VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

prosim o kontrolu, podozrivy vyhladavac v prehliadaci atd...

https://forum.viry.cz:443/viewtopic.php?t=134790

Stránka 1 z 3

prosim o kontrolu, podozrivy vyhladavac v prehliadaci atd...

Napsal: 17 pro 2013 21:42
od janci100
Dobry vecer prajem,
chcem Vas poprosit o pomoc a kontrolu logu, mam podozrenie, ze mam v PC nevitaneho hosta :(
Uz dlhsie som mal dost spomaleny PC (nestihala hlavne RAM), ale pripisoval som to tomu, ze na Mozzile
mavam niekedy otvorenych aj 100 kariet naraz... :?: casom som ale dostal podozrenie ze to nie je len
tym - uz ani neviem preco. Pred cca tyzdnom mi free avast zobrazil hlasenie, ze nie vsetky AV protokoly
su funkcne (asi 3 z 5, uz neviem ktore) a pri nejakom dalsom vypinani PC naskocila hlaska ze nie je mozne
PC vypnut, lebo je pripojeny nejaky uzivatel. Mozzila mi vo vyhladavacich moduloch ponukala aj
nejake, ktore tam myslim predtym neboli a vyhladavac sa sam od seba zmenil z googlu na yahoo! yahoo
bolo v moduloch dvakrat - raz s vykricnikom a raz bez. tak som ho (ich) z zvyhladavacov odstaranil, po
restarte tam ale bol znova... Ked som to zopakoval, tak tam uz nie je, ale vyhlavacia stranka (resp. nova
karta v mozzile je akasi zvlastna, prikladam screen - mam na mysli to druhe vyhladavacie okienko).
pred par dnami som odinstaloval avast a nainstaloval comodo, precistil som PC pomocou CCleanera a Abexo
a AdvancedSystemCare7, nechal bezat comodo. nieco mi nasiel, uz neviem co, pri dalsej kontrole nasiel
akysi Rootkit.HiddeeFile, Defence+ blokuje Secure Speed dial\IE\Secure Update.exe a Goofle\Updadte\GoofleUpdadte.exe
no je mozne ze tie veci som dal blokovat ja. Nastavil som totiz paranoidny rezim a vsetky povolenia robim rucne.
Vymazal som aj vacsinu bodov navratu, v task managerovi som povypinal nejake procesy, v CCleaneri som
v startup nastaveni vsetko zakazal. Len Comodo nie, no to mi ale pri starte nenabieha a zapinam ho kliknutim
na ikonu... (netusim preco, na 99% som ho v startup nezakazal). zakazal som ten Update od google, lebo
vydavatel bol niekde napisany len Google ale niekde Google Inc., sa mi to zdalo podozrive. Neviem ci som
nenarobil viac skody ako osohu, no chcel som to skusit opravit sam... :o :?: :roll: prikladam log RSIT:
Vopred vdaka a ospravedlnujem sa za tie zasahy co som porobil, snad to nebude prilis na skodu. :(

Logfile of random's system information tool 1.09 (written by random/random)
Run by uzivatel at 2013-12-17 20:46:40
Microsoft Windows XP Professional Service Pack 3
System drive C: has 151 GB (76%) free of 200 GB
Total RAM: 1992 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:47:05, on 17. 12. 2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\LGScsiCommandService.exe
C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\uzivatel\Desktop\RSIT.exe
C:\Program Files\trend micro\uzivatel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - (no file)
O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LG SCSI command service (LGScsiCommandService) - Mobile Leader Co.,Ltd. - C:\WINDOWS\system32\LGScsiCommandService.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: SecureUpdate (SecureUpdateSvc) - Unknown owner - C:\Program Files\Secure Speed Dial\IE\SecureUpdate.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe

--
End of file - 6254 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\ASC7_PerformanceMonitor.job
C:\WINDOWS\tasks\Driver Booster Scan.job
C:\WINDOWS\tasks\Driver Booster Update.job
C:\WINDOWS\tasks\SmartDefragUpdate.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\na5dec9c.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "extensions.enabledItems" - "{AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906, jqs@sun.com:1.0, fbdislike@doweb.fr:1.2.3, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.2, bkmrksync@nokia.com:1.0.0.736, {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.117 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=Doplnok iTunes Detector
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
flvtube@flvtube.com

C:\Program Files\Mozilla Firefox\components\
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
babylon.xml
yahoo.xml

C:\Documents and Settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\na5dec9c.default\extensions\
adsremoval@adsremoval.net
anttoolbar@ant.com
ascsurfingprotection@iobit.com
speeddial@instair.net
{58d2a791-6199-482f-a9aa-9b725ec61362}
{bee6eb20-01e0-ebd1-da83-080329fb9a3a}

C:\Documents and Settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\na5dec9c.default\searchplugins\
daemon-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
ExplorerWnd Helper - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2013-12-02 752448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-23 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}]
Advanced SystemCare Browser Protection - C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL [2013-10-17 669504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-23 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{10921475-03CE-4E04-90CE-E2E7EF20C814} - ExplorerWnd Helper - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2013-12-02 752448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2013-12-10 20145368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 7]
C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe [2013-11-11 2283808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare Ultimate]
C:\Program Files\IObit\Advanced SystemCare Ultimate\ASCTray.exe /AutoStart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2013-12-10 64104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-09-13 59720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\BitTorrent.exe [2013-05-02 882520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2013-10-27 171328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2013-10-27 136512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Malware Fighter]
C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [2013-11-19 1572672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2013-10-01 152392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 169984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe [2013-10-27 148288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2013-12-10 20145368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe /Background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ExifLauncher2.lnk]
C:\PROGRA~1\FINEPI~1\QUICKD~1.EXE [2007-01-30 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uzivatel^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2010-02-16 384512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2013-10-27 214528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CLPSLS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=157
"NoInstrumentation"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe"="C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine"
"C:\Program Files\BitTorrent\BitTorrent.exe"="C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent"
"C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.2045\Agent.exe"="C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.2045\Agent.exe:*:Enabled:Battle.net Update Agent"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.2328\Agent.exe"="C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.2328\Agent.exe:*:Enabled:Battle.net Update Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-12-17 17:32:50 ----D---- C:\Program Files\trend micro
2013-12-17 17:32:45 ----D---- C:\rsit
2013-12-11 19:03:58 ----A---- C:\WINDOWS\system32\SmartDefragBootTime.exe
2013-12-10 14:35:19 ----D---- C:\Documents and Settings\uzivatel\Application Data\Search Settings
2013-12-10 14:34:59 ----D---- C:\Program Files\Application Updater
2013-12-09 23:00:51 ----HD---- C:\VritualRoot
2013-12-09 19:38:16 ----A---- C:\WINDOWS\system32\cmdcsr.dll
2013-12-09 15:15:34 ----D---- C:\Documents and Settings\All Users\Application Data\COMODO
2013-12-09 15:15:29 ----A---- C:\WINDOWS\system32\drivers\sfi.dat
2013-12-09 15:13:10 ----D---- C:\Program Files\COMODO
2013-12-09 15:11:54 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
2013-12-08 07:37:52 ----D---- C:\Documents and Settings\All Users\Application Data\AVAST Software
2013-12-02 16:46:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-12-02 16:34:12 ----A---- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys
2013-12-02 15:32:31 ----D---- C:\Documents and Settings\All Users\Application Data\ProductData
2013-12-02 15:32:09 ----D---- C:\Documents and Settings\All Users\Application Data\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}

======List of files/folders modified in the last 1 month======

2013-12-17 18:10:19 ----D---- C:\WINDOWS\Prefetch
2013-12-17 18:04:53 ----HD---- C:\WINDOWS\system32\ABC
2013-12-17 17:32:50 ----RD---- C:\Program Files
2013-12-17 17:32:30 ----D---- C:\WINDOWS\system32\CatRoot2
2013-12-17 16:27:34 ----D---- C:\WINDOWS\Temp
2013-12-17 15:28:09 ----D---- C:\Documents and Settings\uzivatel\Application Data\SWF.max
2013-12-17 15:05:01 ----SD---- C:\WINDOWS\Tasks
2013-12-15 14:35:18 ----AD---- C:\WINDOWS
2013-12-15 14:07:51 ----D---- C:\WINDOWS\system32\config
2013-12-15 05:54:21 ----SHD---- C:\WINDOWS\Installer
2013-12-15 05:53:57 ----D---- C:\Program Files\Google
2013-12-12 15:51:31 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2013-12-12 15:51:30 ----D---- C:\Program Files\Alwil Software
2013-12-12 15:49:08 ----D---- C:\WINDOWS\system32
2013-12-12 15:48:25 ----A---- C:\boot.ini
2013-12-12 15:47:58 ----D---- C:\Documents and Settings
2013-12-10 19:35:27 ----D---- C:\WINDOWS\security
2013-12-10 19:29:25 ----HD---- C:\WINDOWS\inf
2013-12-10 19:29:25 ----D---- C:\WINDOWS\system32\drivers
2013-12-10 19:29:21 ----D---- C:\WINDOWS\system32\ReinstallBackups
2013-12-10 19:29:01 ----SHD---- C:\System Volume Information
2013-12-10 19:29:01 ----D---- C:\WINDOWS\system32\Restore
2013-12-10 19:25:08 ----D---- C:\Documents and Settings\All Users\Application Data\IObit
2013-12-10 15:17:19 ----D---- C:\Documents and Settings\uzivatel\Application Data\vlc
2013-12-10 15:11:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-12-10 15:11:46 ----D---- C:\WINDOWS\system32\RTCOM
2013-12-10 15:11:31 ----A---- C:\WINDOWS\vncutil.exe
2013-12-10 15:11:31 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2013-12-10 15:11:31 ----A---- C:\WINDOWS\RtlUpd.exe
2013-12-10 15:11:31 ----A---- C:\WINDOWS\RTLCPL.EXE
2013-12-10 15:11:29 ----A---- C:\WINDOWS\system32\RtkCoInstIIXP.dll
2013-12-10 15:11:29 ----A---- C:\WINDOWS\RtkAudioService.exe
2013-12-10 15:11:29 ----A---- C:\WINDOWS\RTHDCPL.EXE
2013-12-10 15:11:29 ----A---- C:\WINDOWS\MicCal.exe
2013-12-10 15:11:28 ----A---- C:\WINDOWS\ALCWZRD.EXE
2013-12-10 15:11:28 ----A---- C:\WINDOWS\ALCMTR.EXE
2013-12-10 14:34:59 ----D---- C:\Program Files\Common Files\Spigot
2013-12-09 23:08:59 ----D---- C:\Program Files\Secure Speed Dial
2013-12-09 15:20:26 ----SD---- C:\WINDOWS\system32\Microsoft
2013-12-09 15:11:10 ----D---- C:\Documents and Settings\All Users\Application Data\MFAData
2013-12-08 07:39:56 ----D---- C:\WINDOWS\WinSxS
2013-12-08 07:33:24 ----D---- C:\Documents and Settings\uzivatel\Application Data\Winamp
2013-12-08 07:32:11 ----D---- C:\WINDOWS\SoftwareDistribution
2013-12-08 07:30:45 ----D---- C:\WINDOWS\Debug
2013-12-06 20:55:48 ----D---- C:\Documents and Settings\uzivatel\Application Data\Nokia Multimedia Player
2013-12-02 16:02:32 ----D---- C:\WINDOWS\Logs
2013-12-02 15:32:44 ----D---- C:\Documents and Settings\uzivatel\Application Data\IObit
2013-12-02 15:32:28 ----D---- C:\Program Files\IObit

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 SmartDefragDriver;SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [2013-05-22 14776]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-05-30 691696]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\WINDOWS\System32\DRIVERS\cmderd.sys [2012-11-08 18096]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2012-11-08 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2012-11-08 32640]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 5504]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K; C:\WINDOWS\system32\DRIVERS\e1k5132.sys [2013-09-21 237224]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2012-08-21 26840]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2013-12-10 40832]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2013-10-27 2019200]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2013-12-10 5589720]
R3 LgBttPort;LGE Bluetooth TransPort; C:\WINDOWS\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
R3 LGVMODEM;LGE Virtual Modem; C:\WINDOWS\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
S0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys []
S3 aby4ugdz;aby4ugdz; C:\WINDOWS\system32\drivers\aby4ugdz.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2013-12-10 1691480]
S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []
S3 FIXUSTOR;FIXUSTOR; C:\WINDOWS\system32\DRIVERS\fixustor.sys [2007-06-11 12416]
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2011-04-14 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2011-04-14 25512]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2013-12-10 1395800]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-05-18 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2011-05-18 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RegFilter;RegFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys []
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
S3 s916bus;Sony Ericsson Device 916 driver (WDM); C:\WINDOWS\system32\DRIVERS\s916bus.sys [2007-11-02 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s916mdfl.sys [2007-11-02 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s916mdm.sys [2007-11-02 109992]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s916mgmt.sys [2007-11-02 103976]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s916obex.sys [2007-11-02 100008]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2011-05-18 8192]
S3 UrlFilter;UrlFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys []
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2010-01-21 13056]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2010-01-21 20864]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2010-01-21 24960]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2011-05-18 8192]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S4 FileMonitor;FileMonitor; \??\C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdvancedSystemCareService7;Advanced SystemCare Service 7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [2013-10-25 878368]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2013-09-07 55624]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2013-11-27 807800]
R2 CLPSLS;COMODO livePCsupport Service; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-19 148744]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2012-11-08 1990464]
R2 IMFservice;IMF Service; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [2013-11-11 341824]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-10-23 182696]
R2 LGScsiCommandService;LG SCSI command service; C:\WINDOWS\system32\LGScsiCommandService.exe [2010-04-12 47616]
R2 LiveUpdateSvc;LiveUpdate; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2013-10-25 2151200]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-07-22 116648]
S2 SecureUpdateSvc;SecureUpdate; C:\Program Files\Secure Speed Dial\IE\SecureUpdate.exe [2013-10-30 2473296]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-07-22 116648]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2013-10-01 553288]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-11-16 119408]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

Re: prosim o kontrolu, podozrivy vyhladavac v prehliadaci at

Napsal: 17 pro 2013 21:49
od janci100
tan screen mi nepridalo, skusam este raz...

Re: prosim o kontrolu, podozrivy vyhladavac v prehliadaci at

Napsal: 17 pro 2013 21:50
od vyosek
Zdravim :)

:arrow: Odinstalujte Advanced SystemCare a IObit Malware Fighter a nasledne i vse od IOBit - jsou to cinske smejdy a spise jen skodi nez jsou uzitkem. Hledaji nesmyslne a neexistujici problemy, databazi haveti ukradli jine renomovane spolecnosti

:arrow: Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
  • Ulozte nejlepe na plochu
  • Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
  • Probehne vytvoreni zalohy a nasledne prohledavani
  • Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte
:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Re: prosim o kontrolu, podozrivy vyhladavac v prehliadaci at

Napsal: 17 pro 2013 23:11
od janci100
uff, nacakal som odpoved tak skoro... ASC a sucasti IObit odinstalovane, prvy programcek stiahnuty a spraveny log, ten druhy mi comodo vyhadzuje ako virus... ignorovat?
ak nevadi, pokracoval by som az zajtra poobede, vstavam 4:30... :( tu je log z toho prveho:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by uzivatel on ut 17. 12. 2013 at 22:52:54,37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-343818398-1770027372-839522115-1003\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ftdownloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\tarma installer"
Successfully deleted: [Folder] "C:\Documents and Settings\uzivatel\Application Data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\uzivatel\Application Data\registry mechanic"
Successfully deleted: [Folder] "C:\Documents and Settings\uzivatel\Application Data\swvupdater"
Successfully deleted: [Folder] "C:\Documents and Settings\uzivatel\Local Settings\Application Data\slick savings"
Successfully deleted: [Folder] "C:\Program Files\daemon tools toolbar"
Failed to delete: [Folder] "C:\Program Files\secure speed dial"
Successfully deleted: [Folder] "C:\Program Files\Common Files\spigot"



~~~ FireFox

Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Documents and Settings\uzivatel\Application Data\mozilla\firefox\profiles\na5dec9c.default\user.js
Successfully deleted: [File] C:\Documents and Settings\uzivatel\Application Data\mozilla\firefox\profiles\na5dec9c.default\invalidprefs.js
Successfully deleted: [File] C:\Documents and Settings\uzivatel\Application Data\mozilla\firefox\profiles\na5dec9c.default\extensions\browserprotect@browserprotect.com.xpi
Successfully deleted the following from C:\Documents and Settings\uzivatel\Application Data\mozilla\firefox\profiles\na5dec9c.default\prefs.js

user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2438727.CTID", "CT2438727");
user_pref("CT2438727.CommunitiesChangesLastCheckTime", "0");
user_pref("CT2438727.CurrentServerDate", "28-9-2010");
user_pref("CT2438727.DialogsAlignMode", "LTR");
user_pref("CT2438727.DownloadReferralCookieData", "");
user_pref("CT2438727.FirstServerDate", "25-9-2010");
user_pref("CT2438727.FirstTime", true);
user_pref("CT2438727.FirstTimeFF3", true);
user_pref("CT2438727.FirstTimeSettingsDone", true);
user_pref("CT2438727.FixPageNotFoundErrors", true);
user_pref("CT2438727.GroupingInvalidateCache", false);
user_pref("CT2438727.GroupingLastCheckTime", "0");
user_pref("CT2438727.GroupingLastServerUpdateTime", "0");
user_pref("CT2438727.GroupingServerCheckInterval", 1440);
user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2438727.Initialize", true);
user_pref("CT2438727.InitializeCommonPrefs", true);
user_pref("CT2438727.InstallationAndCookieDataSentCount", 3);
user_pref("CT2438727.InstalledDate", "Sat Sep 25 2010 00:09:57 GMT+0200 (Central Europe Standard Time)");
user_pref("CT2438727.InvalidateCache", false);
user_pref("CT2438727.IsGrouping", false);
user_pref("CT2438727.IsMulticommunity", false);
user_pref("CT2438727.IsOpenThankYouPage", true);
user_pref("CT2438727.IsOpenUninstallPage", true);
user_pref("CT2438727.LanguagePackLastCheckTime", "Mon Sep 27 2010 14:50:46 GMT+0200 (Central Europe Standard Time)");
user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2438727.LastLogin_2.7.1.3", "Tue Sep 28 2010 15:31:03 GMT+0200 (Central Europe Standard Time)");
user_pref("CT2438727.LatestVersion", "2.7.1.3");
user_pref("CT2438727.Locale", "en");
user_pref("CT2438727.LoginCache", 4);
user_pref("CT2438727.MCDetectTooltipHeight", "83");
user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2438727.MCDetectTooltipWidth", "295");
user_pref("CT2438727.RadioLastCheckTime", "0");
user_pref("CT2438727.RadioLastUpdateIPServer", "0");
user_pref("CT2438727.RadioLastUpdateServer", "0");
user_pref("CT2438727.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2438727&octid=EB_ORIGINAL_CTID&SearchSource=1");
user_pref("CT2438727.SearchFromAddressBarIsInit", true);
user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&q=");
user_pref("CT2438727.SearchInNewTabEnabled", true);
user_pref("CT2438727.SearchInNewTabIntervalMM", 1440);
user_pref("CT2438727.SearchInNewTabLastCheckTime", "Tue Sep 28 2010 14:50:41 GMT+0200 (Central Europe Standard Time)");
user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2438727.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
user_pref("CT2438727.SettingsCheckIntervalMin", 120);
user_pref("CT2438727.SettingsLastCheckTime", "Tue Sep 28 2010 09:34:11 GMT+0200 (Central Europe Standard Time)");
user_pref("CT2438727.SettingsLastUpdate", "1285580322");
user_pref("CT2438727.ThirdPartyComponentsInterval", 504);
user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Sat Sep 25 2010 00:09:53 GMT+0200 (Central Europe Standard Time)");
user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1246790578");
user_pref("CT2438727.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&so ... sealid=112");
user_pref("CT2438727.UserID", "UN23030676492617831");
user_pref("CT2438727.ValidationData_Toolbar", 2);
user_pref("CT2438727.alertChannelId", "832836");
user_pref("CT2438727.clientLogIsEnabled", true);
user_pref("CT2438727.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2438727.myStuffEnabled", true);
user_pref("CT2438727.myStuffPublihserMinWidth", 400);
user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2438727.myStuffServiceIntervalMM", 1440);
user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2438727.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
user_pref("CommunityToolbar.ToolbarsList", "CT2438727");
user_pref("CommunityToolbar.ToolbarsList2", "CT2438727");
user_pref("CommunityToolbar.alert.alertInfoInterval", 720);
user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Sep 28 2010 07:11:29 GMT+0200 (Central Europe Standard Time)");
user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.alert.locale", "en");
user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Sep 27 2010 14:50:41 GMT+0200 (Central Europe Standard Time)");
user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1283688156");
user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.alert.showTrayIcon", false);
user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.alert.userId", "{82c1644c-6136-4d7b-99ed-f64b47b965dc}");
user_pref("avg.install.userHPSettings", "hxxp://www1.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=68C2001CC0F8F585");
user_pref("avg.install.userSPSettings", "Delta Search");
user_pref("extensions.ffxtlbr@delta.com.install-event-fired", true);
user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
user_pref("extentions.y2layers.installId", "dd26a84b-442b-4cb9-847e-65d5f3ee0d55");
Emptied folder: C:\Documents and Settings\uzivatel\Application Data\mozilla\firefox\profiles\na5dec9c.default\minidumps [10 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ut 17. 12. 2013 at 22:59:03,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Re: prosim o kontrolu, podozrivy vyhladavac v prehliadaci at

Napsal: 18 pro 2013 11:41
od vyosek
:arrow: Varovani Comoda ignorujte, jedna se o falesny poplach

Re: prosim o kontrolu, podozrivy vyhladavac v prehliadaci at

Napsal: 18 pro 2013 16:34
od janci100
ok, tu log z AdwCleanera:

# AdwCleaner v3.015 - Report created 18/12/2013 at 16:22:05
# Updated 10/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : uzivatel - PC1
# Running from : C:\Documents and Settings\uzivatel\My Documents\Preberanie\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Gophoto.it
[!] Folder Deleted : C:\Program Files\Secure Speed Dial
Folder Deleted : C:\Documents and Settings\uzivatel\Local Settings\Application Data\PutLockerDownloader
Folder Deleted : C:\Documents and Settings\uzivatel\Start Menu\Programs\FTDownloader.com
Folder Deleted : C:\Documents and Settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\na5dec9c.default\Conduit
Folder Deleted : C:\Documents and Settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\na5dec9c.default\Extensions\anttoolbar@ant.com
Folder Deleted : C:\Documents and Settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\na5dec9c.default\Extensions\speeddial@instair.net
[!] Folder Deleted : C:\Documents and Settings\uzivatel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[!] Folder Deleted : C:\Documents and Settings\uzivatel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
[!] Folder Deleted : C:\Documents and Settings\uzivatel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
[!] Folder Deleted : C:\Documents and Settings\uzivatel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[!] Folder Deleted : C:\Documents and Settings\uzivatel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
File Deleted : C:\Documents and Settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\na5dec9c.default\bProtector_extensions.rdf
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Documents and Settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\na5dec9c.default\searchplugins\daemon-search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKCU\Software\5de8ddbb23ab810
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\AppDataLow\HavingFunOnline
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512


-\\ Mozilla Firefox v24.0 (sk)

[ File : C:\Documents and Settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\na5dec9c.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Documents and Settings\uzivatel\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4696 octets] - [18/12/2013 16:19:52]
AdwCleaner[S0].txt - [4725 octets] - [18/12/2013 16:22:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4785 octets] ##########

Re: prosim o kontrolu, podozrivy vyhladavac v prehliadaci at

Napsal: 18 pro 2013 19:48
od vyosek
Poprosim o log dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100

Re: prosim o kontrolu, podozrivy vyhladavac v prehliadaci at

Napsal: 18 pro 2013 20:33
od janci100
neviem, kdesi je problem, stiahol som FRST pre 32 bitovy OS, stiahol som aj FRST launcher, ale omylom som ho prvy krat stiahol do prebratych dokumentov. chcel som ho premiestnit na plochu, ale neslo to, tak som ho stiahol este raz, na plochu, ale po kliknuti nan sa nic nedeje... :(

Re: prosim o kontrolu, podozrivy vyhladavac v prehliadaci at

Napsal: 18 pro 2013 20:37
od vyosek
Fajn, spustte tedy jen FRST.exe

Re: prosim o kontrolu, podozrivy vyhladavac v prehliadaci at

Napsal: 18 pro 2013 20:50
od janci100
este som dnes odinstaloval jednu sucast od IObit, ktoru som si vcera nevsimol... tu je log z FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-12-2013 03
Ran by uzivatel (administrator) on PC1 on 18-12-2013 20:41:13
Running from C:\Documents and Settings\uzivatel\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 6
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(COMODO) C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Mobile Leader Co.,Ltd.) C:\WINDOWS\system32\LGScsiCommandService.exe
(IObit) C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [20145368 2013-12-10] (Realtek Semiconductor Corp.)
HKCU\...\Policies\Explorer: [NoInstrumentation] 1
MountPoints2: E - E:\5310XpressMusic.exe
HKU\LocalService\...\RunOnce: [nltide3] - cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
AppInit_DLLs: C:\WINDOWS\system32\guard32.dll [ 2012-11-08] (COMODO)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... R}&ar=home
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {EADBA089-31BA-4E1F-A3C8-73231C18542E} URL = http://flvtubesearch.co/?tmp=toolbar_Fl ... 0753f9320a
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.1.1.2 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Documents and Settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\na5dec9c.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\atlas-sk.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\azet-sk.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\dunaj-sk.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slovnik-sk.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\zoznam-sk.xml
FF Extension: Ads Removal - C:\Documents and Settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\na5dec9c.default\Extensions\adsremoval@adsremoval.net
FF Extension: Start Page - C:\Documents and Settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\na5dec9c.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}
FF Extension: Flash and Video Download - C:\Documents and Settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\na5dec9c.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF Extension: fbdislike - C:\Documents and Settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\na5dec9c.default\Extensions\fbdislike@doweb.fr.xpi
FF Extension: ftdownloader3 - C:\Documents and Settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\na5dec9c.default\Extensions\ftdownloader3@ftdownloader.com.xpi
FF Extension: jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E - C:\Documents and Settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\na5dec9c.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
FF Extension: lazarus - C:\Documents and Settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\na5dec9c.default\Extensions\lazarus@interclue.com.xpi
FF Extension: flashgot - C:\Documents and Settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\na5dec9c.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF Extension: noscript - C:\Documents and Settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\na5dec9c.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Documents and Settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\na5dec9c.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\flvtube@flvtube.com

Chrome:
=======
CHR DefaultSearchURL: http://search.yahoo.com/search?fr=chr-g ... earchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Documents and Settings\uzivatel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Documents and Settings\uzivatel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Documents and Settings\uzivatel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Documents and Settings\uzivatel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AccelerateTab) - C:\Documents and Settings\uzivatel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0
CHR Extension: () - C:\Documents and Settings\uzivatel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0
CHR Extension: ( "name":"Advanced SystemCare Surfing Protection",) - C:\Documents and Settings\uzivatel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0
CHR Extension: (Google Wallet) - C:\Documents and Settings\uzivatel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Documents and Settings\uzivatel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

========================== Services (Whitelisted) =================

R2 CLPSLS; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe [148744 2010-02-19] (COMODO)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1990464 2012-11-08] (COMODO)
S2 gupdate; C:\Program Files\Google\Update\GoogleUpdate.exe [116648 2012-07-22] ()
S3 gupdatem; C:\Program Files\Google\Update\GoogleUpdate.exe [116648 2012-07-22] ()
R2 LGScsiCommandService; C:\WINDOWS\system32\LGScsiCommandService.exe [47616 2010-04-12] (Mobile Leader Co.,Ltd.)
R2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit)
R2 NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
S2 SecureUpdateSvc; C:\Program Files\Secure Speed Dial\IE\SecureUpdate.exe [2473296 2013-10-30] ()
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2013-12-10] (Creative)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [18096 2012-11-08] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [497952 2012-11-08] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [32640 2012-11-08] (COMODO)
R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k5132.sys [237224 2013-09-21] (Intel Corporation)
S3 FIXUSTOR; C:\Windows\System32\DRIVERS\fixustor.sys [12416 2007-06-11] (Genesys Logic)
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtport.sys [12160 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbus.sys [10496 2009-09-29] (LG Electronics Inc.)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmodem.sys [12928 2009-09-29] (LG Electronics Inc.)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2013-12-10] (Creative Technology Ltd.)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [104744 2009-03-25] (MCCI Corporation)
S3 s916bus; C:\Windows\System32\DRIVERS\s916bus.sys [83496 2007-11-02] (MCCI Corporation)
S3 s916mdfl; C:\Windows\System32\DRIVERS\s916mdfl.sys [15016 2007-11-02] (MCCI Corporation)
S3 s916mdm; C:\Windows\System32\DRIVERS\s916mdm.sys [109992 2007-11-02] (MCCI Corporation)
S3 s916mgmt; C:\Windows\System32\DRIVERS\s916mgmt.sys [103976 2007-11-02] (MCCI Corporation)
S3 s916obex; C:\Windows\System32\DRIVERS\s916obex.sys [100008 2007-11-02] (MCCI Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-05-30] ()
R2 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] ()
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2010-01-21] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [20864 2010-01-21] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24960 2010-01-21] (LG Electronics Inc.)
U3 ahdsjtgv; C:\Windows\System32\Drivers\ahdsjtgv.sys [0 ] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S0 Lbd; system32\DRIVERS\Lbd.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-18 20:41 - 2013-12-18 20:41 - 00013425 _____ C:\Documents and Settings\uzivatel\Desktop\FRST.txt
2013-12-18 20:40 - 2013-12-18 20:40 - 00000000 ____D C:\FRST
2013-12-18 20:20 - 2013-12-18 20:20 - 00112640 _____ C:\Documents and Settings\uzivatel\Desktop\FRSTLauncher.exe
2013-12-18 20:08 - 2013-12-18 20:08 - 01062259 _____ (Farbar) C:\Documents and Settings\uzivatel\Desktop\FRST.exe
2013-12-18 20:00 - 2013-12-18 20:00 - 00112107 _____ (forum.viry.cz) C:\Documents and Settings\uzivatel\Desktop\VerzeOS.exe
2013-12-18 16:19 - 2013-12-18 16:22 - 00000000 ____D C:\AdwCleaner
2013-12-18 16:17 - 2013-12-18 16:18 - 01226750 _____ C:\Documents and Settings\uzivatel\Desktop\adwcleaner.exe
2013-12-17 22:59 - 2013-12-17 22:59 - 00010158 _____ C:\Documents and Settings\uzivatel\Desktop\JRT.txt
2013-12-17 22:52 - 2013-12-17 22:52 - 00000000 ____D C:\WINDOWS\ERUNT
2013-12-17 22:39 - 2013-12-17 22:39 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2013-12-17 22:38 - 2013-12-17 22:38 - 01034531 _____ (Thisisu) C:\Documents and Settings\uzivatel\Desktop\JRT.exe
2013-12-17 17:32 - 2013-12-17 20:46 - 00000000 ____D C:\Program Files\trend micro
2013-12-17 17:32 - 2013-12-17 17:33 - 00000000 ____D C:\rsit
2013-12-17 17:30 - 2013-12-17 17:30 - 00781383 _____ C:\Documents and Settings\uzivatel\Desktop\RSIT.exe
2013-12-17 15:24 - 2013-12-17 15:25 - 00006770 _____ C:\Documents and Settings\uzivatel\My Documents\cc_20131217_152455.reg
2013-12-15 13:41 - 2013-12-15 13:41 - 00002762 _____ C:\Documents and Settings\uzivatel\My Documents\cc_20131215_134155.reg
2013-12-15 05:54 - 2013-12-15 05:54 - 00001915 _____ C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
2013-12-15 05:54 - 2013-12-15 05:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
2013-12-14 19:32 - 2013-12-14 19:33 - 00000000 ____D C:\Documents and Settings\uzivatel\Desktop\New Folder (3)
2013-12-14 19:26 - 2013-12-14 19:41 - 00000000 ____D C:\Documents and Settings\uzivatel\Desktop\New Folder (2)
2013-12-14 18:06 - 2013-12-15 20:58 - 00000000 ____D C:\Documents and Settings\uzivatel\Desktop\New Folder
2013-12-12 15:48 - 2013-12-12 16:01 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-12-12 15:47 - 2013-12-12 15:48 - 00000000 ____D C:\Documents and Settings\Administrator
2013-12-12 15:47 - 2013-05-09 13:38 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2013-12-12 15:47 - 2010-05-21 14:56 - 00001599 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2013-12-12 15:47 - 2010-05-21 14:56 - 00000792 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2013-12-12 15:47 - 2010-05-21 14:56 - 00000000 ___RD C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2013-12-11 17:05 - 2013-12-18 20:10 - 00000000 ____D C:\Documents and Settings\uzivatel\My Documents\Preberanie
2013-12-11 16:37 - 2013-12-11 16:37 - 00000341 _____ C:\Documents and Settings\uzivatel\Desktop\Shortcut to MIFA.lnk
2013-12-11 16:36 - 2013-12-11 16:36 - 00000481 _____ C:\Documents and Settings\uzivatel\Desktop\Shortcut to obrazky z faceboku.lnk
2013-12-11 16:34 - 2013-12-11 16:34 - 00000357 _____ C:\Documents and Settings\uzivatel\Desktop\Shortcut to UZITOCNE.lnk
2013-12-10 21:38 - 2013-12-10 21:38 - 00000481 _____ C:\Documents and Settings\uzivatel\Desktop\Shortcut to vzdelavanie.lnk
2013-12-10 21:38 - 2013-12-10 21:38 - 00000481 _____ C:\Documents and Settings\uzivatel\Desktop\Shortcut to ja z roboty.lnk
2013-12-10 21:37 - 2013-12-10 21:37 - 00000496 _____ C:\Documents and Settings\uzivatel\Desktop\Shortcut to KDK miska robota.lnk
2013-12-10 15:04 - 2013-12-10 15:04 - 00003874 _____ C:\Documents and Settings\uzivatel\My Documents\cc_20131210_150417.reg
2013-12-09 23:00 - 2013-12-09 23:00 - 00000000 ___HD C:\VritualRoot
2013-12-09 22:59 - 2013-12-09 22:59 - 00002960 _____ C:\Documents and Settings\uzivatel\My Documents\cc_20131209_225905.reg
2013-12-09 19:38 - 2012-11-08 00:37 - 00034024 _____ (COMODO) C:\WINDOWS\system32\cmdcsr.dll
2013-12-09 15:15 - 2013-12-16 00:47 - 01152753 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2013-12-09 15:15 - 2013-12-09 15:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\COMODO
2013-12-09 15:13 - 2013-12-09 15:13 - 00001653 _____ C:\Documents and Settings\All Users\Desktop\COMODO Antivirus.lnk
2013-12-09 15:13 - 2013-12-09 15:13 - 00000000 ____D C:\Program Files\COMODO
2013-12-09 15:11 - 2013-12-09 15:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Comodo Downloader
2013-12-08 22:45 - 2013-12-11 16:56 - 27807744 _____ C:\WINDOWS\system32\config\software.iodefrag.bak
2013-12-08 22:45 - 2013-12-11 16:56 - 00294912 _____ C:\WINDOWS\system32\config\default.iodefrag.bak
2013-12-08 22:45 - 2013-12-11 16:56 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2013-12-08 22:45 - 2013-12-11 16:56 - 00024576 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak
2013-12-08 07:37 - 2013-12-08 07:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2013-12-02 16:47 - 2013-12-18 20:23 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-12-02 16:46 - 2013-12-18 20:23 - 00000052 _____ C:\WINDOWS\wiaservc.log
2013-12-02 16:46 - 2013-12-18 20:22 - 00032602 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-02 16:46 - 2013-12-02 16:46 - 00000000 ____N C:\WINDOWS\Sti_Trace.log
2013-12-02 15:32 - 2013-12-02 15:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ProductData
2013-12-02 15:32 - 2013-12-02 15:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}

==================== One Month Modified Files and Folders =======

2013-12-18 20:41 - 2013-12-18 20:41 - 00013425 _____ C:\Documents and Settings\uzivatel\Desktop\FRST.txt
2013-12-18 20:40 - 2013-12-18 20:40 - 00000000 ____D C:\FRST
2013-12-18 20:40 - 2011-03-25 18:39 - 00000000 ____D C:\Documents and Settings\uzivatel\Application Data\SWF.max
2013-12-18 20:33 - 2013-10-24 16:58 - 00619907 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-18 20:23 - 2013-12-02 16:47 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-12-18 20:23 - 2013-12-02 16:46 - 00000052 _____ C:\WINDOWS\wiaservc.log
2013-12-18 20:23 - 2010-05-21 14:59 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-18 20:22 - 2013-12-02 16:46 - 00032602 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-18 20:22 - 2010-05-21 15:00 - 00000178 ___SH C:\Documents and Settings\uzivatel\ntuser.ini
2013-12-18 20:20 - 2013-12-18 20:20 - 00112640 _____ C:\Documents and Settings\uzivatel\Desktop\FRSTLauncher.exe
2013-12-18 20:10 - 2013-12-11 17:05 - 00000000 ____D C:\Documents and Settings\uzivatel\My Documents\Preberanie
2013-12-18 20:08 - 2013-12-18 20:08 - 01062259 _____ (Farbar) C:\Documents and Settings\uzivatel\Desktop\FRST.exe
2013-12-18 20:00 - 2013-12-18 20:00 - 00112107 _____ (forum.viry.cz) C:\Documents and Settings\uzivatel\Desktop\VerzeOS.exe
2013-12-18 16:25 - 2001-08-23 11:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-12-18 16:22 - 2013-12-18 16:19 - 00000000 ____D C:\AdwCleaner
2013-12-18 16:18 - 2013-12-18 16:17 - 01226750 _____ C:\Documents and Settings\uzivatel\Desktop\adwcleaner.exe
2013-12-17 22:59 - 2013-12-17 22:59 - 00010158 _____ C:\Documents and Settings\uzivatel\Desktop\JRT.txt
2013-12-17 22:52 - 2013-12-17 22:52 - 00000000 ____D C:\WINDOWS\ERUNT
2013-12-17 22:43 - 2011-09-03 19:40 - 00000000 ____D C:\Program Files\IObit
2013-12-17 22:39 - 2013-12-17 22:39 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2013-12-17 22:38 - 2013-12-17 22:38 - 01034531 _____ (Thisisu) C:\Documents and Settings\uzivatel\Desktop\JRT.exe
2013-12-17 22:27 - 2010-07-06 09:03 - 00049664 _____ C:\Documents and Settings\uzivatel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-17 22:17 - 2011-03-25 18:40 - 00000000 ___RD C:\Documents and Settings\uzivatel\My Documents\My Flash
2013-12-17 20:46 - 2013-12-17 17:32 - 00000000 ____D C:\Program Files\trend micro
2013-12-17 18:04 - 2010-10-15 22:18 - 00000000 ___HD C:\WINDOWS\system32\ABC
2013-12-17 17:33 - 2013-12-17 17:32 - 00000000 ____D C:\rsit
2013-12-17 17:30 - 2013-12-17 17:30 - 00781383 _____ C:\Documents and Settings\uzivatel\Desktop\RSIT.exe
2013-12-17 15:25 - 2013-12-17 15:24 - 00006770 _____ C:\Documents and Settings\uzivatel\My Documents\cc_20131217_152455.reg
2013-12-16 00:47 - 2013-12-09 15:15 - 01152753 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2013-12-15 20:58 - 2013-12-14 18:06 - 00000000 ____D C:\Documents and Settings\uzivatel\Desktop\New Folder
2013-12-15 14:07 - 2013-11-10 01:22 - 27807744 _____ C:\WINDOWS\system32\config\software.iobit
2013-12-15 14:07 - 2013-11-10 01:22 - 00294912 _____ C:\WINDOWS\system32\config\default.iobit
2013-12-15 14:07 - 2013-11-10 01:22 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2013-12-15 14:07 - 2013-11-10 01:22 - 00024576 _____ C:\WINDOWS\system32\config\SAM.iobit
2013-12-15 14:07 - 2010-05-21 15:00 - 00000000 ____D C:\Documents and Settings\uzivatel
2013-12-15 14:07 - 2010-05-21 14:59 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-12-15 13:41 - 2013-12-15 13:41 - 00002762 _____ C:\Documents and Settings\uzivatel\My Documents\cc_20131215_134155.reg
2013-12-15 05:54 - 2013-12-15 05:54 - 00001915 _____ C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
2013-12-15 05:54 - 2013-12-15 05:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
2013-12-15 05:53 - 2010-05-25 19:22 - 00000000 ____D C:\Program Files\Google
2013-12-14 19:41 - 2013-12-14 19:26 - 00000000 ____D C:\Documents and Settings\uzivatel\Desktop\New Folder (2)
2013-12-14 19:33 - 2013-12-14 19:32 - 00000000 ____D C:\Documents and Settings\uzivatel\Desktop\New Folder (3)
2013-12-12 16:01 - 2013-12-12 15:48 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-12-12 15:51 - 2010-05-25 19:22 - 00000000 ____D C:\Program Files\Alwil Software
2013-12-12 15:51 - 2010-05-25 19:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Alwil Software
2013-12-12 15:48 - 2013-12-12 15:47 - 00000000 ____D C:\Documents and Settings\Administrator
2013-12-12 15:48 - 2010-05-21 16:42 - 00001024 ____H C:\WINDOWS\system32\config\userdiff.LOG
2013-12-12 15:48 - 2010-05-21 16:42 - 00000211 _____ C:\boot.ini
2013-12-12 15:48 - 2010-05-21 14:56 - 00002577 _____ C:\WINDOWS\system32\CONFIG.NT
2013-12-11 16:56 - 2013-12-08 22:45 - 27807744 _____ C:\WINDOWS\system32\config\software.iodefrag.bak
2013-12-11 16:56 - 2013-12-08 22:45 - 00294912 _____ C:\WINDOWS\system32\config\default.iodefrag.bak
2013-12-11 16:56 - 2013-12-08 22:45 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2013-12-11 16:56 - 2013-12-08 22:45 - 00024576 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak
2013-12-11 16:37 - 2013-12-11 16:37 - 00000341 _____ C:\Documents and Settings\uzivatel\Desktop\Shortcut to MIFA.lnk
2013-12-11 16:36 - 2013-12-11 16:36 - 00000481 _____ C:\Documents and Settings\uzivatel\Desktop\Shortcut to obrazky z faceboku.lnk
2013-12-11 16:34 - 2013-12-11 16:34 - 00000357 _____ C:\Documents and Settings\uzivatel\Desktop\Shortcut to UZITOCNE.lnk
2013-12-10 21:38 - 2013-12-10 21:38 - 00000481 _____ C:\Documents and Settings\uzivatel\Desktop\Shortcut to vzdelavanie.lnk
2013-12-10 21:38 - 2013-12-10 21:38 - 00000481 _____ C:\Documents and Settings\uzivatel\Desktop\Shortcut to ja z roboty.lnk
2013-12-10 21:37 - 2013-12-10 21:37 - 00000496 _____ C:\Documents and Settings\uzivatel\Desktop\Shortcut to KDK miska robota.lnk
2013-12-10 19:35 - 2010-05-21 16:39 - 00000000 ____D C:\WINDOWS\security
2013-12-10 19:29 - 2010-05-21 15:18 - 00040832 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\HECI.sys
2013-12-10 19:29 - 2010-05-21 15:06 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
2013-12-10 19:29 - 2010-05-21 14:54 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-12-10 19:25 - 2011-09-12 21:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\IObit
2013-12-10 15:17 - 2011-07-28 10:33 - 00000000 ____D C:\Documents and Settings\uzivatel\Application Data\vlc
2013-12-10 15:11 - 2013-09-21 22:08 - 00086232 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoInstIIXP.dll
2013-12-10 15:11 - 2013-09-21 22:08 - 00026084 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2013-12-10 15:11 - 2010-05-21 15:12 - 20145368 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
2013-12-10 15:11 - 2010-05-21 15:12 - 09721960 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RTLCPL.EXE
2013-12-10 15:11 - 2010-05-21 15:12 - 05589720 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtkHDAud.sys
2013-12-10 15:11 - 2010-05-21 15:12 - 01523416 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlUpd.exe
2013-12-10 15:11 - 2010-05-21 15:12 - 01395800 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\Drivers\Monfilt.sys
2013-12-10 15:11 - 2010-05-21 15:12 - 00891976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSndMgr.CPL
2013-12-10 15:11 - 2010-05-21 15:12 - 00359016 _____ (Realtek Semiconductor Crop.) C:\WINDOWS\vncutil.exe
2013-12-10 15:11 - 2010-05-21 15:12 - 00129640 _____ (Realtek Semiconductor) C:\WINDOWS\RtkAudioService.exe
2013-12-10 15:11 - 2010-05-21 15:12 - 00084584 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
2013-12-10 15:11 - 2010-05-21 15:12 - 00000000 ____D C:\WINDOWS\system32\RTCOM
2013-12-10 15:11 - 2010-05-21 15:11 - 02815592 _____ (RealTek Semicoductor Corp.) C:\WINDOWS\ALCWZRD.EXE
2013-12-10 15:11 - 2010-05-21 15:11 - 02180712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\MicCal.exe
2013-12-10 15:11 - 2010-05-21 15:11 - 01691480 _____ (Creative) C:\WINDOWS\system32\Drivers\Ambfilt.sys
2013-12-10 15:11 - 2010-05-21 15:11 - 00285288 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\ALSNDMGR.CPL
2013-12-10 15:11 - 2010-05-21 15:11 - 00064104 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\ALCMTR.EXE
2013-12-10 15:04 - 2013-12-10 15:04 - 00003874 _____ C:\Documents and Settings\uzivatel\My Documents\cc_20131210_150417.reg
2013-12-09 23:08 - 2013-08-25 16:12 - 00000000 ____D C:\Program Files\Secure Speed Dial
2013-12-09 23:00 - 2013-12-09 23:00 - 00000000 ___HD C:\VritualRoot
2013-12-09 22:59 - 2013-12-09 22:59 - 00002960 _____ C:\Documents and Settings\uzivatel\My Documents\cc_20131209_225905.reg
2013-12-09 15:27 - 2013-12-09 15:15 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\COMODO
2013-12-09 15:13 - 2013-12-09 15:13 - 00001653 _____ C:\Documents and Settings\All Users\Desktop\COMODO Antivirus.lnk
2013-12-09 15:13 - 2013-12-09 15:13 - 00000000 ____D C:\Program Files\COMODO
2013-12-09 15:13 - 2013-12-09 15:11 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Comodo Downloader
2013-12-09 15:11 - 2013-01-14 20:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2013-12-09 15:10 - 2013-08-25 15:46 - 00000000 ____D C:\Documents and Settings\uzivatel\Local Settings\Application Data\Avg2013
2013-12-08 07:37 - 2013-12-08 07:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2013-12-08 07:33 - 2010-07-23 15:31 - 00000000 ____D C:\Documents and Settings\uzivatel\Application Data\Winamp
2013-12-06 20:55 - 2013-07-29 13:56 - 00000000 ____D C:\Documents and Settings\uzivatel\Application Data\Nokia Multimedia Player
2013-12-06 20:54 - 2013-07-29 11:45 - 00002383 _____ C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk
2013-12-06 16:54 - 2013-08-20 18:38 - 00001825 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-12-02 16:46 - 2013-12-02 16:46 - 00000000 ____N C:\WINDOWS\Sti_Trace.log
2013-12-02 15:32 - 2013-12-02 15:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ProductData
2013-12-02 15:32 - 2013-12-02 15:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-12-02 15:32 - 2011-09-03 19:41 - 00000000 ____D C:\Documents and Settings\uzivatel\Application Data\IObit
2013-11-29 05:30 - 2011-02-07 09:53 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat

Files to move or delete:
====================
C:\Documents and Settings\uzivatel\jagex_cl_loginapplet_LIVE.dat
C:\Documents and Settings\uzivatel\jagex_cl_runescape_LIVE.dat
C:\Documents and Settings\uzivatel\random.dat


Some content of TEMP:
====================
C:\Documents and Settings\uzivatel\Local Settings\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2004-08-03 23:56] - [2008-04-14 04:42] - 1033728 ____A (Microsoft Corporation)

C:\Windows\System32\winlogon.exe
[2004-08-03 23:56] - [2008-04-14 04:42] - 0507904 ____A (Microsoft Corporation)

C:\Windows\System32\svchost.exe
[2004-08-03 23:56] - [2008-04-14 04:42] - 0014336 ____A (Microsoft Corporation)

C:\Windows\System32\services.exe
[2004-08-03 23:56] - [2009-02-06 12:11] - 0110592 ____A (Microsoft Corporation)

C:\Windows\System32\User32.dll
[2004-08-03 23:56] - [2008-04-14 04:42] - 0578560 ____A (Microsoft Corporation)

C:\Windows\System32\userinit.exe
[2004-08-03 23:56] - [2008-04-14 04:42] - 0026112 ____A (Microsoft Corporation)

C:\Windows\System32\Drivers\volsnap.sys
[2004-08-03 22:00] - [2008-04-13 23:11] - 0052352 ____A (Microsoft Corporation)


==================== End Of Log ============================

Re: prosim o kontrolu, podozrivy vyhladavac v prehliadaci at

Napsal: 18 pro 2013 20:53
od janci100
a Addition:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-12-2013 03
Ran by uzivatel at 2013-12-18 20:41:37
Running from C:\Documents and Settings\uzivatel\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: COMODO Antivirus (Disabled - Up to date) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
AV: AVG Internet Security 2013 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2013 (Disabled) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

Abexo Free Registry Cleaner
Adobe Flash Player 11 ActiveX (Version: 11.9.900.118)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader XI (11.0.05) - Czech (Version: 11.0.05)
Aero SWF.max 1.6.868
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
BitTorrent (Version: 7.8.0.29626)
BS.Player FREE (Version: 2.57.1051)
CCleaner (Version: 4.06)
CDBurnerXP (Version: 4.4.0.2905)
COMODO Internet Security (Version: 4.0.10770.828)
COMODO livePCsupport (Version: 3.0.133262.11)
EVEREST Home Edition v2.20 (Version: 2.20)
FinePix Studio
FinePixViewer Resource (Version: 1.2)
FinePixViewer Ver.5.5 (Version: 5.5)
GameSpy Arcade
Genesys USB Mass Storage Device (Version: 2.5.0.0)
Google Earth (Version: 7.1.2.2041)
Google Chrome (Version: 31.0.1650.63)
Google Update Helper (Version: 1.3.22.3)
Intel(R) Graphics Media Accelerator Driver (Version: 6.14.10.5420)
Intel(R) Management Engine Interface
Intel(R) Network Connections 13.5.32.0 (Version: 13.5.32.0)
IrfanView (remove only) (Version: 4.36)
iTunes (Version: 11.1.1.11)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
LG Bluetooth Drivers (Version: 1.1)
LG PC Suite IV (Version: 4.3.80.20121017)
LG United Mobile Drivers (Version: 3.8.1)
LG USB Modem Drivers (Version: 4.9.7)
Microsoft .NET Framework 2.0 Service Pack 1 (Version: 2.1.21022)
Microsoft .NET Framework 3.0 Service Pack 1 (Version: 3.1.21022)
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 (Version: 3.5.21022)
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 24.0 (x86 sk) (Version: 24.0)
Mozilla Maintenance Service (Version: 25.0.1)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
Nero BurnLite 10 (Version: 10.0.10500.5.100)
Nero BurnLite 10 (Version: 10.0.10600)
Nero Control Center 10 (Version: 10.2.11100.1.1)
Nero ControlCenter 10 Help (CHM) (Version: 1.0.10700)
Nero Core Components 10 (Version: 2.0.17800.8.5)
Nokia Connectivity Cable Driver (Version: 7.1.45.0)
Nokia PC Suite (Version: 6.84.10.3)
Nox 1.2b
OpenOffice.org 3.2 (Version: 3.2.9483)
Path of Exile (Version: 1.0.0.29092)
PC Connectivity Solution (Version: 11.4.19.0)
QuickTime (Version: 7.74.80.86)
Realtek High Definition Audio Driver (Version: 5.10.0.7083)
Skymonk 2
Sony Ericsson Update Engine (Version: 2.11.12.9)
Sony PC Companion 2.10.115 (Version: 2.10.115)
Total Commander (Remove or Repair) (Version: 7.50a)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VLC media player 2.1.0 (Version: 2.1.0)
WebFldrs XP (Version: 9.50.7523)
Westwood Shared Internet Components
Winamp (Version: 5.61 )
Windows Driver Package - Nokia Modem (02/15/2007 3.1) (Version: 02/15/2007 3.1)
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1) (Version: 05/24/2007 6.84.0.1)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Management Framework Core
Windows Media Format 11 runtime
WinRAR archivátor
World of Warcraft
XML Paper Specification Shared Components Pack 1.0

==================== Restore Points =========================

10-12-2013 18:29:06 System Checkpoint
11-12-2013 19:03:31 System Checkpoint
12-12-2013 22:56:59 System Checkpoint
13-12-2013 23:30:25 System Checkpoint
15-12-2013 10:08:45 System Checkpoint
16-12-2013 10:23:24 System Checkpoint
17-12-2013 10:36:45 System Checkpoint
17-12-2013 21:47:02 Removed IObit Apps Toolbar v8.3.

==================== Hosts content: ==========================

2001-08-23 11:00 - 2011-06-30 17:32 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============


==================== Loaded Modules (whitelisted) =============

2013-12-09 19:38 - 2012-10-05 01:33 - 00070352 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2010-05-27 09:40 - 2010-03-15 10:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2013-09-13 18:51 - 2013-09-13 18:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 18:51 - 2013-09-13 18:51 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-16 04:08 - 2013-11-16 04:09 - 03363952 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\WINDOWS:B41DA3A2BD44305E
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CLPSLS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/18/2013 08:23:30 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Error: (12/18/2013 08:23:30 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (12/18/2013 04:25:21 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Error: (12/18/2013 04:25:21 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (12/17/2013 04:24:34 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Error: (12/17/2013 04:24:34 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (12/17/2013 03:31:17 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Error: (12/17/2013 03:31:17 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (12/16/2013 04:33:11 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Error: (12/16/2013 04:33:11 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.


System errors:
=============
Error: (12/18/2013 08:23:41 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/18/2013 08:23:31 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (12/18/2013 08:23:30 PM) (Source: Service Control Manager) (User: )
Description: The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error:
%%1058

Error: (12/18/2013 08:23:30 PM) (Source: Service Control Manager) (User: )
Description: The SecureUpdate service failed to start due to the following error:
%%5

Error: (12/18/2013 08:23:30 PM) (Source: Service Control Manager) (User: )
Description: The Služba Google Update (gupdate) service failed to start due to the following error:
%%5

Error: (12/18/2013 08:23:30 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/18/2013 08:22:30 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/18/2013 04:25:33 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/18/2013 04:25:22 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (12/18/2013 04:25:21 PM) (Source: Service Control Manager) (User: )
Description: The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error:
%%1058


Microsoft Office Sessions:
=========================
Error: (12/18/2013 08:23:30 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040206

Error: (12/18/2013 08:23:30 PM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp4480070422

Error: (12/18/2013 04:25:21 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040206

Error: (12/18/2013 04:25:21 PM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp4480070422

Error: (12/17/2013 04:24:34 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040206

Error: (12/17/2013 04:24:34 PM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp4480070422

Error: (12/17/2013 03:31:17 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040206

Error: (12/17/2013 03:31:17 PM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp4480070422

Error: (12/16/2013 04:33:11 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040206

Error: (12/16/2013 04:33:11 PM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp4480070422


==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 1991.6 MB
Available physical RAM: 1201.54 MB
Total Pagefile: 3884.52 MB
Available Pagefile: 3153.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1963.25 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.31 GB) (Free:147.5 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (New Volume) (Fixed) (Total:270.45 GB) (Free:60.83 GB) NTFS
Drive e: (5310_XpressMusic) (CDROM) (Total:0.45 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: D488D488)
Partition 1: (Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=270 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Re: prosim o kontrolu, podozrivy vyhladavac v prehliadaci at

Napsal: 19 pro 2013 13:52
od vyosek
:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    Start
HKCU\...\Policies\Explorer: [NoInstrumentation] 1
MountPoints2: E - E:\5310XpressMusic.exe
HKU\LocalService\...\RunOnce: [nltide3] - cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {EADBA089-31BA-4E1F-A3C8-73231C18542E} URL = http://flvtubesearch.co/?tmp=toolbar_Fl ... &Keywords={searchTerms}&clid=681d581876914172b55c550753f9320a

CHR DefaultSearchURL: http://search.yahoo.com/search?fr=chr-g ... =800236&p={searchTerms}
CHR DefaultNewTabURL: 
CHR Extension: () - C:\Documents and Settings\uzivatel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0
CHR Extension: ( "name":"Advanced SystemCare Surfing Protection",) - C:\Documents and Settings\uzivatel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0

DisableService: JavaQuickStarterService
DisableService: gupdate
DisableService: gupdatem

AlternateDataStreams: C:\WINDOWS:B41DA3A2BD44305E
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

2013-12-09 15:11 - 2013-01-14 20:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2013-12-09 15:10 - 2013-08-25 15:46 - 00000000 ____D C:\Documents and Settings\uzivatel\Local Settings\Application Data\Avg2013
2013-12-02 15:32 - 2011-09-03 19:41 - 00000000 ____D C:\Documents and Settings\uzivatel\Application Data\IObit
2013-12-11 16:56 - 2013-12-08 22:45 - 27807744 _____ C:\WINDOWS\system32\config\software.iodefrag.bak
2013-12-11 16:56 - 2013-12-08 22:45 - 00294912 _____ C:\WINDOWS\system32\config\default.iodefrag.bak
2013-12-11 16:56 - 2013-12-08 22:45 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2013-12-11 16:56 - 2013-12-08 22:45 - 00024576 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak
2013-12-15 14:07 - 2013-11-10 01:22 - 27807744 _____ C:\WINDOWS\system32\config\software.iobit
2013-12-15 14:07 - 2013-11-10 01:22 - 00294912 _____ C:\WINDOWS\system32\config\default.iobit
2013-12-15 14:07 - 2013-11-10 01:22 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2013-12-15 14:07 - 2013-11-10 01:22 - 00024576 _____ C:\WINDOWS\system32\config\SAM.iobit
2013-12-17 22:43 - 2011-09-03 19:40 - 00000000 ____D C:\Program Files\IObit
C:\Program Files\Enigma Software Group
C:\Documents and Settings\uzivatel\jagex_cl_loginapplet_LIVE.dat
C:\Documents and Settings\uzivatel\jagex_cl_runescape_LIVE.dat
C:\Documents and Settings\uzivatel\random.dat
C:\Documents and Settings\uzivatel\Local Settings\Temp\Quarantine.exe

Hosts:
CMD: shutdown /r /f /t 2

End
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny fixlist vedle FRST
:arrow: Spustte znovu FRST.exe
  • Kliknete na Fix
  • Probehne oprava a vytvori log Fixlog.txt
:arrow: Restart PC a dejte mi sem fixlog.txt

Re: prosim o kontrolu, podozrivy vyhladavac v prehliadaci at

Napsal: 19 pro 2013 15:36
od janci100
nejde to :( resp. ide az prilis... :)
skopiroval som, vlozil a ulozil ako fixlist.txt na plochu (kde mam aj FRST), pred spustenim som vypol comodo a ked som spustil FRST (Run), tak sa spusti, ale vzapati zacne dookola vyhadzovat tuto hlasku:
Update completed. FRST is ready to use.
ked ju potvrdim, stale ju nahodi znova a k Fix sa ani nedostanem... :(

Re: prosim o kontrolu, podozrivy vyhladavac v prehliadaci at

Napsal: 19 pro 2013 19:31
od vyosek
Stahnete si tedy novy FRST odsud http://www.bleepingcomputer.com/downloa ... ool/dl/81/

Re: prosim o kontrolu, podozrivy vyhladavac v prehliadaci at

Napsal: 20 pro 2013 07:25
od janci100
spustil som to a dal moznost fixing, na to mi vysocilo okno:
Farbar Recovry Scan Tool
Warning:
Looks you don't know wat to do. To prevent damage to the system the tool will exit.
je tam len moznost OK, ked ju potvrdim nic sa nedeje - FRST sa jednoducho vypne.
mozno treba znova zopakovat cely postup so Scanom?
Všechny časy jsou v UTC+01:00
Stránka 1 z 3

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz