VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o preventivku

https://forum.viry.cz:443/viewtopic.php?t=133884

Stránka 1 z 1

Prosím o preventivku

Napsal: 06 lis 2013 20:08
od Klingy
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by Klingy1 (administrator) on KLINGY1-HTNMKO8 on 06-11-2013 20:04:00
Running from C:\Documents and Settings\Klingy1\Plocha\Download data from internet
Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkManagerDMS.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\WINDOWS\system32\IoctlSvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Nokia) C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
(Nokia.) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(The Author of QIP) C:\Program Files\QIP\qip.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
() C:\Program Files\USB TV\EM28XX\BDARemote.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkDMS.exe
(The Author of QIP) C:\Program Files\QIP\qip.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\java.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [790528 2003-05-29] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] - C:\Program Files\Analog Devices\SoundMAX\SMax4.exe [585728 2003-05-30] (Analog Devices, Inc.)
HKLM\...\Run: [ATIModeChange] - C:\WINDOWS\system32\Ati2mdxx.exe [26112 2010-02-11] (ATI Technologies, Inc.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1719944 2013-04-01] (Ask)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [PCSuiteTrayApplication] - C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [227328 2007-03-23] (Nokia)
HKLM\...\Run: [Samsung Link] - F:\TV samsung\Samsung Link\Samsung Link Tray Agent.exe [567368 2013-10-30] (Copyright 2013 SAMSUNG)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKCU\...\Run: [QIP2005] - C:\Program Files\QIP\qip.exe [3259392 2008-12-09] (The Author of QIP)
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe [ 2008-06-24] (Nero AG)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\BDARemote.lnk
ShortcutTarget: BDARemote.lnk -> C:\Program Files\USB TV\EM28XX\BDARemote.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?l=dis&o=15187
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60194
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKCU - DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?clien ... B670797BFD
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?clien ... B670797BFD
BHO: No Name - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files\SiteRanker\SiteRank.dll (Crawler, LLC)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: KMPlayer Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKLM - KMPlayer Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKCU - No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
Toolbar: HKCU - KMPlayer Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash2/cabs/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 94.74.192.252 94.74.192.244

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Klingy1\Data aplikací\Mozilla\Firefox\Profiles\3zhpg6kj.default
FF SelectedSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF DefaultSearchEngine: Ask.com
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: samsung.com/SamsungLinkPCPlugin - F:\TV samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\gp.xpi
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\staged-xpis
FF HKLM\...\Firefox\Extensions: [siteranker@siteranker.com] - C:\Program Files\SiteRanker\firefox\
FF Extension: SiteRanker - C:\Program Files\SiteRanker\firefox\
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (Ask) - http://websearch.ask.com/redirect?clien ... earchTerms}
CHR DefaultSuggestURL: (Ask) - http://ss.websearch.ask.com/query?qsrc= ... earchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\DOCUME~1\Klingy1\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\DOCUME~1\Klingy1\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\DOCUME~1\Klingy1\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\DOCUME~1\Klingy1\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\DOCUME~1\Klingy1\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.11_0
CHR Extension: (Google Wallet) - C:\DOCUME~1\Klingy1\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\DOCUME~1\Klingy1\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

========================== Services (Whitelisted) =================

R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkManagerDMS.exe [401800 2013-10-11] (Samsung)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2010-02-10] ()
S2 NOD32FiXTemDono; C:\WINDOWS\nod32fixtemdono.reg [568 2008-03-03] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [274432 2008-10-02] ()
S2 Samsung Link Service; F:\TV samsung\Samsung Link\Samsung Link.exe [574536 2013-10-30] (Copyright 2013 SAMSUNG)
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.)
S3 SystemExplorerHelpService; C:\Program Files\System Explorer\service\SystemExplorerService.exe [567256 2012-11-25] (Mister Group)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

