prosím o kontrolu logu

Zpráva

peter.peco · #1 Příspěvek od **peter.peco** » 28 dub 2015 18:47

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-04-2015 01
Ran by AnnaS (administrator) on HOME-WBZTZQ4BSP on 28-04-2015 19:41:27
Running from C:\Documents and Settings\AnnaS\Desktop
Loaded Profiles: AnnaS (Available profiles: AnnaS)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Angličtina (USA)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\WINDOWS\system32\ati2evxx.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
() C:\WINDOWS\system32\ati2evxx.exe
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXPPS.EXE
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
() C:\WINDOWS\system32\PAStiSvc.exe
() C:\Program Files\VIA\RAID\vialogsv.exe
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\Productivity Keyboard\Skdaemon.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Documents and Settings\AnnaS\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cmaudio] => RunDll32 cmicnfg.cpl,CMICtrlWnd
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [335872 2003-09-12] (ATI Technologies, Inc.)
HKLM\...\Run: [SKDaemon.exe] => C:\Program Files\Lenovo\Productivity Keyboard\SKDaemon.exe [262144 2006-12-05] (LITE-ON TECHNOLOGY CORP.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5535048 2015-04-28] (Avast Software s.r.o.)
HKLM\...\Run: [SPC500NC_Monitor] => C:\WINDOWS\Philips\SPC500NC\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2003-09-12] ()
HKU\S-1-5-21-776561741-789336058-839522115-1003\...\Run: [Google Update] => C:\Documents and Settings\AnnaS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-28] (Google Inc.)
HKU\S-1-5-21-776561741-789336058-839522115-1003\...\Run: [Avast-Browser-Cleanup] => C:\Program Files\Alwil Software\Avast5\BrowserCleanup.exe [1530992 2015-02-25] (AVAST Software)
HKU\S-1-5-21-776561741-789336058-839522115-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-776561741-789336058-839522115-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-776561741-789336058-839522115-1003\...\MountPoints2: {099bb060-cb3c-11e1-8702-00e04cbd97c7} - "I:\Start PC.exe"
HKU\S-1-5-21-776561741-789336058-839522115-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\ssmypics.scr [47104 2008-04-14] (Microsoft Corporation)
AppInit_DLLs: C:\DOCUME~1\AnnaS\LOCALS~1\APPLIC~1\Linkey\IEEXTE~1\iedll.dll => C:\DOCUME~1\AnnaS\LOCALS~1\APPLIC~1\Linkey\IEEXTE~1\iedll.dll File Not Found
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2006-08-12]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\smdmf\x64\sysapcrt.dll
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll [2015-04-28] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-776561741-789336058-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.default-search.net?sid=503&a ... 99&src=hmp
HKU\S-1-5-21-776561741-789336058-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-776561741-789336058-839522115-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.default-search.net?sid=503&a ... 99&src=hmp
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = http://www.default-search.net/search?si ... earchTerms}
SearchScopes: HKU\S-1-5-21-776561741-789336058-839522115-1003 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.pl/search?q={searchTe ... FB_skSK487
SearchScopes: HKU\S-1-5-21-776561741-789336058-839522115-1003 -> 5BF2B115F2294637900B8254696FFD91 URL = http://www.bing.com/search?FORM=UP97DF& ... -SearchBox
SearchScopes: HKU\S-1-5-21-776561741-789336058-839522115-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-776561741-789336058-839522115-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.pl/search?q={searchTe ... FB_skSK487
SearchScopes: HKU\S-1-5-21-776561741-789336058-839522115-1003 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = http://www.default-search.net/search?si ... earchTerms}
SearchScopes: HKU\S-1-5-21-776561741-789336058-839522115-1003 -> {DA4FF0B9-794D-43DF-AAB9-FE49D69F08EB} URL = http://www.google.pl/search?q={searchTe ... 1I7SKPB_sk
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2015-04-28] (Avast Software s.r.o.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11] (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-776561741-789336058-839522115-1003 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-776561741-789336058-839522115-1003 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKU\S-1-5-21-776561741-789336058-839522115-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 5070306234
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash2/cabs/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{DACDE58A-8290-41CD-AA94-8350B4395EDB}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Documents and Settings\AnnaS\Application Data\Mozilla\Firefox\Profiles\9gi41xuj.default-1405845719265
FF DefaultSearchEngine: default-search.net
FF SearchEngineOrder.1: default-search.net
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: default-search.net
FF Homepage: hxxp://google.com/
FF Keyword.URL: hxxp://www.default-search.net/search?sid=503&a ... &src=ds&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-28] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin HKU\S-1-5-21-776561741-789336058-839522115-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\AnnaS\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin HKU\S-1-5-21-776561741-789336058-839522115-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\AnnaS\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF SearchPlugin: C:\Documents and Settings\AnnaS\Application Data\Mozilla\Firefox\Profiles\9gi41xuj.default-1405845719265\searchplugins\ask-web-search.xml [2014-10-13]
FF SearchPlugin: C:\Documents and Settings\AnnaS\Application Data\Mozilla\Firefox\Profiles\9gi41xuj.default-1405845719265\searchplugins\bingp.xml [2014-12-26]
FF SearchPlugin: C:\Documents and Settings\AnnaS\Application Data\Mozilla\Firefox\Profiles\9gi41xuj.default-1405845719265\searchplugins\default-search.xml [2015-02-26]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\default-search.xml [2015-02-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-11]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-12-04]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012-05-26]

Chrome:
=======
CHR Profile: C:\Documents and Settings\AnnaS\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Documents and Settings\AnnaS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-01]
CHR Extension: (Google Wallet) - C:\Documents and Settings\AnnaS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-02]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-02-25]
StartMenuInternet: chrome.exe - C:\Documents and Settings\AnnaS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [376832 2003-09-12] ()
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [114688 2003-09-12] () [File not signed]
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [343336 2015-04-28] (Avast Software s.r.o.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2009-10-11] (Sun Microsystems, Inc.)
R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [303104 2003-08-18] (Lexmark International, Inc.)
R2 STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [53248 2005-01-14] ()
R2 VRAID Log Service; C:\Program Files\VIA\RAID\vialogsv.exe [52888 2008-09-24] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-04-28] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-04-28] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-04-28] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-04-28] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-04-28] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [427992 2015-04-28] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-04-28] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-04-28] ()
R1 BS_I2cIo; C:\WINDOWS\System32\drivers\BS_I2cIo.sys [17024 2008-06-16] (BIOSTAR Group) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 cmuda; C:\WINDOWS\System32\drivers\cmuda.sys [818496 2004-04-23] (C-Media Inc)
R3 FETND5BV; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [43008 2006-03-15] (VIA Technologies, Inc. )
S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
R3 ms_mpu401; C:\WINDOWS\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 SetupNT; C:\WINDOWS\system32\SetupNT.sys [3000 2000-10-25] () [File not signed]
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [691696 2010-02-26] () [File not signed]
R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.)
R0 viamraid; C:\WINDOWS\System32\DRIVERS\viamraid.sys [117248 2008-07-09] (VIA Technologies inc,.ltd)
R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [12952 2008-09-25] (VIA Technologies, Inc.)
R3 vulfnths; C:\WINDOWS\System32\Drivers\vulfnth.sys [6912 2003-08-04] (VIA Technologies, Inc.) [File not signed]
R3 vulfntrs; C:\WINDOWS\System32\Drivers\vulfntr.sys [11392 2003-08-04] (VIA Technologies, Inc.) [File not signed]
S3 BS_Flash; \??\C:\Program Files\BIOS Update\BIOS Update\Award\BS_Flash.sys [X]
S3 EverestDriver; \??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 SPC500NC; system32\DRIVERS\SPC610NC.SYS [X]
S3 SPC610NC; System32\DRIVERS\SPC610NC.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-28 19:41 - 2015-04-28 19:41 - 00016488 _____ () C:\Documents and Settings\AnnaS\Desktop\FRST.txt
2015-04-28 19:41 - 2015-04-28 19:41 - 00000000 ____D () C:\FRST
2015-04-28 19:39 - 2015-04-28 19:39 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\AnnaS\Desktop\FRSTLauncher.exe
2015-04-28 19:25 - 2015-04-28 19:25 - 01140736 _____ (Farbar) C:\Documents and Settings\AnnaS\Desktop\FRST.exe
2015-04-28 18:57 - 2015-04-28 18:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2015-04-28 18:56 - 2015-04-28 18:55 - 00291312 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-04-28 18:55 - 2015-04-28 18:55 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-04-28 18:50 - 2015-04-28 18:50 - 00017920 _____ () C:\Documents and Settings\AnnaS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-04-28 18:41 - 2015-04-28 18:41 - 00114968 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-28 18:40 - 2015-04-28 18:40 - 00001192 _____ () C:\Documents and Settings\AnnaS\My Documents\cc_20150428_184001.reg
2015-04-28 18:39 - 2015-04-28 18:39 - 00007876 _____ () C:\Documents and Settings\AnnaS\My Documents\cc_20150428_183926.reg
2015-04-28 18:38 - 2015-04-28 18:39 - 00126734 _____ () C:\Documents and Settings\AnnaS\My Documents\cc_20150428_183855.reg

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2099-01-01 01:17 - 2009-10-09 12:45 - 00000466 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{7C1F8A5D-7738-48F9-8E6D-C1AEE7708F51}.job
2015-04-28 19:41 - 2006-08-12 20:43 - 00000000 ____D () C:\Documents and Settings\AnnaS\Local Settings\Temp
2015-04-28 19:31 - 2010-07-31 09:16 - 00001016 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-789336058-839522115-1003UA.job
2015-04-28 19:30 - 2014-04-09 23:39 - 00000000 ____D () C:\Documents and Settings\AnnaS\My Documents\Preberanie
2015-04-28 19:30 - 2012-05-26 10:25 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-28 19:14 - 2014-04-09 23:37 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-28 19:14 - 2014-04-09 23:37 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-04-28 19:14 - 2014-04-09 23:37 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-28 19:13 - 2014-12-26 19:07 - 00000000 ____D () C:\Documents and Settings\AnnaS\Application Data\Skype
2015-04-28 19:13 - 2014-07-20 11:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-28 19:06 - 2013-07-27 10:16 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-04-28 19:05 - 2014-12-26 20:07 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-28 19:03 - 2009-10-09 08:37 - 01176721 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-28 19:01 - 2014-12-26 19:38 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-04-28 19:01 - 2012-05-26 10:25 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-28 19:01 - 2006-08-12 22:23 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-04-28 19:01 - 2006-08-12 22:23 - 00000051 _____ () C:\WINDOWS\wiaservc.log
2015-04-28 19:01 - 2006-08-12 20:35 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-28 18:59 - 2006-08-12 20:43 - 00000278 ___SH () C:\Documents and Settings\AnnaS\ntuser.ini
2015-04-28 18:59 - 2006-08-12 20:39 - 00032490 _____ () C:\WINDOWS\SchedLgU.Txt
2015-04-28 18:57 - 2014-12-26 20:13 - 00001700 _____ () C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2015-04-28 18:55 - 2014-04-09 23:32 - 00024144 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-04-28 18:55 - 2013-07-27 10:16 - 00209048 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-04-28 18:55 - 2013-07-27 10:16 - 00074976 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-04-28 18:55 - 2013-07-27 10:16 - 00049904 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-04-28 18:55 - 2012-05-26 10:18 - 00787760 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-04-28 18:55 - 2009-10-09 07:57 - 00427992 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-04-28 18:55 - 2009-10-09 07:57 - 00057888 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-04-28 18:55 - 2009-10-09 07:57 - 00055200 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-04-28 18:53 - 2013-08-26 13:38 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-28 18:43 - 2006-08-12 22:21 - 00509828 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-28 18:42 - 2001-08-23 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-04-28 18:38 - 2006-08-12 20:43 - 00000000 ____D () C:\Documents and Settings\AnnaS
2015-04-28 18:35 - 2011-07-14 12:17 - 00000000 ____D () C:\Program Files\RapidShareManager
2015-04-28 18:34 - 2006-08-12 22:16 - 00000000 ____D () C:\WINDOWS\twain_32
2015-04-28 18:34 - 2006-08-12 21:21 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-04-28 18:34 - 2001-08-23 14:00 - 00000912 _____ () C:\WINDOWS\win.ini
2015-04-28 18:33 - 2009-10-11 11:07 - 00000000 ____D () C:\Program Files\Common Files\ArcSoft
2015-04-28 18:23 - 2007-07-17 17:39 - 00000077 _____ () C:\FilterLog.log
2015-04-28 18:22 - 2006-08-12 22:19 - 00000000 ____D () C:\Program Files\Common Files\Ahead
2015-04-28 18:05 - 2014-05-03 11:39 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-04-28 18:05 - 2014-05-03 11:39 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-04-28 18:04 - 2009-09-28 15:30 - 00000000 ____D () C:\Documents and Settings\AnnaS\Local Settings\Application Data\Google
2015-04-28 18:04 - 2009-09-28 14:50 - 00000000 ____D () C:\Program Files\Google
2015-04-01 11:22 - 2009-10-09 12:17 - 125832184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2006-08-13 11:39 - 2013-08-26 13:54 - 0018432 _____ () C:\Documents and Settings\AnnaS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some content of TEMP:
====================
C:\Documents and Settings\AnnaS\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2zdlmf.dll
C:\Documents and Settings\AnnaS\Local Settings\Temp\DseShExt-x86.dll
C:\Documents and Settings\AnnaS\Local Settings\Temp\GoogleToolbarInstaller_stub_signed.exe
C:\Documents and Settings\AnnaS\Local Settings\Temp\rtdrvmon.exe
C:\Documents and Settings\AnnaS\Local Settings\Temp\SDShelEx-win32.dll
C:\Documents and Settings\AnnaS\Local Settings\Temp\SkypeSetup.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:19.53 GB) (Free:5.35 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:49.81 GB) (Free:29.11 GB) NTFS
Drive e: () (Fixed) (Total:5.18 GB) (Free:2.03 GB) NTFS

Available physical RAM: 494.19 MB
Total physical RAM: 1023.49 MB
Percentage of memory in use: 51%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 48D448D3)
Partition 1: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55 GB) - (Type=OF Extended)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-789336058-839522115-1003Core1cc7db5faa6c40c.job => C:\Documents and Settings\AnnaS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-789336058-839522115-1003UA.job => C:\Documents and Settings\AnnaS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{7C1F8A5D-7738-48F9-8E6D-C1AEE7708F51}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\AnnaS\Desktop" je 1456 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [x]

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Java\\jre6\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre6\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"="C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe:*:Enabled:Skype Extras Manager"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox (C:\\Program Files\\Mozilla Firefox)"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000

==================== End Of Log ==============================

#2 Příspěvek od **Rudy** » 28 dub 2015 19:09

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

peter.peco · #3 Příspěvek od **peter.peco** » 28 dub 2015 19:27

# AdwCleaner v4.202 - Logfile created 28/04/2015 at 20:17:42
# Updated 23/04/2015 by Xplode
# Database : 2015-04-27.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : AnnaS - HOME-WBZTZQ4BSP
# Running from : C:\Documents and Settings\AnnaS\Desktop\adwcleaner_4.202.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Play
Folder Deleted : C:\Program Files\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files\globalUpdate
Folder Deleted : C:\Program Files\Settings Manager
Folder Deleted : C:\Program Files\Radio Canyon
Folder Deleted : C:\Program Files\Play
Folder Deleted : C:\Documents and Settings\AnnaS\Local Settings\Application Data\globalUpdate
Folder Deleted : C:\Documents and Settings\AnnaS\Application Data\FirefoxToolbar
Folder Deleted : C:\Documents and Settings\AnnaS\Application Data\RHEng
File Deleted : C:\Documents and Settings\AnnaS\Application Data\Mozilla\Firefox\Profiles\9gi41xuj.default-1405845719265\searchplugins\ask-web-search.xml
File Deleted : C:\Documents and Settings\AnnaS\Application Data\Mozilla\Firefox\Profiles\9gi41xuj.default-1405845719265\searchplugins\bingp.xml
File Deleted : C:\Documents and Settings\AnnaS\Application Data\Mozilla\Firefox\Profiles\9gi41xuj.default-1405845719265\searchplugins\default-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\default-search.xml

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\iedll.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{726E90BE-DC22-4965-B215-E0784DC26F47}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}
Key Deleted : HKCU\Software\dt soft\daemon tools toolbar
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\SmdmF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Radio Canyon
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Linkey
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Settings Manager
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\DOCUME~1\AnnaS\LOCALS~1\APPLIC~1\Linkey\IEEXTE~1\iedll.dll

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]

-\\ Mozilla Firefox v37.0.2 (x86 sk)

[9gi41xuj.default-1405845719265\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "default-search.net");
[9gi41xuj.default-1405845719265\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "default-search.net");
[9gi41xuj.default-1405845719265\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "default-search.net");
[9gi41xuj.default-1405845719265\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
[9gi41xuj.default-1405845719265\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
[9gi41xuj.default-1405845719265\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "weatherblink@mindspark.com");
[9gi41xuj.default-1405845719265\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://www.default-search.net/search?sid=503&a ... &src=ds&p=");

-\\ Google Chrome v

[C:\Documents and Settings\AnnaS\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.default-search.net/search?sid=503&a ... earchTerms}
[C:\Documents and Settings\AnnaS\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences] - Deleted [Startup_URLs] : hxxp://www.default-search.net?sid=503&aid=100& ... 99&src=hmp

*************************

AdwCleaner[R0].txt - [9100 bytes] - [28/04/2015 20:13:24]
AdwCleaner[S0].txt - [8892 bytes] - [28/04/2015 20:17:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8951 bytes] ##########

#4 Příspěvek od **Rudy** » 28 dub 2015 20:12

Dejte nový log FRST.

peter.peco · #5 Příspěvek od **peter.peco** » 29 dub 2015 10:28

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-04-2015 01
Ran by AnnaS (administrator) on HOME-WBZTZQ4BSP on 29-04-2015 11:22:50
Running from C:\Documents and Settings\AnnaS\Desktop
Loaded Profiles: AnnaS (Available profiles: AnnaS)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Angličtina (USA)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\WINDOWS\system32\ati2evxx.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
() C:\WINDOWS\system32\ati2evxx.exe
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXPPS.EXE
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\Productivity Keyboard\Skdaemon.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
() C:\WINDOWS\system32\PAStiSvc.exe
() C:\Program Files\VIA\RAID\vialogsv.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(forum.viry.cz) C:\Documents and Settings\AnnaS\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cmaudio] => RunDll32 cmicnfg.cpl,CMICtrlWnd
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [335872 2003-09-12] (ATI Technologies, Inc.)
HKLM\...\Run: [SKDaemon.exe] => C:\Program Files\Lenovo\Productivity Keyboard\SKDaemon.exe [262144 2006-12-05] (LITE-ON TECHNOLOGY CORP.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5535048 2015-04-28] (Avast Software s.r.o.)
HKLM\...\Run: [SPC500NC_Monitor] => C:\WINDOWS\Philips\SPC500NC\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2003-09-12] ()
HKU\S-1-5-21-776561741-789336058-839522115-1003\...\Run: [Google Update] => C:\Documents and Settings\AnnaS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-28] (Google Inc.)
HKU\S-1-5-21-776561741-789336058-839522115-1003\...\Run: [Avast-Browser-Cleanup] => C:\Program Files\Alwil Software\Avast5\BrowserCleanup.exe [1530992 2015-02-25] (AVAST Software)
HKU\S-1-5-21-776561741-789336058-839522115-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-776561741-789336058-839522115-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-776561741-789336058-839522115-1003\...\MountPoints2: {099bb060-cb3c-11e1-8702-00e04cbd97c7} - "I:\Start PC.exe"
HKU\S-1-5-21-776561741-789336058-839522115-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\ssmypics.scr [47104 2008-04-14] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2006-08-12]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll [2015-04-28] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-776561741-789336058-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-776561741-789336058-839522115-1003 -> 5BF2B115F2294637900B8254696FFD91 URL = http://www.bing.com/search?FORM=UP97DF& ... -SearchBox
SearchScopes: HKU\S-1-5-21-776561741-789336058-839522115-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.pl/search?q={searchTe ... FB_skSK487
SearchScopes: HKU\S-1-5-21-776561741-789336058-839522115-1003 -> {DA4FF0B9-794D-43DF-AAB9-FE49D69F08EB} URL = http://www.google.pl/search?q={searchTe ... 1I7SKPB_sk
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2015-04-28] (Avast Software s.r.o.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11] (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-776561741-789336058-839522115-1003 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-776561741-789336058-839522115-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 5070306234
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash2/cabs/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{DACDE58A-8290-41CD-AA94-8350B4395EDB}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Documents and Settings\AnnaS\Application Data\Mozilla\Firefox\Profiles\9gi41xuj.default-1405845719265
FF SearchEngineOrder.3: Bing
FF Homepage: hxxp://google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-28] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin HKU\S-1-5-21-776561741-789336058-839522115-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\AnnaS\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin HKU\S-1-5-21-776561741-789336058-839522115-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\AnnaS\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-11]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-12-04]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012-05-26]

Chrome:
=======
CHR Profile: C:\Documents and Settings\AnnaS\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Documents and Settings\AnnaS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-01]
CHR Extension: (Google Wallet) - C:\Documents and Settings\AnnaS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-02]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-02-25]
StartMenuInternet: chrome.exe - C:\Documents and Settings\AnnaS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [376832 2003-09-12] ()
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [114688 2003-09-12] () [File not signed]
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [343336 2015-04-28] (Avast Software s.r.o.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2009-10-11] (Sun Microsystems, Inc.)
R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [303104 2003-08-18] (Lexmark International, Inc.)
R2 STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [53248 2005-01-14] ()
R2 VRAID Log Service; C:\Program Files\VIA\RAID\vialogsv.exe [52888 2008-09-24] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-04-28] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-04-28] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-04-28] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-04-28] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-04-28] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [427992 2015-04-28] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-04-28] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-04-28] ()
R1 BS_I2cIo; C:\WINDOWS\System32\drivers\BS_I2cIo.sys [17024 2008-06-16] (BIOSTAR Group) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 cmuda; C:\WINDOWS\System32\drivers\cmuda.sys [818496 2004-04-23] (C-Media Inc)
R3 FETND5BV; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [43008 2006-03-15] (VIA Technologies, Inc. )
S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
R3 ms_mpu401; C:\WINDOWS\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 SetupNT; C:\WINDOWS\system32\SetupNT.sys [3000 2000-10-25] () [File not signed]
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [691696 2010-02-26] () [File not signed]
R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.)
R0 viamraid; C:\WINDOWS\System32\DRIVERS\viamraid.sys [117248 2008-07-09] (VIA Technologies inc,.ltd)
R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [12952 2008-09-25] (VIA Technologies, Inc.)
R3 vulfnths; C:\WINDOWS\System32\Drivers\vulfnth.sys [6912 2003-08-04] (VIA Technologies, Inc.) [File not signed]
R3 vulfntrs; C:\WINDOWS\System32\Drivers\vulfntr.sys [11392 2003-08-04] (VIA Technologies, Inc.) [File not signed]
S3 BS_Flash; \??\C:\Program Files\BIOS Update\BIOS Update\Award\BS_Flash.sys [X]
S3 EverestDriver; \??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 SPC500NC; system32\DRIVERS\SPC610NC.SYS [X]
S3 SPC610NC; System32\DRIVERS\SPC610NC.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-28 20:12 - 2015-04-28 20:18 - 00000000 ____D () C:\AdwCleaner
2015-04-28 20:10 - 2015-04-28 20:10 - 02224640 _____ () C:\Documents and Settings\AnnaS\Desktop\adwcleaner_4.202.exe
2015-04-28 19:41 - 2015-04-29 11:23 - 00014044 _____ () C:\Documents and Settings\AnnaS\Desktop\FRST.txt
2015-04-28 19:41 - 2015-04-29 11:22 - 00000000 ____D () C:\FRST
2015-04-28 19:39 - 2015-04-28 19:39 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\AnnaS\Desktop\FRSTLauncher.exe
2015-04-28 19:25 - 2015-04-28 19:25 - 01140736 _____ (Farbar) C:\Documents and Settings\AnnaS\Desktop\FRST.exe
2015-04-28 18:57 - 2015-04-28 18:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2015-04-28 18:56 - 2015-04-28 18:55 - 00291312 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-04-28 18:55 - 2015-04-28 18:55 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-04-28 18:50 - 2015-04-28 18:50 - 00017920 _____ () C:\Documents and Settings\AnnaS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-04-28 18:41 - 2015-04-28 18:41 - 00114968 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-28 18:40 - 2015-04-28 18:40 - 00001192 _____ () C:\Documents and Settings\AnnaS\My Documents\cc_20150428_184001.reg
2015-04-28 18:39 - 2015-04-28 18:39 - 00007876 _____ () C:\Documents and Settings\AnnaS\My Documents\cc_20150428_183926.reg
2015-04-28 18:38 - 2015-04-28 18:39 - 00126734 _____ () C:\Documents and Settings\AnnaS\My Documents\cc_20150428_183855.reg

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2099-01-01 01:17 - 2009-10-09 12:45 - 00000466 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{7C1F8A5D-7738-48F9-8E6D-C1AEE7708F51}.job
2015-04-29 11:23 - 2006-08-12 20:43 - 00000000 ____D () C:\Documents and Settings\AnnaS\Local Settings\Temp
2015-04-29 11:22 - 2014-12-26 19:07 - 00000000 ____D () C:\Documents and Settings\AnnaS\Application Data\Skype
2015-04-29 11:18 - 2013-07-27 10:16 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-04-29 11:14 - 2009-10-09 08:37 - 01185081 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-29 11:13 - 2014-12-26 19:38 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-04-29 11:13 - 2012-05-26 10:25 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-29 11:13 - 2006-08-12 22:23 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-04-29 11:13 - 2006-08-12 22:23 - 00000051 _____ () C:\WINDOWS\wiaservc.log
2015-04-29 11:13 - 2006-08-12 20:35 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-28 20:59 - 2006-08-12 20:43 - 00000278 ___SH () C:\Documents and Settings\AnnaS\ntuser.ini
2015-04-28 20:59 - 2006-08-12 20:39 - 00032490 _____ () C:\WINDOWS\SchedLgU.Txt
2015-04-28 20:31 - 2010-07-31 09:16 - 00001016 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-789336058-839522115-1003UA.job
2015-04-28 20:30 - 2012-05-26 10:25 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-28 20:22 - 2014-04-09 23:37 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-28 20:21 - 2006-08-12 20:43 - 00000000 ____D () C:\Documents and Settings\AnnaS
2015-04-28 20:10 - 2014-04-09 23:39 - 00000000 ____D () C:\Documents and Settings\AnnaS\My Documents\Preberanie
2015-04-28 20:05 - 2014-12-26 20:07 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-28 19:14 - 2014-04-09 23:37 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-28 19:14 - 2014-04-09 23:37 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-04-28 19:13 - 2014-07-20 11:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-28 18:57 - 2014-12-26 20:13 - 00001700 _____ () C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2015-04-28 18:55 - 2014-04-09 23:32 - 00024144 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-04-28 18:55 - 2013-07-27 10:16 - 00209048 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-04-28 18:55 - 2013-07-27 10:16 - 00074976 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-04-28 18:55 - 2013-07-27 10:16 - 00049904 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-04-28 18:55 - 2012-05-26 10:18 - 00787760 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-04-28 18:55 - 2009-10-09 07:57 - 00427992 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-04-28 18:55 - 2009-10-09 07:57 - 00057888 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-04-28 18:55 - 2009-10-09 07:57 - 00055200 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-04-28 18:53 - 2013-08-26 13:38 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-28 18:43 - 2006-08-12 22:21 - 00509828 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-28 18:42 - 2001-08-23 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-04-28 18:35 - 2011-07-14 12:17 - 00000000 ____D () C:\Program Files\RapidShareManager
2015-04-28 18:34 - 2006-08-12 22:16 - 00000000 ____D () C:\WINDOWS\twain_32
2015-04-28 18:34 - 2006-08-12 21:21 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-04-28 18:34 - 2001-08-23 14:00 - 00000912 _____ () C:\WINDOWS\win.ini
2015-04-28 18:33 - 2009-10-11 11:07 - 00000000 ____D () C:\Program Files\Common Files\ArcSoft
2015-04-28 18:23 - 2007-07-17 17:39 - 00000077 _____ () C:\FilterLog.log
2015-04-28 18:22 - 2006-08-12 22:19 - 00000000 ____D () C:\Program Files\Common Files\Ahead
2015-04-28 18:05 - 2014-05-03 11:39 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-04-28 18:05 - 2014-05-03 11:39 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-04-28 18:04 - 2009-09-28 15:30 - 00000000 ____D () C:\Documents and Settings\AnnaS\Local Settings\Application Data\Google
2015-04-28 18:04 - 2009-09-28 14:50 - 00000000 ____D () C:\Program Files\Google
2015-04-01 11:22 - 2009-10-09 12:17 - 125832184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2006-08-13 11:39 - 2013-08-26 13:54 - 0018432 _____ () C:\Documents and Settings\AnnaS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some content of TEMP:
====================
C:\Documents and Settings\AnnaS\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2zdlmf.dll
C:\Documents and Settings\AnnaS\Local Settings\Temp\DseShExt-x86.dll
C:\Documents and Settings\AnnaS\Local Settings\Temp\GoogleToolbarInstaller_stub_signed.exe
C:\Documents and Settings\AnnaS\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\AnnaS\Local Settings\Temp\rtdrvmon.exe
C:\Documents and Settings\AnnaS\Local Settings\Temp\SDShelEx-win32.dll
C:\Documents and Settings\AnnaS\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\AnnaS\Local Settings\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:19.53 GB) (Free:5.82 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:49.81 GB) (Free:29.11 GB) NTFS
Drive e: () (Fixed) (Total:5.18 GB) (Free:2.03 GB) NTFS

Available physical RAM: 705.37 MB
Total physical RAM: 1023.49 MB
Percentage of memory in use: 31%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 48D448D3)
Partition 1: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55 GB) - (Type=OF Extended)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-789336058-839522115-1003Core1cc7db5faa6c40c.job => C:\Documents and Settings\AnnaS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-789336058-839522115-1003UA.job => C:\Documents and Settings\AnnaS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{7C1F8A5D-7738-48F9-8E6D-C1AEE7708F51}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\AnnaS\Desktop" je 1458 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [x]

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Java\\jre6\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre6\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"="C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe:*:Enabled:Skype Extras Manager"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox (C:\\Program Files\\Mozilla Firefox)"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000

==================== End Of Log ==============================

#6 Příspěvek od **Rudy** » 29 dub 2015 17:36

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-776561741-789336058-839522115-1003\...\MountPoints2: {099bb060-cb3c-11e1-8702-00e04cbd97c7} - "I:\Start PC.exe"
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-776561741-789336058-839522115-1003 -> 5BF2B115F2294637900B8254696FFD91 URL = http://www.bing.com/search?FORM=UP97DF& ... -SearchBox
Toolbar: HKU\S-1-5-21-776561741-789336058-839522115-1003 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-776561741-789336058-839522115-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF SearchEngineOrder.3: Bing
S4 IntelIde; No ImagePath
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-789336058-839522115-1003UA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\Documents and Settings\AnnaS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Documents and Settings\AnnaS\Local Settings\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

peter.peco · #7 Příspěvek od **peter.peco** » 29 dub 2015 18:45

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-04-2015 01
Ran by AnnaS at 2015-04-29 19:39:15 Run:1
Running from C:\Documents and Settings\AnnaS\Desktop
Loaded Profiles: AnnaS (Available profiles: AnnaS)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKU\S-1-5-21-776561741-789336058-839522115-1003\...\MountPoints2: {099bb060-cb3c-11e1-8702-00e04cbd97c7} - "I:\Start PC.exe"
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-776561741-789336058-839522115-1003 -> 5BF2B115F2294637900B8254696FFD91 URL = http://www.bing.com/search?FORM=UP97DF& ... -SearchBox
Toolbar: HKU\S-1-5-21-776561741-789336058-839522115-1003 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-776561741-789336058-839522115-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF SearchEngineOrder.3: Bing
S4 IntelIde; No ImagePath
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-789336058-839522115-1003UA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\Documents and Settings\AnnaS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Documents and Settings\AnnaS\Local Settings\Temp
End
*****************

"HKU\S-1-5-21-776561741-789336058-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{099bb060-cb3c-11e1-8702-00e04cbd97c7}" => Key deleted successfully.
HKCR\CLSID\{099bb060-cb3c-11e1-8702-00e04cbd97c7} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-776561741-789336058-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\5BF2B115F2294637900B8254696FFD91" => Key deleted successfully.
HKCR\CLSID\5BF2B115F2294637900B8254696FFD91 => Key not found.
HKU\S-1-5-21-776561741-789336058-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
HKU\S-1-5-21-776561741-789336058-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
Firefox SearchEngineOrder.3 deleted successfully.
IntelIde => Service deleted successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-789336058-839522115-1003UA.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Documents and Settings\AnnaS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
C:\Documents and Settings\AnnaS\Local Settings\Temp => Moved successfully.

==== End of Fixlog 19:43:16 ====

#8 Příspěvek od **Rudy** » 29 dub 2015 19:20

Smazáno, log je již OK.

peter.peco · #9 Příspěvek od **peter.peco** » 30 dub 2015 13:50

Ďakujem za pomoc!

#10 Příspěvek od **Rudy** » 30 dub 2015 17:05

Nemáte zač!

VIRY.CZ

prosím o kontrolu logu

prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu