VIRY.CZ

Dobrá, druhý pokus o dotaz. Jsem totální neaiťák a vyskakuje mi reklama na FireFoxu, neúspěšně jsem použil ComboFix. Tak co s tím, prosím?

Zdravim

Dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=24&t=130784

Puvodni tema presunuji do kose

Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2013-12-10 20:51:18
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 44 GB (29%) free of 153 GB
Total RAM: 1015 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:52:00, on 10.12.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21359)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Ergonomic Soft\Ergonomic Setup Center\firebird\bin\fbserver.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Admin\Plocha\RSIT.exe
C:\Program Files\trend micro\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: BetterSrf - {1824FF90-C98E-48A6-838F-E3B6572B0C77} - C:\Program Files\BetterSurf\BetterSurfPlus\ie\BetterSrf.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Documents and Settings\Admin\Data aplikací\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Documents and Settings\Admin\Data aplikací\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9046325565
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CS2\Services\Tcpip\..\{14F3FD09-A22B-474A-9BEC-22C14FD35333}: NameServer = 212.158.128.2,212.158.128.3
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Web'n'walk Manager mobile equipment installation service (ameisvc) - Gemfor s.r.o. - C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: ergonomic_firebird - Firebird Project - C:\Program Files\Ergonomic Soft\Ergonomic Setup Center\firebird\bin\fbserver.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 7131 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\ejc650u2.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}"=C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
"xz123@ya456.com"=C:\Program Files\BetterSurf\ff
"12x3q@3244516.com"=C:\Program Files\Better-Surf\ff
"ext@bettersurfplus.com"=C:\Program Files\BetterSurf\BetterSurfPlus\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.170 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.15.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll

C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\ejc650u2.default\extensions\
donottrackplus@abine.com
{20a82645-c095-46ed-80e3-08825760534b}
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\ejc650u2.default\searchplugins\
askcom.xml
daemon-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1824FF90-C98E-48A6-838F-E3B6572B0C77}]
Better Surf Plus - C:\Program Files\BetterSurf\BetterSurfPlus\ie\BetterSrf.dll [2013-12-09 86528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-03-01 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-03-01 170912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-01-13 131072]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-01-13 163840]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-01-13 135168]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
"AVG_UI"=C:\Program Files\AVG\AVG2013\avgui.exe [2013-09-23 4411952]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-11-22 16858112]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"WheelMouse"=C:\Program Files\A4Tech\Mouse\Amoumain.exe [2007-02-10 241664]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"cz.seznam.software.autoupdate"=C:\Documents and Settings\Admin\Data aplikací\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Documents and Settings\Admin\Data aplikací\Seznam.cz\bin\wszndesktop.exe [2013-04-12 92664]

C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-01-13 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\CNAB4RPK.EXE"="C:\WINDOWS\system32\CNAB4RPK.EXE:*:Enabled:Canon LBP2900 RPC Server Process"
"C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe"="C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\Mozilla Firefox\plugin-container.exe"="C:\Program Files\Mozilla Firefox\plugin-container.exe:*:Disabled:Plugin Container for Firefox"
"C:\Program Files\AVG\AVG2013\avgmfapx.exe"="C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\AVG\AVG2013\avgnsx.exe"="C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG2013\avgdiagex.exe"="C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostika 2013"
"C:\Program Files\AVG\AVG2013\avgemcx.exe"="C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Obecná kontrola pošty"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"VIDC.MJPG"=pvmjpg21.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-12-10 20:51:21 ----D---- C:\Program Files\trend micro
2013-12-10 20:51:18 ----D---- C:\rsit
2013-12-10 20:47:18 ----SHD---- C:\RECYCLER
2013-12-10 19:33:05 ----A---- C:\ComboFix.txt
2013-12-10 19:07:03 ----A---- C:\Boot.bak
2013-12-10 19:06:57 ----RASHD---- C:\cmdcons
2013-12-10 19:04:07 ----A---- C:\WINDOWS\zip.exe
2013-12-10 19:04:07 ----A---- C:\WINDOWS\SWXCACLS.exe
2013-12-10 19:04:07 ----A---- C:\WINDOWS\SWSC.exe
2013-12-10 19:04:07 ----A---- C:\WINDOWS\SWREG.exe
2013-12-10 19:04:07 ----A---- C:\WINDOWS\sed.exe
2013-12-10 19:04:07 ----A---- C:\WINDOWS\PEV.exe
2013-12-10 19:04:07 ----A---- C:\WINDOWS\NIRCMD.exe
2013-12-10 19:04:07 ----A---- C:\WINDOWS\MBR.exe
2013-12-10 19:04:07 ----A---- C:\WINDOWS\grep.exe
2013-12-10 19:03:52 ----D---- C:\Qoobox
2013-12-10 19:03:38 ----D---- C:\WINDOWS\erdnt
2013-11-26 07:58:21 ----D---- C:\Program Files\Better-Surf
2013-11-14 07:53:27 ----D---- C:\Program Files\BetterSurf
2013-11-13 20:44:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2868626$
2013-11-13 20:44:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2900986$
2013-11-13 20:44:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2862152$
2013-11-13 20:42:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2876331$