S3 EL90X; C:\Windows\System32\DRIVERS\el90xnd5.sys [153631 2001-10-24] (3Com Corporation)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2009-01-01] (LogMeIn, Inc.)
S3 MidiSyn; C:\Windows\System32\drivers\MidiSyn.sys [235100 2002-09-20] (Analog Devices Inc)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-01-18] ()
R3 yukonwxp; C:\Windows\System32\DRIVERS\yukonwxp.sys [174336 2003-10-23] (Marvell Semiconductor Inc.)
U3 a4iokphw; C:\Windows\System32\Drivers\a4iokphw.sys [0 ] (Microsoft Corporation)
S3 GarenaPEngine; \??\C:\DOCUME~1\Klingy1\LOCALS~1\Temp\JCPF.tmp [x]
S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [x]
S4 IntelIde; No ImagePath
S3 k750bus; system32\DRIVERS\k750bus.sys [x]
S3 k750mdfl; system32\DRIVERS\k750mdfl.sys [x]
S3 k750mdm; system32\DRIVERS\k750mdm.sys [x]
S3 k750mgmt; system32\DRIVERS\k750mgmt.sys [x]
S3 k750obex; system32\DRIVERS\k750obex.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-06 20:03 - 2013-11-06 20:03 - 00029696 _____ C:\Documents and Settings\Klingy1\Local Settings\Data aplikací\MSGBOX.EXE
2013-11-06 20:03 - 2013-11-06 20:03 - 00000000 ____D C:\FRST
2013-11-04 21:19 - 2013-11-06 19:36 - 00001128 _____ C:\WINDOWS\setupapi.log
2013-11-04 19:08 - 2013-11-04 19:08 - 00000000 ____D C:\Upload
2013-11-04 19:07 - 2013-11-04 19:07 - 00000000 ____D C:\Program Files\Samsung
2013-11-04 19:00 - 2013-11-04 19:00 - 00000000 ____D C:\Documents and Settings\Klingy1\.swt
2013-11-04 19:00 - 2013-11-04 19:00 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Samsung
2013-11-04 19:00 - 2013-11-04 19:00 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\SAMSUNG
2013-10-10 20:51 - 2013-10-10 20:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-10 20:51 - 2013-10-10 20:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-10 20:45 - 2013-10-10 20:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2884256$
2013-10-10 20:45 - 2013-10-10 20:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-10 20:45 - 2013-10-10 20:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-10 20:44 - 2013-10-10 20:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-10 19:24 - 2013-07-03 03:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2013-10-10 19:23 - 2013-07-17 01:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2013-10-10 19:23 - 2013-07-17 01:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2013-10-10 19:23 - 2013-07-17 01:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2013-10-10 19:22 - 2013-08-09 01:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2013-10-10 19:22 - 2013-08-09 01:55 - 00032384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys
2013-10-10 19:22 - 2013-08-09 01:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2013-10-10 19:22 - 2009-03-18 12:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys

==================== One Month Modified Files and Folders =======

2013-11-06 20:03 - 2013-11-06 20:03 - 00029696 _____ C:\Documents and Settings\Klingy1\Local Settings\Data aplikací\MSGBOX.EXE
2013-11-06 20:03 - 2013-11-06 20:03 - 00000000 ____D C:\FRST
2013-11-06 20:03 - 2012-04-17 20:11 - 00000000 ____D C:\Documents and Settings\Klingy1\Plocha\Download data from internet
2013-11-06 20:03 - 2008-12-26 19:57 - 00000000 ___HD C:\Documents and Settings\Klingy1\Local Settings\Data aplikací
2013-11-06 20:02 - 2013-04-20 10:52 - 00000238 _____ C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
2013-11-06 19:58 - 2002-01-02 06:33 - 00000942 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-06 19:38 - 2012-03-13 17:29 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-11-06 19:38 - 2008-12-27 00:26 - 01887346 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-06 19:37 - 2012-03-13 17:29 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-11-06 19:37 - 2010-03-21 14:41 - 00000260 _____ C:\WINDOWS\Tasks\WGASetup.job
2013-11-06 19:37 - 2008-12-26 19:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-06 19:37 - 2002-01-02 06:33 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-06 19:36 - 2013-11-04 21:19 - 00001128 _____ C:\WINDOWS\setupapi.log
2013-11-06 19:36 - 2012-12-08 13:34 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2013-11-06 19:36 - 2008-12-26 19:57 - 00000178 ___SH C:\Documents and Settings\Klingy1\ntuser.ini
2013-11-06 19:36 - 2008-12-26 19:56 - 00032620 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-06 19:34 - 2008-12-26 20:39 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2013-11-06 17:39 - 2010-10-16 19:59 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-11-06 17:39 - 2001-10-25 15:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-04 19:08 - 2013-11-04 19:08 - 00000000 ____D C:\Upload
2013-11-04 19:08 - 2010-04-11 11:36 - 00000000 ____D C:\WINDOWS\Minidump
2013-11-04 19:08 - 2008-12-26 19:57 - 00000000 ____D C:\Documents and Settings\Klingy1
2013-11-04 19:07 - 2013-11-04 19:07 - 00000000 ____D C:\Program Files\Samsung
2013-11-04 19:00 - 2013-11-04 19:00 - 00000000 ____D C:\Documents and Settings\Klingy1\.swt
2013-11-04 19:00 - 2013-11-04 19:00 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Samsung
2013-11-04 19:00 - 2013-11-04 19:00 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\SAMSUNG
2013-11-04 19:00 - 2008-12-26 20:39 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2013-11-04 19:00 - 2008-12-26 20:38 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2013-11-04 19:00 - 2008-12-26 19:57 - 00000000 ___RD C:\Documents and Settings\Klingy1\Nabídka Start
2013-10-30 20:02 - 2009-04-02 21:44 - 00000069 _____ C:\WINDOWS\NeroDigital.ini
2013-10-30 20:01 - 2008-12-26 19:57 - 00000000 ___HD C:\Documents and Settings\Klingy1\Okolní síť
2013-10-27 14:47 - 2008-12-26 20:39 - 01030600 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-20 22:09 - 2002-01-02 06:34 - 00001813 _____ C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
2013-10-14 20:03 - 2011-02-13 14:27 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-12 19:10 - 2008-12-26 20:38 - 00284520 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-10 20:51 - 2013-10-10 20:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-10 20:51 - 2013-10-10 20:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-10 20:51 - 2013-08-15 21:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-10 20:47 - 2010-09-07 20:03 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-10 20:45 - 2013-10-10 20:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2884256$
2013-10-10 20:45 - 2013-10-10 20:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-10 20:45 - 2013-10-10 20:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-10 20:44 - 2013-10-10 20:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$

