Kryptik

[Matjbc]

Dobrý den, byl by prosím někdo ochoten pomoci mi zbavit se trojana Kryptika??? Jsem bezradný, vůbec nevím co s tím. Děkuji moc

[motji]

Také zdravím ,
ochotných rádců by tu bylo dost, dokonce bych Vám mohla toho kryptika vyvěštit z křištálové koule, která je teď u mě, ale radši bych poprosila o log z Frstu http://forum.viry.cz/viewtopic.php?f=13&t=133100, přece jen mi toho o Vašem pc řekne více, než ta koule .
Kde se ten potvorák má nalézat?

[Matjbc]

Supr, děkuji
log zkusím udělat. Téhle problematice skoro vůbec nerozumím, takže na mě můžete klidně hodně polopaticky .
Upozornění o viru mi vyskakuje výhradně ve Firefoxu, takže možná bude tam.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-02-2015
Ran by Mat (administrator) on MAT on 15-02-2015 11:31:46
Running from E:\Documents and Settings\Mat\Plocha
Loaded Profiles: Mat (Available profiles: Mat & Administrator)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lexmark International, Inc.) E:\WINDOWS\system32\LEXBCES.EXE
(Lexmark International, Inc.) E:\WINDOWS\system32\LEXPPS.EXE
(Realtek Semiconductor Corp.) E:\WINDOWS\soundman.exe
(Advanced Micro Devices Inc.) E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ESET) D:\program files\XP pokus\ESET Smart Security\egui.exe
(ESET) D:\program files\XP pokus\ESET Smart Security\ekrn.exe
(Ray Adams) E:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
(Microsoft Corporation) E:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Dropbox, Inc.) E:\Documents and Settings\Mat\Data aplikací\Dropbox\bin\Dropbox.exe
(NVIDIA) E:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
(Protexis Inc.) E:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corp.) E:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Western Digital Technologies, Inc.) E:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) E:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(ATI Technologies Inc.) E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) E:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) E:\Program Files\Internet Explorer\iexplore.exe
(Nullsoft) D:\program files\XP pokus\Winamp\winamp.exe
(Mozilla Corporation) D:\program files\XP pokus\Mozilla Firefox\firefox.exe
(forum.viry.cz) E:\Documents and Settings\Mat\Plocha\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMan] => E:\WINDOWS\SOUNDMAN.EXE [577536 2013-03-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [StartCCC] => E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Adobe ARM] => E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [egui] => D:\program files\XP pokus\ESET Smart Security\egui.exe [5078504 2013-03-21] (ESET)
HKLM\...\Run: [WinampAgent] => "D:\program files\XP pokus\Winamp\Winampa.exe"
HKLM\...\Run: [OV3_Monitor] => D:\program files\XP pokus\OLYMPUS Viewer 3\FirstStart.exe [55664 2014-09-09] (OLYMPUS IMAGING CORP.)
Winlogon\Notify\AtiExtEvent: E:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\S-1-5-21-2000478354-329068152-839522115-1003\...\Run: [NVIDIA nTune] => E:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [81920 2007-09-04] (NVIDIA)
HKU\S-1-5-21-2000478354-329068152-839522115-1003\...\Run: [AtiTrayTools] => E:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe [929792 2011-10-29] (Ray Adams)
HKU\S-1-5-21-2000478354-329068152-839522115-1003\...\Run: [OV3_Monitor] => D:\program files\XP pokus\OLYMPUS Viewer 3\OV3Monitor.exe [420208 2014-09-09] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-2000478354-329068152-839522115-1003\...\MountPoints2: {14fb1ac3-8973-11e2-ae1e-806d6172696f} - G:\setup.exe
HKU\S-1-5-18\...\Run: [Google Update] => E:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [116648 2014-02-01] (Google Inc.)
HKU\S-1-5-18\...\Run: [Google+ Auto Backup] => E:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619144 2014-02-06] (Google Inc.)
Startup: E:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> E:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: E:\Documents and Settings\Mat\Nabídka Start\Programy\Po spuštění\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> E:\Documents and Settings\Mat\Data aplikací\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => E:\Documents and Settings\Mat\Data aplikací\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => E:\Documents and Settings\Mat\Data aplikací\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => E:\Documents and Settings\Mat\Data aplikací\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => E:\Documents and Settings\Mat\Data aplikací\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => E:\Documents and Settings\Mat\Data aplikací\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => E:\Documents and Settings\Mat\Data aplikací\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => E:\Documents and Settings\Mat\Data aplikací\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => E:\Documents and Settings\Mat\Data aplikací\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2000478354-329068152-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-2000478354-329068152-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-2000478354-329068152-839522115-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKU\S-1-5-21-2000478354-329068152-839522115-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> E:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Pomocník pro přihlášení ke službě Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2000478354-329068152-839522115-1003 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - E:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/wind ... 2926958568
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 2937750187
DPF: {E9B39AC7-B9FB-48CA-84A0-1659A05F0003} http://www.wohnmoebel.de/csschmal/insta ... Schmal.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - E:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\..\Interfaces\{D468AAB9-242E-4093-9747-D0949954A94C}: [NameServer] 10.101.253.14,10.101.254.193

FireFox:
========
FF ProfilePath: E:\Documents and Settings\Mat\Data aplikací\Mozilla\Firefox\Profiles\1017tqdx.default-1385579549031
FF Plugin: @adobe.com/FlashPlayer -> E:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> D:\program files\XP pokus\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> E:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> E:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> E:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> E:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> E:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> D:\program files\XP pokus\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> E:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=3 -> E:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=9 -> E:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Better-Fox-Finder - E:\Documents and Settings\Mat\Data aplikací\Mozilla\Firefox\Profiles\1017tqdx.default-1385579549031\Extensions\{113c6a96-cbc4-4248-bc8a-c05e9ec4b669} [2015-02-08]
FF Extension: DownloadHelper - E:\Documents and Settings\Mat\Data aplikací\Mozilla\Firefox\Profiles\1017tqdx.default-1385579549031\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: Quick Translator - E:\Documents and Settings\Mat\Data aplikací\Mozilla\Firefox\Profiles\1017tqdx.default-1385579549031\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2014-01-19]
FF Extension: Adblock Plus - E:\Documents and Settings\Mat\Data aplikací\Mozilla\Firefox\Profiles\1017tqdx.default-1385579549031\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-03-16]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - D:\program files\XP pokus\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - D:\program files\XP pokus\ESET Smart Security\Mozilla Thunderbird [2013-04-20]
StartMenuInternet: FIREFOX.EXE - D:\program files\XP pokus\Mozilla Firefox\firefox.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 Ati HotKey Poller; E:\WINDOWS\system32\Ati2evxx.exe [602112 2010-02-11] (ATI Technologies Inc.) [File not signed]
S2 ATI Smart; E:\WINDOWS\system32\ati2sgag.exe [593920 2010-02-10] () [File not signed]
R2 ekrn; D:\program files\XP pokus\ESET Smart Security\ekrn.exe [1341664 2013-03-21] (ESET)
R2 LexBceS; E:\WINDOWS\system32\LEXBCES.EXE [303104 2003-08-18] (Lexmark International, Inc.)
R2 nTuneService; E:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [131072 2007-09-04] (NVIDIA) [File not signed]
S2 SkypeUpdate; D:\program files\XP pokus\Skype\Updater\Updater.exe [315008 2014-04-03] (Skype Technologies)
S3 SwitchBoard; E:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WDBackup; E:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-06-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; E:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALCXWDM; E:\WINDOWS\System32\drivers\ALCXWDM.SYS [4122368 2008-09-24] (Realtek Semiconductor Corp.)
R1 AmdPPM; E:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R3 ati2mtag; E:\WINDOWS\System32\DRIVERS\ati2mtag.sys [3565056 2010-02-11] (ATI Technologies Inc.) [File not signed]
R1 atitray; E:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [20512 2011-08-15] () [File not signed]
S3 CCDECODE; E:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 dtsoftbus01; E:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [242240 2013-03-23] (DT Soft Ltd)
R1 eamon; E:\WINDOWS\System32\DRIVERS\eamon.sys [161368 2013-01-10] (ESET)
R1 ehdrv; E:\WINDOWS\System32\DRIVERS\ehdrv.sys [122240 2013-01-10] (ESET)
R2 epfw; E:\WINDOWS\System32\DRIVERS\epfw.sys [150080 2013-01-10] (ESET)
R3 Epfwndis; E:\WINDOWS\System32\DRIVERS\Epfwndis.sys [40376 2013-01-10] (ESET)
R1 epfwtdi; E:\WINDOWS\System32\DRIVERS\epfwtdi.sys [62512 2013-02-14] (ESET)
S3 MarvinBus; E:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
S3 NdisIP; E:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R0 nvata; E:\WINDOWS\System32\DRIVERS\nvata.sys [100736 2006-04-24] (NVIDIA Corporation)
R3 NVENETFD; E:\WINDOWS\System32\DRIVERS\NVENETFD.sys [34176 2006-04-14] (NVIDIA Corporation)
R3 nvnetbus; E:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13056 2006-04-14] (NVIDIA Corporation)
R3 NVR0Dev; E:\WINDOWS\nvoclock.sys [29696 2007-09-04] (NVidia Corp.) [File not signed]
S4 IntelIde; No ImagePath
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
U5 ScsiPort; E:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 11:31 - 2015-02-15 11:32 - 00015537 _____ () E:\Documents and Settings\Mat\Plocha\FRST.txt
2015-02-15 11:31 - 2015-02-15 11:31 - 00000000 ____D () E:\FRST
2015-02-15 11:28 - 2015-02-15 11:28 - 01125888 _____ (Farbar) E:\Documents and Settings\Mat\Plocha\FRST.exe
2015-02-15 11:28 - 2015-02-15 11:28 - 00112640 _____ (forum.viry.cz) E:\Documents and Settings\Mat\Plocha\FRSTLauncher.exe
2015-02-15 11:17 - 2015-02-15 11:18 - 00009625 _____ () E:\Documents and Settings\Mat\Plocha\Nový objekt - Textový dokument OpenDocument.odt
2015-02-13 22:10 - 2015-02-13 22:10 - 00000848 _____ () E:\Documents and Settings\Mat\Plocha\Photomatix Pro 5.0.5a (32-bit).lnk
2015-02-13 22:10 - 2015-02-13 22:10 - 00000000 ____D () E:\Documents and Settings\Mat\Data aplikací\HDRsoft
2015-02-13 22:10 - 2015-02-13 22:10 - 00000000 ____D () E:\Documents and Settings\All Users\Nabídka Start\Programy\Photomatix Pro 5.0
2015-02-13 21:53 - 2015-02-13 21:53 - 00000000 ____D () E:\Documents and Settings\Mat\Nabídka Start\Programy\EnfuseGUI 2.1
2015-02-09 21:18 - 2015-02-09 21:18 - 00000000 ____D () E:\Documents and Settings\All Users\Nabídka Start\Programy\OLYMPUS Digital Camera Updater
2015-02-09 21:02 - 2015-02-09 21:18 - 00000000 ____D () E:\Program Files\OLYMPUS
2015-02-09 21:02 - 2015-02-09 21:02 - 00000649 _____ () E:\Documents and Settings\Mat\Plocha\OLYMPUS Viewer 3.lnk
2015-02-09 21:02 - 2015-02-09 21:02 - 00000000 ____D () E:\Documents and Settings\Mat\Local Settings\Data aplikací\OLYMPUS
2015-02-09 21:02 - 2015-02-09 21:02 - 00000000 ____D () E:\Documents and Settings\All Users\Nabídka Start\Programy\OLYMPUS Viewer 3
2015-02-09 21:00 - 2005-09-23 01:16 - 01079808 ____R (Microsoft Corporation) E:\WINDOWS\system32\mfc80u.dll
2015-02-09 21:00 - 2005-09-22 23:07 - 00095744 ____R (Microsoft Corporation) E:\WINDOWS\system32\atl80.dll
2015-02-09 21:00 - 2005-09-22 23:05 - 00626688 ____R (Microsoft Corporation) E:\WINDOWS\system32\msvcr80.dll
2015-02-09 21:00 - 2005-09-22 23:05 - 00548864 ____R (Microsoft Corporation) E:\WINDOWS\system32\msvcp80.dll
2015-02-08 16:50 - 2015-02-08 16:50 - 00000000 ____D () E:\Documents and Settings\Mat\Local Settings\Data aplikací\CDex
2015-02-08 16:49 - 2015-02-08 16:49 - 00000647 _____ () E:\Documents and Settings\All Users\Plocha\CDex.lnk
2015-02-08 16:49 - 2015-02-08 16:49 - 00000000 ____D () E:\Documents and Settings\All Users\Nabídka Start\Programy\CDex
2015-02-06 21:27 - 2015-02-08 12:19 - 00000000 ____D () E:\Documents and Settings\Mat\Plocha\vytřídit Aničko!!!!!!!
2015-02-05 19:01 - 2015-02-05 19:01 - 05070512 _____ (Adobe Systems Incorporated) E:\WINDOWS\system32\FlashPlayerInstaller.exe
2015-01-22 18:42 - 2015-01-22 18:42 - 00000000 ____D () E:\Program Files\Common Files\Java
2015-01-22 18:41 - 2015-01-22 18:44 - 00000000 ____D () E:\Documents and Settings\All Users\Data aplikací\Oracle
2015-01-18 22:03 - 2015-01-18 22:03 - 00000000 ____D () E:\Documents and Settings\Mat\Data aplikací\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2015-01-18 18:43 - 2015-01-18 18:43 - 00000000 ____D () E:\Documents and Settings\Mat\Dokumenty\Adobe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 11:32 - 2013-03-10 11:43 - 00000000 ____D () E:\Documents and Settings\Mat\Local Settings\Temp
2015-02-15 11:31 - 2013-03-10 11:43 - 00000000 ____D () E:\Documents and Settings\Mat\Plocha
2015-02-15 11:29 - 2013-03-10 11:43 - 00000000 ___HD () E:\Documents and Settings\Mat\Local Settings\Data aplikací
2015-02-15 11:28 - 2013-03-10 18:50 - 00000000 ____D () E:\Documents and Settings\Mat\Dokumenty\Stažené soubory
2015-02-15 11:26 - 2013-03-29 18:36 - 00000940 _____ () E:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-15 11:20 - 2014-02-01 08:15 - 00001046 _____ () E:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2015-02-15 11:01 - 2013-04-16 19:37 - 00000914 _____ () E:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-15 10:32 - 2013-03-10 21:05 - 00088032 _____ () E:\Documents and Settings\Mat\Plocha\účty.ods
2015-02-15 08:43 - 2013-03-10 12:27 - 01242842 _____ () E:\WINDOWS\system32\PerfStringBackup.INI
2015-02-15 08:42 - 2013-03-10 11:37 - 01134496 _____ () E:\WINDOWS\WindowsUpdate.log
2015-02-15 08:40 - 2014-05-19 08:16 - 00008192 _____ () E:\WINDOWS\system32\WDPABKP.dat
2015-02-15 08:40 - 2014-05-05 16:45 - 00000000 ___RD () E:\Documents and Settings\Mat\Dokumenty\Dropbox
2015-02-15 08:40 - 2014-05-05 16:43 - 00000000 ____D () E:\Documents and Settings\Mat\Data aplikací\Dropbox
2015-02-15 08:39 - 2013-03-29 18:36 - 00000936 _____ () E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-15 08:39 - 2013-03-10 12:29 - 00000159 _____ () E:\WINDOWS\wiadebug.log
2015-02-15 08:39 - 2013-03-10 12:29 - 00000049 _____ () E:\WINDOWS\wiaservc.log
2015-02-15 08:38 - 2014-03-15 07:23 - 00000218 _____ () E:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2015-02-15 08:38 - 2013-03-10 11:41 - 00000006 ____H () E:\WINDOWS\Tasks\SA.DAT
2015-02-14 23:47 - 2013-03-15 19:08 - 00524288 _____ () E:\WINDOWS\system32\config\ACEEvent.evt
2015-02-14 23:47 - 2013-03-10 11:43 - 00000178 ___SH () E:\Documents and Settings\Mat\ntuser.ini
2015-02-14 23:47 - 2013-03-10 11:41 - 00032546 _____ () E:\WINDOWS\SchedLgU.Txt
2015-02-14 23:38 - 2013-03-10 20:55 - 00001065 _____ () E:\WINDOWS\winamp.ini
2015-02-14 22:10 - 2013-04-07 16:21 - 00000184 _____ () E:\WINDOWS\hpbafd.ini
2015-02-14 20:00 - 2014-06-25 16:10 - 00000606 _____ () E:\WINDOWS\Tasks\____Volume_14fb1ac6_8973_11e2_ae1e_806d6172696f__dropbox_30a63ab7_9b44_417b_8f01_83b2db1cbebe_dropbox_.job
2015-02-13 22:10 - 2013-03-10 12:27 - 00000000 ___RD () E:\Documents and Settings\All Users\Nabídka Start\Programy
2015-02-13 22:10 - 2013-03-10 11:43 - 00000000 __RHD () E:\Documents and Settings\Mat\Data aplikací
2015-02-13 21:53 - 2013-03-10 11:43 - 00000000 ___RD () E:\Documents and Settings\Mat\Nabídka Start\Programy
2015-02-13 20:02 - 2014-05-05 16:45 - 00000990 _____ () E:\Documents and Settings\Mat\Plocha\Dropbox.lnk
2015-02-13 20:02 - 2014-05-05 16:44 - 00000000 ____D () E:\Documents and Settings\Mat\Nabídka Start\Programy\Dropbox
2015-02-13 20:02 - 2013-03-10 11:43 - 00000000 ___RD () E:\Documents and Settings\Mat\Nabídka Start\Programy\Po spuštění
2015-02-13 17:19 - 2014-01-20 10:48 - 00016029 _____ () E:\Documents and Settings\Mat\Plocha\hodiny.ods
2015-02-11 18:06 - 2003-12-31 19:35 - 00000000 ____D () E:\WINDOWS\system32\MRT
2015-02-11 18:01 - 2013-03-10 18:07 - 113756392 _____ (Microsoft Corporation) E:\WINDOWS\system32\MRT.exe
2015-02-11 17:53 - 2001-10-25 17:00 - 00002206 _____ () E:\WINDOWS\system32\wpa.dbl
2015-02-09 21:04 - 2014-12-30 14:55 - 00000000 ___RD () E:\Documents and Settings\Mat\Dokumenty\Obrázky
2015-02-09 21:02 - 2013-03-28 17:02 - 00101734 _____ () E:\WINDOWS\DPINST.LOG
2015-02-09 21:02 - 2013-03-28 17:02 - 00000000 ____D () E:\Program Files\DIFX
2015-02-09 21:02 - 2013-03-10 11:35 - 00023715 _____ () E:\WINDOWS\wmsetup.log
2015-02-09 16:46 - 2014-05-05 14:50 - 00000000 ____D () E:\Documents and Settings\All Users\Data aplikací\Package Cache
2015-02-08 19:45 - 2014-05-06 20:23 - 00000000 ___RD () E:\Documents and Settings\Mat\Dokumenty\Hudba
2015-02-08 19:21 - 2013-03-10 11:43 - 00000000 ___RD () E:\Documents and Settings\Mat\Dokumenty
2015-02-08 16:49 - 2013-03-10 12:27 - 00000000 ____D () E:\Documents and Settings\All Users\Plocha
2015-02-08 15:01 - 2014-03-15 07:23 - 00000212 _____ () E:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2015-02-08 00:25 - 2013-03-10 22:16 - 00000000 ____D () E:\Documents and Settings\Mat\Data aplikací\Adobe
2015-02-06 21:21 - 2013-03-10 12:12 - 01012701 _____ () E:\WINDOWS\setupapi.log
2015-02-05 19:01 - 2013-03-18 18:08 - 00701616 _____ (Adobe Systems Incorporated) E:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-05 19:01 - 2013-03-18 18:08 - 00071344 _____ (Adobe Systems Incorporated) E:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-02-01 20:28 - 2014-10-05 19:55 - 00008192 _____ () E:\Documents and Settings\Mat\Plocha\docházka.xls
2015-02-01 14:24 - 2013-03-10 19:33 - 00163840 _____ () E:\Documents and Settings\Mat\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-31 08:20 - 2014-02-01 08:15 - 00000994 _____ () E:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2015-01-28 18:10 - 2013-03-15 17:16 - 00000000 ____D () E:\Documents and Settings\Mat\Data aplikací\uTorrent
2015-01-27 18:02 - 2013-03-10 15:59 - 00000000 ____D () E:\Program Files\Mozilla Maintenance Service
2015-01-22 18:43 - 2013-03-18 17:39 - 00000000 ____D () E:\Program Files\Java
2015-01-22 18:41 - 2014-10-16 16:59 - 00272296 _____ (Oracle Corporation) E:\WINDOWS\system32\javaws.exe
2015-01-22 18:41 - 2014-10-16 16:59 - 00176552 _____ (Oracle Corporation) E:\WINDOWS\system32\javaw.exe
2015-01-22 18:41 - 2014-10-16 16:59 - 00176552 _____ (Oracle Corporation) E:\WINDOWS\system32\java.exe
2015-01-22 18:41 - 2014-10-16 16:59 - 00146432 _____ (Oracle Corporation) E:\WINDOWS\system32\javacpl.cpl
2015-01-22 18:41 - 2014-10-16 16:59 - 00096680 _____ (Oracle Corporation) E:\WINDOWS\system32\WindowsAccessBridge.dll
2015-01-22 18:41 - 2013-03-10 12:26 - 00000000 __RHD () E:\Documents and Settings\All Users\Data aplikací
2015-01-18 21:58 - 2013-03-10 22:05 - 00000000 ____D () E:\Documents and Settings\All Users\Data aplikací\Adobe
2015-01-18 18:43 - 2014-08-24 14:41 - 00000000 ____D () E:\Documents and Settings\Mat\Local Settings\Data aplikací\Adobe

==================== Files in the root of some directories =======

2014-11-14 22:42 - 2014-11-14 22:42 - 0000037 ___SH () E:\Documents and Settings\Mat\Local Settings\Data aplikací\70149b02515b3bb20dd492.47983420
2013-03-10 19:33 - 2015-02-01 14:24 - 0163840 _____ () E:\Documents and Settings\Mat\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-03-16 00:23 - 2013-03-16 00:23 - 0000123 _____ () E:\Documents and Settings\Mat\Local Settings\Data aplikací\fusioncache.dat
2013-10-29 21:04 - 2014-02-22 17:57 - 0000422 _____ () E:\Documents and Settings\Mat\Local Settings\Data aplikací\SRDownloader.err
2013-09-10 18:24 - 2014-02-22 18:21 - 0001152 _____ () E:\Documents and Settings\Mat\Local Settings\Data aplikací\SRDownloader.nast

Some content of TEMP:
====================
E:\Documents and Settings\Mat\Local Settings\Temp\AskPIP_FF_.exe
E:\Documents and Settings\Mat\Local Settings\Temp\AskSLib.dll
E:\Documents and Settings\Mat\Local Settings\Temp\bandoffer.exe
E:\Documents and Settings\Mat\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0hxara.dll
E:\Documents and Settings\Mat\Local Settings\Temp\fp_pl_pfs_installer-1.exe
E:\Documents and Settings\Mat\Local Settings\Temp\fp_pl_pfs_installer.exe
E:\Documents and Settings\Mat\Local Settings\Temp\InstHelper.exe
E:\Documents and Settings\Mat\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe
E:\Documents and Settings\Mat\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
E:\Documents and Settings\Mat\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
E:\Documents and Settings\Mat\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
E:\Documents and Settings\Mat\Local Settings\Temp\jre-7u55-windows-i586-iftw.exe
E:\Documents and Settings\Mat\Local Settings\Temp\jre-7u65-windows-i586-iftw.exe
E:\Documents and Settings\Mat\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe
E:\Documents and Settings\Mat\Local Settings\Temp\jre-7u71-windows-i586-iftw.exe
E:\Documents and Settings\Mat\Local Settings\Temp\jre-8u31-windows-au.exe
E:\Documents and Settings\Mat\Local Settings\Temp\NEventMessages.dll
E:\Documents and Settings\Mat\Local Settings\Temp\NOSEventMessages.dll
E:\Documents and Settings\Mat\Local Settings\Temp\ochelper.exe
E:\Documents and Settings\Mat\Local Settings\Temp\patchbeam.exe
E:\Documents and Settings\Mat\Local Settings\Temp\PIPInstaller_PTV_.exe
E:\Documents and Settings\Mat\Local Settings\Temp\powarc1400b1.exe
E:\Documents and Settings\Mat\Local Settings\Temp\rtdrvmon.exe
E:\Documents and Settings\Mat\Local Settings\Temp\SkypeSetup.exe
E:\Documents and Settings\Mat\Local Settings\Temp\utt765.tmp.exe
E:\Documents and Settings\Mat\Local Settings\Temp\vcredist_x86_VS2008SP1.exe
E:\Documents and Settings\Mat\Local Settings\Temp\Welcome.exe
E:\Documents and Settings\Mat\Local Settings\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_N360_25528.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

E:\WINDOWS\explorer.exe => File is digitally signed
E:\WINDOWS\system32\winlogon.exe => File is digitally signed
E:\WINDOWS\system32\svchost.exe => File is digitally signed
E:\WINDOWS\system32\services.exe => File is digitally signed
E:\WINDOWS\system32\User32.dll => File is digitally signed
E:\WINDOWS\system32\userinit.exe => File is digitally signed
E:\WINDOWS\system32\rpcss.dll => File is digitally signed
E:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:39.06 GB) (Free:32.08 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (data) (Fixed) (Total:155.63 GB) (Free:116.2 GB) NTFS
Drive e: (system XP pokus) (Fixed) (Total:39.06 GB) (Free:1.43 GB) NTFS

Available physical RAM: 1951.84 MB
Total physical RAM: 3071.48 MB
Percentage of memory in use: 36%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 233.8 GB) (Disk ID: E7B7E7B7)
Partition 1: (Active) - (Size=39.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=194.7 GB) - (Type=OF Extended)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: E:\WINDOWS\Tasks\Adobe Flash Player Updater.job => E:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => E:\Program Files\Google\Update\GoogleUpdate.exe
Task: E:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => E:\Program Files\Google\Update\GoogleUpdate.exe
Task: E:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job => E:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
Task: E:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job => E:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
Task: E:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => E:\WINDOWS\system32\xp_eos.exe
Task: E:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => E:\WINDOWS\system32\xp_eos.exe
Task: E:\WINDOWS\Tasks\____Volume_14fb1ac6_8973_11e2_ae1e_806d6172696f__dropbox_30a63ab7_9b44_417b_8f01_83b2db1cbebe_dropbox_.job => E:\Program Files\Western Digital\WD SmartWare\BackupTask.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: ESET Smart Security 6.0 (Disabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall (Disabled) {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "E:\Documents and Settings\Mat\Plocha" je 228 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0
"E:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge
"E:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager
"D:\program files\XP pokus\DAEMON Tools Lite\DTLite.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
D:\PROGRAM FILES\XP POKUS\FRAPS\FRAPS.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fraps
"E:\Program Files\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google+ Auto Backup
"E:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series
"E:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series
E:\Program Files\SmartTweak Software\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedUpMyComputer
E:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard
E:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Quick View
Reim ECHO je vypnut.


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="E:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\Documents and Settings\\Mat\\Local Settings\\Temp\\7zS2C8.tmp\\SymNRT.exe"="E:\\Documents and Settings\\Mat\\Local Settings\\Temp\\7zS2C8.tmp\\SymNRT.exe:*:Enabled:Norton Removal Tool"
"E:\\Program Files\\PANDORA.TV\\PanService\\PanProcess.exe"="E:\\Program Files\\PANDORA.TV\\PanService\\PanProcess.exe:*:Enabled:PanProcess"
"E:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"="E:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe:*:Enabled:PandoraService"
"E:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="E:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"D:\\program files\\XP pokus\\Pinnacle Studio 15\\Programs\\RM.exe"="D:\\program files\\XP pokus\\Pinnacle Studio 15\\Programs\\RM.exe:*:Enabled:Render Manager"
"D:\\program files\\XP pokus\\Pinnacle Studio 15\\Programs\\Studio.exe"="D:\\program files\\XP pokus\\Pinnacle Studio 15\\Programs\\Studio.exe:*:Enabled:Studio"
"D:\\program files\\XP pokus\\Pinnacle Studio 15\\Programs\\umi.exe"="D:\\program files\\XP pokus\\Pinnacle Studio 15\\Programs\\umi.exe:*:Enabled:umi"
"E:\\Documents and Settings\\Mat\\Data aplikac\\Dropbox\\bin\\Dropbox.exe"="E:\\Documents and Settings\\Mat\\Data aplikac\\Dropbox\\bin\\Dropbox.exe:*:Enabled:Dropbox"
"E:\\Documents and Settings\\Mat\\Data aplikac\\uTorrent\\uTorrent.exe"="E:\\Documents and Settings\\Mat\\Data aplikac\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
"D:\\program files\\XP pokus\\Skype\\Phone\\Skype.exe"="D:\\program files\\XP pokus\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"D:\\program files\\XP pokus\\Mozilla Firefox\\firefox.exe"="D:\\program files\\XP pokus\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox (D:\\program files\\XP pokus\\Mozilla Firefox)"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"
"5985:TCP"="5985:TCP:*:Disabled:Vzdlen sprva systmu Windows "
"80:TCP"="80:TCP:*:Disabled:Vzdlen sprva systmu Windows - reim kompatibility (HTTP-In) "


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000


==================== End Of Log ==============================

[motji]

Stáhněte AdwCleaner http://www.bleepingcomputer.com/download/adwcleaner/
-Uložte program na plochu a ukončete všechny spuštěné programy .
-spusťte AdwCleaner, klikněte na Scan a po dokončení skenu na Clean
- provede se oprava, restartuje se pc - (případně restartujte) a objeví se log C:\AdwCleaner\AdwCleaner.txt , obsah logu zkopírujte zde.

[Matjbc]

omlouvám se, omylem jsem to okno shodil, takže nevím které z těch dvou to bylo (scan/cleaning), takže pro jistotu hodim obě dvě



# AdwCleaner v4.110 - Logfile created 15/02/2015 at 17:18:17
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Mat - MAT
# Running from : E:\Documents and Settings\Mat\Plocha\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : E:\Documents and Settings\Mat\Data aplikací\Mozilla\Firefox\Profiles\1017tqdx.default-1385579549031\Extensions\{113c6a96-cbc4-4248-bc8a-c05e9ec4b669}
Folder Found : E:\Documents and Settings\Mat\Data aplikací\OpenCandy
Folder Found : E:\Documents and Settings\Mat\Local Settings\Data aplikací\PackageAware
Folder Found : E:\Program Files\SmartTweak Software

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\OCS
Key Found : HKCU\Software\smarttweak
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\dll-files.com
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PCSU-SL_is1
Key Found : HKLM\SOFTWARE\PIP
Key Found : HKLM\SOFTWARE\Speedchecker Limited

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v35.0.1 (x86 cs)


-\\ Comodo Dragon v

[E:\Documents and Settings\Mat\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.ask.com/web?o=APN10257&doi=2014-06-23&apn_dtid=%5ECMD127%5EYY%5EUS&apn_ptnrs=%5EAGO&q={searchTerms}
[E:\Documents and Settings\Mat\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\preferences] - Found [Extension] : cmaiofennmphjldldcpphcechfnnohja
[E:\Documents and Settings\Mat\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\preferences] - Found [Extension] : aaaalipaokhkccgmgkdglfinfnfhflko
*************************

AdwCleaner[R0].txt - [1941 bytes] - [15/02/2015 17:18:17]

########## EOF - E:\AdwCleaner\AdwCleaner[R0].txt - [2000 bytes] ##########





# AdwCleaner v4.110 - Logfile created 15/02/2015 at 17:21:38
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Mat - MAT
# Running from : E:\Documents and Settings\Mat\Plocha\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : E:\Program Files\SmartTweak Software
Folder Deleted : E:\Documents and Settings\Mat\Local Settings\Data aplikací\PackageAware
Folder Deleted : E:\Documents and Settings\Mat\Data aplikací\OpenCandy
Folder Deleted : E:\Documents and Settings\Mat\Data aplikací\Mozilla\Firefox\Profiles\1017tqdx.default-1385579549031\Extensions\{113c6a96-cbc4-4248-bc8a-c05e9ec4b669}

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****

Shortcut Disinfected : E:\Documents and Settings\All Users\Nabídka Start\Programy\Příslušenství\Systémové nástroje\Naplánované úlohy.lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\smarttweak
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Speedchecker Limited
Key Deleted : HKLM\SOFTWARE\dll-files.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PCSU-SL_is1

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v35.0.1 (x86 cs)


-\\ Comodo Dragon v

[E:\Documents and Settings\Mat\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.ask.com/web?o=APN10257&doi=2014-06-23&apn_dtid=%5ECMD127%5EYY%5EUS&apn_ptnrs=%5EAGO&q={searchTerms}
[E:\Documents and Settings\Mat\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\preferences] - Deleted [Extension] : cmaiofennmphjldldcpphcechfnnohja
[E:\Documents and Settings\Mat\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\preferences] - Deleted [Extension] : aaaalipaokhkccgmgkdglfinfnfhflko

*************************

AdwCleaner[R0].txt - [2079 bytes] - [15/02/2015 17:18:17]
AdwCleaner[S0].txt - [2174 bytes] - [15/02/2015 17:21:38]

########## EOF - E:\AdwCleaner\AdwCleaner[S0].txt - [2233 bytes] ##########

[motji]

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  resethosts;
  emptyclsid;
  IEdefaults;
  FFdefaults;
  CHRdefaults;
  emptyIEcache;
  emptyFFcache;
  emptyCHRcache;
  emptyalltemp;
  emptyflash;
  emptyjava;
  emptyrecycle.bin;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

[Matjbc]

Zoek.exe v5.0.0.0 Updated 15-February-2015
Tool run by Mat on ne 15.02.2015 at 18:10:02,64.
Systém Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: E:\Documents and Settings\Mat\Plocha\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

15.2.2015 18:12:19 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

E:\Program Files\MSXML 4.0 deleted successfully
E:\DOCUME~1\ALLUSE~1\DATAAP~1\regid.1986-12.com.adobe deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

E:\Program Files\ComPlus Applications deleted
E:\DOCUME~1\ALLUSE~1\DATAAP~1\Package Cache deleted
E:\WINDOWS\002816_.tmp deleted
E:\WINDOWS\SET1C.tmp deleted
E:\WINDOWS\SET1F.tmp deleted
E:\WINDOWS\SET25.tmp deleted
E:\WINDOWS\SET26.tmp deleted
E:\WINDOWS\SET2D.tmp deleted
E:\WINDOWS\SET3.tmp deleted
E:\WINDOWS\SET4.tmp deleted
E:\WINDOWS\SET60.tmp deleted
E:\WINDOWS\SET61.tmp deleted
E:\WINDOWS\SET8.tmp deleted
E:\WINDOWS\system32\GroupPolicy\ADM deleted
E:\WINDOWS\System32\tmp109.tmp deleted
E:\WINDOWS\System32\tmp10A.tmp deleted
E:\Documents and Settings\Mat\Plocha\SRDownloader.exe deleted
"E:\WINDOWS\Installer\f8f205.msi" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [16.03.2013 22:07]

==== Chromium Look ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dl ... ar=msnhome"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.microsoft.com/isapi/redir.dl ... ar=msnhome"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Goo Url="http://www.google.com/search?q={searc"
{82766713-1102-4480-9F65-5986FAE83B0A} Google Url="http://www.google.com/search?q={searchT ... f8&oe=utf8"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EC52981D9FA54934E87F0118FF7E9EB8 deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D18925CE-5AF9-4394-8EF7-1081FFE7E98B} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\EC52981D9FA54934E87F0118FF7E9EB8 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedUpMyComputer deleted successfully

==== Empty IE Cache ======================

E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
E:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
E:\Documents and Settings\Mat\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
E:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
E:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
E:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
E:\Documents and Settings\Mat\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== E:\zoek_backup content ======================

E:\zoek_backup (files=31 folders=14 44265167 bytes)

==== Empty Temp Folders ======================

E:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

E:\WINDOWS\Temp successfully emptied
E:\DOCUME~1\Mat\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

E:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"E:\Documents and Settings\Mat\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on ne 15.02.2015 at 18:41:44,85 ======================

[motji]

Co počítač?

[Matjbc]

Nj už to nedělá, supr takže vše v poho nebo je třeba ještě něco udělat???

[motji]

Tak pokud už to nedělá, máme hotovo. Kdyby se problém vrátil, napište