======List of files/folders modified in the last 1 month======

2013-12-10 20:51:21 ----RD---- C:\Program Files
2013-12-10 20:39:29 ----D---- C:\WINDOWS\Temp
2013-12-10 20:22:19 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-10 20:22:08 ----A---- C:\WINDOWS\system32\FlashPlayerInstaller.exe
2013-12-10 19:57:23 ----D---- C:\Documents and Settings\Admin\Data aplikací\Seznam.cz
2013-12-10 19:52:55 ----D---- C:\WINDOWS\system32
2013-12-10 19:52:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-10 19:52:40 ----D---- C:\WINDOWS\system32\CatRoot2
2013-12-10 19:50:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-12-10 19:31:48 ----SD---- C:\WINDOWS\Tasks
2013-12-10 19:28:50 ----D---- C:\WINDOWS
2013-12-10 19:28:50 ----A---- C:\WINDOWS\system.ini
2013-12-10 19:28:36 ----D---- C:\WINDOWS\system32\drivers\etc
2013-12-10 19:19:46 ----D---- C:\WINDOWS\system32\drivers
2013-12-10 19:19:45 ----D---- C:\WINDOWS\AppPatch
2013-12-10 19:19:43 ----D---- C:\Program Files\Common Files
2013-12-10 19:07:03 ----RASH---- C:\boot.ini
2013-12-10 19:03:48 ----D---- C:\WINDOWS\Prefetch
2013-12-10 17:17:15 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\MFAData
2013-12-08 18:21:46 ----D---- C:\Program Files\rajce
2013-12-04 17:48:30 ----SHD---- C:\WINDOWS\Installer
2013-12-04 17:48:28 ----D---- C:\Config.Msi
2013-11-14 07:53:33 ----HD---- C:\WINDOWS\inf
2013-11-13 20:44:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-11-13 20:44:25 ----A---- C:\WINDOWS\imsins.BAK
2013-11-13 20:43:59 ----D---- C:\Program Files\Internet Explorer
2013-11-13 20:43:48 ----D---- C:\WINDOWS\system32\cs-cz
2013-11-13 20:43:10 ----D---- C:\WINDOWS\ie7updates
2013-11-13 20:41:01 ----D---- C:\WINDOWS\system32\MRT
2013-11-13 20:32:14 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHX;AVGIDSHX; C:\WINDOWS\system32\DRIVERS\avgidshx.sys [2013-07-20 60216]
R0 Avglogx;AVG Logging Driver; C:\WINDOWS\system32\DRIVERS\avglogx.sys [2013-07-20 246072]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2013-07-01 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2013-09-05 39224]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-05-09 691696]
R1 Amfilter;A4Tech Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2007-01-24 8704]
R1 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys [2013-07-20 208184]
R1 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys [2013-09-10 22328]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2013-07-20 171320]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2013-03-21 182072]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2006-02-20 33408]
R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-05-15 37040]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-05-15 38576]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2007-02-11 13824]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-13 5672032]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-11-27 4630016]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-10-23 103296]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-05-15 118576]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 a0uhrw78;a0uhrw78; C:\WINDOWS\system32\drivers\a0uhrw78.sys []
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2006-01-11 13824]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 catchme;catchme; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2009-09-10 102528]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\WINDOWS\system32\DRIVERS\ewusbdev.sys [2009-10-12 100736]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-05-18 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2011-05-18 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2011-05-18 8192]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2013-08-29 26240]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2011-05-18 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ameisvc;Web'n'walk Manager mobile equipment installation service; C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2011-03-08 122608]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [2013-07-04 4939312]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [2013-07-23 283136]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ergonomic_firebird;ergonomic_firebird; C:\Program Files\Ergonomic Soft\Ergonomic Setup Center\firebird\bin\fbserver.exe [2010-05-28 2719744]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-05-15 1550896]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-03-01 170912]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-04-19 75304]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-15 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10 257416]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-03-18 947528]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-15 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-09-11 118680]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-08 271920]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]

-----------------EOF-----------------

dm32 píše:dle návodu jsem myslím úspěšně požil ComboFix

Ten navod a "prikaz" k pouziti Vam dal kdo??

Licencni podminky ComboFixu hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby"
Obrázek

Nebezpeci CFka

Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
Maze stopy po haveti, takze v logu z RSIT neni nic videt
Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Dejte mi jeho log, c:\combofix.txt

Jsem si vědom. Navíc tam mělo být že jsem neúspěšně použil CF. Omluva.

ComboFix 13-12-10.01 - Admin 10.12.2013 19:10:49.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.470 [GMT 1:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\Better-Surf\ie\BeTTersrf.dll
c:\program files\BetterSurf\ie\BeTTersurf.dll
c:\windows\iun6002.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3686717863965121.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\850e727d179bd932.fb
c:\windows\system32\Cache\8d96d3164bd8ac56.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\9b3dbc80ba6b9a23.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c0d3ba953e87bda5.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\c71ec969fc45a8f1.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f124020fe75251db.fb
c:\windows\system32\Cache\f73964f16cbef394.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\Cache\f9db66087486e897.fb
c:\windows\system32\embedded
c:\windows\system32\embedded\regsvr.exe
c:\windows\system32\SET93.tmp
c:\windows\system32\SET9A.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-11-10 do 2013-12-10 )))))))))))))))))))))))))))))))
.
.
2013-11-26 06:58 . 2013-11-26 06:58 -------- d-----w- c:\program files\Better-Surf
2013-11-14 06:53 . 2013-12-10 16:13 -------- d-----w- c:\program files\BetterSurf
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-20 07:16 . 2012-04-25 05:21 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-20 07:16 . 2011-05-31 11:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-13 07:56 . 2006-03-02 12:00 841216 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:56 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2013-10-13 07:56 . 2006-03-02 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:56 . 2006-03-02 12:00 17408 ------w- c:\windows\system32\corpol.dll
2013-10-12 15:57 . 2006-03-02 12:00 279552 ----a-w- c:\windows\system32\oakley.dll
2013-10-11 07:22 . 2013-10-11 07:22 17813896 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-10-09 13:13 . 2006-03-02 12:00 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 11:00 . 2006-03-02 12:00 606208 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:42 . 2008-05-05 05:25 7168 ----a-w- c:\windows\system32\xpsp4res.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{1824FF90-C98E-48A6-838F-E3B6572B0C77}]
2013-12-09 15:06 86528 ----a-w- c:\program files\BetterSurf\BetterSurfPlus\ie\BetterSrf.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cz.seznam.software.autoupdate"="c:\documents and settings\Admin\Data aplikací\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\documents and settings\Admin\Data aplikací\Seznam.cz\bin\wszndesktop.exe" [2013-04-12 92664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-09-22 4411952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-22 16858112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-02-10 241664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\CNAB4RPK.EXE"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19.4.2012 3:50 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21.9.2012 3:46 246072]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [19.1.2011 3:32 39224]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.4.2008 18:38 691696]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23.12.2011 12:32 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23.12.2011 12:32 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.1.2011 5:41 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [10.2.2011 6:54 182072]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [8.3.2011 18:38 122608]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [23.7.2013 18:09 283136]
R2 ergonomic_firebird;ergonomic_firebird;c:\program files\Ergonomic Soft\Ergonomic Setup Center\firebird\bin\fbserver.exe [28.5.2010 5:39 2719744]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [4.7.2013 14:53 4939312]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [11.1.2006 7:34 13824]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [8.5.2011 3:46 947528]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [16.4.2011 10:40 100736]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [29.7.2009 18:33 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [29.7.2009 18:34 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [29.7.2009 18:34 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [29.7.2009 18:34 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [29.7.2009 18:34 98568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 11:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-12-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 07:16]
.
2013-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-15 15:43]
.
2013-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-15 15:43]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 10.254.254.254 8.8.8.8
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\ejc650u2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: 2013-11-14 07:53; xz123@ya456.com; c:\program files\BetterSurf\ff
FF - ExtSQL: 2013-11-26 07:58; 12x3q@3244516.com; c:\program files\Better-Surf\ff
FF - ExtSQL: 2013-12-10 17:13; ext@bettersurfplus.com; c:\program files\BetterSurf\BetterSurfPlus\ff
FF - ExtSQL: !HIDDEN! 2010-12-03 10:52; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
user_pref(extensions.dntp.origin,'yotam_amo');
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Chess_is1 - c:\program files\Chess\unins000.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-HDMI - c:\windows\system32\igxpun.exe
AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
AddRemove-Mozilla Thunderbird (3.0.4) - c:\program files\Mozilla Thunderbird\uninstall\helper.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-10 19:28
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2013-12-10 19:33:04
ComboFix-quarantined-files.txt 2013-12-10 18:32
.
Před spuštěním: Volných bajtů: 40 681 193 472
Po spuštění: Volných bajtů: 45 788 069 888
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 6380AA32075F0C54076370CAC1DF19A4
413FC2A0C716421B3158746D63736515

Trvate na antiviru AVG - u nas neni moc obliben - vysoka zatez systemu, slabsi detekce

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Hotovo....

# AdwCleaner v3.014 - Report created 10/12/2013 at 21:31:49
# Updated 01/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Admin - ADMIN-BE49AA692
# Running from : C:\Documents and Settings\Admin\Plocha\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Ask
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Data aplikací\AVG Security Toolbar
Folder Deleted : C:\Program Files\BetterSurf
Folder Deleted : C:\Program Files\Better-Surf
Folder Deleted : C:\Program Files\DAEMON Tools Toolbar
Folder Deleted : C:\Documents and Settings\Admin\Local Settings\Data aplikací\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\Admin\Data aplikací\SwvUpdater
File Deleted : C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\ejc650u2.default\searchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\ejc650u2.default\searchplugins\daemon-search.xml
File Deleted : C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\ejc650u2.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [12x3q@3244516.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [xz123@ya456.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\ICQToolbar
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\BetterSurf
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.21359

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Prev Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Prev Search Bar]

-\\ Mozilla Firefox v24.0 (cs)

[ File : C:\Documents and Settings\LocalService\Data aplikací\Mozilla\Firefox\Profiles\1jn012vb.default\prefs.js ]

Line Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users.WINDOWS\\Data aplikací\\AVG Secure Search\\9.0.0.16");

[ File : C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\ejc650u2.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");

*************************

AdwCleaner[R0].txt - [6580 octets] - [10/12/2013 21:22:52]
AdwCleaner[S0].txt - [6577 octets] - [10/12/2013 21:31:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6637 octets] ##########

vyosek píše: Trvate na antiviru AVG - u nas neni moc obliben - vysoka zatez systemu, slabsi detekce

Děkuji mockrát.
Jasně že netvrvám na AVG, pokud mi doporučíte něco jiného...

Avg je spise parodie na antivir

Odinstalujte Avg a pak pouzijte jeste http://download.avg.com/filedir/util/av ... 3_3341.exe

Nainstalujte Avast Free http://www.avast.com/get/gWR5mo92

Dejte log dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100

Hotovo...

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-12-2013
Ran by Admin (administrator) on ADMIN-BE49AA692 on 12-12-2013 10:45:26
Running from C:\Documents and Settings\Admin\Plocha
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Firebird Project) C:\Program Files\Ergonomic Soft\Ergonomic Setup Center\firebird\bin\fbserver.exe
(Nero AG) C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Gemfor s.r.o.) C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
(CANON INC.) C:\WINDOWS\system32\CNAB4RPK.EXE
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Nokia) C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(A4Tech Co.,Ltd.) C:\Program Files\A4Tech\Mouse\Amoumain.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
() C:\Documents and Settings\Admin\Data aplikací\Seznam.cz\bin\szndesktop.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(forum.viry.cz) C:\Documents and Settings\Admin\Plocha\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [BluetoothAuthenticationAgent] - rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [NokiaMServer] - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.exe [16858112 2007-11-22] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [seznam-listicka-distribuce] - C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Run: [WheelMouse] - C:\Program Files\A4Tech\Mouse\Amoumain.exe [241664 2007-02-10] (A4Tech Co.,Ltd.)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-12-12] (AVAST Software)
HKCU\...\Run: [cz.seznam.software.autoupdate] - C:\Documents and Settings\Admin\Data aplikací\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKCU\...\Run: [cz.seznam.software.szndesktop] - C:\Documents and Settings\Admin\Data aplikací\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-12] (Google Inc.)
Startup: C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Better Surf Plus - {1824FF90-C98E-48A6-838F-E3B6572B0C77} - C:\Program Files\BetterSurf\BetterSurfPlus\ie\BetterSrf.dll No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/s ... wflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.254.254.254 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\ejc650u2.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: DoNotTrackMe - C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\ejc650u2.default\Extensions\donottrackplus@abine.com
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\ejc650u2.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Seznam lištička - C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\ejc650u2.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF Extension: personas - C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\ejc650u2.default\Extensions\personas@christopher.beard.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
FF HKLM\...\Firefox\Extensions: [ext@bettersurfplus.com] - C:\Program Files\BetterSurf\BetterSurfPlus\ff
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\

Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: google.cz
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Extension: (Docs) - C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (avast! Online Security) - C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0
CHR Extension: (Google Wallet) - C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx

========================== Services (Whitelisted) =================

R2 ameisvc; C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe [122608 2011-03-08] (Gemfor s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-12] (AVAST Software)
R2 ergonomic_firebird; C:\Program Files\Ergonomic Soft\Ergonomic Setup Center\firebird\bin\fbserver.exe [2719744 2010-05-28] (Firebird Project)
R2 InCDsrv; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [1550896 2007-05-15] (Nero AG)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

R1 Amfilter; C:\Windows\System32\DRIVERS\Amfilter.sys [8704 2007-01-24] (A4Tech Co.,Ltd.)
S3 Amps2prt; C:\Windows\System32\DRIVERS\Amps2prt.sys [13824 2006-01-11] (A4Tech Co.,Ltd.)
R3 Amusbprt; C:\Windows\System32\DRIVERS\Amusbprt.sys [13824 2007-02-11] (A4Tech Co.,Ltd.)
R2 aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [35656 2013-12-12] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2013-12-12] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2013-12-12] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-12-12] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [774392 2013-12-12] (AVAST Software)
S1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [403440 2013-12-12] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2013-12-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-12-12] ()
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation)
R4 InCDfs; C:\Windows\System32\drivers\InCDFs.sys [118576 2007-05-15] (Nero AG)
R1 InCDPass; C:\Windows\System32\drivers\InCDPass.sys [37040 2007-05-15] (Nero AG)
U1 InCDrec; C:\Windows\System32\Drivers\InCDrec.sys [16304 2007-05-15] (Nero AG)
R1 incdrm; C:\Windows\System32\drivers\InCDRm.sys [38576 2007-05-15] (Nero AG)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-05-09] ()
U3 a3o8p1gj; C:\Windows\System32\Drivers\a3o8p1gj.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys [x]
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [113280 2009-10-20] (Huawei Technologies Co., Ltd.)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-12 10:45 - 2013-12-12 10:45 - 00014929 _____ C:\Documents and Settings\Admin\Plocha\FRST.txt
2013-12-12 10:44 - 2013-12-12 10:44 - 00000000 ____D C:\FRST
2013-12-12 10:39 - 2013-12-12 10:39 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Admin\Plocha\FRSTLauncher.exe
2013-12-12 10:38 - 2013-12-12 10:38 - 01060373 _____ (Farbar) C:\Documents and Settings\Admin\Plocha\FRST.exe
2013-12-12 10:25 - 2013-12-12 10:25 - 00000000 ____D C:\Documents and Settings\Admin\Data aplikací\AVAST Software
2013-12-12 10:23 - 2013-12-12 10:35 - 00000362 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-12-12 10:23 - 2013-12-12 10:23 - 00001733 _____ C:\Documents and Settings\All Users.WINDOWS\Plocha\avast! Free Antivirus.lnk
2013-12-12 10:23 - 2013-12-12 10:23 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Avast
2013-12-12 10:23 - 2013-12-12 10:23 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Google
2013-12-12 10:22 - 2013-12-12 10:22 - 00001813 _____ C:\Documents and Settings\All Users.WINDOWS\Plocha\Google Chrome.lnk
2013-12-12 10:22 - 2013-12-12 10:22 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Google Chrome
2013-12-12 10:21 - 2013-12-12 10:35 - 00403440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2013-12-12 10:21 - 2013-12-12 10:21 - 00774392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-12-12 10:21 - 2013-12-12 10:21 - 00403440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.1386840902
2013-12-12 10:21 - 2013-12-12 10:21 - 00269216 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-12-12 10:21 - 2013-12-12 10:21 - 00178304 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-12-12 10:21 - 2013-12-12 10:21 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-12-12 10:21 - 2013-12-12 10:21 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-12-12 10:21 - 2013-12-12 10:21 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2013-12-12 10:21 - 2013-12-12 10:21 - 00049944 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-12-12 10:21 - 2013-12-12 10:21 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-12-12 10:21 - 2013-12-12 10:21 - 00035656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-12-12 10:20 - 2013-12-12 10:20 - 00000000 ____D C:\Program Files\AVAST Software
2013-12-12 10:20 - 2013-12-12 10:20 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Data aplikací\AVAST Software
2013-12-11 18:06 - 2013-12-11 18:06 - 00011913 _____ C:\WINDOWS\KB2904266.log
2013-12-11 18:06 - 2013-12-11 18:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-11 18:06 - 2013-12-11 18:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-11 17:57 - 2013-12-11 17:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-11 17:57 - 2013-12-11 17:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-11 17:57 - 2013-12-11 17:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-11 17:15 - 2013-12-11 18:06 - 00017170 _____ C:\WINDOWS\KB2898715.log
2013-12-11 17:15 - 2013-12-11 17:57 - 00016402 _____ C:\WINDOWS\KB2893984.log
2013-12-11 17:15 - 2013-12-11 17:57 - 00015987 _____ C:\WINDOWS\KB2893294.log
2013-12-11 17:15 - 2013-12-11 17:57 - 00015121 _____ C:\WINDOWS\KB2892075.log
2013-12-11 17:14 - 2013-12-11 17:57 - 00107242 _____ C:\WINDOWS\KB2898785-IE7.log
2013-12-10 21:22 - 2013-12-10 21:31 - 00000000 ____D C:\AdwCleaner
2013-12-10 21:19 - 2013-12-10 21:19 - 01110034 _____ C:\Documents and Settings\Admin\Plocha\adwcleaner.exe
2013-12-10 20:51 - 2013-12-10 20:52 - 00000000 ____D C:\rsit
2013-12-10 20:51 - 2013-12-10 20:52 - 00000000 ____D C:\Program Files\trend micro
2013-12-10 20:48 - 2013-12-10 20:48 - 00781383 _____ C:\Documents and Settings\Admin\Plocha\RSIT.exe
2013-12-10 19:33 - 2013-12-10 19:33 - 00013946 _____ C:\ComboFix.txt
2013-12-10 19:07 - 2008-04-24 20:48 - 00000211 _____ C:\Boot.bak
2013-12-10 19:06 - 2013-12-10 19:07 - 00000000 _RSHD C:\cmdcons
2013-12-10 19:06 - 2004-08-03 23:00 - 00261312 __RSH C:\cmldr
2013-12-10 19:04 - 2011-06-26 07:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-12-10 19:04 - 2010-11-07 18:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-12-10 19:04 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-12-10 19:04 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-12-10 19:04 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-12-10 19:04 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-12-10 19:04 - 2000-08-31 01:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-12-10 19:04 - 2000-08-31 01:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-12-10 19:04 - 2000-08-31 01:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-12-10 19:03 - 2013-12-10 19:33 - 00000000 ____D C:\Qoobox
2013-12-10 19:03 - 2013-12-10 19:31 - 00000000 ____D C:\WINDOWS\erdnt
2013-12-10 18:53 - 2013-12-10 18:53 - 05153140 ____R (Swearware) C:\Documents and Settings\Admin\Plocha\ComboFix.exe
2013-12-03 22:21 - 2013-12-03 22:29 - 00000000 ____D C:\Documents and Settings\Admin\Dokumenty\Obchod
2013-12-02 13:20 - 2013-12-03 20:03 - 00000000 ____D C:\Documents and Settings\Admin\Plocha\zabíjačka u Dufína 11-2013
2013-11-13 20:44 - 2013-11-13 20:44 - 00011200 _____ C:\WINDOWS\KB2900986.log
2013-11-13 20:44 - 2013-11-13 20:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-13 20:44 - 2013-11-13 20:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-13 20:44 - 2013-11-13 20:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-13 20:42 - 2013-12-12 10:12 - 00067292 _____ C:\WINDOWS\setupapi.log
2013-11-13 20:42 - 2013-11-13 20:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-13 20:02 - 2013-11-13 20:44 - 00017100 _____ C:\WINDOWS\KB2868626.log
2013-11-13 20:02 - 2013-11-13 20:44 - 00015985 _____ C:\WINDOWS\KB2862152.log
2013-11-13 20:01 - 2013-11-13 20:44 - 00106194 _____ C:\WINDOWS\KB2888505-IE7.log
2013-11-13 20:01 - 2013-11-13 20:42 - 00009561 _____ C:\WINDOWS\KB2876331.log

==================== One Month Modified Files and Folders =======

2013-12-12 10:45 - 2013-12-12 10:45 - 00014929 _____ C:\Documents and Settings\Admin\Plocha\FRST.txt
2013-12-12 10:45 - 2008-04-24 20:56 - 00000000 ____D C:\Documents and Settings\Admin\Plocha
2013-12-12 10:44 - 2013-12-12 10:44 - 00000000 ____D C:\FRST
2013-12-12 10:44 - 2008-04-24 20:56 - 00000000 ___HD C:\Documents and Settings\Admin\Local Settings\Data aplikací
2013-12-12 10:39 - 2013-12-12 10:39 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Admin\Plocha\FRSTLauncher.exe
2013-12-12 10:39 - 2010-01-14 13:26 - 00000000 ____D C:\Documents and Settings\Admin\Dokumenty\Stažené soubory
2013-12-12 10:38 - 2013-12-12 10:38 - 01060373 _____ (Farbar) C:\Documents and Settings\Admin\Plocha\FRST.exe
2013-12-12 10:35 - 2013-12-12 10:23 - 00000362 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-12-12 10:35 - 2013-12-12 10:21 - 00403440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2013-12-12 10:35 - 2008-04-24 20:56 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-12-12 10:25 - 2013-12-12 10:25 - 00000000 ____D C:\Documents and Settings\Admin\Data aplikací\AVAST Software
2013-12-12 10:25 - 2010-10-15 16:43 - 00000000 ____D C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google
2013-12-12 10:25 - 2008-04-24 20:56 - 00000000 __RHD C:\Documents and Settings\Admin\Data aplikací
2013-12-12 10:23 - 2013-12-12 10:23 - 00001733 _____ C:\Documents and Settings\All Users.WINDOWS\Plocha\avast! Free Antivirus.lnk
2013-12-12 10:23 - 2013-12-12 10:23 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Avast
2013-12-12 10:23 - 2013-12-12 10:23 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Google
2013-12-12 10:23 - 2009-09-16 19:25 - 00000000 ____D C:\Program Files\Google
2013-12-12 10:23 - 2008-04-24 22:45 - 00000000 ___RD C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy
2013-12-12 10:23 - 2008-04-24 22:45 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Plocha
2013-12-12 10:23 - 2008-04-24 22:43 - 00000000 __RHD C:\Documents and Settings\All Users.WINDOWS\Data aplikací
2013-12-12 10:22 - 2013-12-12 10:22 - 00001813 _____ C:\Documents and Settings\All Users.WINDOWS\Plocha\Google Chrome.lnk
2013-12-12 10:22 - 2013-12-12 10:22 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Google Chrome
2013-12-12 10:21 - 2013-12-12 10:21 - 00774392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-12-12 10:21 - 2013-12-12 10:21 - 00403440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.1386840902
2013-12-12 10:21 - 2013-12-12 10:21 - 00269216 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-12-12 10:21 - 2013-12-12 10:21 - 00178304 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-12-12 10:21 - 2013-12-12 10:21 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-12-12 10:21 - 2013-12-12 10:21 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-12-12 10:21 - 2013-12-12 10:21 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2013-12-12 10:21 - 2013-12-12 10:21 - 00049944 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-12-12 10:21 - 2013-12-12 10:21 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-12-12 10:21 - 2013-12-12 10:21 - 00035656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-12-12 10:21 - 2012-04-25 06:21 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-12 10:20 - 2013-12-12 10:20 - 00000000 ____D C:\Program Files\AVAST Software
2013-12-12 10:20 - 2013-12-12 10:20 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Data aplikací\AVAST Software
2013-12-12 10:17 - 2013-06-13 10:18 - 00000000 ____D C:\Documents and Settings\Admin\Data aplikací\Seznam.cz
2013-12-12 10:13 - 2008-04-24 22:37 - 01018554 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-12 10:13 - 2008-04-24 20:52 - 01673335 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-12 10:12 - 2013-11-13 20:42 - 00067292 _____ C:\WINDOWS\setupapi.log
2013-12-12 10:12 - 2009-05-26 18:31 - 00000000 ____D C:\Program Files\AVG
2013-12-12 10:12 - 2008-04-24 22:47 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-12-12 10:12 - 2008-04-24 22:47 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-12-12 10:11 - 2010-10-15 16:43 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-12 10:11 - 2008-04-24 20:56 - 00032444 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-12 10:11 - 2008-04-24 20:56 - 00000272 ___SH C:\Documents and Settings\Admin\ntuser.ini
2013-12-12 10:11 - 2008-04-24 20:56 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-12 10:07 - 2010-10-15 16:43 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-12 08:13 - 2008-04-24 22:33 - 00160344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-11 18:06 - 2013-12-11 18:06 - 00011913 _____ C:\WINDOWS\KB2904266.log
2013-12-11 18:06 - 2013-12-11 18:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-11 18:06 - 2013-12-11 18:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-11 18:06 - 2013-12-11 17:15 - 00017170 _____ C:\WINDOWS\KB2898715.log
2013-12-11 18:06 - 2013-07-17 16:07 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-11 18:06 - 2008-05-15 21:47 - 00645028 _____ C:\WINDOWS\system32\TZLog.log
2013-12-11 18:06 - 2008-05-15 21:46 - 00414820 _____ C:\WINDOWS\updspapi.log
2013-12-11 18:06 - 2008-04-24 22:37 - 02798506 _____ C:\WINDOWS\FaxSetup.log
2013-12-11 18:06 - 2008-04-24 22:37 - 01339080 _____ C:\WINDOWS\ocgen.log
2013-12-11 18:06 - 2008-04-24 22:37 - 01072007 _____ C:\WINDOWS\tsoc.log
2013-12-11 18:06 - 2008-04-24 22:37 - 00923143 _____ C:\WINDOWS\comsetup.log
2013-12-11 18:06 - 2008-04-24 22:37 - 00559881 _____ C:\WINDOWS\ntdtcsetup.log
2013-12-11 18:06 - 2008-04-24 22:37 - 00445534 _____ C:\WINDOWS\iis6.log
2013-12-11 18:06 - 2008-04-24 22:37 - 00170462 _____ C:\WINDOWS\ocmsn.log
2013-12-11 18:06 - 2008-04-24 22:37 - 00140075 _____ C:\WINDOWS\msgsocm.log
2013-12-11 18:06 - 2008-04-24 22:37 - 00001393 _____ C:\WINDOWS\imsins.log
2013-12-11 18:06 - 2008-04-24 22:37 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-12-11 17:57 - 2013-12-11 17:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-11 17:57 - 2013-12-11 17:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-11 17:57 - 2013-12-11 17:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-11 17:57 - 2013-12-11 17:15 - 00016402 _____ C:\WINDOWS\KB2893984.log
2013-12-11 17:57 - 2013-12-11 17:15 - 00015987 _____ C:\WINDOWS\KB2893294.log
2013-12-11 17:57 - 2013-12-11 17:15 - 00015121 _____ C:\WINDOWS\KB2892075.log
2013-12-11 17:57 - 2013-12-11 17:14 - 00107242 _____ C:\WINDOWS\KB2898785-IE7.log
2013-12-11 17:57 - 2008-06-14 21:07 - 88123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-11 17:56 - 2008-06-14 21:09 - 00000000 ____D C:\WINDOWS\ie7updates
2013-12-11 09:58 - 2008-04-24 17:08 - 00002559 _____ C:\Documents and Settings\Admin\Plocha\Microsoft Word (2).lnk
2013-12-11 09:42 - 2012-07-19 09:17 - 00000000 ____D C:\Documents and Settings\Admin\Plocha\Z-Tajné +Exekuce
2013-12-10 21:31 - 2013-12-10 21:22 - 00000000 ____D C:\AdwCleaner
2013-12-10 21:19 - 2013-12-10 21:19 - 01110034 _____ C:\Documents and Settings\Admin\Plocha\adwcleaner.exe
2013-12-10 20:52 - 2013-12-10 20:51 - 00000000 ____D C:\rsit
2013-12-10 20:52 - 2013-12-10 20:51 - 00000000 ____D C:\Program Files\trend micro
2013-12-10 20:48 - 2013-12-10 20:48 - 00781383 _____ C:\Documents and Settings\Admin\Plocha\RSIT.exe
2013-12-10 20:22 - 2013-10-11 08:22 - 08699272 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2013-12-10 20:22 - 2012-04-25 06:21 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-10 20:22 - 2011-05-31 12:58 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-10 19:33 - 2013-12-10 19:33 - 00013946 _____ C:\ComboFix.txt
2013-12-10 19:33 - 2013-12-10 19:03 - 00000000 ____D C:\Qoobox
2013-12-10 19:31 - 2013-12-10 19:03 - 00000000 ____D C:\WINDOWS\erdnt
2013-12-10 19:28 - 2006-03-02 13:00 - 00000264 _____ C:\WINDOWS\system.ini
2013-12-10 19:07 - 2013-12-10 19:06 - 00000000 _RSHD C:\cmdcons
2013-12-10 19:07 - 2008-04-24 22:32 - 00000327 __RSH C:\boot.ini
2013-12-10 18:53 - 2013-12-10 18:53 - 05153140 ____R (Swearware) C:\Documents and Settings\Admin\Plocha\ComboFix.exe
2013-12-09 09:36 - 2008-05-08 20:46 - 00000000 ____D C:\Documents and Settings\Admin\Plocha\Music - Nik
2013-12-08 18:21 - 2009-01-12 10:30 - 00000000 ____D C:\Program Files\rajce
2013-12-08 18:11 - 2009-06-04 13:15 - 00000000 ____D C:\Documents and Settings\Admin\Plocha\Nik - Reality
2013-12-08 18:08 - 2008-04-24 21:10 - 00002467 _____ C:\Documents and Settings\Admin\Plocha\Microsoft PowerPoint.lnk
2013-12-08 18:01 - 2008-04-24 20:56 - 00000000 ___RD C:\Documents and Settings\Admin\Dokumenty
2013-12-08 17:39 - 2010-08-30 14:51 - 00066048 ___SH C:\Documents and Settings\Admin\Dokumenty\Thumbs.db
2013-12-08 15:27 - 2006-03-02 13:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2013-12-06 11:56 - 2008-04-24 20:50 - 00154845 _____ C:\WINDOWS\wmsetup.log
2013-12-03 22:29 - 2013-12-03 22:21 - 00000000 ____D C:\Documents and Settings\Admin\Dokumenty\Obchod
2013-12-03 20:04 - 2013-11-08 11:07 - 00000000 ____D C:\Documents and Settings\Admin\Plocha\Obchůdek den D
2013-12-03 20:03 - 2013-12-02 13:20 - 00000000 ____D C:\Documents and Settings\Admin\Plocha\zabíjačka u Dufína 11-2013
2013-12-03 20:03 - 2008-10-15 13:29 - 00864766 ___SH C:\Documents and Settings\Admin\Plocha\Thumbs.db
2013-12-02 13:27 - 2008-11-20 15:13 - 00000000 ___RD C:\Documents and Settings\Admin\Dokumenty\Filmy
2013-11-28 09:12 - 2011-06-06 13:52 - 00000000 ____D C:\Documents and Settings\Admin\Plocha\Posel-Sreality
2013-11-20 08:16 - 2008-04-30 17:21 - 00000000 ____D C:\Documents and Settings\Admin\Local Settings\Data aplikací\Adobe
2013-11-19 11:03 - 2008-04-24 22:45 - 00000000 ___RD C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění
2013-11-13 20:44 - 2013-11-13 20:44 - 00011200 _____ C:\WINDOWS\KB2900986.log
2013-11-13 20:44 - 2013-11-13 20:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-13 20:44 - 2013-11-13 20:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-13 20:44 - 2013-11-13 20:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-13 20:44 - 2013-11-13 20:02 - 00017100 _____ C:\WINDOWS\KB2868626.log
2013-11-13 20:44 - 2013-11-13 20:02 - 00015985 _____ C:\WINDOWS\KB2862152.log
2013-11-13 20:44 - 2013-11-13 20:01 - 00106194 _____ C:\WINDOWS\KB2888505-IE7.log
2013-11-13 20:42 - 2013-11-13 20:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-13 20:42 - 2013-11-13 20:01 - 00009561 _____ C:\WINDOWS\KB2876331.log
2013-11-13 13:24 - 2012-06-15 11:31 - 01088793 _____ C:\WINDOWS\setupapi.log.1.old
2013-11-13 04:00 - 2012-02-29 15:10 - 00150528 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imagehlp.dll
2013-11-13 04:00 - 2006-03-02 13:00 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2013-11-13 02:13 - 2007-11-13 12:31 - 00046080 ____N (Microsoft Corporation) C:\WINDOWS\system32\tzchange.exe

Some content of TEMP:
====================
C:\Documents and Settings\Admin\Local Settings\Temp\GoogleUpdateSetup_1.3.21.169.exe
C:\Documents and Settings\Admin\Local Settings\Temp\NEventMessages.dll
C:\Documents and Settings\Admin\Local Settings\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2006-03-02 13:00] - [2008-04-14 04:22] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1

C:\Windows\System32\winlogon.exe
[2006-03-02 13:00] - [2008-04-14 04:22] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea

C:\Windows\System32\svchost.exe
[2006-03-02 13:00] - [2008-04-14 04:22] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93

C:\Windows\System32\services.exe
[2006-03-02 13:00] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 9ef697af07bb8dd82c3b02ca953a95b7

C:\Windows\System32\User32.dll
[2006-03-02 13:00] - [2008-04-14 04:22] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53

C:\Windows\System32\userinit.exe
[2006-03-02 13:00] - [2008-04-14 04:22] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239

C:\Windows\System32\Drivers\volsnap.sys
[2006-03-02 13:00] - [2008-04-14 03:12] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:149.04 GB) (Free:42.67 GB) NTFS ==>[Drive with boot components (Windows XP)]

Available physical RAM: 522.98 MB
Total physical RAM: 1015.23 MB
Percentage of memory in use: 48%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 149 GB) (Disk ID: 3E0322E2)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Admin\Plocha" je 56092 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\CNAB4RPK.EXE"="C:\\WINDOWS\\system32\\CNAB4RPK.EXE:*:Enabled:Canon LBP2900 RPC Server Process"
"C:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"="C:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2"
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"="C:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe:*:Enabled:Google Earth"
"C:\\Program Files\\Mozilla Firefox\\plugin-container.exe"="C:\\Program Files\\Mozilla Firefox\\plugin-container.exe:*:Disabled:Plugin Container for Firefox"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000

==================== End Of Log ==============================

Tohle neni OK, na plose maji byt defakto jen zastupci

Velikost slozky "C:\Documents and Settings\Admin\Plocha" je 56092 MB.

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
HKLM\...\Run: [NokiaMServer] - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [seznam-listicka-distribuce] - C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKCU\...\Run: [cz.seznam.software.autoupdate] - C:\Documents and Settings\Admin\Data aplikací\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKCU\...\Run: [cz.seznam.software.szndesktop] - C:\Documents and Settings\Admin\Data aplikací\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-12] (Google Inc.)
Startup: C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk

HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

FF Plugin HKCU: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
FF HKLM\...\Firefox\Extensions: [ext@bettersurfplus.com] - C:\Program Files\BetterSurf\BetterSurfPlus\ff

CHR HKLM\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx

C:\Documents and Settings\Admin\Local Settings\Temp\GoogleUpdateSetup_1.3.21.169.exe
C:\Documents and Settings\Admin\Local Settings\Temp\NEventMessages.dll
C:\Documents and Settings\Admin\Local Settings\Temp\Quarantine.exe
C:\Program Files\BetterSurf

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Hosts:
CMD: shutdown /r /f /t 2

End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

Několik složek z plochy jsem přesunul.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-12-2013
Ran by Admin at 2013-12-12 14:42:55 Run:1
Running from C:\Documents and Settings\Admin\Plocha
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [NokiaMServer] - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [seznam-listicka-distribuce] - C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKCU\...\Run: [cz.seznam.software.autoupdate] - C:\Documents and Settings\Admin\Data aplikací\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKCU\...\Run: [cz.seznam.software.szndesktop] - C:\Documents and Settings\Admin\Data aplikací\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-12] (Google Inc.)
Startup: C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk

HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

FF Plugin HKCU: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
FF HKLM\...\Firefox\Extensions: [ext@bettersurfplus.com] - C:\Program Files\BetterSurf\BetterSurfPlus\ff

CHR HKLM\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx

C:\Documents and Settings\Admin\Local Settings\Temp\GoogleUpdateSetup_1.3.21.169.exe
C:\Documents and Settings\Admin\Local Settings\Temp\NEventMessages.dll
C:\Documents and Settings\Admin\Local Settings\Temp\Quarantine.exe
C:\Program Files\BetterSurf

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Hosts:
CMD: shutdown /r /f /t 2

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NokiaMServer => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.szndesktop => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\MSMSGS => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\swg => Value deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk => Moved successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Bar => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer => Key deleted successfully.
C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll not found.
HKLM\Software\Mozilla\Firefox\Extensions\\ext@bettersurfplus.com => Value deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\mmifolfpllfdhilecpdpmemhelmanajl => Key deleted successfully.
"C:\Program Files\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx" => File/Directory not found.
C:\Documents and Settings\Admin\Local Settings\Temp\GoogleUpdateSetup_1.3.21.169.exe => Moved successfully.
C:\Documents and Settings\Admin\Local Settings\Temp\NEventMessages.dll => Moved successfully.
C:\Documents and Settings\Admin\Local Settings\Temp\Quarantine.exe => Moved successfully.
"C:\Program Files\BetterSurf" => File/Directory not found.
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\WINDOWS\Tasks\avast! Emergency Update.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r /f /t 2 =========

========= End of CMD: =========

==== End of Fixlog ====

Jak se chova PC

Docela o.k.,
reklamy nikde, snad je to trochu i rychlejší, Avast taky o.k.,
Teď mám na ploše několik programů a nevím co s nimi. Smazat? Nechat a občas použít?
ComboFix.exe a jeho log.txt, RSIT.exe, FRSTLauncher a Fixlog.txt, adwcleaner, Avast zástupce, Addition.txt, Addition.rar,

VIRY.CZ

vyskakující reklama, help...

vyskakující reklama, help...

Re: vyskakující reklama, help...

Re: vyskakující reklama, help...

Re: vyskakující reklama, help...

Re: vyskakující reklama, help...

Re: vyskakující reklama, help...

Re: vyskakující reklama, help...

Re: vyskakující reklama, help...

Re: vyskakující reklama, help...

Re: vyskakující reklama, help...

Re: vyskakující reklama, help...

Re: vyskakující reklama, help...

Re: vyskakující reklama, help...

Re: vyskakující reklama, help...

Re: vyskakující reklama, help...