Some content of TEMP:
====================
C:\Documents and Settings\Klingy1\Local Settings\Temp\APNStub.exe
C:\Documents and Settings\Klingy1\Local Settings\Temp\firefoxjre_exe-1.exe
C:\Documents and Settings\Klingy1\Local Settings\Temp\firefoxjre_exe.exe
C:\Documents and Settings\Klingy1\Local Settings\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Documents and Settings\Klingy1\Local Settings\Temp\KMP_3.7.0.113.exe
C:\Documents and Settings\Klingy1\Local Settings\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2002-09-20 19:05] - [2008-04-14 08:52] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1

C:\Windows\System32\winlogon.exe
[2002-09-20 19:05] - [2008-04-14 08:52] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea

C:\Windows\System32\svchost.exe
[2001-10-25 15:00] - [2008-04-14 08:52] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93

C:\Windows\System32\services.exe
[2001-10-25 15:00] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 9ef697af07bb8dd82c3b02ca953a95b7

C:\Windows\System32\User32.dll
[2002-09-20 19:04] - [2008-04-14 08:52] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53

C:\Windows\System32\userinit.exe
[2002-09-20 19:05] - [2008-04-14 08:52] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239

C:\Windows\System32\Drivers\volsnap.sys
[2001-10-25 15:00] - [2008-04-14 07:42] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1


==================== End Of Log ============================

Re: Prosím o preventivku

Napsal: 07 lis 2013 09:49
od vyosek
Zdravim :)

:arrow: Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
  • Ulozte nejlepe na plochu
  • Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
  • Probehne vytvoreni zalohy a nasledne prohledavani
  • Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte
:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Re: Prosím o preventivku

Napsal: 07 lis 2013 16:50
od Klingy
Díky chcu pročistit mátince PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by Klingy1 on źt 07.11.2013 at 16:13:37,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apnupdater
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1275210071-1336601894-725345543-1003\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dttoolbar.toolbandobj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dttoolbar.toolbandobj.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{11bf46c6-b3de-48bd-bf70-3ad85cab80b5}_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86d4b82a-abed-442a-be86-96357b70f4fe}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_current_user\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\typelib\{2996f0e7-292b-4cae-893f-47b8b1c05b56}"



~~~ Files

Successfully deleted: [File] "C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Klingy1\Data aplikacˇ\siteranker"
Successfully deleted: [Folder] "C:\Program Files\daemon tools toolbar"
Successfully deleted: [Folder] "C:\Program Files\siteranker"
Successfully deleted: [Folder] "C:\Program Files\ask.com"
Successfully deleted: [Folder] "C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"



~~~ FireFox

Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml"
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\siteranker@siteranker.com
Successfully deleted the following from C:\Documents and Settings\Klingy1\Data aplikacˇ\mozilla\firefox\profiles\3zhpg6kj.default\prefs.js

user_pref("extensions.asktb.ff-original-keyword-url", "");





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 07.11.2013 at 16:19:39,26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.011 - Report created 07/11/2013 at 16:43:49
# Updated 03/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Klingy1 - KLINGY1-HTNMKO8
# Running from : C:\Documents and Settings\Klingy1\Plocha\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Ask
Folder Deleted : C:\Documents and Settings\All Users\Nabídka Start\Programy\SiteRanker
Folder Deleted : C:\Documents and Settings\Klingy1\Local Settings\Data aplikací\apn
Folder Deleted : C:\Documents and Settings\Klingy1\Local Settings\Data aplikací\AskToolbar
Folder Deleted : C:\Documents and Settings\Klingy1\Data aplikací\Mozilla\Firefox\Profiles\z58yt1os.default\Extensions\toolbar@ask.com
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Key Deleted : HKCU\Software\SiteRanker
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\CToolbar_UNINSTALL
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\daemon tools toolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.21357

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Documents and Settings\Klingy1\Data aplikací\Mozilla\Firefox\Profiles\3zhpg6kj.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com");

-\\ Google Chrome v30.0.1599.101

[ File : C:\Documents and Settings\Klingy1\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url
Deleted : search_url
Deleted : suggest_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [7083 octets] - [07/11/2013 16:23:39]
AdwCleaner[S0].txt - [7015 octets] - [07/11/2013 16:43:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7075 octets] ##########

Re: Prosím o preventivku

Napsal: 07 lis 2013 17:10
od vyosek
Poprosim o novy log z FRSTLauncheru http://forum.viry.cz/viewtopic.php?f=30&t=133101

Re: Prosím o preventivku

Napsal: 08 lis 2013 22:39
od Klingy
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by Klingy1 (administrator) on KLINGY1-HTNMKO8 on 08-11-2013 22:35:58
Running from C:\Documents and Settings\Klingy1\Plocha
Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkDMS.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\WINDOWS\system32\IoctlSvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Nokia) C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(The Author of QIP) C:\Program Files\QIP\qip.exe
(Nokia.) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
() C:\Program Files\USB TV\EM28XX\BDARemote.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [790528 2003-05-29] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] - C:\Program Files\Analog Devices\SoundMAX\SMax4.exe [585728 2003-05-30] (Analog Devices, Inc.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [PCSuiteTrayApplication] - C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [227328 2007-03-23] (Nokia)
HKLM\...\Run: [Samsung Link] - C:\Program Files\Samsung Link\Samsung Link Tray Agent.exe [567368 2013-11-05] (Copyright 2013 SAMSUNG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKCU\...\Run: [QIP2005] - C:\Program Files\QIP\qip.exe [3259392 2008-12-09] (The Author of QIP)
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe [ 2008-06-24] (Nero AG)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\BDARemote.lnk
ShortcutTarget: BDARemote.lnk -> C:\Program Files\USB TV\EM28XX\BDARemote.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash2/cabs/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 94.74.192.252 94.74.192.244

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Klingy1\Data aplikací\Mozilla\Firefox\Profiles\3zhpg6kj.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: samsung.com/SamsungLinkPCPlugin - C:\Program Files\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\gp.xpi
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\staged-xpis
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (Ask) - http://websearch.ask.com/redirect?clien ... earchTerms}
CHR DefaultSuggestURL: (Ask) - http://ss.websearch.ask.com/query?qsrc= ... earchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\WINDOWS\system32\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\DOCUME~1\Klingy1\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\DOCUME~1\Klingy1\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\DOCUME~1\Klingy1\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\DOCUME~1\Klingy1\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\DOCUME~1\Klingy1\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.11_0
CHR Extension: (Google Wallet) - C:\DOCUME~1\Klingy1\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\DOCUME~1\Klingy1\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

========================== Services (Whitelisted) =================

R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkManagerDMS.exe [401800 2013-10-11] (Samsung)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2010-02-10] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [274432 2008-10-02] ()
S2 Samsung Link Service; C:\Program Files\Samsung Link\Samsung Link.exe [574536 2013-11-05] (Copyright 2013 SAMSUNG)
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.)
S3 SystemExplorerHelpService; C:\Program Files\System Explorer\service\SystemExplorerService.exe [567256 2012-11-25] (Mister Group)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

S3 EL90X; C:\Windows\System32\DRIVERS\el90xnd5.sys [153631 2001-10-24] (3Com Corporation)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2009-01-01] (LogMeIn, Inc.)
S3 MidiSyn; C:\Windows\System32\drivers\MidiSyn.sys [235100 2002-09-20] (Analog Devices Inc)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-01-18] ()
R3 yukonwxp; C:\Windows\System32\DRIVERS\yukonwxp.sys [174336 2003-10-23] (Marvell Semiconductor Inc.)
U3 acvqumnd; C:\Windows\System32\Drivers\acvqumnd.sys [0 ] (Microsoft Corporation)
S3 GarenaPEngine; \??\C:\DOCUME~1\Klingy1\LOCALS~1\Temp\JCPF.tmp [x]
S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [x]
S4 IntelIde; No ImagePath
S3 k750bus; system32\DRIVERS\k750bus.sys [x]
S3 k750mdfl; system32\DRIVERS\k750mdfl.sys [x]
S3 k750mdm; system32\DRIVERS\k750mdm.sys [x]
S3 k750mgmt; system32\DRIVERS\k750mgmt.sys [x]
S3 k750obex; system32\DRIVERS\k750obex.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-08 22:35 - 2013-11-08 22:35 - 01089445 _____ (Farbar) C:\Documents and Settings\Klingy1\Plocha\FRST.exe
2013-11-08 22:34 - 2013-11-08 22:34 - 00112128 _____ (forum.viry.cz) C:\Documents and Settings\Klingy1\Plocha\FRSTLauncher.exe
2013-11-07 16:57 - 2013-11-07 16:57 - 00000636 _____ C:\WINDOWS\setupapi.log
2013-11-07 16:55 - 2013-11-07 16:55 - 00025110 _____ C:\Documents and Settings\Klingy1\Dokumenty\zaloha registru.reg
2013-11-07 16:23 - 2013-11-07 16:44 - 00000000 ____D C:\AdwCleaner
2013-11-07 16:13 - 2013-11-07 16:13 - 00000000 ____D C:\WINDOWS\ERUNT
2013-11-07 16:11 - 2013-11-07 16:11 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-07 16:11 - 2013-10-08 07:50 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-11-07 16:11 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-11-07 16:11 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-11-07 16:10 - 2013-11-07 16:11 - 00005480 _____ C:\WINDOWS\system32\jupdate-1.7.0_45-b18.log
2013-11-07 16:10 - 2013-11-07 16:10 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Java
2013-11-07 16:10 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-11-06 20:27 - 2013-11-06 20:27 - 00000000 ____D C:\Program Files\Samsung
2013-11-06 20:27 - 2013-11-06 20:27 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Samsung
2013-11-06 20:26 - 2013-11-06 20:27 - 00000000 ____D C:\Program Files\Samsung Link
2013-11-06 20:03 - 2013-11-08 22:35 - 00029696 _____ C:\Documents and Settings\Klingy1\Local Settings\Data aplikací\MSGBOX.EXE
2013-11-06 20:03 - 2013-11-06 20:03 - 00000000 ____D C:\FRST
2013-11-04 19:08 - 2013-11-04 19:08 - 00000000 ____D C:\Upload
2013-11-04 19:00 - 2013-11-04 19:00 - 00000000 ____D C:\Documents and Settings\Klingy1\.swt
2013-11-04 19:00 - 2013-11-04 19:00 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\SAMSUNG
2013-10-10 20:51 - 2013-10-10 20:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-10 20:51 - 2013-10-10 20:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-10 20:45 - 2013-10-10 20:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2884256$
2013-10-10 20:45 - 2013-10-10 20:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-10 20:45 - 2013-10-10 20:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-10 20:44 - 2013-10-10 20:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-10 19:24 - 2013-07-03 03:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2013-10-10 19:23 - 2013-07-17 01:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2013-10-10 19:23 - 2013-07-17 01:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2013-10-10 19:23 - 2013-07-17 01:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2013-10-10 19:22 - 2013-08-09 01:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2013-10-10 19:22 - 2013-08-09 01:55 - 00032384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys
2013-10-10 19:22 - 2013-08-09 01:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2013-10-10 19:22 - 2009-03-18 12:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys

==================== One Month Modified Files and Folders =======

2013-11-08 22:35 - 2013-11-08 22:35 - 01089445 _____ (Farbar) C:\Documents and Settings\Klingy1\Plocha\FRST.exe
2013-11-08 22:35 - 2013-11-06 20:03 - 00029696 _____ C:\Documents and Settings\Klingy1\Local Settings\Data aplikací\MSGBOX.EXE
2013-11-08 22:35 - 2012-04-17 20:11 - 00000000 ____D C:\Documents and Settings\Klingy1\Plocha\Download data from internet
2013-11-08 22:35 - 2008-12-26 19:57 - 00000000 ___HD C:\Documents and Settings\Klingy1\Local Settings\Data aplikací
2013-11-08 22:35 - 2008-12-26 19:57 - 00000000 ____D C:\Documents and Settings\Klingy1\Plocha
2013-11-08 22:34 - 2013-11-08 22:34 - 00112128 _____ (forum.viry.cz) C:\Documents and Settings\Klingy1\Plocha\FRSTLauncher.exe
2013-11-08 22:34 - 2008-12-27 00:26 - 01923461 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-08 22:32 - 2012-03-13 17:29 - 00000157 _____ C:\WINDOWS\wiadebug.log
2013-11-08 22:32 - 2012-03-13 17:29 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-11-08 22:32 - 2010-03-21 14:41 - 00000260 _____ C:\WINDOWS\Tasks\WGASetup.job
2013-11-08 22:32 - 2008-12-26 19:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-08 22:32 - 2002-01-02 06:33 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-08 22:32 - 2001-10-25 15:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-07 16:57 - 2013-11-07 16:57 - 00000636 _____ C:\WINDOWS\setupapi.log
2013-11-07 16:57 - 2012-12-08 13:34 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2013-11-07 16:57 - 2008-12-26 19:57 - 00000178 ___SH C:\Documents and Settings\Klingy1\ntuser.ini
2013-11-07 16:57 - 2008-12-26 19:56 - 00032518 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-07 16:56 - 2012-12-08 10:37 - 00000000 ____D C:\Program Files\Heroes of Newerth
2013-11-07 16:56 - 2009-11-18 15:40 - 00000000 ____D C:\Documents and Settings\Klingy1\Nabídka Start\Programy\Heroes of Newerth
2013-11-07 16:56 - 2008-12-26 19:57 - 00000000 ___RD C:\Documents and Settings\Klingy1\Dokumenty
2013-11-07 16:55 - 2013-11-07 16:55 - 00025110 _____ C:\Documents and Settings\Klingy1\Dokumenty\zaloha registru.reg
2013-11-07 16:54 - 2008-12-26 19:57 - 00000000 ____D C:\Documents and Settings\Klingy1
2013-11-07 16:44 - 2013-11-07 16:23 - 00000000 ____D C:\AdwCleaner
2013-11-07 16:43 - 2008-12-26 20:39 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2013-11-07 16:43 - 2008-12-26 20:38 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2013-11-07 16:20 - 2010-06-23 14:47 - 00000000 ___RD C:\Documents and Settings\All Users\Dokumenty\Filmy
2013-11-07 16:19 - 2010-01-10 19:00 - 00163840 ___SH C:\Documents and Settings\All Users\Dokumenty\Thumbs.db
2013-11-07 16:17 - 2009-04-02 21:44 - 00000069 _____ C:\WINDOWS\NeroDigital.ini
2013-11-07 16:14 - 2008-12-26 19:57 - 00000000 __RHD C:\Documents and Settings\Klingy1\Data aplikací
2013-11-07 16:13 - 2013-11-07 16:13 - 00000000 ____D C:\WINDOWS\ERUNT
2013-11-07 16:12 - 2010-04-08 14:07 - 00000000 ____D C:\Documents and Settings\Klingy1\Plocha\kokotiny
2013-11-07 16:11 - 2013-11-07 16:11 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-07 16:11 - 2013-11-07 16:10 - 00005480 _____ C:\WINDOWS\system32\jupdate-1.7.0_45-b18.log
2013-11-07 16:11 - 2012-04-06 19:17 - 00000000 ____D C:\Program Files\Java
2013-11-07 16:10 - 2013-11-07 16:10 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Java
2013-11-06 20:58 - 2002-01-02 06:33 - 00000942 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-06 20:35 - 2008-12-26 19:57 - 00000000 ___RD C:\Documents and Settings\Klingy1\Dokumenty\Obrázky
2013-11-06 20:27 - 2013-11-06 20:27 - 00000000 ____D C:\Program Files\Samsung
2013-11-06 20:27 - 2013-11-06 20:27 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Samsung
2013-11-06 20:27 - 2013-11-06 20:26 - 00000000 ____D C:\Program Files\Samsung Link
2013-11-06 20:27 - 2008-12-26 19:57 - 00000000 ___RD C:\Documents and Settings\Klingy1\Nabídka Start
2013-11-06 20:03 - 2013-11-06 20:03 - 00000000 ____D C:\FRST
2013-11-06 17:39 - 2010-10-16 19:59 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-11-04 19:08 - 2013-11-04 19:08 - 00000000 ____D C:\Upload
2013-11-04 19:08 - 2010-04-11 11:36 - 00000000 ____D C:\WINDOWS\Minidump
2013-11-04 19:00 - 2013-11-04 19:00 - 00000000 ____D C:\Documents and Settings\Klingy1\.swt
2013-11-04 19:00 - 2013-11-04 19:00 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\SAMSUNG
2013-11-04 19:00 - 2008-12-26 20:39 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2013-10-30 20:01 - 2008-12-26 19:57 - 00000000 ___HD C:\Documents and Settings\Klingy1\Okolní síť
2013-10-27 14:47 - 2008-12-26 20:39 - 01030600 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-20 22:09 - 2002-01-02 06:34 - 00001813 _____ C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
2013-10-14 20:03 - 2011-02-13 14:27 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-12 19:10 - 2008-12-26 20:38 - 00284520 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-10 20:51 - 2013-10-10 20:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-10 20:51 - 2013-10-10 20:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-10 20:51 - 2013-08-15 21:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-10 20:47 - 2010-09-07 20:03 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-10 20:45 - 2013-10-10 20:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2884256$
2013-10-10 20:45 - 2013-10-10 20:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-10 20:45 - 2013-10-10 20:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-10 20:44 - 2013-10-10 20:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$

Some content of TEMP:
====================
C:\Documents and Settings\Klingy1\Local Settings\Temp\APNStub.exe
C:\Documents and Settings\Klingy1\Local Settings\Temp\firefoxjre_exe-1.exe
C:\Documents and Settings\Klingy1\Local Settings\Temp\firefoxjre_exe.exe
C:\Documents and Settings\Klingy1\Local Settings\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Documents and Settings\Klingy1\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\Klingy1\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Klingy1\Local Settings\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2002-09-20 19:05] - [2008-04-14 08:52] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1

C:\Windows\System32\winlogon.exe
[2002-09-20 19:05] - [2008-04-14 08:52] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea

C:\Windows\System32\svchost.exe
[2001-10-25 15:00] - [2008-04-14 08:52] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93

C:\Windows\System32\services.exe
[2001-10-25 15:00] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 9ef697af07bb8dd82c3b02ca953a95b7

C:\Windows\System32\User32.dll
[2002-09-20 19:04] - [2008-04-14 08:52] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53

C:\Windows\System32\userinit.exe
[2002-09-20 19:05] - [2008-04-14 08:52] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239

C:\Windows\System32\Drivers\volsnap.sys
[2001-10-25 15:00] - [2008-04-14 07:42] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1


==================== End Of Log ============================

Díky za vše, mohl by jsi mi poradit jak se zbavit http://www.search.ask.com/, mám nastavenej google jako domovskou stránku ale když vyhledávám něco pres zadávací lištu tak mi tam skáče ten ask hajzl. Dík

Re: Prosím o preventivku

Napsal: 09 lis 2013 02:04
od vyosek
:arrow: Ask.com urcite odstrelime :157:

:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    Start
HKLM\...\Run: [] - [x]
HKLM\...\Run: [PCSuiteTrayApplication] - C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [227328 2007-03-23] (Nokia)
HKLM\...\Run: [Samsung Link] - C:\Program Files\Samsung Link\Samsung Link Tray Agent.exe [567368 2013-11-05] (Copyright 2013 SAMSUNG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [QIP2005] - C:\Program Files\QIP\qip.exe [3259392 2008-12-09] (The Author of QIP)
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe [ 2008-06-24] (Nero AG)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\BDARemote.lnk

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search

CHR DefaultSearchURL: (Ask) - http://websearch.ask.com/redirect?clien ... =OSJ000&q={searchTerms}
CHR DefaultSuggestURL: (Ask) - http://ss.websearch.ask.com/query?qsrc= ... =prefix&q={searchTerms}

DisableService: RichVideo
DisableService: JavaQuickStarterService

S4 IntelIde; No ImagePath
S3 k750bus; system32\DRIVERS\k750bus.sys [x]
S3 k750mdfl; system32\DRIVERS\k750mdfl.sys [x]
S3 k750mdm; system32\DRIVERS\k750mdm.sys [x]
S3 k750mgmt; system32\DRIVERS\k750mgmt.sys [x]
S3 k750obex; system32\DRIVERS\k750obex.sys [x]

2013-11-07 16:23 - 2013-11-07 16:44 - 00000000 ____D C:\AdwCleaner
C:\Documents and Settings\Klingy1\Local Settings\Temp\APNStub.exe
C:\Documents and Settings\Klingy1\Local Settings\Temp\firefoxjre_exe-1.exe
C:\Documents and Settings\Klingy1\Local Settings\Temp\firefoxjre_exe.exe
C:\Documents and Settings\Klingy1\Local Settings\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Documents and Settings\Klingy1\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\Klingy1\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Klingy1\Local Settings\Temp\SkypeSetup.exe

Hosts:

End
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny fixlist vedle FRST
:arrow: Spustte znovu FRST.exe
  • Kliknete na Fix
  • Probehne oprava a vytvori log Fixlog.txt
:arrow: Restart PC a dejte mi sem fixlog.txt

Re: Prosím o preventivku

Napsal: 10 lis 2013 21:51
od Klingy
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 31-10-2013
Ran by Klingy1 at 2013-11-10 21:49:30 Run:1
Running from C:\Documents and Settings\Klingy1\Plocha
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [] - [x]
HKLM\...\Run: [PCSuiteTrayApplication] - C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [227328 2007-03-23] (Nokia)
HKLM\...\Run: [Samsung Link] - C:\Program Files\Samsung Link\Samsung Link Tray Agent.exe [567368 2013-11-05] (Copyright 2013 SAMSUNG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [QIP2005] - C:\Program Files\QIP\qip.exe [3259392 2008-12-09] (The Author of QIP)
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe [ 2008-06-24] (Nero AG)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\BDARemote.lnk

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search

CHR DefaultSearchURL: (Ask) - http://websearch.ask.com/redirect?clien ... =OSJ000&q={searchTerms}
CHR DefaultSuggestURL: (Ask) - http://ss.websearch.ask.com/query?qsrc= ... =prefix&q={searchTerms}

DisableService: RichVideo
DisableService: JavaQuickStarterService

S4 IntelIde; No ImagePath
S3 k750bus; system32\DRIVERS\k750bus.sys [x]
S3 k750mdfl; system32\DRIVERS\k750mdfl.sys [x]
S3 k750mdm; system32\DRIVERS\k750mdm.sys [x]
S3 k750mgmt; system32\DRIVERS\k750mgmt.sys [x]
S3 k750obex; system32\DRIVERS\k750obex.sys [x]

2013-11-07 16:23 - 2013-11-07 16:44 - 00000000 ____D C:\AdwCleaner
C:\Documents and Settings\Klingy1\Local Settings\Temp\APNStub.exe
C:\Documents and Settings\Klingy1\Local Settings\Temp\firefoxjre_exe-1.exe
C:\Documents and Settings\Klingy1\Local Settings\Temp\firefoxjre_exe.exe
C:\Documents and Settings\Klingy1\Local Settings\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Documents and Settings\Klingy1\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\Klingy1\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Klingy1\Local Settings\Temp\SkypeSetup.exe

Hosts:

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\PCSuiteTrayApplication => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Samsung Link => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\QIP2005 => Value deleted successfully.
HKU\Default User\Software\Microsoft\Windows\CurrentVersion\RunOnce\\NeroHomeFirstStart => Value deleted successfully.
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\BDARemote.lnk => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\SearchAssistant => Value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\CustomizeSearch => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
CHR DefaultSearchURL: (Ask) - http://websearch.ask.com/redirect?clien ... =OSJ000&q={searchTerms} ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSuggestURL: (Ask) - http://ss.websearch.ask.com/query?qsrc= ... =prefix&q={searchTerms} ==> The Chrome "Settings" can be used to fix the entry.
RichVideo service was disabled
JavaQuickStarterService service was disabled
IntelIde => Service deleted successfully.
k750bus => Service deleted successfully.
k750mdfl => Service deleted successfully.
k750mdm => Service deleted successfully.
k750mgmt => Service deleted successfully.
k750obex => Service deleted successfully.
C:\AdwCleaner => Moved successfully.
C:\Documents and Settings\Klingy1\Local Settings\Temp\APNStub.exe => Moved successfully.
C:\Documents and Settings\Klingy1\Local Settings\Temp\firefoxjre_exe-1.exe => Moved successfully.
C:\Documents and Settings\Klingy1\Local Settings\Temp\firefoxjre_exe.exe => Moved successfully.
C:\Documents and Settings\Klingy1\Local Settings\Temp\jre-6u31-windows-i586-iftw-rv.exe => Moved successfully.
C:\Documents and Settings\Klingy1\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\Klingy1\Local Settings\Temp\Quarantine.exe => Moved successfully.
C:\Documents and Settings\Klingy1\Local Settings\Temp\SkypeSetup.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

==== End of Fixlog ====

Tady to je snad už to bude ok. Díky

Re: Prosím o preventivku

Napsal: 10 lis 2013 22:39
od vyosek
Tak jeste uklidime :James008:

:arrow: T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

:arrow: A pokud nejsou problemy ci dotazy, je to z me strany vse :|
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz