JS/Kryptik.I - trojsky kun

[Xipco_CZ]

Zdravim, mam Windows XP (32-bit) SP3, ESET, ale stejne se mne tam dostal vir "JS/Kryptik.I". Sice ho ESET nasel, ale nedokaze si s nim poradit. PC se chova normalne do okamziku, nez spustim Firefox. Pak se velmi zbrzdi, zvedne se internetovy provoz, zacnou se otevirat nova okna s reklamou a ESET zacne kricet, ze je tam virus "http://htmlverifier.com/addons/js/compBg/vi.js...." a Firefox pak uplne zatuhne (jako by PC melo malo pameti).

Pod IE se virus nijak neprojevuje. Tak ho ted 3 dny pouzivam. Ale stejne bych chtel ten virus odstranit.
Zkousel jsem na nej dalsi programy - SpyHunter 4.19, Combofix 15.4.28.1, ale vir nejde porad odstranit, tak jsem je odinstaloval.

Muzete mne prosim nekdo pomoci? Dekuji.

[altrok]

Dobry den, vitam Vas u nas na foru


Zacneme lehkym napomenutim - CF je utilita urcena profesionalum. Navic maze stopy po haveti, ktere ani v samotnem logu nezmini, takze logy, na zaklade kterych zde havet rozpoznavame a nasledne nicime, maji po jeho aplikovani velice nizkou vypovidaci hodnotu. Vizte pravidla fora http://forum.viry.cz/viewtopic.php?f=12&t=5601 Pokud jeste CF v PC mate, vlozte log z jeho cinnosti - nachazi se v C:\ComboFix.txt

Odinstalujte SpyHunter - odmita ucast na srovnavacich testech antimalwarovych nastroju a nektere zdroje ho radi mezi tzv. rogueware. Zkratka jeho cinnost i ucinnost je velice diskutabilni.

Nahore je velky oranzovy obdelnik se zakladnimi instrukcemi, vlozte prosim log z FRST a koukneme, co se jeste da delat

[Xipco_CZ]

Dobry den, dekuji za informace a za pomoc. Zakladni instrukce si prostuduju.
Ted uz ale nejsem u napadeneho PC. Budu u nej az zitra. Jak tak premyslim, tak si vzpominam, ze jsem ten COMBOFIX a SPYHUNTER nakonec neodinstaloval (uz jsem na to nemel cas) a jsou tam i jejich logy. Zitra vse dodam.
Dekuji

[Xipco_CZ]

Dobry den,
tak SpyHunter jsem ted odinstaloval a tady je log z COMBOFIX, ktery jsem pouzil jiz vcera:
________________________________________________________________________________

ComboFix 15-04-28.01 - radek 04.05.2015 14:42:28.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1414 [GMT 2:00]
Spuštěný z: c:\documents and settings\radek\Plocha\ComboFix.exe
AV: ESET Endpoint Antivirus 6.1.2222.1 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$msi31uninstall_kb893803v2$
c:\windows\$msi31uninstall_kb893803v2$\msi.dll
c:\windows\$msi31uninstall_kb893803v2$\msiexec.exe
c:\windows\$msi31uninstall_kb893803v2$\msihnd.dll
c:\windows\$msi31uninstall_kb893803v2$\msimsg.dll
c:\windows\$msi31uninstall_kb893803v2$\msisip.dll
c:\windows\$msi31uninstall_kb893803v2$\reg00013
c:\windows\$msi31uninstall_kb893803v2$\reg00014
c:\windows\$msi31uninstall_kb893803v2$\reg00015
c:\windows\$msi31uninstall_kb893803v2$\reg00016
c:\windows\$msi31uninstall_kb893803v2$\reg00017
c:\windows\$msi31uninstall_kb893803v2$\reg00018
c:\windows\$msi31uninstall_kb893803v2$\reg00019
c:\windows\$msi31uninstall_kb893803v2$\reg00020
c:\windows\$msi31uninstall_kb893803v2$\reg00021
c:\windows\$msi31uninstall_kb893803v2$\reg00022
c:\windows\$msi31uninstall_kb893803v2$\reg00023
c:\windows\$msi31uninstall_kb893803v2$\reg00024
c:\windows\$msi31uninstall_kb893803v2$\reg00025
c:\windows\$msi31uninstall_kb893803v2$\reg00026
c:\windows\$msi31uninstall_kb893803v2$\reg00027
c:\windows\$msi31uninstall_kb893803v2$\reg00028
c:\windows\$msi31uninstall_kb893803v2$\reg00029
c:\windows\$msi31uninstall_kb893803v2$\reg00030
c:\windows\$msi31uninstall_kb893803v2$\reg00031
c:\windows\$msi31uninstall_kb893803v2$\reg00032
c:\windows\$msi31uninstall_kb893803v2$\reg00033
c:\windows\$msi31uninstall_kb893803v2$\reg00034
c:\windows\$msi31uninstall_kb893803v2$\reg00035
c:\windows\$msi31uninstall_kb893803v2$\reg00036
c:\windows\$msi31uninstall_kb893803v2$\reg00037
c:\windows\$msi31uninstall_kb893803v2$\reg00038
c:\windows\$msi31uninstall_kb893803v2$\reg00039
c:\windows\$msi31uninstall_kb893803v2$\reg00040
c:\windows\$msi31uninstall_kb893803v2$\reg00041
c:\windows\$msi31uninstall_kb893803v2$\reg00042
c:\windows\$msi31uninstall_kb893803v2$\reg00043
c:\windows\$msi31uninstall_kb893803v2$\reg00044
c:\windows\$msi31uninstall_kb893803v2$\reg00045
c:\windows\$msi31uninstall_kb893803v2$\reg00046
c:\windows\$msi31uninstall_kb893803v2$\reg00047
c:\windows\$msi31uninstall_kb893803v2$\reg00048
c:\windows\$msi31uninstall_kb893803v2$\reg00051
c:\windows\$msi31uninstall_kb893803v2$\reg00052
c:\windows\$msi31uninstall_kb893803v2$\reg00053
c:\windows\$msi31uninstall_kb893803v2$\reg00054
c:\windows\$msi31uninstall_kb893803v2$\reg00055
c:\windows\$msi31uninstall_kb893803v2$\reg00056
c:\windows\$msi31uninstall_kb893803v2$\reg00057
c:\windows\$msi31uninstall_kb893803v2$\reg00058
c:\windows\$msi31uninstall_kb893803v2$\reg00059
c:\windows\$msi31uninstall_kb893803v2$\reg00060
c:\windows\$msi31uninstall_kb893803v2$\reg00061
c:\windows\$msi31uninstall_kb893803v2$\reg00062
c:\windows\$msi31uninstall_kb893803v2$\reg00063
c:\windows\$msi31uninstall_kb893803v2$\reg00064
c:\windows\$msi31uninstall_kb893803v2$\reg00065
c:\windows\$msi31uninstall_kb893803v2$\reg00066
c:\windows\$msi31uninstall_kb893803v2$\reg00067
c:\windows\$msi31uninstall_kb893803v2$\reg00068
c:\windows\$msi31uninstall_kb893803v2$\reg00069
c:\windows\$msi31uninstall_kb893803v2$\reg00070
c:\windows\$msi31uninstall_kb893803v2$\reg00071
c:\windows\$msi31uninstall_kb893803v2$\reg00072
c:\windows\$msi31uninstall_kb893803v2$\reg00073
c:\windows\$msi31uninstall_kb893803v2$\reg00074
c:\windows\$msi31uninstall_kb893803v2$\reg00075
c:\windows\$msi31uninstall_kb893803v2$\reg00076
c:\windows\$msi31uninstall_kb893803v2$\reg00077
c:\windows\$msi31uninstall_kb893803v2$\reg00078
c:\windows\$msi31uninstall_kb893803v2$\reg00079
c:\windows\$msi31uninstall_kb893803v2$\reg00080
c:\windows\$msi31uninstall_kb893803v2$\reg00081
c:\windows\$msi31uninstall_kb893803v2$\reg00082
c:\windows\$msi31uninstall_kb893803v2$\reg00083
c:\windows\$msi31uninstall_kb893803v2$\reg00084
c:\windows\$msi31uninstall_kb893803v2$\reg00085
c:\windows\$msi31uninstall_kb893803v2$\reg00086
c:\windows\$msi31uninstall_kb893803v2$\reg00087
c:\windows\$msi31uninstall_kb893803v2$\reg00088
c:\windows\$msi31uninstall_kb893803v2$\reg00089
c:\windows\$msi31uninstall_kb893803v2$\reg00090
c:\windows\$msi31uninstall_kb893803v2$\reg00091
c:\windows\$msi31uninstall_kb893803v2$\reg00092
c:\windows\$msi31uninstall_kb893803v2$\reg00093
c:\windows\$msi31uninstall_kb893803v2$\reg00094
c:\windows\$msi31uninstall_kb893803v2$\reg00095
c:\windows\$msi31uninstall_kb893803v2$\reg00096
c:\windows\$msi31uninstall_kb893803v2$\reg00097
c:\windows\$msi31uninstall_kb893803v2$\reg00098
c:\windows\$msi31uninstall_kb893803v2$\reg00099
c:\windows\$msi31uninstall_kb893803v2$\reg00100
c:\windows\$msi31uninstall_kb893803v2$\reg00101
c:\windows\$msi31uninstall_kb893803v2$\reg00102
c:\windows\$msi31uninstall_kb893803v2$\reg00103
c:\windows\$msi31uninstall_kb893803v2$\reg00104
c:\windows\$msi31uninstall_kb893803v2$\reg00105
c:\windows\$msi31uninstall_kb893803v2$\reg00106
c:\windows\$msi31uninstall_kb893803v2$\reg00107
c:\windows\$msi31uninstall_kb893803v2$\reg00108
c:\windows\$msi31uninstall_kb893803v2$\reg00109
c:\windows\$msi31uninstall_kb893803v2$\reg00110
c:\windows\$msi31uninstall_kb893803v2$\reg00111
c:\windows\$msi31uninstall_kb893803v2$\reg00112
c:\windows\$msi31uninstall_kb893803v2$\reg00113
c:\windows\$msi31uninstall_kb893803v2$\reg00114
c:\windows\$msi31uninstall_kb893803v2$\reg00115
c:\windows\$msi31uninstall_kb893803v2$\reg00116
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
c:\windows\IsUn0405.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GLOBALUPDATE
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-04-04 do 2015-05-04 )))))))))))))))))))))))))))))))
.
.
2015-05-04 07:58 . 2015-05-04 07:58 -------- d-----w- c:\documents and settings\radek\Data aplikací\Enigma Software Group
2015-05-04 07:57 . 2015-05-04 07:57 -------- d-----w- C:\sh4ldr
2015-05-04 07:57 . 2015-05-04 07:57 19984 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2015-05-04 07:57 . 2015-05-04 07:57 -------- d-----w- c:\program files\Enigma Software Group
2015-04-30 11:01 . 2015-04-30 12:13 0 ----a-w- c:\documents and settings\radek\TempWmicBatchFile.bat
2015-04-30 06:58 . 2015-04-30 06:58 -------- d-----w- c:\documents and settings\radek\Data aplikací\Software Tool
2015-04-30 06:27 . 2015-04-30 06:27 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2015-04-30 06:27 . 2015-04-29 14:57 55824 ----a-w- c:\windows\system32\drivers\{b94c3215-569a-484c-84dc-f0bcf79c44cc}Gt.sys
2015-04-30 06:19 . 2015-04-30 06:19 -------- d-----w- c:\documents and settings\radek\Local Settings\Data aplikací\CrashRpt
2015-04-17 11:46 . 2015-04-17 11:46 -------- d-----w- c:\program files\ESET
2015-04-17 11:46 . 2015-04-17 11:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2015-04-16 05:34 . 2015-04-16 05:34 18178736 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-16 05:34 . 2012-09-08 15:24 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-04-16 05:34 . 2012-09-08 15:24 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-30 02:03 . 2014-04-30 02:03 2174976 ----a-w- c:\program files\Common Files\atimpenc.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="c:\documents and settings\radek\Data aplikací\LangSoft\OETRN.EXE" [2007-12-13 26624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpwareSE2"="c:\program files\Canon\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-04-07 1106297]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-04-07 1827640]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-04-07 126976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-15 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2008-04-14 208896]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe" [2015-05-04 7125376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\radek\Nabídka Start\Programy\Po spuštění\
Neutron.lnk - c:\program files\Neutron\Neutron.exe [2007-9-16 10240]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\MyPhoneExplorer\\MyPhoneExplorer.exe"=
.
R1 {b94c3215-569a-484c-84dc-f0bcf79c44cc}Gt;{b94c3215-569a-484c-84dc-f0bcf79c44cc}Gt;c:\windows\system32\drivers\{b94c3215-569a-484c-84dc-f0bcf79c44cc}Gt.sys [30.4.2015 8:27 55824]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.3.2012 8:40 135760]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.3.2012 8:40 118256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [16.2.2015 18:44 1566424]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [17.6.2013 10:10 90112]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\program files\Enigma Software Group\SpyHunter\SH4Service.exe [4.5.2015 9:57 771456]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [24.8.2012 13:08 2738600]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [12.12.2007 15:00 35840]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [4.5.2015 9:57 15920]
S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys --> c:\windows\system32\drivers\anvsnddrv.sys [?]
S3 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2.2.2015 13:39 188832]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [4.5.2015 9:57 19984]
S3 eshasrv;ESET SHA Service;c:\program files\ESET\ESET NOD32 Antivirus\eshasrv.exe [16.2.2015 18:45 165064]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [17.9.2013 11:49 24576]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys --> c:\windows\system32\DRIVERS\s0016bus.sys [?]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys --> c:\windows\system32\DRIVERS\s0016mdfl.sys [?]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys --> c:\windows\system32\DRIVERS\s0016mdm.sys [?]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [17.6.2013 8:50 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [17.6.2013 8:50 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [17.6.2013 8:50 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [17.6.2013 8:50 115752]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);c:\windows\system32\drivers\SE31bus.sys [17.6.2013 8:40 61600]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;c:\windows\system32\drivers\SE31mdfl.sys [17.6.2013 10:21 9360]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;c:\windows\system32\drivers\SE31mdm.sys [17.6.2013 10:21 97184]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [16.5.2014 15:24 116512]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2015-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-08 05:34]
.
2015-04-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-18 23:28]
.
2015-05-04 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-18 23:28]
.
2015-05-04 c:\windows\Tasks\SpyHunter4.job
- c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2015-05-04 08:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\radek\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\radek\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\radek\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\radek\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\radek\Data aplikací\LangSoft\WebIE.dll
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 10.143.126.9 10.143.128.1
FF - ProfilePath - c:\documents and settings\radek\Data aplikací\Mozilla\Firefox\Profiles\aoh2g658.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-WEBTRAN - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-05-04 14:47
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(964)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(1020)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(3856)
c:\program files\Canon\OmniPageSE2.0\ophookSE2.dll
c:\documents and settings\radek\Data aplikací\LangSoft\TrnOEH.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\SearchFilterHost.exe
c:\windows\system32\SearchProtocolHost.exe
.
**************************************************************************
.
Celkový čas: 2015-05-04 14:50:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-05-04 12:50
.
Před spuštěním: 3 801 333 760
Po spuštění: 3 752 943 616
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 06B29A71F4DDE426DDBD68AB7D9778DD
413FC2A0C716421B3158746D63736515

[Xipco_CZ]

Snazil jsem se vytvorit log FRST.
Stahnul jsem FSRT (32bit), FRSTLauncher, vypnul ESET a spustil FRSTLauncher.
PC ale pise toto:

"Nesouhlasi verze systemu a FRST. Stahnete spravnou verzi (32-bit Version) pro svuj operacni system a opakujte spusteni FRSTLauncher."

Tak nevim co ted.

[vyosek]

Zdravim

Jako MOD fora si dovolim vstoupit a timto se kolegovi omlouvam

Jedna se o domaci PC nebo nejaky firemni\pracovni???

[Xipco_CZ]

Dobry den,
PC je napul firemni/soukrome. Mam na zivnost malou dilnu, kde PC mam. Behem dne jej pouzivam jak na firemni, tak bezne soukrome veci (facebook, ICQ portable, ruzna fora, ...). Pokud PC nepude opravit, tak ho budu muset sam preinstalovat.
Mejte se.

[vyosek]

OK, diky za vysvetleni...

Spustte tedy jen samotny FRST a pak dejte log

Nasledne pokracujte s kolegou

[Xipco_CZ]

log z FRST
____________________________________

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-05-2015
Ran by radek (administrator) on TECHNOLOGIE on 05-05-2015 13:44:23
Running from C:\Documents and Settings\radek\Plocha
Loaded Profiles: radek (Available profiles: radek)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
() C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
(Microsoft Corporation) C:\WINDOWS\system32\tcpsvcs.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(ScanSoft, Inc.) C:\Program Files\Canon\OmniPageSE2.0\opwareSE2.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
() C:\Documents and Settings\radek\Data aplikací\LangSoft\OETRN.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [OpwareSE2] => C:\Program Files\Canon\OmniPageSE2.0\OpwareSE2.exe [49152 2003-05-08] (ScanSoft, Inc.)
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [1106297 2006-04-07] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] => C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [1827640 2006-04-07] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [126976 2006-04-07] (Acronis)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16270848 2006-11-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [2879488 2006-05-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [MP10_EnsureFileVer] => C:\WINDOWS\inf\unregmp2.exe [208896 2008-04-14] (Microsoft Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2007-11-02] (ATI Technologies Inc.)
HKU\S-1-5-21-1060284298-746137067-839522115-1003\...\Run: [OEXPRESS] => C:\Documents and Settings\radek\Data aplikací\LangSoft\OETRN.EXE [26624 2007-12-13] ()
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk [2012-09-08]
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\radek\Nabídka Start\Programy\Po spuštění\Neutron.lnk [2013-08-15]
ShortcutTarget: Neutron.lnk -> C:\Program Files\Neutron\Neutron.exe (http://keir.net)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1060284298-746137067-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
HKU\S-1-5-21-1060284298-746137067-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-30] (Adobe Systems Incorporated)
BHO: WebTransBHO Class -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> C:\Documents and Settings\radek\Data aplikací\LangSoft\WebIE.dll [2007-12-13] ()
BHO: No Name -> {724d43a9-0d85-11d4-9908-00400523e39a} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-23] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-23] (Oracle Corporation)
Toolbar: HKLM - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\radek\Data aplikací\LangSoft\WebIE.dll [2007-12-13] ()
Toolbar: HKU\S-1-5-21-1060284298-746137067-839522115-1003 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2008-04-14] (Společnost Microsoft)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/wind ... 7099610278
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.143.126.9 10.143.128.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\radek\Data aplikací\Mozilla\Firefox\Profiles\aoh2g658.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-07-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1060284298-746137067-839522115-1003: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
FF Extension: Zoom It - C:\Documents and Settings\radek\Data aplikací\Mozilla\Firefox\Profiles\aoh2g658.default\Extensions\{225af355-7277-b132-ab7c-69f487f7d523} [2015-05-04]
FF Extension: Flash and Video Download - C:\Documents and Settings\radek\Data aplikací\Mozilla\Firefox\Profiles\aoh2g658.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-04-23]
FF Extension: ODF Viewer - C:\Documents and Settings\radek\Data aplikací\Mozilla\Firefox\Profiles\aoh2g658.default\Extensions\uriloader@webodf.js.xpi [2014-01-15]
FF Extension: Web2PDF converter - C:\Documents and Settings\radek\Data aplikací\Mozilla\Firefox\Profiles\aoh2g658.default\Extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}.xpi [2014-01-30]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-09-08]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [204800 2006-04-07] (Acronis) [File not signed]
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2007-11-01] () [File not signed]
S3 EHttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\ehttpsrv.exe [33992 2015-02-16] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1566424 2015-02-16] (ESET)
S3 eshasrv; C:\Program Files\ESET\ESET NOD32 Antivirus\eshasrv.exe [165064 2015-02-16] (ESET)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtcL001; C:\WINDOWS\System32\DRIVERS\atl01_xp.sys [35840 2006-10-31] (Attansic Technology corporation.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [188832 2015-02-02] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [135760 2015-02-02] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [118256 2015-02-02] (ESET)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 s0016mgmt; C:\WINDOWS\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\WINDOWS\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\WINDOWS\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\WINDOWS\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
S3 SE31bus; C:\WINDOWS\System32\DRIVERS\SE31bus.sys [61600 2006-05-01] (MCCI) [File not signed]
S3 SE31mdfl; C:\WINDOWS\System32\DRIVERS\SE31mdfl.sys [9360 2006-05-01] (MCCI) [File not signed]
S3 SE31mdm; C:\WINDOWS\System32\DRIVERS\SE31mdm.sys [97184 2006-05-01] (MCCI) [File not signed]
R0 snapman; C:\WINDOWS\System32\DRIVERS\snapman.sys [99776 2007-12-13] (Acronis) [File not signed]
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [32224 2007-12-13] (Acronis) [File not signed]
R0 timounter; C:\WINDOWS\System32\DRIVERS\timntr.sys [387520 2007-12-13] (Acronis) [File not signed]
S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [X]
S4 IntelIde; No ImagePath
S3 s0016bus; system32\DRIVERS\s0016bus.sys [X]
S3 s0016mdfl; system32\DRIVERS\s0016mdfl.sys [X]
S3 s0016mdm; system32\DRIVERS\s0016mdm.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-05 13:44 - 2015-05-05 13:44 - 00012242 _____ () C:\Documents and Settings\radek\Plocha\FRST.txt
2015-05-05 13:41 - 2015-05-05 13:44 - 00000000 ____D () C:\FRST
2015-05-05 07:04 - 2015-05-05 07:05 - 02101248 _____ (Farbar) C:\Documents and Settings\radek\Plocha\FRST64.exe
2015-05-05 07:00 - 2015-05-05 07:00 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\radek\Plocha\FRSTLauncher.exe
2015-05-05 06:58 - 2015-05-05 07:02 - 01140736 _____ (Farbar) C:\Documents and Settings\radek\Plocha\FRST.exe
2015-05-04 14:50 - 2015-05-04 14:50 - 00019357 _____ () C:\ComboFix.txt
2015-05-04 14:45 - 2015-05-04 14:45 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2015-05-04 14:45 - 2015-05-04 14:45 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2015-05-04 14:45 - 2015-05-04 14:45 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2015-05-04 14:45 - 2015-05-04 14:45 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2015-05-04 14:45 - 2015-05-04 14:45 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2015-05-04 14:40 - 2015-05-04 14:40 - 00000000 _RSHD () C:\cmdcons
2015-05-04 14:40 - 2007-12-12 14:12 - 00000211 _____ () C:\Boot.bak
2015-05-04 14:40 - 2004-08-03 23:00 - 00261312 __RSH () C:\cmldr
2015-05-04 14:38 - 2011-06-26 08:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-05-04 14:38 - 2010-11-07 19:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-05-04 14:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-05-04 14:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-05-04 14:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-05-04 14:38 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-05-04 14:38 - 2000-08-31 02:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-05-04 14:38 - 2000-08-31 02:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-05-04 14:38 - 2000-08-31 02:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-05-04 14:35 - 2015-05-04 14:50 - 00000000 ____D () C:\Qoobox
2015-05-04 14:34 - 2015-05-04 14:50 - 00000000 ____D () C:\WINDOWS\erdnt
2015-05-04 14:28 - 2015-05-04 14:28 - 00509844 _____ () C:\WINDOWS\system32\prfh0405.dat
2015-05-04 14:28 - 2015-05-04 14:28 - 00106700 _____ () C:\WINDOWS\system32\prfc0405.dat
2015-05-04 14:27 - 2015-05-04 14:27 - 05619691 ____R (Swearware) C:\Documents and Settings\radek\Plocha\ComboFix.exe
2015-05-04 13:56 - 2015-05-04 13:56 - 101924344 _____ () C:\Documents and Settings\radek\Dokumenty\01.reg
2015-05-04 09:58 - 2015-05-04 09:58 - 00000000 ____D () C:\Documents and Settings\radek\Data aplikací\Enigma Software Group
2015-05-04 09:57 - 2015-05-04 09:57 - 00000930 _____ () C:\WINDOWS\setupapi.log
2015-04-30 16:11 - 2015-05-05 13:40 - 00008721 _____ () C:\WINDOWS\wmsetup.log
2015-04-30 16:10 - 2015-04-30 16:10 - 00124520 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-30 13:01 - 2015-04-30 14:13 - 00000000 _____ () C:\Documents and Settings\radek\TempWmicBatchFile.bat
2015-04-30 10:47 - 2015-04-30 10:47 - 00000476 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2015-04-30 08:58 - 2015-04-30 08:58 - 00000000 ____D () C:\Documents and Settings\radek\Data aplikací\Software Tool
2015-04-30 08:27 - 2015-04-30 08:27 - 00000000 ___RD () C:\Documents and Settings\LocalService\Oblíbené položky
2015-04-30 08:20 - 2015-04-30 08:20 - 00000000 ____D () C:\Documents and Settings\All Users\Dokumenty\ShopperPro
2015-04-30 08:19 - 2015-04-30 12:56 - 00000004 _____ () C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7
2015-04-28 09:44 - 2015-04-28 09:45 - 00011444 _____ () C:\Documents and Settings\radek\Plocha\dum_Sablik.ods
2015-04-27 08:31 - 2015-04-27 08:32 - 16162881 _____ () C:\Documents and Settings\radek\Plocha\AI.RoboForm.7.9.13.0.zip
2015-04-24 10:36 - 2015-04-24 10:36 - 00013763 _____ () C:\Documents and Settings\radek\Dokumenty\RE_ poptavka číslo_ 2015_0050_VNU.eml
2015-04-17 13:46 - 2015-04-17 13:46 - 00000000 ____D () C:\Program Files\ESET
2015-04-17 13:46 - 2015-04-17 13:46 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\ESET
2015-04-17 13:46 - 2015-04-17 13:46 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\ESET
2015-04-16 07:34 - 2015-04-16 07:34 - 18178736 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2015-04-15 13:18 - 2015-04-23 09:49 - 00000000 ____D () C:\Documents and Settings\radek\Plocha\6000010406
2015-04-14 06:42 - 2015-04-21 08:15 - 00000000 ____D () C:\Documents and Settings\radek\Plocha\6000010386

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-05 13:44 - 2007-12-12 14:28 - 00000000 ____D () C:\Documents and Settings\radek\Plocha
2015-05-05 13:42 - 2007-12-12 14:22 - 01917450 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-05 13:40 - 2014-03-20 07:22 - 00000222 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2015-05-05 13:40 - 2007-08-02 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2015-05-05 13:34 - 2012-10-19 07:33 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-05 13:12 - 2007-12-12 15:05 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-05-05 13:12 - 2007-12-12 15:05 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2015-05-05 13:12 - 2007-12-12 14:25 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-05 13:11 - 2007-12-12 14:28 - 00000178 ___SH () C:\Documents and Settings\radek\ntuser.ini
2015-05-05 13:11 - 2007-12-12 14:25 - 00032472 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-05 12:34 - 2007-12-12 14:28 - 00000000 ___RD () C:\Documents and Settings\radek\Dokumenty
2015-05-05 11:48 - 2007-12-13 08:03 - 00000378 _____ () C:\WINDOWS\hpbafd.ini
2015-05-05 11:48 - 2007-12-12 14:28 - 00000000 ____D () C:\Documents and Settings\radek
2015-05-05 11:08 - 2015-03-17 14:24 - 00000000 ____D () C:\Program Files\PowerISO
2015-05-05 11:07 - 2012-09-09 11:18 - 00000000 _____ () C:\WINDOWS\XXLGSC
2015-05-05 07:13 - 2010-08-03 07:03 - 00009230 _____ () C:\Documents and Settings\radek\Plocha\Impulsovi.txt
2015-05-05 06:48 - 2007-12-12 15:02 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-05-04 14:47 - 2007-08-02 14:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-05-04 14:46 - 2007-12-12 15:02 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2015-05-04 14:46 - 2007-12-12 15:02 - 00262144 _____ () C:\WINDOWS\system32\config\SAM.bak
2015-05-04 14:46 - 2007-12-12 15:01 - 26738688 _____ () C:\WINDOWS\system32\config\software.bak
2015-05-04 14:46 - 2007-12-12 15:01 - 05242880 _____ () C:\WINDOWS\system32\config\system.bak
2015-05-04 14:46 - 2007-12-12 15:01 - 00262144 _____ () C:\WINDOWS\system32\config\default.bak
2015-05-04 14:42 - 2007-12-12 14:28 - 00000000 __RHD () C:\Documents and Settings\radek\Data aplikací
2015-05-04 14:40 - 2007-12-12 15:01 - 00000327 __RSH () C:\boot.ini
2015-05-04 10:04 - 2007-12-12 14:28 - 00001605 _____ () C:\Documents and Settings\radek\Nabídka Start\Programy\Vzdálená pomoc.lnk
2015-05-04 10:03 - 2007-12-12 14:23 - 00001605 _____ () C:\Documents and Settings\Default User\Nabídka Start\Programy\Vzdálená pomoc.lnk
2015-04-30 16:40 - 2012-11-30 15:49 - 00000000 ____D () C:\Documents and Settings\radek\Data aplikací\vlc
2015-04-30 14:13 - 2007-12-12 15:02 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2015-04-30 12:40 - 2007-08-02 14:00 - 00000653 _____ () C:\WINDOWS\win.ini
2015-04-30 08:27 - 2007-12-12 14:25 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-04-30 08:20 - 2007-12-12 15:02 - 00000000 ___RD () C:\Documents and Settings\All Users\Dokumenty
2015-04-23 09:47 - 2007-12-12 15:02 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2015-04-23 08:01 - 2012-10-08 12:40 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-04-16 07:34 - 2012-09-08 17:24 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-04-16 07:34 - 2012-09-08 17:24 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-04-15 06:45 - 2013-08-14 08:36 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-15 06:41 - 2007-12-13 07:26 - 125832184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-08 17:22 - 2014-03-20 07:22 - 00000216 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job

==================== Files in the root of some directories =======

2014-04-30 04:03 - 2014-04-30 04:03 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files\Common Files\atimpenc.dll
2013-06-24 13:36 - 2013-10-03 08:02 - 0005120 _____ () C:\Documents and Settings\radek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-05 07:01 - 2015-05-05 13:40 - 0029696 _____ () C:\Documents and Settings\radek\Local Settings\Data aplikací\MSGBOX.EXE
2007-12-13 13:25 - 2013-05-21 09:10 - 0000600 _____ () C:\Documents and Settings\radek\Local Settings\Data aplikací\PUTTY.RND

Files to move or delete:
====================
C:\Documents and Settings\radek\TempWmicBatchFile.bat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
____________________________________
jeste zabaleny Additon

[altrok]

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

• ukoncete vsechny programy
• kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
• kliknete na Scan, pote na Cleaning
• po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

[Xipco_CZ]

posilam log z AdwCleaneru (po Cleaningu)
_________________________________________________________________________

# AdwCleaner v4.203 - Logfile created 06/05/2015 at 07:01:38
# Updated 30/04/2015 by Xplode
# Database : 2015-05-05.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : radek - TECHNOLOGIE
# Running from : C:\Documents and Settings\radek\Plocha\adwcleaner_4.203.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Documents and Settings\radek\Data aplikací\Mozilla\Firefox\Profiles\aoh2g658.default\invalidprefs.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\SavePass1.1
Key Deleted : HKLM\SOFTWARE\firstsearch

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v29.0.1 (cs)

[aoh2g658.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "14d090733d659be10b6285e34d9cd1b5");

*************************

AdwCleaner[R0].txt - [1349 bytes] - [06/05/2015 06:59:58]
AdwCleaner[S0].txt - [1241 bytes] - [06/05/2015 07:01:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1300 bytes] ##########

[altrok]

Pokud jeste nemate, presunte ComboFix na plochu.

• Otevrete Poznamkovy blok (Start -> Spustit -> notepad)
• zkopirujte do nej skript nize a ulozte na plochu jako CFScript (Typ souboru: Textovy dokument)

  Kód: Vybrat vše

  KillAll::
  
  Driver::
  {b94c3215-569a-484c-84dc-f0bcf79c44cc}Gt
  
  File::
  c:\windows\system32\drivers\{b94c3215-569a-484c-84dc-f0bcf79c44cc}Gt.sys
  
  RegLock::
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
  
  ClearJavaCache::
  
  Reboot::

• Tento CFScript.txt chytte, doslova pretahnete nad ikonu ComboFixu a pustte.
  
• Po restartu na Vas vyskoci log, jehoz obsah mi vlozte do dalsi odpovedi.

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou Windows. V tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[Xipco_CZ]

posilam obsah logu z ComboFix po restartu
___________________________________________________________________

ComboFix 15-04-28.01 - radek 06.05.2015 15:14:58.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1455 [GMT 2:00]
Spuštěný z: c:\documents and settings\radek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\radek\Plocha\CFScript.txt
AV: ESET Endpoint Antivirus 6.1.2222.1 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"c:\windows\system32\drivers\{b94c3215-569a-484c-84dc-f0bcf79c44cc}Gt.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\radek\Local Settings\Data aplikací\MSGBOX.EXE
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_{B94C3215-569A-484C-84DC-F0BCF79C44CC}GT
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-04-06 do 2015-05-06 )))))))))))))))))))))))))))))))
.
.
2015-05-06 12:57 . 2015-05-06 12:57 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\ESET
2015-05-06 04:59 . 2015-05-06 05:01 -------- d-----w- C:\AdwCleaner
2015-05-05 11:41 . 2015-05-05 11:45 -------- d-----w- C:\FRST
2015-05-04 07:58 . 2015-05-04 07:58 -------- d-----w- c:\documents and settings\radek\Data aplikací\Enigma Software Group
2015-04-30 11:01 . 2015-04-30 12:13 0 ----a-w- c:\documents and settings\radek\TempWmicBatchFile.bat
2015-04-30 06:58 . 2015-04-30 06:58 -------- d-----w- c:\documents and settings\radek\Data aplikací\Software Tool
2015-04-30 06:27 . 2015-04-30 06:27 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2015-04-30 06:19 . 2015-04-30 06:19 -------- d-----w- c:\documents and settings\radek\Local Settings\Data aplikací\CrashRpt
2015-04-17 11:46 . 2015-04-17 11:46 -------- d-----w- c:\program files\ESET
2015-04-17 11:46 . 2015-04-17 11:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2015-04-16 05:34 . 2015-04-16 05:34 18178736 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-16 05:34 . 2012-09-08 15:24 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-04-16 05:34 . 2012-09-08 15:24 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-30 02:03 . 2014-04-30 02:03 2174976 ----a-w- c:\program files\Common Files\atimpenc.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="c:\documents and settings\radek\Data aplikací\LangSoft\OETRN.EXE" [2007-12-13 26624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpwareSE2"="c:\program files\Canon\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-04-07 1106297]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-04-07 1827640]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-04-07 126976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-15 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2008-04-14 208896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\radek\Nabídka Start\Programy\Po spuštění\
Neutron.lnk - c:\program files\Neutron\Neutron.exe [2007-9-16 10240]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\MyPhoneExplorer\\MyPhoneExplorer.exe"=
.
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2.2.2015 13:39 188832]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.3.2012 8:40 135760]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.3.2012 8:40 118256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [16.2.2015 18:44 1566424]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [17.6.2013 10:10 90112]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [24.8.2012 13:08 2738600]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [12.12.2007 15:00 35840]
S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys --> c:\windows\system32\drivers\anvsnddrv.sys [?]
S3 eshasrv;ESET SHA Service;c:\program files\ESET\ESET NOD32 Antivirus\eshasrv.exe [16.2.2015 18:45 165064]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [17.9.2013 11:49 24576]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys --> c:\windows\system32\DRIVERS\s0016bus.sys [?]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys --> c:\windows\system32\DRIVERS\s0016mdfl.sys [?]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys --> c:\windows\system32\DRIVERS\s0016mdm.sys [?]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [17.6.2013 8:50 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [17.6.2013 8:50 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [17.6.2013 8:50 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [17.6.2013 8:50 115752]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);c:\windows\system32\drivers\SE31bus.sys [17.6.2013 8:40 61600]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;c:\windows\system32\drivers\SE31mdfl.sys [17.6.2013 10:21 9360]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;c:\windows\system32\drivers\SE31mdm.sys [17.6.2013 10:21 97184]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [16.5.2014 15:24 116512]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2015-05-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-08 05:34]
.
2015-04-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-18 23:28]
.
2015-05-06 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-18 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\radek\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\radek\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\radek\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\radek\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\radek\Data aplikací\LangSoft\WebIE.dll
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 10.143.126.9 10.143.128.1
FF - ProfilePath - c:\documents and settings\radek\Data aplikací\Mozilla\Firefox\Profiles\aoh2g658.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-05-06 15:22
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(896)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(3496)
c:\program files\Canon\OmniPageSE2.0\ophookSE2.dll
c:\documents and settings\radek\Data aplikací\LangSoft\TrnOEH.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Celkový čas: 2015-05-06 15:25:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-05-06 13:25
ComboFix2.txt 2015-05-04 12:50
.
Před spuštěním: 3 794 632 704
Po spuštění: 3 828 895 744
.
- - End Of File - - 4AADE7334A78E241422D798157138099
413FC2A0C716421B3158746D63736515

[altrok]

Stale ESET hlasi vir?

Dejte log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101

[Xipco_CZ]

Po spusteni Firefoxe pak během par sekund vyskoci okno ESETu s upozornenim na vir - viz. obr.
______________________________________________________________________

______________________________________________________________________