2015-02-11 21:37 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\ProductData
2015-02-11 21:36 - 2015-02-11 21:37 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\ProductData
2015-02-11 21:36 - 2015-02-11 21:36 - 00000881 _____ () C:\Documents and Settings\All Users\Plocha\IObit Uninstaller.lnk
2015-02-11 21:36 - 2015-02-11 21:36 - 00000000 ____D () C:\WINDOWS\Tasks\ImCleanDisabled
2015-02-11 21:36 - 2015-02-11 21:36 - 00000000 ____D () C:\Program Files\Common Files\IObit
2015-02-11 21:36 - 2015-02-11 21:36 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-02-11 21:36 - 2015-02-11 21:36 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\Apple Computer
2015-02-11 21:36 - 2014-02-17 20:06 - 01445888 _____ (Option^Explicit Software Solutions) C:\Documents and Settings\Administrator\Plocha\winsockxpfix.exe
2015-02-11 21:35 - 2015-02-11 21:36 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\IObit
2015-02-11 21:34 - 2015-02-11 22:42 - 00000000 ____D () C:\Program Files\IObit
2015-02-11 21:34 - 2015-02-11 21:36 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\IObit
2015-02-11 21:32 - 2015-02-11 21:32 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Microsoft Office
2015-02-11 21:32 - 2006-10-26 19:56 - 00032592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msonpmon.dll
2015-02-11 21:31 - 2015-02-11 21:48 - 00065536 _____ () C:\WINDOWS\system32\config\ODiag.evt
2015-02-11 21:30 - 2015-02-11 21:30 - 00000000 ____D () C:\Program Files\MSBuild
2015-02-11 21:30 - 2015-02-11 21:30 - 00000000 ____D () C:\Program Files\Microsoft Works
2015-02-11 21:30 - 2015-02-11 21:30 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio
2015-02-11 21:30 - 2015-02-11 21:27 - 63823872 _____ () C:\Documents and Settings\Administrator\Plocha\eav_nt32_csy.msi
2015-02-11 21:29 - 2015-02-11 21:29 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-02-11 21:27 - 2015-02-11 21:27 - 00000730 _____ () C:\Documents and Settings\All Users\Nabídka Start\Programy\Mozilla Firefox.lnk
2015-02-11 21:27 - 2015-02-11 21:27 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-11 21:27 - 2015-02-11 21:27 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Mozilla
2015-02-11 21:26 - 2015-02-11 21:35 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2015-02-11 21:26 - 2015-02-11 21:26 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Microsoft Help
2015-02-11 21:23 - 2015-02-11 21:19 - 01761992 _____ (ESET) C:\Documents and Settings\Administrator\Plocha\eset_nod32_antivirus_live_installer_.exe
2015-02-11 21:15 - 2015-02-11 21:10 - 00000186 _____ () C:\Documents and Settings\Administrator\Plocha\eset.txt
2015-02-11 21:13 - 2015-02-11 21:23 - 00000000 ____D () C:\Documents and Settings\Administrator\Plocha\Ofice-2007-cz
2015-02-11 19:55 - 2015-02-11 19:55 - 00000541 _____ () C:\Documents and Settings\All Users\Plocha\BUILD power.lnk
2015-02-11 19:54 - 2002-04-10 10:39 - 00000054 _____ () C:\WINDOWS\system32\WINBP386.NCF
2015-02-11 19:50 - 2015-02-11 19:50 - 00000003 _____ () C:\Documents and Settings\Administrator\stut
2015-02-11 19:45 - 2015-02-11 21:10 - 00114688 _____ (SoftThinks) C:\WINDOWS\system32\chg.exe
2015-02-06 14:52 - 2013-12-03 18:56 - 00005304 ____S () C:\WINDOWS\system32\msdgmpg.vbe
2015-02-06 14:52 - 2013-12-03 18:56 - 00001645 ____S () C:\WINDOWS\system32\msiscd.vbe
2015-02-06 14:52 - 2013-12-03 18:56 - 00000583 ____S () C:\WINDOWS\system32\msrwetw.vbe
2015-02-06 14:52 - 2013-08-11 15:40 - 00043520 ____S (NirSoft) C:\WINDOWS\system32\nircmdc.exe
2015-02-06 14:51 - 2014-01-19 19:57 - 00001419 ____S () C:\WINDOWS\system32\msstp.vbe
2015-02-06 14:48 - 2015-02-06 14:50 - 00000000 ____D () C:\Documents and Settings\Administrator\Nabídka Start\Programy\WinRAR
2015-02-06 14:48 - 2015-02-06 14:49 - 00000000 ____D () C:\Program Files\WinRAR
2015-02-06 14:48 - 2015-02-06 14:49 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\WinRAR
2015-02-06 14:48 - 2015-02-06 14:48 - 00000696 _____ () C:\Documents and Settings\Administrator\Plocha\WinRAR.lnk
2015-02-06 14:48 - 2015-02-06 14:48 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\WinRAR
2015-02-06 14:47 - 2015-02-11 22:29 - 00000000 ____D () C:\Program Files\WinRar-v.4,01---32,-64bit-CZ,nvod-+-key - odzkouseno
2015-02-06 14:40 - 2015-02-06 14:50 - 00000000 ____D () C:\WINDOWS\system32\bitstreams
2015-02-06 14:40 - 2014-03-05 22:19 - 00007670 ____S () C:\WINDOWS\system32\mncxjqa.vbe
2015-02-06 14:40 - 2013-12-10 00:30 - 10236928 ____S () C:\WINDOWS\system32\acumncxjqa.exe
2015-02-06 14:40 - 2013-10-26 20:30 - 01704448 ____S (The OpenSSL Project, http://www.openssl.org/) C:\WINDOWS\system32\libeay32.dll
2015-02-06 14:40 - 2013-10-26 20:30 - 00972814 ____S () C:\WINDOWS\system32\dcgmncxjqa.exe
2015-02-06 14:40 - 2013-10-26 20:30 - 00538126 ____S () C:\WINDOWS\system32\libcurl-4.dll
2015-02-06 14:40 - 2013-10-26 20:30 - 00364544 ____S (The OpenSSL Project, http://www.openssl.org/) C:\WINDOWS\system32\ssleay32.dll
2015-02-06 14:40 - 2013-10-26 20:30 - 00192512 ____S () C:\WINDOWS\system32\libidn-11.dll
2015-02-06 14:40 - 2013-10-26 20:30 - 00171008 ____S (The libssh2 library, http://www.libssh2.org/) C:\WINDOWS\system32\libssh2.dll
2015-02-06 14:40 - 2013-10-26 20:30 - 00133632 ____S () C:\WINDOWS\system32\librtmp.dll
2015-02-06 14:40 - 2013-10-26 20:30 - 00044727 ____S () C:\WINDOWS\system32\diablo130302.cl
2015-02-06 14:40 - 2013-10-26 20:30 - 00043810 ____S () C:\WINDOWS\system32\poclbm130302.cl
2015-02-06 14:40 - 2013-10-26 20:30 - 00030802 ____S () C:\WINDOWS\system32\diakgcn121016.cl
2015-02-06 14:40 - 2013-10-26 20:30 - 00023825 ____S () C:\WINDOWS\system32\scrypt130511.cl
2015-02-06 14:40 - 2013-10-26 20:30 - 00013062 ____S () C:\WINDOWS\system32\phatk121016.cl
2015-02-06 14:40 - 2013-07-18 16:06 - 00187904 ____S () C:\WINDOWS\system32\lcpmncxjqa.exe
2015-02-06 14:40 - 2013-06-12 15:15 - 00119888 ____S (Open Source Software community LGPL) C:\WINDOWS\system32\pthreadGC2.dll
2015-02-06 14:40 - 2013-06-12 15:15 - 00100864 ____S () C:\WINDOWS\system32\zlib1.dll
2015-02-06 14:40 - 2012-09-25 23:46 - 00472424 ____S (NVIDIA Corporation) C:\WINDOWS\system32\cudart32_50_35.dll
2015-02-06 14:40 - 2012-05-27 01:36 - 00055808 ____S (Open Source Software community LGPL) C:\WINDOWS\system32\pthreadVC2.dll
2015-02-06 14:30 - 2015-02-06 14:30 - 00001896 _____ () C:\Documents and Settings\All Users\Plocha\Skype.lnk
2015-02-06 14:30 - 2015-02-06 14:30 - 00000000 ___RD () C:\Program Files\Skype
2015-02-06 14:30 - 2015-02-06 14:30 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-02-06 14:30 - 2015-02-06 14:30 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Skype
2015-02-06 14:30 - 2015-02-06 14:30 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Skype
2015-02-06 14:20 - 2015-02-06 14:20 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\Macromedia
2015-02-06 14:17 - 2015-02-11 22:10 - 00000000 ____D () C:\Documents and Settings\Administrator\Dokumenty\Stažené soubory

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 22:52 - 2006-07-08 03:35 - 00000000 ____D () C:\Documents and Settings\Administrator\Plocha
2015-02-11 22:52 - 2006-07-08 03:35 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2015-02-11 22:51 - 2006-07-08 03:35 - 00000000 ___HD () C:\Documents and Settings\Administrator\Local Settings\Data aplikací
2015-02-11 22:47 - 2004-09-08 10:09 - 00911850 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-11 22:42 - 2004-09-08 10:13 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2015-02-11 22:30 - 2006-07-08 03:35 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-02-11 22:30 - 2006-07-08 03:35 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2015-02-11 22:13 - 2006-07-08 03:35 - 00000000 ____D () C:\Documents and Settings\Administrator
2015-02-11 21:49 - 2004-09-08 10:02 - 00349792 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-11 21:48 - 2004-09-08 10:13 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-11 21:47 - 2006-07-08 03:35 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
2015-02-11 21:39 - 2006-07-07 18:40 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-02-11 21:39 - 2006-07-07 18:40 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-02-11 21:37 - 2006-07-08 03:35 - 00000000 __RHD () C:\Documents and Settings\Administrator\Data aplikací
2015-02-11 21:36 - 2013-11-27 12:27 - 00100208 _____ () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2015-02-11 21:36 - 2006-07-08 03:35 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2015-02-11 21:36 - 2006-07-08 03:35 - 00000000 ___HD () C:\Documents and Settings\Administrator\Šablony
2015-02-11 21:34 - 2013-10-03 08:57 - 00000000 ____D () C:\WINDOWS\ShellNew
2015-02-11 21:34 - 2006-07-08 03:35 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-11 21:34 - 2006-07-08 03:35 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-11 21:34 - 2004-09-08 09:57 - 00000573 _____ () C:\WINDOWS\win.ini
2015-02-11 21:30 - 2013-10-03 08:33 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-02-11 21:29 - 2013-10-03 08:58 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Nástroje sady Microsoft Office
2015-02-11 21:27 - 2013-10-03 08:37 - 00000724 _____ () C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
2015-02-11 21:27 - 2013-10-03 08:37 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-11 21:14 - 2006-07-08 03:35 - 00000000 ___HD () C:\Documents and Settings\Administrator\Okolní síť
2015-02-11 21:10 - 2006-07-07 19:06 - 00000000 ____D () C:\WINDOWS\SMINST
2015-02-11 21:07 - 2013-10-03 08:47 - 00000000 ____D () C:\BUILDpower
2015-02-11 19:55 - 2013-10-03 08:47 - 00000547 _____ () C:\Documents and Settings\All Users\Nabídka Start\Programy\BUILD power.lnk
2015-02-06 14:48 - 2006-07-08 03:35 - 00000000 ___RD () C:\Documents and Settings\Administrator\Nabídka Start\Programy
2015-02-06 14:28 - 2013-10-03 13:03 - 00056320 _____ () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-06 14:17 - 2006-07-08 03:35 - 00000000 ___RD () C:\Documents and Settings\Administrator\Dokumenty
2015-02-06 14:15 - 2004-09-08 10:12 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl

==================== Files in the root of some directories =======

2013-10-03 08:42 - 2013-10-03 08:42 - 0000600 _____ () C:\Documents and Settings\Administrator\Data aplikací\winscp.rnd
2006-07-07 19:04 - 2006-07-07 19:04 - 0000000 _____ () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\AtStart.txt
2013-10-03 13:03 - 2015-02-06 14:28 - 0056320 _____ () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-07-07 19:04 - 2006-07-07 19:04 - 0000000 _____ () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\DSwitch.txt
2006-07-07 18:46 - 2006-07-07 18:46 - 0000133 _____ () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\fusioncache.dat
2015-02-11 22:51 - 2015-02-11 22:51 - 0029696 _____ () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\MSGBOX.EXE
2006-07-07 19:04 - 2006-07-07 19:04 - 0000000 _____ () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\QSwitch.txt

Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

#5 Příspěvek od **altrok** » 11 úno 2015 23:04

Tak tohle chvilku vezme... mate prehistoricke snad uplne vsechno a povicero haveti...

Ulozte na plochu MBRScan - http://eric71.geekstogo.com/tools/MbrScan.exe

Spustte jej, vpravo nahore kliknete na Options a vsechno dooznacte
kliknete na Report
obsah prave otevreneho textaku mi vlozte do pristi odpovedi

Ulozte na plochu MBAR - http://www.bleepingcomputer.com/downloa ... i-rootkit/

Spuste dvojklikem a extrahujte na plochu
kliknete na Next
Aktualizujte virovou databazi klikem na Update a pokracujte na Next
Vsechny 3 moznosti nechte zaskrtnute a zvolte Scan (potrva cca 15 minut)
zatrhnete vsechny nalezy a take zkontrolujte zatrzitko u Create Restore Point
kliknete na Cleanup a souhlaste s restartem - Yes
obsah logu ulozene na plose v mbar\mbar-log-2015-mm-dd (hh-mm-ss).txt vlozte do pristi odpovedi

jurda23 · #6 Příspěvek od **jurda23** » 11 úno 2015 23:12

mbar po spustení modra smrt a restart v nouzovem režimu jede

Kód: Vybrat vše

MBRScan v1.1.1

OS             : Windows XP Home Service Pack 2 (32 bit)
PROCESSOR      : x86 Family 6 Model 15 Stepping 6, GenuineIntel
BOOT           : Normal Boot
DATE           : 2015/02/11 (ISO 8601) at 23:08:52
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __FUJITSU MHV2080BH PL (‰,)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

DISK           : Device\Harddisk1\DR5 __Generic Flash Disk (8.07)
BUS_TYPE       : (0x07)  USB
USE_PIO        : NO
MAX_TRANSFER   : 64 Kb
ALIGNMENT_MASK : byte aligned
________________________________________________________________________________

Device\Harddisk0\DR0	74.53 Go  [Fixed] ==> Unknown MBR Code

MBR_MD5   : 256F115314B0CF3B9E1BB7B49C2BD552
MBR_SHA1  : 6519C47ED921702660C8E7B27D063838BFB10E54

Device\Harddisk0\Partition1	68.45 Go  	0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2	6.08 Go  	0x07 NTFS / HPFS
________________________________________________________________________________

Device\Harddisk1\DR5	15.04 Go  [Removable] ==> Unknown MBR Code

MBR_MD5   : C6E14E60205DBCC5E216F7738699B53E
MBR_SHA1  : E4F5CEA348DC6AD3BFEE1DAB2605E7A013AB9F50

Device\Harddisk1\Partition1	15.04 Go
________________________________________________________________________________

############################### Additional scan ################################

Device\Harddisk0\DR0 => XP MBR Code found in sector 40
Device\Harddisk0\DR0 => XP MBR Code found in sector 42
Device\Harddisk0\DR0 => XP MBR Code found in sector 43
Device\Harddisk0\DR0 => XP MBR Code found in sector 45
SystemStartOptions : NOEXECUTE=OPTIN  FASTDETECT

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 FF 8E D7 BC 00 7A BB A0 07 8E DB 8E C3 BE 00   3..×¼.z»...Û.Ã¾.
0x00000010   02 8B CE FC F3 A4 EA A3 00 A0 07 B9 04 00 8B FD   ..Îüó¤ê£...¹...ý
0x00000020   80 3D 80 74 05 83 C7 10 E2 F6 C3 B9 04 00 8B F5   .=.t..Ç.âöÃ¹...õ
0x00000030   88 2C 83 C6 10 E2 F9 C6 05 80 C3 60 B4 43 EB 03   .,.Æ.âùÆ..Ã`´Cë.
0x00000040   60 B4 42 1E 16 1F 16 16 66 52 53 16 32 ED 51 6A   `´B.....fRS.2íQj
0x00000050   10 B0 00 8B F4 B2 80 CD 13 83 C4 10 1F 61 0F 82   .°..ô².Í..Ä..a..
0x00000060   BD 00 C3 60 AC 0A C0 74 F4 B4 0E BB 07 00 B9 01   ½.Ã`¬.Àtô´.»..¹.
0x00000070   00 CD 10 EB EF BB E0 07 B1 06 E8 C3 FF 66 B8 58   .Í.ëï»à.±.èÃ.f¸X
0x00000080   53 53 3F B9 00 03 BE 00 04 66 03 04 83 C6 04 E2   SS?¹..¾..f...Æ.â
0x00000090   F8 66 3D 21 58 53 53 75 09 80 3E 02 04 04 0F 84   øf=!XSSu..>.....
0x000000A0   63 03 C3 BD BE 01 B8 00 48 B2 80 C7 06 08 10 1A   c.Ã½¾.¸.H².Ç....
0x000000B0   00 66 BE 08 10 00 00 CD 13 72 64 B4 08 CD 13 80   .f¾....Í.rd´.Í..
0x000000C0   E1 3F 66 0F B6 C9 66 89 0E 00 10 FE C6 66 0F B6   á?f.¶Éf....þÆf.¶
0x000000D0   D6 66 89 16 04 10 66 33 D2 B2 02 E8 97 FF 66 8B   Öf....f3Ò².è..f.
0x000000E0   16 18 10 66 83 EA 06 E8 8B FF 80 26 34 01 F9 E8   ...f.ê.è...&4.ùè
0x000000F0   29 FF 75 25 E8 34 FF 66 33 D2 BB A0 07 B1 01 E8   ).u%è4.f3Ò»..±.è
0x00000100   39 FF 66 8B 55 08 BB C0 07 E8 34 FF 81 3E FE 03   9.f.U.»À.è4..>þ.
0x00000110   55 AA 75 05 EA 00 7C 00 00 8B 36 35 01 EB 04 8B   Uªu.ê.|...65.ë..
0x00000120   36 37 01 E8 3D FF 8B 36 39 01 E8 36 FF B4 00 CD   67.è=..69.è6.´.Í
0x00000130   16 CD 18 03 10 3D 01 48 01 54 01 73 01 0D 0A 43   .Í...=.H.T.s...C
0x00000140   68 79 62 A1 20 4F 53 00 0D 0A 4D 42 52 20 65 72   hyb¡ OS...MBR er
0x00000150   72 6F 72 00 0D 0A 53 74 69 73 6B 6E 65 74 65 20   ror...Stisknete 
0x00000160   6C 69 62 6F 76 6F 6C 6E 6F 75 20 6B 6C A0 76 65   libovolnou kl.ve
0x00000170   73 75 00 0D 0A 53 74 69 73 6B 6E 75 74 A1 6D 20   su...Stisknut¡m 
0x00000180   6B 6C A0 76 65 73 79 20 46 31 31 20 73 70 75 73   kl.vesy F11 spus
0x00000190   74 74 65 20 6F 62 6E 6F 76 65 6E A1 20 70 6F 20   tte obnoven¡ po 
0x000001A0   7A A0 76 61 7A 6E 82 20 70 6F 72 75 73 65 20 00   z.vazn. poruse .
0x000001B0   79 20 00 00 00 00 33 01 BF DA BF DA 00 00 80 01   y ....3.¿Ú¿Ú....
0x000001C0   01 00 07 EF FF FF 3F 00 00 00 21 63 8E 08 00 00   ...ï..?...!c....
0x000001D0   C1 FF 07 EF FF FF 60 63 8E 08 B0 7D C2 00 00 00   Á..ï..`c..°}Â...
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

__________________________16_BIT_ASM_CODE
   
0x0000    33ff            XOR DI, DI   
0x0002    8ed7            MOV SS, DI   
0x0004    bc 007a         MOV SP, 0x7a00   
0x0007    bb a007         MOV BX, 0x7a0   
0x000A    8edb            MOV DS, BX   
0x000C    8ec3            MOV ES, BX   
0x000E    be 0002         MOV SI, 0x200   
0x0011    8bce            MOV CX, SI   
0x0013    fc              CLD   
0x0014    f3 a4           REP MOVSB   
0x0016    ea a300 a007    JMP FAR 0x7a0:0xa3   
0x001B    b9 0400         MOV CX, 0x4   
0x001E    8bfd            MOV DI, BP   
0x0020    803d 80         CMP BYTE [DI], 0x80   
0x0023    74 05           JZ 0x2a   
0x0025    83c7 10         ADD DI, 0x10   
0x0028    e2 f6           LOOP 0x20   
0x002A    c3              RET   
0x002B    b9 0400         MOV CX, 0x4   
0x002E    8bf5            MOV SI, BP   
0x0030    882c            MOV [SI], CH   
0x0032    83c6 10         ADD SI, 0x10   
0x0035    e2 f9           LOOP 0x30   
0x0037    c605 80         MOV BYTE [DI], 0x80   
0x003A    c3              RET   
0x003B    60              PUSHA   
0x003C    b4 43           MOV AH, 0x43   
0x003E    eb 03           JMP 0x43   
0x0040    60              PUSHA   
0x0041    b4 42           MOV AH, 0x42   
0x0043    1e              PUSH DS   
0x0044    16              PUSH SS   
0x0045    1f              POP DS   
0x0046    16              PUSH SS   
0x0047    16              PUSH SS   
0x0048    66 52           PUSH EDX   
0x004A    53              PUSH BX   
0x004B    16              PUSH SS   
0x004C    32ed            XOR CH, CH   
0x004E    51              PUSH CX   
0x004F    6a 10           PUSH 0x10   
0x0051    b0 00           MOV AL, 0x0   
0x0053    8bf4            MOV SI, SP   
0x0055    b2 80           MOV DL, 0x80   
0x0057    cd 13           INT 0x13   
0x0059    83c4 10         ADD SP, 0x10   
0x005C    1f              POP DS   
0x005D    61              POPA   
0x005E    0f82 bd00       JB 0x11f   
0x0062    c3              RET   
0x0063    60              PUSHA   
0x0064    ac              LODSB   
0x0065    0ac0            OR AL, AL   
0x0067    74 f4           JZ 0x5d   
0x0069    b4 0e           MOV AH, 0xe   
0x006B    bb 0700         MOV BX, 0x7   
0x006E    b9 0100         MOV CX, 0x1   
0x0071    cd 10           INT 0x10   
0x0073    eb ef           JMP 0x64   
0x0075    bb e007         MOV BX, 0x7e0   
0x0078    b1 06           MOV CL, 0x6   
0x007A    e8 c3ff         CALL 0x40   
0x007D    66 b8 5853533f  MOV EAX, 0x3f535358   
0x0083    b9 0003         MOV CX, 0x300   
0x0086    be 0004         MOV SI, 0x400   
0x0089    66 0304         ADD EAX, [SI]   
0x008C    83c6 04         ADD SI, 0x4   
0x008F    e2 f8           LOOP 0x89   
0x0091    66 3d 21585353  CMP EAX, 0x53535821   
0x0097    75 09           JNZ 0xa2   
0x0099    803e 0204 04    CMP BYTE [0x402], 0x4   
0x009E    0f84 6303       JZ 0x405   
0x00A2    c3              RET   
0x00A3    bd be01         MOV BP, 0x1be   
0x00A6    b8 0048         MOV AX, 0x4800   
0x00A9    b2 80           MOV DL, 0x80   
0x00AB    c706 0810 1a00  MOV WORD [0x1008], 0x1a   
0x00B1    66 be 08100000  MOV ESI, 0x1008   
0x00B7    cd 13           INT 0x13   
0x00B9    72 64           JB 0x11f   
0x00BB    b4 08           MOV AH, 0x8   
0x00BD    cd 13           INT 0x13   
0x00BF    80e1 3f         AND CL, 0x3f   
0x00C2    66 0fb6c9       MOVZX ECX, CL   
0x00C6    66 890e 0010    MOV [0x1000], ECX   
0x00CB    fec6            INC DH   
0x00CD    66 0fb6d6       MOVZX EDX, DH   
0x00D1    66 8916 0410    MOV [0x1004], EDX   
0x00D6    66 33d2         XOR EDX, EDX   
0x00D9    b2 02           MOV DL, 0x2   
0x00DB    e8 97ff         CALL 0x75   
0x00DE    66 8b16 1810    MOV EDX, [0x1018]   
0x00E3    66 83ea 06      SUB EDX, 0x6   
0x00E7    e8 8bff         CALL 0x75   
0x00EA    8026 3401 f9    AND BYTE [0x134], 0xf9   
0x00EF    e8 29ff         CALL 0x1b   
0x00F2    75 25           JNZ 0x119   
0x00F4    e8 34ff         CALL 0x2b   
0x00F7    66 33d2         XOR EDX, EDX   
0x00FA    bb a007         MOV BX, 0x7a0   
0x00FD    b1 01           MOV CL, 0x1   
0x00FF    e8 39ff         CALL 0x3b   
0x0102    66 8b55 08      MOV EDX, [DI+0x8]   
0x0106    bb c007         MOV BX, 0x7c0   
0x0109    e8 34ff         CALL 0x40   
0x010C    813e fe03 55aa  CMP WORD [0x3fe], 0xaa55   
0x0112    75 05           JNZ 0x119   
0x0114    ea 007c 0000    JMP FAR 0x0:0x7c00   
0x0119    8b36 3501       MOV SI, [0x135]   
0x011D    eb 04           JMP 0x123   
0x011F    8b36 3701       MOV SI, [0x137]   
0x0123    e8 3dff         CALL 0x63   
0x0126    8b36 3901       MOV SI, [0x139]   
0x012A    e8 36ff         CALL 0x63   
0x012D    b4 00           MOV AH, 0x0   
0x012F    cd 16           INT 0x16   
0x0131    cd 18           INT 0x18   
0x0133    0310            ADD DX, [BX+SI]   
0x0135    3d 0148         CMP AX, 0x4801   
0x0138    0154 01         ADD [SI+0x1], DX   
0x013B    73 01           JAE 0x13e   
0x013D    0d 0a43         OR AX, 0x430a   
0x0140    68 7962         PUSH 0x6279   
0x0143    a1 204f         MOV AX, [0x4f20]   
0x0146    53              PUSH BX   
0x0147    000d            ADD [DI], CL   
0x0149    0a4d 42         OR CL, [DI+0x42]   
0x014C    52              PUSH DX   
0x014D    2065 72         AND [DI+0x72], AH   
0x0150    72 6f           JB 0x1c1   
0x0152    72 00           JB 0x154   
0x0154    0d 0a53         OR AX, 0x530a   
0x0157    74 69           JZ 0x1c2   
0x0159    73 6b           JAE 0x1c6   
0x015B    6e              OUTSB   
0x015C    65              DB 0x65   
0x015C    65 74 65        JZ 0x1c4   
0x015F    206c 69         AND [SI+0x69], CH   
0x0162    626f 76         BOUND BP, [BX+0x76]   
0x0165    6f              OUTSW   
0x0166    6c              INSB   
0x0167    6e              OUTSB   
0x0168    6f              OUTSW   
0x0169    75 20           JNZ 0x18b   
0x016B    6b6c a0 76      IMUL BP, [SI-0x60], 0x76   
0x016F    65              DB 0x65   
0x016F    65 73 75        JAE 0x1e7   
0x0172    000d            ADD [DI], CL   
0x0174    0a53 74         OR DL, [BP+DI+0x74]   
0x0177    6973 6b 6e75    IMUL SI, [BP+DI+0x6b], 0x756e   
0x017C    74 a1           JZ 0x11f   
0x017E    6d              INSW   
0x017F    206b 6c         AND [BP+DI+0x6c], CH   
0x0182    a0 7665         MOV AL, [0x6576]   
0x0185    73 79           JAE 0x200   
0x0187    2046 31         AND [BP+0x31], AL   
0x018A    3120            XOR [BX+SI], SP   
0x018C    73 70           JAE 0x1fe   
0x018E    75 73           JNZ 0x203   
0x0190    74 74           JZ 0x206   
0x0192    65 206f 62      AND GS:[BX+0x62], CH   
0x0196    6e              OUTSB   
0x0197    6f              OUTSW   
0x0198    76 65           JBE 0x1ff   
0x019A    6e              OUTSB   
0x019B    a1 2070         MOV AX, [0x7020]   
0x019E    6f              OUTSW   
0x019F    207a a0         AND [BP+SI-0x60], BH   
0x01A2    76 61           JBE 0x205   
0x01A4    7a 6e           JP 0x214   
0x01A6    8220 70         AND BYTE [BX+SI], 0x70   
0x01A9    6f              OUTSW   
0x01AA    72 75           JB 0x221   
0x01AC    73 65           JAE 0x213   
0x01AE    2000            AND [BX+SI], AL   
0x01B0    79 20           JNS 0x1d2   
0x01B2    0000            ADD [BX+SI], AL   
0x01B4    0000            ADD [BX+SI], AL   
0x01B6    3301            XOR AX, [BX+DI]   
0x01B8    bf dabf         MOV DI, 0xbfda   
0x01BB    da00            FIADD DWORD [BX+SI]   
0x01BD    0080 0101       ADD [BX+SI+0x101], AL   
0x01C1    0007            ADD [BX], AL   
0x01C3    ef              OUT DX, AX   
0x01C4    ff              DB 0xff   
0x01C5    ff              DB 0xff   
0x01C6    3f              AAS   
0x01C7    0000            ADD [BX+SI], AL   
0x01C9    0021            ADD [BX+DI], AH   
0x01CB    638e 0800       ARPL [BP+0x8], CX   
0x01CF    00c1            ADD CL, AL   
0x01D1    ff07            INC WORD [BX]   
0x01D3    ef              OUT DX, AX   
0x01D4    ff              DB 0xff   
0x01D5    ff60 63         JMP [BX+SI+0x63]   
0x01D8    8e              DB 0x8e   
0x01D9    08b0 7dc2       OR [BX+SI-0x3d83], DH   
0x01DD    0000            ADD [BX+SI], AL   
0x01DF    0000            ADD [BX+SI], AL   
0x01E1    0000            ADD [BX+SI], AL   
0x01E3    0000            ADD [BX+SI], AL   
0x01E5    0000            ADD [BX+SI], AL   
0x01E7    0000            ADD [BX+SI], AL   
0x01E9    0000            ADD [BX+SI], AL   
0x01EB    0000            ADD [BX+SI], AL   
0x01ED    0000            ADD [BX+SI], AL   
0x01EF    0000            ADD [BX+SI], AL   
0x01F1    0000            ADD [BX+SI], AL   
0x01F3    0000            ADD [BX+SI], AL   
0x01F5    0000            ADD [BX+SI], AL   
0x01F7    0000            ADD [BX+SI], AL   
0x01F9    0000            ADD [BX+SI], AL   
0x01FB    0000            ADD [BX+SI], AL   
0x01FD    0055 aa         ADD [DI-0x56], DL   


_______MBR   \Device\Harddisk1\DR5  

0x00000000   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000010   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000020   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000030   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000040   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000050   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000060   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000070   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000080   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000090   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000B0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000C0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000100   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000110   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000120   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000130   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000140   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000150   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000160   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000170   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001C0   20 00 0C A3 FF 00 20 00 00 00 E0 3F E1 01 00 00    ..£.. ...à?á...
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

__________________________16_BIT_ASM_CODE
   
0x0000    0000            ADD [BX+SI], AL   
0x0002    0000            ADD [BX+SI], AL   
0x0004    0000            ADD [BX+SI], AL   
0x0006    0000            ADD [BX+SI], AL   
0x0008    0000            ADD [BX+SI], AL   
0x000A    0000            ADD [BX+SI], AL   
0x000C    0000            ADD [BX+SI], AL   
0x000E    0000            ADD [BX+SI], AL   
0x0010    0000            ADD [BX+SI], AL   
0x0012    0000            ADD [BX+SI], AL   
0x0014    0000            ADD [BX+SI], AL   
0x0016    0000            ADD [BX+SI], AL   
0x0018    0000            ADD [BX+SI], AL   
0x001A    0000            ADD [BX+SI], AL   
0x001C    0000            ADD [BX+SI], AL   
0x001E    0000            ADD [BX+SI], AL   
0x0020    0000            ADD [BX+SI], AL   
0x0022    0000            ADD [BX+SI], AL   
0x0024    0000            ADD [BX+SI], AL   
0x0026    0000            ADD [BX+SI], AL   
0x0028    0000            ADD [BX+SI], AL   
0x002A    0000            ADD [BX+SI], AL   
0x002C    0000            ADD [BX+SI], AL   
0x002E    0000            ADD [BX+SI], AL   
0x0030    0000            ADD [BX+SI], AL   
0x0032    0000            ADD [BX+SI], AL   
0x0034    0000            ADD [BX+SI], AL   
0x0036    0000            ADD [BX+SI], AL   
0x0038    0000            ADD [BX+SI], AL   
0x003A    0000            ADD [BX+SI], AL   
0x003C    0000            ADD [BX+SI], AL   
0x003E    0000            ADD [BX+SI], AL   
0x0040    0000            ADD [BX+SI], AL   
0x0042    0000            ADD [BX+SI], AL   
0x0044    0000            ADD [BX+SI], AL   
0x0046    0000            ADD [BX+SI], AL   
0x0048    0000            ADD [BX+SI], AL   
0x004A    0000            ADD [BX+SI], AL   
0x004C    0000            ADD [BX+SI], AL   
0x004E    0000            ADD [BX+SI], AL   
0x0050    0000            ADD [BX+SI], AL   
0x0052    0000            ADD [BX+SI], AL   
0x0054    0000            ADD [BX+SI], AL   
0x0056    0000            ADD [BX+SI], AL   
0x0058    0000            ADD [BX+SI], AL   
0x005A    0000            ADD [BX+SI], AL   
0x005C    0000            ADD [BX+SI], AL   
0x005E    0000            ADD [BX+SI], AL   
0x0060    0000            ADD [BX+SI], AL   
0x0062    0000            ADD [BX+SI], AL   
0x0064    0000            ADD [BX+SI], AL   
0x0066    0000            ADD [BX+SI], AL   
0x0068    0000            ADD [BX+SI], AL   
0x006A    0000            ADD [BX+SI], AL   
0x006C    0000            ADD [BX+SI], AL   
0x006E    0000            ADD [BX+SI], AL   
0x0070    0000            ADD [BX+SI], AL   
0x0072    0000            ADD [BX+SI], AL   
0x0074    0000            ADD [BX+SI], AL   
0x0076    0000            ADD [BX+SI], AL   
0x0078    0000            ADD [BX+SI], AL   
0x007A    0000            ADD [BX+SI], AL   
0x007C    0000            ADD [BX+SI], AL   
0x007E    0000            ADD [BX+SI], AL   
0x0080    0000            ADD [BX+SI], AL   
0x0082    0000            ADD [BX+SI], AL   
0x0084    0000            ADD [BX+SI], AL   
0x0086    0000            ADD [BX+SI], AL   
0x0088    0000            ADD [BX+SI], AL   
0x008A    0000            ADD [BX+SI], AL   
0x008C    0000            ADD [BX+SI], AL   
0x008E    0000            ADD [BX+SI], AL   
0x0090    0000            ADD [BX+SI], AL   
0x0092    0000            ADD [BX+SI], AL   
0x0094    0000            ADD [BX+SI], AL   
0x0096    0000            ADD [BX+SI], AL   
0x0098    0000            ADD [BX+SI], AL   
0x009A    0000            ADD [BX+SI], AL   
0x009C    0000            ADD [BX+SI], AL   
0x009E    0000            ADD [BX+SI], AL   
0x00A0    0000            ADD [BX+SI], AL   
0x00A2    0000            ADD [BX+SI], AL   
0x00A4    0000            ADD [BX+SI], AL   
0x00A6    0000            ADD [BX+SI], AL   
0x00A8    0000            ADD [BX+SI], AL   
0x00AA    0000            ADD [BX+SI], AL   
0x00AC    0000            ADD [BX+SI], AL   
0x00AE    0000            ADD [BX+SI], AL   
0x00B0    0000            ADD [BX+SI], AL   
0x00B2    0000            ADD [BX+SI], AL   
0x00B4    0000            ADD [BX+SI], AL   
0x00B6    0000            ADD [BX+SI], AL   
0x00B8    0000            ADD [BX+SI], AL   
0x00BA    0000            ADD [BX+SI], AL   
0x00BC    0000            ADD [BX+SI], AL   
0x00BE    0000            ADD [BX+SI], AL   
0x00C0    0000            ADD [BX+SI], AL   
0x00C2    0000            ADD [BX+SI], AL   
0x00C4    0000            ADD [BX+SI], AL   
0x00C6    0000            ADD [BX+SI], AL   
0x00C8    0000            ADD [BX+SI], AL   
0x00CA    0000            ADD [BX+SI], AL   
0x00CC    0000            ADD [BX+SI], AL   
0x00CE    0000            ADD [BX+SI], AL   
0x00D0    0000            ADD [BX+SI], AL   
0x00D2    0000            ADD [BX+SI], AL   
0x00D4    0000            ADD [BX+SI], AL   
0x00D6    0000            ADD [BX+SI], AL   
0x00D8    0000            ADD [BX+SI], AL   
0x00DA    0000            ADD [BX+SI], AL   
0x00DC    0000            ADD [BX+SI], AL   
0x00DE    0000            ADD [BX+SI], AL   
0x00E0    0000            ADD [BX+SI], AL   
0x00E2    0000            ADD [BX+SI], AL   
0x00E4    0000            ADD [BX+SI], AL   
0x00E6    0000            ADD [BX+SI], AL   
0x00E8    0000            ADD [BX+SI], AL   
0x00EA    0000            ADD [BX+SI], AL   
0x00EC    0000            ADD [BX+SI], AL   
0x00EE    0000            ADD [BX+SI], AL   
0x00F0    0000            ADD [BX+SI], AL   
0x00F2    0000            ADD [BX+SI], AL   
0x00F4    0000            ADD [BX+SI], AL   
0x00F6    0000            ADD [BX+SI], AL   
0x00F8    0000            ADD [BX+SI], AL   
0x00FA    0000            ADD [BX+SI], AL   
0x00FC    0000            ADD [BX+SI], AL   
0x00FE    0000            ADD [BX+SI], AL   
0x0100    0000            ADD [BX+SI], AL   
0x0102    0000            ADD [BX+SI], AL   
0x0104    0000            ADD [BX+SI], AL   
0x0106    0000            ADD [BX+SI], AL   
0x0108    0000            ADD [BX+SI], AL   
0x010A    0000            ADD [BX+SI], AL   
0x010C    0000            ADD [BX+SI], AL   
0x010E    0000            ADD [BX+SI], AL   
0x0110    0000            ADD [BX+SI], AL   
0x0112    0000            ADD [BX+SI], AL   
0x0114    0000            ADD [BX+SI], AL   
0x0116    0000            ADD [BX+SI], AL   
0x0118    0000            ADD [BX+SI], AL   
0x011A    0000            ADD [BX+SI], AL   
0x011C    0000            ADD [BX+SI], AL   
0x011E    0000            ADD [BX+SI], AL   
0x0120    0000            ADD [BX+SI], AL   
0x0122    0000            ADD [BX+SI], AL   
0x0124    0000            ADD [BX+SI], AL   
0x0126    0000            ADD [BX+SI], AL   
0x0128    0000            ADD [BX+SI], AL   
0x012A    0000            ADD [BX+SI], AL   
0x012C    0000            ADD [BX+SI], AL   
0x012E    0000            ADD [BX+SI], AL   
0x0130    0000            ADD [BX+SI], AL   
0x0132    0000            ADD [BX+SI], AL   
0x0134    0000            ADD [BX+SI], AL   
0x0136    0000            ADD [BX+SI], AL   
0x0138    0000            ADD [BX+SI], AL   
0x013A    0000            ADD [BX+SI], AL   
0x013C    0000            ADD [BX+SI], AL   
0x013E    0000            ADD [BX+SI], AL   
0x0140    0000            ADD [BX+SI], AL   
0x0142    0000            ADD [BX+SI], AL   
0x0144    0000            ADD [BX+SI], AL   
0x0146    0000            ADD [BX+SI], AL   
0x0148    0000            ADD [BX+SI], AL   
0x014A    0000            ADD [BX+SI], AL   
0x014C    0000            ADD [BX+SI], AL   
0x014E    0000            ADD [BX+SI], AL   
0x0150    0000            ADD [BX+SI], AL   
0x0152    0000            ADD [BX+SI], AL   
0x0154    0000            ADD [BX+SI], AL   
0x0156    0000            ADD [BX+SI], AL   
0x0158    0000            ADD [BX+SI], AL   
0x015A    0000            ADD [BX+SI], AL   
0x015C    0000            ADD [BX+SI], AL   
0x015E    0000            ADD [BX+SI], AL   
0x0160    0000            ADD [BX+SI], AL   
0x0162    0000            ADD [BX+SI], AL   
0x0164    0000            ADD [BX+SI], AL   
0x0166    0000            ADD [BX+SI], AL   
0x0168    0000            ADD [BX+SI], AL   
0x016A    0000            ADD [BX+SI], AL   
0x016C    0000            ADD [BX+SI], AL   
0x016E    0000            ADD [BX+SI], AL   
0x0170    0000            ADD [BX+SI], AL   
0x0172    0000            ADD [BX+SI], AL   
0x0174    0000            ADD [BX+SI], AL   
0x0176    0000            ADD [BX+SI], AL   
0x0178    0000            ADD [BX+SI], AL   
0x017A    0000            ADD [BX+SI], AL   
0x017C    0000            ADD [BX+SI], AL   
0x017E    0000            ADD [BX+SI], AL   
0x0180    0000            ADD [BX+SI], AL   
0x0182    0000            ADD [BX+SI], AL   
0x0184    0000            ADD [BX+SI], AL   
0x0186    0000            ADD [BX+SI], AL   
0x0188    0000            ADD [BX+SI], AL   
0x018A    0000            ADD [BX+SI], AL   
0x018C    0000            ADD [BX+SI], AL   
0x018E    0000            ADD [BX+SI], AL   
0x0190    0000            ADD [BX+SI], AL   
0x0192    0000            ADD [BX+SI], AL   
0x0194    0000            ADD [BX+SI], AL   
0x0196    0000            ADD [BX+SI], AL   
0x0198    0000            ADD [BX+SI], AL   
0x019A    0000            ADD [BX+SI], AL   
0x019C    0000            ADD [BX+SI], AL   
0x019E    0000            ADD [BX+SI], AL   
0x01A0    0000            ADD [BX+SI], AL   
0x01A2    0000            ADD [BX+SI], AL   
0x01A4    0000            ADD [BX+SI], AL   
0x01A6    0000            ADD [BX+SI], AL   
0x01A8    0000            ADD [BX+SI], AL   
0x01AA    0000            ADD [BX+SI], AL   
0x01AC    0000            ADD [BX+SI], AL   
0x01AE    0000            ADD [BX+SI], AL   
0x01B0    0000            ADD [BX+SI], AL   
0x01B2    0000            ADD [BX+SI], AL   
0x01B4    0000            ADD [BX+SI], AL   
0x01B6    0000            ADD [BX+SI], AL   
0x01B8    0000            ADD [BX+SI], AL   
0x01BA    0000            ADD [BX+SI], AL   
0x01BC    0000            ADD [BX+SI], AL   
0x01BE    0000            ADD [BX+SI], AL   
0x01C0    2000            AND [BX+SI], AL   
0x01C2    0c a3           OR AL, 0xa3   
0x01C4    ff00            INC WORD [BX+SI]   
0x01C6    2000            AND [BX+SI], AL   
0x01C8    0000            ADD [BX+SI], AL   
0x01CA    e0 3f           LOOPNZ 0x20b   
0x01CC    e1 01           LOOPZ 0x1cf   
0x01CE    0000            ADD [BX+SI], AL   
0x01D0    0000            ADD [BX+SI], AL   
0x01D2    0000            ADD [BX+SI], AL   
0x01D4    0000            ADD [BX+SI], AL   
0x01D6    0000            ADD [BX+SI], AL   
0x01D8    0000            ADD [BX+SI], AL   
0x01DA    0000            ADD [BX+SI], AL   
0x01DC    0000            ADD [BX+SI], AL   
0x01DE    0000            ADD [BX+SI], AL   
0x01E0    0000            ADD [BX+SI], AL   
0x01E2    0000            ADD [BX+SI], AL   
0x01E4    0000            ADD [BX+SI], AL   
0x01E6    0000            ADD [BX+SI], AL   
0x01E8    0000            ADD [BX+SI], AL   
0x01EA    0000            ADD [BX+SI], AL   
0x01EC    0000            ADD [BX+SI], AL   
0x01EE    0000            ADD [BX+SI], AL   
0x01F0    0000            ADD [BX+SI], AL   
0x01F2    0000            ADD [BX+SI], AL   
0x01F4    0000            ADD [BX+SI], AL   
0x01F6    0000            ADD [BX+SI], AL   
0x01F8    0000            ADD [BX+SI], AL   
0x01FA    0000            ADD [BX+SI], AL   
0x01FC    0000            ADD [BX+SI], AL   
0x01FE    55              PUSH BP   
0x01FF    aa              STOSB

jurda23 · #7 Příspěvek od **jurda23** » 11 úno 2015 23:32

Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
main: v2015.02.11.08
rootkit: v2015.02.03.01

Windows XP Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 6.0.2900.2180
Administrator :: PC325251940422 [administrator]

11.2.2015 23:16:58
mbar-log-2015-02-11 (23-16-58).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 314310
Time elapsed: 10 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\WINDOWS\inf\mnchifucr (Trojan.Agent.BCM) -> Delete on reboot. [310336e74842c076030f084c2dd6718f]
C:\WINDOWS\inf\mnchifucr\bitstreams (Trojan.Agent.BCM) -> Delete on reboot. [310336e74842c076030f084c2dd6718f]

Files Detected: 23
C:\WINDOWS\system32\cybbwuii.dll (Worm.Conficker) -> Delete on reboot. [e4503de08dfdc86e335b4d3815edd927]
C:\WINDOWS\system32\dcgmncxjqa.exe (Trojan.BitMiner) -> Delete on reboot. [9f95f5285238a393904dd5727290a957]
C:\WINDOWS\inf\msstp.vbe (Trojan.Agent.SCR) -> Delete on reboot. [61d37f9ec0ca241275a0ead8d132ec14]
C:\WINDOWS\system32\msstp.vbe (Trojan.Agent.VBS) -> Delete on reboot. [a68e1805dfab0531fa27ffce58ab0af6]
C:\WINDOWS\system32\msdgmpg.vbe (Trojan.Script) -> Delete on reboot. [f83c61bc52388ea8c46f16bf4db6758b]
C:\WINDOWS\system32\msiscd.vbe (Trojan.Script) -> Delete on reboot. [969e9b82ed9dc076bf749b3a8380bb45]
C:\WINDOWS\system32\msrwetw.vbe (Trojan.Script) -> Delete on reboot. [dc5830eded9d3ef83df621b437cca15f]
C:\WINDOWS\inf\ntvdm.vbe (Malware.Trace) -> Delete on reboot. [0232bf5e365467cf27897c6f12f2f808]
C:\WINDOWS\inf\ntvdm.inf (Malware.Trace) -> Delete on reboot. [14207e9faae02f07941d6d7eca3a29d7]
C:\WINDOWS\inf\mnchifucr\diablo130302.cl (Trojan.Agent.BCM) -> Delete on reboot. [310336e74842c076030f084c2dd6718f]
C:\WINDOWS\inf\mnchifucr\diakgcn121016.cl (Trojan.Agent.BCM) -> Delete on reboot. [310336e74842c076030f084c2dd6718f]
C:\WINDOWS\inf\mnchifucr\libcurl-4.dll (Trojan.Agent.BCM) -> Delete on reboot. [310336e74842c076030f084c2dd6718f]
C:\WINDOWS\inf\mnchifucr\libeay32.dll (Trojan.Agent.BCM) -> Delete on reboot. [310336e74842c076030f084c2dd6718f]
C:\WINDOWS\inf\mnchifucr\libidn-11.dll (Trojan.Agent.BCM) -> Delete on reboot. [310336e74842c076030f084c2dd6718f]
C:\WINDOWS\inf\mnchifucr\librtmp.dll (Trojan.Agent.BCM) -> Delete on reboot. [310336e74842c076030f084c2dd6718f]
C:\WINDOWS\inf\mnchifucr\libssh2.dll (Trojan.Agent.BCM) -> Delete on reboot. [310336e74842c076030f084c2dd6718f]
C:\WINDOWS\inf\mnchifucr\mnchifucr.exe (Trojan.Agent.BCM) -> Delete on reboot. [310336e74842c076030f084c2dd6718f]
C:\WINDOWS\inf\mnchifucr\phatk121016.cl (Trojan.Agent.BCM) -> Delete on reboot. [310336e74842c076030f084c2dd6718f]
C:\WINDOWS\inf\mnchifucr\poclbm130302.cl (Trojan.Agent.BCM) -> Delete on reboot. [310336e74842c076030f084c2dd6718f]
C:\WINDOWS\inf\mnchifucr\scrypt130511.cl (Trojan.Agent.BCM) -> Delete on reboot. [310336e74842c076030f084c2dd6718f]
C:\WINDOWS\inf\mnchifucr\ssleay32.dll (Trojan.Agent.BCM) -> Delete on reboot. [310336e74842c076030f084c2dd6718f]
C:\WINDOWS\inf\mnchifucr\zlib1.dll (Trojan.Agent.BCM) -> Delete on reboot. [310336e74842c076030f084c2dd6718f]
C:\WINDOWS\inf\mnchifucr\bitstreams\fpgaminer_top_fixed7_197MHz.ncd (Trojan.Agent.BCM) -> Delete on reboot. [310336e74842c076030f084c2dd6718f]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

#8 Příspěvek od **altrok** » 11 úno 2015 23:34

Ulozte na plochu rkill.exe, ukoncete vsechny aplikace a spustte - kdyby ho havet blokovala, pouzijte alternativni odkaz

http://download.bleepingcomputer.com/grinler/rkill.exe
http://download.bleepingcomputer.com/grinler/rkill.com
obsah logu vytvoreneho take na plose (rkill.txt) zaslete v pristi odpovedi
nerestartujte ted pocitac jinak prijdete o ucinek rkillu

POZOR - TATO UTILITA MA VELKOU SCHOPNOST MAZAT - NESPOUSTEJTE JI BEZ DOPORUCENI RADCE

Ulozte na plochu ComboFix.exe - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete antiviry a vsechny real-time ochrany
spustte ComboFix jako spravce (lepe pod uctem s administratorskym opravnenim)
s licencnimi podminkami souhlaste - Ano
pokud je nabidnuta instalace konzoly pro zotaveni, souhlaste
v prubehu skenovani nechte PC v klidu - nic nespoustejte a do okna CombFixu neklikejte
vysledek skenu naleznete v C:\ComboFix.txt, jehoz obsah mi zkopirujte do pristi odpovedi.

jurda23 · #9 Příspěvek od **jurda23** » 11 úno 2015 23:38

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/11/2015 11:36:16 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Automatické aktualizace (wuauserv) is not Running.
Startup Type set to: Disabled

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 02/11/2015 11:37:18 PM
Execution time: 0 hours(s), 1 minute(s), and 1 seconds(s)

jurda23 · #10 Příspěvek od **jurda23** » 12 úno 2015 00:06

ComboFix 15-02-09.01 - Administrator 12.02.2015 0:00.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2039.1559 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-01-11 do 2015-02-11 )))))))))))))))))))))))))))))))
.
.
2015-02-11 22:44 . 2015-02-11 22:44 -------- d-s---w- c:\documents and settings\Administrator\UserData
2015-02-11 22:16 . 2015-02-11 22:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2015-02-11 22:16 . 2015-02-11 22:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)
2015-02-11 22:16 . 2015-02-11 22:16 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-11 22:09 . 2015-02-11 22:33 108632 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-11 21:51 . 2015-02-11 21:53 -------- d-----w- C:\FRST
2015-02-11 21:26 . 2015-02-11 21:26 -------- d-----w- c:\program files\trend micro
2015-02-11 21:26 . 2015-02-11 21:32 -------- d-----w- C:\rsit
2015-02-11 21:13 . 2015-02-11 21:21 -------- d-----w- C:\AdwCleaner
2015-02-11 21:11 . 2015-02-11 21:11 -------- d-----w- c:\program files\CCleaner
2015-02-11 21:01 . 2015-02-11 21:01 -------- d-----w- c:\program files\ESET
2015-02-11 20:37 . 2015-02-11 20:37 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\ProductData
2015-02-11 20:36 . 2015-02-11 20:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-02-11 20:36 . 2015-02-11 20:36 -------- d-----w- c:\documents and settings\Administrator\LocalLow
2015-02-11 20:36 . 2015-02-11 20:36 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Apple Computer
2015-02-11 20:36 . 2015-02-11 20:36 -------- d-----w- c:\documents and settings\Administrator\AppData
2015-02-11 20:36 . 2015-02-11 20:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ProductData
2015-02-11 20:36 . 2015-02-11 20:36 -------- d-----w- c:\program files\Common Files\IObit
2015-02-11 20:35 . 2015-02-11 20:36 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\IObit
2015-02-11 20:34 . 2015-02-11 21:42 -------- d-----w- c:\program files\IObit
2015-02-11 20:34 . 2015-02-11 20:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IObit
2015-02-11 20:32 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2015-02-11 20:32 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2015-02-11 20:30 . 2015-02-11 20:30 -------- d-----w- c:\program files\Microsoft Works
2015-02-11 20:30 . 2015-02-11 20:30 -------- d-----w- c:\program files\MSBuild
2015-02-11 20:29 . 2015-02-11 20:29 -------- d-----w- c:\program files\Microsoft.NET
2015-02-11 20:26 . 2015-02-11 20:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Microsoft Help
2015-02-11 20:26 . 2015-02-11 20:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Microsoft Help
2015-02-11 18:45 . 2015-02-11 20:10 114688 ----a-w- c:\windows\system32\chg.exe
2015-02-06 13:52 . 2013-08-11 14:40 43520 --s-a-w- c:\windows\system32\nircmdc.exe
2015-02-06 13:47 . 2015-02-11 21:29 -------- d-----w- c:\program files\WinRar-v.4,01---32,-64bit-CZ,nvod-+-key - odzkouseno
2015-02-06 13:30 . 2015-02-06 13:30 -------- d-----w- c:\program files\Common Files\Skype
2015-02-06 13:30 . 2015-02-06 13:30 -------- d-----r- c:\program files\Skype
2015-02-06 13:30 . 2015-02-06 13:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2015-02-11 20:36 752960 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{10921475-03CE-4E04-90CE-E2E7EF20C814}"= "c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll" [2015-02-11 752960]
.
[HKEY_CLASSES_ROOT\clsid\{10921475-03ce-4e04-90ce-e2e7ef20c814}]
[HKEY_CLASSES_ROOT\UninstallExplorer32.ExplorerBtn]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2015-01-23 31087200]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-01-20 5496600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761948]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-18 581693]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4967:TCP"= 4967:TCP:uicagl
.
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [28.2.2006 18:05 87808]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [21.10.2005 12:19 36352]
S2 jtgeg;Shell Task;c:\windows\system32\svchost.exe -k netsvcs [18.8.2004 9:00 14336]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [11.2.2015 21:36 2724128]
S2 tczpwsvy;Boot Manager;c:\windows\system32\svchost.exe -k netsvcs [18.8.2004 9:00 14336]
S2 uecmdied;Monitor Microsoft;c:\windows\system32\svchost.exe -k netsvcs [18.8.2004 9:00 14336]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [11.2.2015 23:09 108632]
S3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2.1.2015 19:45 315488]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
tczpwsvy
uecmdied
jtgeg
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.hp.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 77.48.100.254 77.48.254.254
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\0vr6zw0o.default\
FF - prefs.js: network.proxy.type - 0
.
.
------- Asociace souborů -------
.
.scr=DWGTrueViewScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-mbamchameleon
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-02-12 00:03
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2015-02-12 00:04:50
ComboFix-quarantined-files.txt 2015-02-11 23:04
.
Před spuštěním: Volných bajtů: 57 908 981 760
Po spuštění: Volných bajtů: 57 883 467 776
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - DC3BD524A9AB779ADCF25C1014B89CE4
49450C01903853D8E82D6980ACA6B5C6

#11 Příspěvek od **altrok** » 12 úno 2015 00:20

Pokud jeste nemate, presunte ComboFix na plochu.

Otevrete Poznamkovy blok (Start -> Spustit -> notepad)

zkopirujte do nej skript nize a ulozte na plochu jako CFScript (Typ souboru: Textovy dokument)

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4967:TCP"=-

Driver::
jtgeg
tczpwsvy
uecmdied

NetSvc::
tczpwsvy
uecmdied
jtgeg

Firefox::
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\0vr6zw0o.default\
FF - prefs.js: network.proxy.type - 0

Folder::
C:\WINDOWS\inf\mnchifucr

ClearJavaCache::

Reboot::

Tento CFScript.txt chytte, doslova pretahnete nad ikonu ComboFixu a pustte.
Po restartu na Vas vyskoci log, jehoz obsah mi vlozte do dalsi odpovedi.

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou Windows. V tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

jurda23 · #12 Příspěvek od **jurda23** » 12 úno 2015 00:31

ComboFix 15-02-09.01 - Administrator 12.02.2015 0:24.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2039.1516 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_JTGEG
-------\Legacy_TCZPWSVY
-------\Legacy_UECMDIED
-------\Service_jtgeg
-------\Service_tczpwsvy
-------\Service_uecmdied
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-01-11 do 2015-02-11 )))))))))))))))))))))))))))))))
.
.
2015-02-11 22:44 . 2015-02-11 22:44 -------- d-s---w- c:\documents and settings\Administrator\UserData
2015-02-11 22:16 . 2015-02-11 22:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2015-02-11 22:16 . 2015-02-11 22:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)
2015-02-11 22:16 . 2015-02-11 22:16 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-11 22:09 . 2015-02-11 22:33 108632 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-11 21:51 . 2015-02-11 21:53 -------- d-----w- C:\FRST
2015-02-11 21:26 . 2015-02-11 21:26 -------- d-----w- c:\program files\trend micro
2015-02-11 21:26 . 2015-02-11 21:32 -------- d-----w- C:\rsit
2015-02-11 21:13 . 2015-02-11 21:21 -------- d-----w- C:\AdwCleaner
2015-02-11 21:11 . 2015-02-11 21:11 -------- d-----w- c:\program files\CCleaner
2015-02-11 21:01 . 2015-02-11 21:01 -------- d-----w- c:\program files\ESET
2015-02-11 20:37 . 2015-02-11 20:37 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\ProductData
2015-02-11 20:36 . 2015-02-11 20:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-02-11 20:36 . 2015-02-11 20:36 -------- d-----w- c:\documents and settings\Administrator\LocalLow
2015-02-11 20:36 . 2015-02-11 20:36 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Apple Computer
2015-02-11 20:36 . 2015-02-11 20:36 -------- d-----w- c:\documents and settings\Administrator\AppData
2015-02-11 20:36 . 2015-02-11 20:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ProductData
2015-02-11 20:36 . 2015-02-11 20:36 -------- d-----w- c:\program files\Common Files\IObit
2015-02-11 20:35 . 2015-02-11 20:36 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\IObit
2015-02-11 20:34 . 2015-02-11 21:42 -------- d-----w- c:\program files\IObit
2015-02-11 20:34 . 2015-02-11 20:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IObit
2015-02-11 20:32 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2015-02-11 20:32 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2015-02-11 20:30 . 2015-02-11 20:30 -------- d-----w- c:\program files\Microsoft Works
2015-02-11 20:30 . 2015-02-11 20:30 -------- d-----w- c:\program files\MSBuild
2015-02-11 20:29 . 2015-02-11 20:29 -------- d-----w- c:\program files\Microsoft.NET
2015-02-11 20:26 . 2015-02-11 20:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Microsoft Help
2015-02-11 20:26 . 2015-02-11 20:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Microsoft Help
2015-02-11 18:45 . 2015-02-11 20:10 114688 ----a-w- c:\windows\system32\chg.exe
2015-02-06 13:52 . 2013-08-11 14:40 43520 --s-a-w- c:\windows\system32\nircmdc.exe
2015-02-06 13:47 . 2015-02-11 21:29 -------- d-----w- c:\program files\WinRar-v.4,01---32,-64bit-CZ,nvod-+-key - odzkouseno
2015-02-06 13:30 . 2015-02-06 13:30 -------- d-----w- c:\program files\Common Files\Skype
2015-02-06 13:30 . 2015-02-06 13:30 -------- d-----r- c:\program files\Skype
2015-02-06 13:30 . 2015-02-06 13:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2015-02-11 20:36 752960 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{10921475-03CE-4E04-90CE-E2E7EF20C814}"= "c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll" [2015-02-11 752960]
.
[HKEY_CLASSES_ROOT\clsid\{10921475-03ce-4e04-90ce-e2e7ef20c814}]
[HKEY_CLASSES_ROOT\UninstallExplorer32.ExplorerBtn]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2015-01-23 31087200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761948]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-18 581693]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [11.2.2015 21:36 2724128]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [28.2.2006 18:05 87808]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [21.10.2005 12:19 36352]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [11.2.2015 23:09 108632]
S3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2.1.2015 19:45 315488]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.hp.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 77.48.100.254 77.48.254.254
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\0vr6zw0o.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-02-12 00:28
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\windows\system32\msdtc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\mqsvc.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\IObit\IObit Uninstaller\UninstallMonitor.exe
.
**************************************************************************
.
Celkový čas: 2015-02-12 00:30:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-02-11 23:30
ComboFix2.txt 2015-02-11 23:04
.
Před spuštěním: Volných bajtů: 57 886 240 768
Po spuštění: Volných bajtů: 57 816 465 408
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 13758DC4B2986956D582B5DF8E762076
49450C01903853D8E82D6980ACA6B5C6

#13 Příspěvek od **altrok** » 12 úno 2015 00:37

Prejmenujte ComboFix na Uninstall a spustte jako spravce
ComboFix se odinstaluje.

Odinstalujte Surfing Protection a IObit Uninstaller.

Dejte log FRST.txt, prilozte i Addition.txt... pri druhem a dalsim spusteni FRST musite explicitne zatrhnout moznost Addition, aby se log Addition.txt vytvoril - http://forum.viry.cz/viewtopic.php?f=30&t=133101

jurda23 · #14 Příspěvek od **jurda23** » 12 úno 2015 01:00

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-02-2015 02
Ran by Administrator (administrator) on PC325251940422 on 12-02-2015 00:58:31
Running from C:\Documents and Settings\Administrator\Plocha
Loaded Profiles: Administrator (Available profiles: Administrator)
Platform: Systém Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: Čeština
Internet Explorer Version 6 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\WINDOWS\system32\mqtgsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [925696 2005-05-20] (Analog Devices, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761948 2006-03-03] (Synaptics, Inc.)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-03-23] (Intel Corporation)
HKU\S-1-5-21-2408928127-1656260268-524559132-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll (Autodesk)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2408928127-1656260268-524559132-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... R}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-2408928127-1656260268-524559132-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
HKU\S-1-5-21-2408928127-1656260268-524559132-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
URLSearchHook: HKU\S-1-5-21-2408928127-1656260268-524559132-500 - Modul přiřazení adres URL - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll No File
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Toolbar: HKLM - ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll No File
Toolbar: HKU\S-1-5-21-2408928127-1656260268-524559132-500 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/wind ... 3694700140
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 3694848359
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 77.48.100.254 77.48.254.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\0vr6zw0o.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [98304 2006-05-08] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 aspnet_state; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [32768 2004-07-15] (Microsoft Corporation) [File not signed]
R2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [258103 2006-01-18] (Broadcom Corporation.) [File not signed]
S3 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
R2 MSMQ; C:\WINDOWS\system32\mqsvc.exe [4608 2004-08-18] (Microsoft Corporation)
R2 MSMQTriggers; C:\WINDOWS\system32\mqtgsvc.exe [117248 2004-08-18] (Microsoft Corporation)
S3 PCA; C:\WINDOWS\SMINST\PCAngel.exe [294912 2006-01-12] (SoftThinks) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AEAudioService; C:\WINDOWS\System32\drivers\AEAudio.sys [152960 2005-06-07] (Andrea Electronics Corporation)
R3 ATSWPDRV; C:\WINDOWS\System32\DRIVERS\ATSwpDrv.sys [130432 2006-03-30] (AuthenTec, Inc.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [1342570 2006-01-18] (Broadcom Corporation.) [File not signed]
R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [57096 2006-01-18] (Broadcom Corporation.) [File not signed]
R1 eabfiltr; C:\WINDOWS\System32\DRIVERS\eabfiltr.sys [7808 2005-09-19] (Hewlett-Packard Development Company, L.P.)
S3 eabusb; C:\WINDOWS\System32\DRIVERS\eabusb.sys [5760 2005-09-19] (Hewlett-Packard Development Company, L.P.)
R3 GTIPCI21; C:\WINDOWS\System32\DRIVERS\gtipci21.sys [87808 2006-02-28] (Texas Instruments)
R3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [36352 2005-10-21] (Infineon Technologies AG)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [108632 2015-02-11] (Malwarebytes Corporation)
R3 MQAC; C:\WINDOWS\system32\drivers\mqac.sys [72960 2004-08-18] (Microsoft Corporation)
S3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-08-18] ()
S3 SMCIRDA; C:\WINDOWS\System32\DRIVERS\smcirda.sys [35913 2001-10-24] (SMC)
R3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1428096 2006-01-19] (Intel® Corporation)
R3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ESETCleanersDriver; \??\C:\WINDOWS\system32\Drivers\ESETCleanersDriver.sys [X]
U3 mbr; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 00:58 - 2015-02-12 00:58 - 00029789 _____ () C:\Documents and Settings\Administrator\Plocha\FRST1.txt
2015-02-12 00:55 - 2015-02-12 00:55 - 00017909 _____ () C:\Documents and Settings\Administrator\Plocha\Addition.txt
2015-02-12 00:49 - 2015-02-11 23:03 - 322523176 _____ (Microsoft Corporation) C:\Documents and Settings\Administrator\Plocha\WindowsXP-KB936929-SP3-x86-CSY.exe
2015-02-12 00:49 - 2015-02-11 23:01 - 00635944 _____ (Microsoft Corporation) C:\Documents and Settings\Administrator\Plocha\WindowsXP-KB932823-v3-x86-CSY.exe
2015-02-12 00:49 - 2015-02-11 23:00 - 10601344 _____ (Microsoft Corporation) C:\Documents and Settings\Administrator\Plocha\IE8-WindowsXP-KB2618444-x86-CSY.exe
2015-02-12 00:37 - 2015-02-12 00:38 - 00002502 _____ () C:\Documents and Settings\Administrator\Plocha\~ESETUninstaller.log
2015-02-12 00:37 - 2015-02-12 00:37 - 00675528 _____ (ESET) C:\Documents and Settings\Administrator\Plocha\ESETUninstaller.exe
2015-02-12 00:35 - 2015-02-12 00:35 - 00000000 ____D () C:\Documents and Settings\Administrator\Plocha\Speclean
2015-02-12 00:30 - 2015-02-12 00:58 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2015-02-12 00:30 - 2015-02-12 00:30 - 00009028 _____ () C:\ComboFix.txt
2015-02-12 00:30 - 2015-02-12 00:30 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2015-02-12 00:30 - 2015-02-12 00:30 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2015-02-12 00:27 - 2015-02-12 00:27 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2015-02-12 00:27 - 2015-02-12 00:27 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2015-02-12 00:27 - 2015-02-12 00:27 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2015-02-12 00:27 - 2015-02-12 00:27 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2015-02-12 00:27 - 2015-02-12 00:27 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2015-02-12 00:24 - 2015-02-12 00:24 - 00000000 _RSHD () C:\cmdcons
2015-02-12 00:04 - 2015-02-12 00:23 - 00000450 _____ () C:\WINDOWS\SchedLgU.Txt
2015-02-11 23:55 - 2015-02-11 23:59 - 00000327 _____ () C:\Boot.bak
2015-02-11 23:55 - 2004-08-03 23:00 - 00261312 __RSH () C:\cmldr
2015-02-11 23:54 - 2015-02-12 00:40 - 00000000 ____D () C:\WINDOWS\erdnt
2015-02-11 23:54 - 2015-02-11 23:54 - 00000000 ___RD () C:\Documents and Settings\Administrator\Nabídka Start\Programy\Nástroje pro správu
2015-02-11 23:49 - 2015-02-11 23:49 - 00000000 __RSH () C:\MSDOS.SYS
2015-02-11 23:49 - 2015-02-11 23:49 - 00000000 __RSH () C:\IO.SYS
2015-02-11 23:44 - 2015-02-11 23:44 - 00000000 ___SD () C:\Documents and Settings\Administrator\UserData
2015-02-11 23:36 - 2015-02-11 23:37 - 00002264 _____ () C:\Documents and Settings\Administrator\Plocha\Rkill.txt
2015-02-11 23:36 - 2015-02-11 23:33 - 01943800 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Administrator\Plocha\rkill.exe
2015-02-11 23:34 - 2015-02-11 23:34 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021115-04.dmp
2015-02-11 23:16 - 2015-02-11 23:34 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)
2015-02-11 23:16 - 2015-02-11 23:16 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-11 23:16 - 2015-02-11 23:16 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2015-02-11 23:15 - 2015-02-11 23:15 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021115-03.dmp
2015-02-11 23:11 - 2015-02-11 23:11 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021115-02.dmp
2015-02-11 23:10 - 2015-02-11 23:34 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-11 23:10 - 2015-02-11 23:10 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021115-01.dmp
2015-02-11 23:09 - 2015-02-11 23:33 - 00108632 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-11 23:09 - 2015-02-11 23:30 - 00000000 ____D () C:\Documents and Settings\Administrator\Plocha\mbar
2015-02-11 23:08 - 2015-02-11 23:08 - 00056394 _____ () C:\Documents and Settings\Administrator\Plocha\MbrScan.log
2015-02-11 23:08 - 2015-02-11 23:08 - 00000512 _____ () C:\Documents and Settings\Administrator\Plocha\Dump_Hdd1_DR5.mbr
2015-02-11 23:08 - 2015-02-11 23:08 - 00000512 _____ () C:\Documents and Settings\Administrator\Plocha\Dump_Hdd0_DR0.mbr
2015-02-11 23:07 - 2015-02-11 23:04 - 16466552 _____ (Malwarebytes Corp.) C:\Documents and Settings\Administrator\Plocha\mbar-1.08.3.1004.exe
2015-02-11 23:07 - 2015-02-11 23:04 - 00147456 _____ (Eric_71) C:\Documents and Settings\Administrator\Plocha\MbrScan.exe
2015-02-11 22:52 - 2015-02-12 00:58 - 00009832 _____ () C:\Documents and Settings\Administrator\Plocha\FRST.txt
2015-02-11 22:51 - 2015-02-12 00:58 - 00000000 ____D () C:\FRST
2015-02-11 22:51 - 2015-02-11 22:48 - 01125376 _____ (Farbar) C:\Documents and Settings\Administrator\Plocha\FRST.exe
2015-02-11 22:51 - 2015-02-11 22:48 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Administrator\Plocha\FRSTLauncher.exe
2015-02-11 22:26 - 2015-02-11 22:32 - 00000000 ____D () C:\rsit
2015-02-11 22:26 - 2015-02-11 22:26 - 00000000 ____D () C:\Program Files\trend micro
2015-02-11 22:24 - 2015-02-11 22:17 - 01107968 _____ () C:\Documents and Settings\Administrator\Plocha\RSIT.exe
2015-02-11 22:21 - 2015-02-12 00:54 - 00023801 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-11 22:21 - 2015-02-11 23:47 - 00004796 _____ () C:\WINDOWS\setupapi.log
2015-02-11 22:21 - 2015-02-11 22:21 - 00000075 _____ () C:\WINDOWS\setupact.log
2015-02-11 22:21 - 2015-02-11 22:21 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-11 22:13 - 2015-02-11 22:21 - 00000000 ____D () C:\AdwCleaner
2015-02-11 22:11 - 2015-02-11 22:11 - 00000682 _____ () C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
2015-02-11 22:11 - 2015-02-11 22:11 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-11 22:08 - 2015-02-11 22:05 - 02112512 _____ () C:\Documents and Settings\Administrator\Plocha\adwcleaner_4.110.exe
2015-02-11 22:01 - 2015-02-11 22:01 - 00000000 ____D () C:\Program Files\ESET
2015-02-11 22:01 - 2015-02-11 21:57 - 02347384 _____ (ESET) C:\Documents and Settings\Administrator\Plocha\esetsmartinstaller_csy.exe
2015-02-11 21:59 - 2015-02-12 00:30 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2015-02-11 21:59 - 2015-02-12 00:30 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-02-11 21:59 - 2015-02-11 21:59 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2015-02-11 21:54 - 2015-02-11 21:54 - 00000000 __SHD () C:\WINDOWS\CSC
2015-02-11 21:39 - 2015-02-11 21:39 - 25255936 _____ () C:\WINDOWS\system32\config\software.iobit
2015-02-11 21:39 - 2015-02-11 21:39 - 00241664 _____ () C:\WINDOWS\system32\config\default.iobit
2015-02-11 21:39 - 2015-02-11 21:39 - 00049152 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
2015-02-11 21:39 - 2015-02-11 21:39 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.iobit
2015-02-11 21:37 - 2015-02-11 21:37 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\ProductData
2015-02-11 21:36 - 2015-02-11 21:37 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\ProductData
2015-02-11 21:36 - 2015-02-11 21:36 - 00000000 ____D () C:\WINDOWS\Tasks\ImCleanDisabled
2015-02-11 21:36 - 2015-02-11 21:36 - 00000000 ____D () C:\Program Files\Common Files\IObit
2015-02-11 21:36 - 2015-02-11 21:36 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-02-11 21:36 - 2015-02-11 21:36 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\Apple Computer
2015-02-11 21:36 - 2014-02-17 20:06 - 01445888 _____ (Option^Explicit Software Solutions) C:\Documents and Settings\Administrator\Plocha\winsockxpfix.exe
2015-02-11 21:35 - 2015-02-11 21:36 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\IObit
2015-02-11 21:34 - 2015-02-11 22:42 - 00000000 ____D () C:\Program Files\IObit
2015-02-11 21:34 - 2015-02-11 21:36 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\IObit
2015-02-11 21:32 - 2015-02-11 21:32 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Microsoft Office
2015-02-11 21:32 - 2006-10-26 19:56 - 00032592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msonpmon.dll
2015-02-11 21:31 - 2015-02-11 21:48 - 00065536 _____ () C:\WINDOWS\system32\config\ODiag.evt
2015-02-11 21:30 - 2015-02-11 21:30 - 00000000 ____D () C:\Program Files\MSBuild
2015-02-11 21:30 - 2015-02-11 21:30 - 00000000 ____D () C:\Program Files\Microsoft Works
2015-02-11 21:30 - 2015-02-11 21:30 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio
2015-02-11 21:30 - 2015-02-11 21:27 - 63823872 _____ () C:\Documents and Settings\Administrator\Plocha\eav_nt32_csy.msi
2015-02-11 21:29 - 2015-02-11 21:29 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-02-11 21:27 - 2015-02-11 21:27 - 00000730 _____ () C:\Documents and Settings\All Users\Nabídka Start\Programy\Mozilla Firefox.lnk
2015-02-11 21:27 - 2015-02-11 21:27 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-11 21:27 - 2015-02-11 21:27 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Mozilla
2015-02-11 21:26 - 2015-02-11 21:35 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2015-02-11 21:26 - 2015-02-11 21:26 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Microsoft Help
2015-02-11 21:23 - 2015-02-11 21:19 - 01761992 _____ (ESET) C:\Documents and Settings\Administrator\Plocha\eset_nod32_antivirus_live_installer_.exe
2015-02-11 21:15 - 2015-02-11 21:10 - 00000186 _____ () C:\Documents and Settings\Administrator\Plocha\eset.txt
2015-02-11 21:13 - 2015-02-11 21:23 - 00000000 ____D () C:\Documents and Settings\Administrator\Plocha\Ofice-2007-cz
2015-02-11 19:55 - 2015-02-11 19:55 - 00000541 _____ () C:\Documents and Settings\All Users\Plocha\BUILD power.lnk
2015-02-11 19:54 - 2002-04-10 10:39 - 00000054 _____ () C:\WINDOWS\system32\WINBP386.NCF
2015-02-11 19:50 - 2015-02-11 19:50 - 00000003 _____ () C:\Documents and Settings\Administrator\stut
2015-02-11 19:45 - 2015-02-11 21:10 - 00114688 _____ (SoftThinks) C:\WINDOWS\system32\chg.exe
2015-02-06 14:52 - 2013-08-11 15:40 - 00043520 ____S (NirSoft) C:\WINDOWS\system32\nircmdc.exe
2015-02-06 14:48 - 2015-02-06 14:50 - 00000000 ____D () C:\Documents and Settings\Administrator\Nabídka Start\Programy\WinRAR
2015-02-06 14:48 - 2015-02-06 14:49 - 00000000 ____D () C:\Program Files\WinRAR
2015-02-06 14:48 - 2015-02-06 14:49 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\WinRAR
2015-02-06 14:48 - 2015-02-06 14:48 - 00000696 _____ () C:\Documents and Settings\Administrator\Plocha\WinRAR.lnk
2015-02-06 14:48 - 2015-02-06 14:48 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\WinRAR
2015-02-06 14:47 - 2015-02-11 22:29 - 00000000 ____D () C:\Program Files\WinRar-v.4,01---32,-64bit-CZ,nvod-+-key - odzkouseno
2015-02-06 14:40 - 2015-02-06 14:50 - 00000000 ____D () C:\WINDOWS\system32\bitstreams
2015-02-06 14:40 - 2014-03-05 22:19 - 00007670 ____S () C:\WINDOWS\system32\mncxjqa.vbe
2015-02-06 14:40 - 2013-12-10 00:30 - 10236928 ____S () C:\WINDOWS\system32\acumncxjqa.exe
2015-02-06 14:40 - 2013-10-26 20:30 - 01704448 ____S (The OpenSSL Project, http://www.openssl.org/) C:\WINDOWS\system32\libeay32.dll
2015-02-06 14:40 - 2013-10-26 20:30 - 00538126 ____S () C:\WINDOWS\system32\libcurl-4.dll
2015-02-06 14:40 - 2013-10-26 20:30 - 00364544 ____S (The OpenSSL Project, http://www.openssl.org/) C:\WINDOWS\system32\ssleay32.dll
2015-02-06 14:40 - 2013-10-26 20:30 - 00192512 ____S () C:\WINDOWS\system32\libidn-11.dll
2015-02-06 14:40 - 2013-10-26 20:30 - 00171008 ____S (The libssh2 library, http://www.libssh2.org/) C:\WINDOWS\system32\libssh2.dll
2015-02-06 14:40 - 2013-10-26 20:30 - 00133632 ____S () C:\WINDOWS\system32\librtmp.dll
2015-02-06 14:40 - 2013-10-26 20:30 - 00044727 ____S () C:\WINDOWS\system32\diablo130302.cl
2015-02-06 14:40 - 2013-10-26 20:30 - 00043810 ____S () C:\WINDOWS\system32\poclbm130302.cl
2015-02-06 14:40 - 2013-10-26 20:30 - 00030802 ____S () C:\WINDOWS\system32\diakgcn121016.cl
2015-02-06 14:40 - 2013-10-26 20:30 - 00023825 ____S () C:\WINDOWS\system32\scrypt130511.cl
2015-02-06 14:40 - 2013-10-26 20:30 - 00013062 ____S () C:\WINDOWS\system32\phatk121016.cl
2015-02-06 14:40 - 2013-07-18 16:06 - 00187904 ____S () C:\WINDOWS\system32\lcpmncxjqa.exe
2015-02-06 14:40 - 2013-06-12 15:15 - 00119888 ____S (Open Source Software community LGPL) C:\WINDOWS\system32\pthreadGC2.dll
2015-02-06 14:40 - 2013-06-12 15:15 - 00100864 ____S () C:\WINDOWS\system32\zlib1.dll
2015-02-06 14:40 - 2012-09-25 23:46 - 00472424 ____S (NVIDIA Corporation) C:\WINDOWS\system32\cudart32_50_35.dll
2015-02-06 14:40 - 2012-05-27 01:36 - 00055808 ____S (Open Source Software community LGPL) C:\WINDOWS\system32\pthreadVC2.dll
2015-02-06 14:30 - 2015-02-06 14:30 - 00001896 _____ () C:\Documents and Settings\All Users\Plocha\Skype.lnk
2015-02-06 14:30 - 2015-02-06 14:30 - 00000000 ___RD () C:\Program Files\Skype
2015-02-06 14:30 - 2015-02-06 14:30 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-02-06 14:30 - 2015-02-06 14:30 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Skype
2015-02-06 14:30 - 2015-02-06 14:30 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Skype
2015-02-06 14:20 - 2015-02-06 14:20 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\Macromedia
2015-02-06 14:17 - 2015-02-11 23:53 - 00000000 ____D () C:\Documents and Settings\Administrator\Dokumenty\Stažené soubory

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 00:58 - 2006-07-08 03:35 - 00000000 ____D () C:\Documents and Settings\Administrator\Plocha
2015-02-12 00:57 - 2006-07-08 03:35 - 00000000 ___HD () C:\Documents and Settings\Administrator\Local Settings\Data aplikací
2015-02-12 00:40 - 2006-07-08 03:35 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-02-12 00:40 - 2006-07-08 03:35 - 00000000 ____D () C:\WINDOWS\system32\Restore
2015-02-12 00:40 - 2006-07-08 03:35 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2015-02-12 00:33 - 2004-09-08 10:09 - 00911850 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-12 00:30 - 2004-09-08 10:13 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-12 00:28 - 2004-09-08 11:45 - 00000227 _____ () C:\WINDOWS\system.ini
2015-02-12 00:27 - 2004-09-08 10:13 - 25427968 _____ () C:\WINDOWS\system32\config\software.bak
2015-02-12 00:27 - 2004-09-08 10:13 - 03932160 _____ () C:\WINDOWS\system32\config\system.bak
2015-02-12 00:27 - 2004-09-08 10:13 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2015-02-12 00:27 - 2004-09-08 10:13 - 00262144 _____ () C:\WINDOWS\system32\config\SAM.bak
2015-02-12 00:27 - 2004-09-08 10:13 - 00262144 _____ () C:\WINDOWS\system32\config\default.bak
2015-02-12 00:27 - 2004-09-08 10:13 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2015-02-12 00:24 - 2006-07-08 03:35 - 00000000 __RHD () C:\Documents and Settings\Administrator\Data aplikací
2015-02-12 00:24 - 2004-09-08 09:50 - 00000327 __RSH () C:\boot.ini
2015-02-12 00:04 - 2006-07-07 18:40 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-02-12 00:04 - 2006-07-07 18:40 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-02-11 23:54 - 2006-07-08 03:35 - 00000000 ___RD () C:\Documents and Settings\Administrator\Nabídka Start\Programy
2015-02-11 23:44 - 2006-07-08 03:35 - 00000000 ____D () C:\Documents and Settings\Administrator
2015-02-11 23:16 - 2006-07-08 03:35 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2015-02-11 21:49 - 2004-09-08 10:02 - 00349792 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-11 21:47 - 2006-07-08 03:35 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
2015-02-11 21:36 - 2013-11-27 12:27 - 00100208 _____ () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2015-02-11 21:36 - 2006-07-08 03:35 - 00000000 ___HD () C:\Documents and Settings\Administrator\Šablony
2015-02-11 21:34 - 2013-10-03 08:57 - 00000000 ____D () C:\WINDOWS\ShellNew
2015-02-11 21:34 - 2006-07-08 03:35 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-11 21:34 - 2006-07-08 03:35 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-11 21:34 - 2004-09-08 09:57 - 00000573 _____ () C:\WINDOWS\win.ini
2015-02-11 21:30 - 2013-10-03 08:33 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-02-11 21:29 - 2013-10-03 08:58 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Nástroje sady Microsoft Office
2015-02-11 21:27 - 2013-10-03 08:37 - 00000724 _____ () C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
2015-02-11 21:27 - 2013-10-03 08:37 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-11 21:14 - 2006-07-08 03:35 - 00000000 ___HD () C:\Documents and Settings\Administrator\Okolní síť
2015-02-11 21:10 - 2006-07-07 19:06 - 00000000 ____D () C:\WINDOWS\SMINST
2015-02-11 21:07 - 2013-10-03 08:47 - 00000000 ____D () C:\BUILDpower
2015-02-11 19:55 - 2013-10-03 08:47 - 00000547 _____ () C:\Documents and Settings\All Users\Nabídka Start\Programy\BUILD power.lnk
2015-02-06 14:28 - 2013-10-03 13:03 - 00056320 _____ () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-06 14:17 - 2006-07-08 03:35 - 00000000 ___RD () C:\Documents and Settings\Administrator\Dokumenty
2015-02-06 14:15 - 2004-09-08 10:12 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl

==================== Files in the root of some directories =======

2013-10-03 08:42 - 2013-10-03 08:42 - 0000600 _____ () C:\Documents and Settings\Administrator\Data aplikací\winscp.rnd
2006-07-07 19:04 - 2006-07-07 19:04 - 0000000 _____ () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\AtStart.txt
2013-10-03 13:03 - 2015-02-06 14:28 - 0056320 _____ () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-07-07 19:04 - 2006-07-07 19:04 - 0000000 _____ () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\DSwitch.txt
2006-07-07 18:46 - 2006-07-07 18:46 - 0000133 _____ () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\fusioncache.dat
2006-07-07 19:04 - 2006-07-07 19:04 - 0000000 _____ () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\QSwitch.txt

Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\temp\InstHelper.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-02-2015 02
Ran by Administrator at 2015-02-12 00:58:48
Running from C:\Documents and Settings\Administrator\Plocha
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.2.153.1 - Adobe Systems Incorporated)
Adobe Reader X - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - )
Aktualizace systému Windows XP (KB894391) (HKLM\...\KB894391) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB896727) (HKLM\...\KB896727) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB912945) (HKLM\...\KB912945) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení aplikace Windows Media Player (KB911564) (HKLM\...\KB911564) (Version: - Microsoft Corporation)
Aktualizace zabezpečení aplikace Windows Media Player 9 (KB911565) (HKLM\...\KB911565) (Version: - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB893066) (HKLM\...\KB893066) (Version: 2 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB896358) (HKLM\...\KB896358) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB896422) (HKLM\...\KB896422) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB896423) (HKLM\...\KB896423) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB901190) (HKLM\...\KB901190) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB901214) (HKLM\...\KB901214) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB903235) (HKLM\...\KB903235) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB904706) (HKLM\...\KB904706) (Version: 2 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB908519) (HKLM\...\KB908519) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB911927) (HKLM\...\KB911927) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB912919) (HKLM\...\KB912919) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB913446) (HKLM\...\KB913446) (Version: 1 - Microsoft Corporation)
Application Installer 4.00.B5 (HKLM\...\{E0DBC47C-ED3F-4A1B-A929-9A26DAAA14B3}) (Version: 4.00.B5 - Hewlett-Packard Company)
BUILDpower - klient LAN ver. 10.0.0.7. (HKLM\...\BUILDpower - klient LAN_is1) (Version: - )
BUILDpower - sestava Stavební Výroba ver. 10.0.0.7. (HKLM\...\BUILDpower - sestava Stavební Výroba_is1) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.5.0 - DivX,Inc.)
DWG TrueView (HKLM\...\{2CD6BBA0-17C8-4789-9B9B-B36F7E815F6A}) (Version: 16.2.54.20 - Autodesk)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
ffdshow v1.1.3631 [2010-11-15] (HKLM\...\ffdshow_is1) (Version: 1.1.3631.0 - )
Fingerprint Sensor Minimum Install (Version: 6.5.1.4 - AuthenTec, Inc.) Hidden
HP Integrated Module with Bluetooth wireless technology (HKLM\...\{3F4EC965-28EF-45C3-B063-04B25D4E9679}) (Version: 4.0.1.3300 - HP)
HP Quick Launch Buttons 6.00 H1 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.00 H1 - Hewlett-Packard Company)
HP Support Phone Numbers (HKLM\...\{E7485CE5-C004-44D6-AA3E-7EE4DFE2B70E}) (Version: 1.00.0002 - Hewlett-Packard)
HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
ICQ6.5 (HKLM\...\{60DE4033-9503-48D1-A483-7846BD217CA9}) (Version: 6.5 - ICQ)
Instalátor programu HP Backup and Recovery Manager (HKLM\...\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}) (Version: 2.1Z - Společnost Hewlett-Packard )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4543 - )
Microsoft .NET Framework 1.1 Czech Language Pack (HKLM\...\{5E65E94D-69F2-4850-9E93-6459C53A0F50}) (Version: 1.1.4322 - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office XP Professional s aplikací FrontPage (HKLM\...\{90280405-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.11 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 cs) (HKLM\...\Mozilla Firefox 35.0.1 (x86 cs)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
Oprava Hotfix systému Windows XP (KB896243) (HKLM\...\KB896243) (Version: 6 - Microsoft Corporation)
Oprava Hotfix systému Windows XP (KB896256) (HKLM\...\KB896256) (Version: 3 - Microsoft Corporation)
Oprava Hotfix systému Windows XP (KB909095) (HKLM\...\KB909095) (Version: 1 - Microsoft Corporation)
Oprava Hotfix systému Windows XP (KB912436) (HKLM\...\KB912436) (Version: 1 - Microsoft Corporation)
Oprava Hotfix systému Windows XP (KB915326) (HKLM\...\KB915326) (Version: 1 - Microsoft Corporation)
Oprava Hotfix systému Windows XP (KB918005) (HKLM\...\KB918005) (Version: 2 - Microsoft Corporation)
Oprava Hotfix systému Windows XP číslo KB873333 (HKLM\...\KB873333) (Version: 20050114.005213 - Microsoft Corporation)
Oprava Hotfix systému Windows XP číslo KB883667 (HKLM\...\KB883667) (Version: 20040812.104354 - Microsoft Corporation)
Oprava Hotfix systému Windows XP číslo KB884575 (HKLM\...\KB884575) (Version: 20040827.145237 - Microsoft Corporation)
Oprava Hotfix systému Windows XP číslo KB885250 (HKLM\...\KB885250) (Version: 20050118.202711 - Microsoft Corporation)
Oprava Hotfix systému Windows XP číslo KB885464 (HKLM\...\KB885464) (Version: 20040927.152742 - Microsoft Corporation)
Oprava Hotfix systému Windows XP číslo KB885855 (HKLM\...\KB885855) (Version: 20040930.104104 - Microsoft Corporation)
Oprava Hotfix systému Windows XP číslo KB885884 (HKLM\...\KB885884) (Version: 20040924.025457 - Microsoft Corporation)
Oprava Hotfix systému Windows XP číslo KB886185 (HKLM\...\KB886185) (Version: 20041021.090540 - Microsoft Corporation)
Oprava Hotfix systému Windows XP číslo KB887472 (HKLM\...\KB887472) (Version: 20041014.162858 - Microsoft Corporation)
Oprava Hotfix systému Windows XP číslo KB888113 (HKLM\...\KB888113) (Version: 20041116.131036 - Microsoft Corporation)
Oprava Hotfix systému Windows XP číslo KB888239 (HKLM\...\KB888239) (Version: 20041124.162528 - Microsoft Corporation)
Oprava Hotfix systému Windows XP číslo KB888402 (HKLM\...\KB888402) (Version: 20041117.151732 - Microsoft Corporation)
Oprava Hotfix systému Windows XP číslo KB889673 (HKLM\...\KB889673) (Version: 20041116.085848 - Microsoft Corporation)
Oprava Hotfix systému Windows XP číslo KB891781 (HKLM\...\KB891781) (Version: 20050110.165439 - Microsoft Corporation)
Oprava Hotfix systému Windows XP číslo KB892559 (HKLM\...\KB892559) (Version: 2 - Microsoft Corporation)
Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.4321 - Analog Devices)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.2.16.4 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{48CF6549-B45D-4313-9927-EFCCC8A3493F}) (Version: 1.17.0000 - Texas Instruments Inc.)
TIPCI (Version: 1.17.0000 - Texas Instruments Inc.) Hidden
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0 - DivX, Inc) Hidden
Video Viewer (HKLM\...\Video Viewer) (Version: 0.1.0.7 - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 10 (HKLM\...\Windows Media Player) (Version: - )
WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2408928127-1656260268-524559132-500_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView\DWGVficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2408928127-1656260268-524559132-500_Classes\CLSID\{591E5416-DDC3-45E6-BE9D-C40D0B418F6E}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView\DWGViewr.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2408928127-1656260268-524559132-500_Classes\CLSID\{8E75D913-3D21-11D2-85C4-080009A0C626}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView\DWGViewr.exe (Autodesk, Inc.)

==================== Restore Points =========================

ATTENTION: System Restore is disabled.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-18 09:00 - 2015-02-12 00:28 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Loaded Modules (whitelisted) ==============

2006-01-18 13:26 - 2006-01-18 13:26 - 00053248 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2015-02-06 14:48 - 2011-05-28 22:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2015-02-06 14:48 - 2011-06-16 00:14 - 00331776 _____ () C:\Program Files\WinRAR\rarlng.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2408928127-1656260268-524559132-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\HP Cityscape.bmp
DNS Servers: 77.48.100.254 - 77.48.254.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-2408928127-1656260268-524559132-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-2408928127-1656260268-524559132-1003 - Limited - Enabled)
Guest (S-1-5-21-2408928127-1656260268-524559132-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-2408928127-1656260268-524559132-1004 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-2408928127-1656260268-524559132-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/12/2015 00:50:51 AM) (Source: MsiInstaller) (EventID: 10005) (User: PC325251940422)
Description: Product: ESET NOD32 Antivirus -- ESET NOD32 Antivirus není možné nainstalovat na váš operační systém.

Error: (02/12/2015 00:38:26 AM) (Source: MsiInstaller) (EventID: 10005) (User: PC325251940422)
Description: Product: ESET NOD32 Antivirus -- ESET NOD32 Antivirus není možné nainstalovat na váš operační systém.

Error: (02/12/2015 00:35:10 AM) (Source: MsiInstaller) (EventID: 10005) (User: PC325251940422)
Description: Product: ESET NOD32 Antivirus -- ESET NOD32 Antivirus není možné nainstalovat na váš operační systém.

Error: (02/12/2015 00:33:28 AM) (Source: MsiInstaller) (EventID: 10005) (User: PC325251940422)
Description: Product: ESET NOD32 Antivirus -- ESET NOD32 Antivirus není možné nainstalovat na váš operační systém.

Error: (02/11/2015 10:30:51 PM) (Source: MsiInstaller) (EventID: 10005) (User: PC325251940422)
Description: Product: ESET NOD32 Antivirus -- ESET NOD32 Antivirus není možné nainstalovat na váš operační systém.

Error: (02/11/2015 10:03:13 PM) (Source: MsiInstaller) (EventID: 10005) (User: PC325251940422)
Description: Product: ESET NOD32 Antivirus -- ESET NOD32 Antivirus není možné nainstalovat na váš operační systém.

Error: (02/11/2015 09:36:04 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Načtení automatické aktualizace pořadového čísla kořenového seznamu jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt> se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error: (02/11/2015 09:36:03 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Načtení automatické aktualizace pořadového čísla kořenového seznamu jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt> se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error: (02/11/2015 09:36:03 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Načtení automatické aktualizace pořadového čísla kořenového seznamu jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt> se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error: (02/11/2015 09:36:03 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Načtení automatické aktualizace pořadového čísla kořenového seznamu jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt> se nezdařilo. Chyba: Nelze rozpoznat název nebo adresu serveru.

System errors:
=============
Error: (02/12/2015 00:24:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Message Queuing byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/12/2015 00:24:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Služba brány aplikačního rozhraní byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/12/2015 00:24:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Bluetooth Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

Error: (02/12/2015 00:24:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Zařazování tisku byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/12/2015 00:24:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Smart Card byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/12/2015 00:24:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Message Queuing Triggers byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/12/2015 00:24:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Koordinátor DTC byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/12/2015 00:24:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Windows User Mode Driver Framework byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/11/2015 11:57:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Monitor Microsoft byla ukončena s následující chybou:
%%126

Error: (02/11/2015 11:57:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Boot Manager byla ukončena s následující chybou:
%%126

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz
Percentage of memory in use: 18%
Total physical RAM: 2039.36 MB
Available physical RAM: 1656.71 MB
Total Pagefile: 3930.92 MB
Available Pagefile: 3731.6 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:68.45 GB) (Free:54.12 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (HP_RECOVERY) (Fixed) (Total:6.08 GB) (Free:0.32 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: () (Removable) (Total:15.02 GB) (Free:14.13 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 74.5 GB) (Disk ID: DABFDABF)
Partition 1: (Active) - (Size=68.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=6.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

#15 Příspěvek od **altrok** » 12 úno 2015 01:07

OK, ted nainstalujte Service Pack 3, Internet Explorer 8 a dalsi dulezite Microsoft aktualizace http://windows.microsoft.com/cs-cz/wind ... pack-3-sp3

Pak zkuste ESET nainstalovat.

VIRY.CZ

nejde nainstalovat eset nefununguji stranky eset.com

nejde nainstalovat eset nefununguji stranky eset.com

Re: nejde nainstalovat eset nefununguji stranky eset.com

Re: nejde nainstalovat eset nefununguji stranky eset.com

Re: nejde nainstalovat eset nefununguji stranky eset.com

Re: nejde nainstalovat eset nefununguji stranky eset.com

Re: nejde nainstalovat eset nefununguji stranky eset.com

Re: nejde nainstalovat eset nefununguji stranky eset.com

Re: nejde nainstalovat eset nefununguji stranky eset.com

Re: nejde nainstalovat eset nefununguji stranky eset.com

Re: nejde nainstalovat eset nefununguji stranky eset.com

Re: nejde nainstalovat eset nefununguji stranky eset.com

Re: nejde nainstalovat eset nefununguji stranky eset.com

Re: nejde nainstalovat eset nefununguji stranky eset.com

Re: nejde nainstalovat eset nefununguji stranky eset.com

Re: nejde nainstalovat eset nefununguji stranky eset.com