VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

zavirované pc

https://forum.viry.cz:443/viewtopic.php?t=137989

Stránka 1 z 1

zavirované pc

Napsal: 14 kvě 2014 08:07
od tomas000
Prosím Vás otec má problémy s pc, prý mu při prohlížení webu vyskakují okna z Avastu, že je stránka zavirovaná, přestože jsou to běžné stránky Seznam.cz atd. Prosím bylo by možné na to mrknout?
Děkuji moc

Logfile of random's system information tool 1.06 (written by random/random)
Run by pavel at 2014-05-14 08:57:43
Systém Microsoft Windows XP Professional Service Pack 3
System drive D: has 17 GB (54%) free of 31 GB
Total RAM: 3326 MB (75% free)

HijackThis download failed

======Scheduled tasks folder======

D:\WINDOWS\tasks\Adobe Flash Player Updater.job
D:\WINDOWS\tasks\avast! Emergency Update.job
D:\WINDOWS\tasks\GoforFilesUpdate.job
D:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1844237615-1482476501-1801674531-1004.job
D:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1844237615-1482476501-1801674531-1004.job
D:\WINDOWS\tasks\User_Feed_Synchronization-{417ACF23-7A75-45E4-99E8-EC04093D4AAA}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-03-07 1224568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-03-07 1224568]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"=D:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe [2010-02-03 5756544]
"avast"=D:\Program Files\AVAST Software\Avast\avastUI.exe [2013-03-07 4767304]
"Start WingMan Profiler"=D:\Program Files\Logitech\Gaming Software\LWEMon.exe [2010-06-14 153672]
"Adobe ARM"=D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"StartCCC"=D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-11-29 98304]
"HDAudDeck"=D:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [2011-12-06 41118320]
"seznam-listicka-distribuce"=D:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"RelevantKnowledge"=D:\program files\relevantknowledge\rlvknlg.exe [2013-08-17 3502360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=D:\Program Files\DAEMON Tools Lite\DTLite.exe [2013-03-14 3672640]
"MSMSGS"=D:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"cz.seznam.software.autoupdate"=D:\Documents and Settings\pavel\Data aplikací\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=D:\Documents and Settings\pavel\Data aplikací\Seznam.cz\bin\wszndesktop.exe [2013-04-12 92664]
"Overwolf"=D:\Program Files\Overwolf\Overwolf.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
D:\PROGRA~1\WINDOW~2\WINDOW~1.EXE [2010-01-14 123904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
D:\WINDOWS\system32\Ati2evxx.dll [2012-11-29 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RailNotification]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
D:\WINDOWS\system32\WgaLogon.dll [2010-01-14 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2010-01-14 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=D:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2010-01-14 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe"="D:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager"
"D:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe"="D:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi"
"D:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe"="D:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin"
"D:\Program Files\GoforFiles\goforfilesdl.exe"="D:\Program Files\GoforFiles\goforfilesdl.exe:*:Enabled:GoforFiles"
"D:\Program Files\GoforFiles\GoforFiles.exe"="D:\Program Files\GoforFiles\GoforFiles.exe:*:Enabled:GoforFiles"
"D:\Program Files\TeamViewer\Version8\TeamViewer.exe"="D:\Program Files\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"D:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe"="D:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"d:\program files\relevantknowledge\rlvknlg.exe"="d:\program files\relevantknowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6553f7f1-a238-11e2-865e-50465d06cd52}]
shell\AutoRun\command - H:\setup.exe


======List of files/folders created in the last 1 months======

2014-05-14 08:57:43 ----D---- D:\rsit
2014-05-14 08:57:43 ----D---- D:\Program Files\trend micro
2014-05-10 09:58:36 ----D---- D:\Program Files\Mozilla Firefox
2014-05-08 18:40:57 ----A---- D:\WINDOWS\system32\gdiplus.dll
2014-05-07 08:32:17 ----A---- D:\WINDOWS\system32\rlls.dll
2014-05-06 18:35:49 ----D---- D:\Program Files\FreeTime
2014-05-06 14:27:24 ----D---- D:\Program Files\SiteLookup
2014-05-06 14:26:57 ----D---- D:\Documents and Settings\pavel\Data aplikací\SimilarSites
2014-05-06 14:26:52 ----D---- D:\Program Files\RelevantKnowledge
2014-05-01 21:28:57 ----D---- D:\Program Files\Mozilla Thunderbird

======List of files/folders modified in the last 1 months======

2014-05-14 08:57:43 ----RD---- D:\Program Files
2014-05-14 05:10:08 ----D---- D:\Documents and Settings\pavel\Data aplikací\Seznam.cz
2014-05-14 05:09:01 ----D---- D:\WINDOWS\system32
2014-05-14 05:09:01 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2014-05-14 05:05:04 ----D---- D:\WINDOWS\Temp
2014-05-13 22:16:32 ----A---- D:\WINDOWS\SchedLgU.Txt
2014-05-13 22:16:31 ----D---- D:\WINDOWS\system32\CatRoot2
2014-05-13 20:34:36 ----D---- D:\Documents and Settings\pavel\Data aplikací\Skype
2014-05-10 11:50:43 ----D---- D:\WINDOWS\Prefetch
2014-05-10 11:30:36 ----D---- D:\Program Files\Mozilla Maintenance Service
2014-05-06 14:37:43 ----SD---- D:\WINDOWS\Tasks
2014-05-01 12:48:35 ----D---- D:\WINDOWS
2014-04-29 18:29:55 ----A---- D:\WINDOWS\system32\FlashPlayerApp.exe
2014-04-23 17:34:06 ----SHD---- D:\WINDOWS\Installer
2014-04-21 19:22:18 ----D---- D:\Program Files\Kozaka

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;Ovladač procesoru HwPState AMD; D:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 AsIO;AsIO; D:\WINDOWS\system32\drivers\AsIO.sys [2009-08-04 11296]
R1 AswRdr;aswRdr; D:\WINDOWS\system32\drivers\AswRdr.sys [2013-03-07 49760]
R1 aswSnx;aswSnx; D:\WINDOWS\system32\drivers\aswSnx.sys [2013-03-07 765736]
R1 aswSP;aswSP; D:\WINDOWS\system32\drivers\aswSP.sys [2013-03-07 368176]
R1 aswTdi;avast! Network Shield Support; D:\WINDOWS\system32\drivers\aswTdi.sys [2013-03-07 62376]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; D:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2013-04-10 242240]
R1 kbdhid;Ovladač klávesnice standardu HID; D:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; D:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 aswFsBlk;aswFsBlk; D:\WINDOWS\system32\drivers\aswFsBlk.sys [2013-03-07 29816]
R2 aswMonFlt;aswMonFlt; \??\D:\WINDOWS\system32\drivers\aswMonFlt.sys []
R2 rspndr;Odpovídající zařízení zjišťování topologie linkové vrstvy; D:\WINDOWS\system32\DRIVERS\rspndr.sys [2010-01-14 62848]
R3 asmthub3;ASMedia USB3 Hub Service; D:\WINDOWS\system32\DRIVERS\asmthub3.sys [2011-02-24 100328]
R3 asmtxhci;ASMEDIA XHCI Service; D:\WINDOWS\system32\DRIVERS\asmtxhci.sys [2011-02-24 308200]
R3 ati2mtag;ati2mtag; D:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2012-11-29 6812672]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; D:\WINDOWS\system32\drivers\AtihdXP3.sys [2012-05-14 103040]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Ovladač třídy standardu HID; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2010-01-14 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; D:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2011-12-08 327400]
R3 usbaudio;Ovladač zvukové karty USB (WDM); D:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2010-01-14 32384]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2010-01-14 30464]
R3 usbhub;Rozbočovač umožnující USB2; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; D:\WINDOWS\system32\DRIVERS\usbohci.sys [2010-01-14 17152]
R3 usbvideo;Zobrazovací zařízení USB (WDM); D:\WINDOWS\System32\Drivers\usbvideo.sys [2009-05-12 122240]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; D:\WINDOWS\system32\drivers\viahduaa.sys [2011-12-02 2820608]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; D:\WINDOWS\system32\drivers\WmBEnum.sys [2010-04-27 22856]
R3 WmVirHid;Logitech Virtual Hid Device Driver; D:\WINDOWS\system32\drivers\WmVirHid.sys [2010-04-27 15048]
R3 WmXlCore;Logitech Translation Layer Driver; D:\WINDOWS\system32\drivers\WmXlCore.sys [2010-04-27 66632]
S1 DumpDrv;Crash Dump Driver; D:\WINDOWS\system32\drivers\DumpDrv.sys [2010-01-14 9472]
S3 aswVmm;aswVmm; D:\WINDOWS\system32\drivers\aswVmm.sys [2013-03-07 164736]
S3 CCDECODE;Dekodér Closed Caption; D:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent Driver; D:\WINDOWS\system32\drivers\ccdcmb.sys [2011-08-17 18176]
S3 RTL8023xp;TP-LINK 10/100/1000 NIC Family all in one NDIS XP Driver; D:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2010-11-23 83968]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; D:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbscan;Ovladač skeneru USB; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; D:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WmFilter;Logitech Gaming HID Filter Driver; D:\WINDOWS\system32\drivers\WmFilter.sys [2010-04-27 37704]
S3 WmHidLo;Logitech Gaming USB Filter Driver; D:\WINDOWS\system32\drivers\WmHidLo.sys [2010-04-27 31816]
S3 WSTCODEC;Dálnopisný kodek světového standardu; D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2010-01-14 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2010-01-14 82944]
S4 exFat;exFat; D:\WINDOWS\system32\drivers\exFat.sys [2010-01-14 133632]
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; D:\WINDOWS\system32\Ati2evxx.exe [2012-11-29 643072]
R2 avast! Antivirus;avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-03-07 45248]
R2 KaraokeService;VIA Karaoke digital mixer Service; D:\WINDOWS\system32\KaraokeSer.exe [2011-11-11 88688]
R2 TeamViewer8;TeamViewer 8; D:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [2014-02-07 5093216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SkypeUpdate;Skype Updater; D:\Program Files\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29 257712]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-05-10 119408]
S3 odserv;Microsoft Office Diagnostics Service; D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WinRM;Windows Remote Management (WS-Management); D:\WINDOWS\system32\svchost.exe [2010-01-14 14848]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; D:\Program Files\Windows Media Player\WMPNetwk.exe [2010-01-14 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2010-01-14 14848]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: zavirované pc

Napsal: 14 kvě 2014 08:37
od vyosek
Zdravim a pekny den preji :)

:arrow: Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
  • Ulozte nejlepe na plochu
  • Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
  • Probehne vytvoreni zalohy a nasledne prohledavani
  • Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte
:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Re: zavirované pc

Napsal: 14 kvě 2014 09:21
od tomas000
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by pavel on st 14.05.2014 at 9:49:04,04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1844237615-1482476501-1801674531-1004\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4277F7CF-0000-46CF-BA49-D624465C4BAB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1844237615-1482476501-1801674531-1004\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "D:\Documents and Settings\pavel\Data aplikacˇ\goforfiles"
Successfully deleted: [Folder] "D:\Documents and Settings\pavel\Data aplikacˇ\similarsites"
Successfully deleted: [Folder] "D:\Program Files\goforfiles"
Failed to delete: [Folder] "D:\Program Files\relevantknowledge"



~~~ FireFox

Successfully deleted: [File] D:\Documents and Settings\pavel\Data aplikacˇ\mozilla\firefox\profiles\rqo5s7bi.default\user.js
Successfully deleted: [File] D:\Documents and Settings\pavel\Data aplikacˇ\mozilla\firefox\profiles\rqo5s7bi.default\invalidprefs.js
Successfully deleted the following from D:\Documents and Settings\pavel\Data aplikacˇ\mozilla\firefox\profiles\rqo5s7bi.default\prefs.js

user_pref("avg.install.userHPSettings", "hxxp://www.searchgol.com/?affID=119816&babsrc= ... 465D06CD52");
user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 1&tsp=5239");
user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 1&tsp=5239");





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on st 14.05.2014 at 9:54:28,53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



_____________________________________________________________________________________________


# AdwCleaner v3.208 - Report created 14/05/2014 at 10:13:44
# Updated 11/05/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : pavel - PAVEL-8A5959E7B
# Running from : D:\Documents and Settings\pavel\Plocha\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : D:\Documents and Settings\All Users\Nabídka Start\Programy\RelevantKnowledge
Folder Deleted : D:\Program Files\Kozaka
Folder Deleted : D:\Program Files\RelevantKnowledge
Folder Deleted : D:\Documents and Settings\All Users\Nabídka Start\goforfiles
File Deleted : D:\Documents and Settings\pavel\Data aplikací\Mozilla\Firefox\Profiles\rqo5s7bi.default\searchplugins\buenosearch.xml
File Deleted : D:\WINDOWS\Tasks\GoforFilesUpdate.job

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\RelevantKnowledge\rlvknlg.exe]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A45E3FA8-5048-4372-94AD-C6661671F7FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A45E3FA8-5048-4372-94AD-C6661671F7FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A45E3FA8-5048-4372-94AD-C6661671F7FC}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\GoforFiles\goforfilesdl.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\GoforFiles\GoforFiles.exe]
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKLM\Software\GoforFiles
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\GoforFiles
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\GoforFiles
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D08D9F98-1C78-4704-87E6-368B0023D831}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v29.0.1 (cs)

[ File : D:\Documents and Settings\pavel\Data aplikací\Mozilla\Firefox\Profiles\rqo5s7bi.default\prefs.js ]


-\\ Google Chrome v

[ File : D:\Documents and Settings\pavel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

*************************

AdwCleaner[R0].txt - [3134 octets] - [14/05/2014 10:12:36]
AdwCleaner[S0].txt - [2915 octets] - [14/05/2014 10:13:44]

########## EOF - D:\AdwCleaner\AdwCleaner[S0].txt - [2975 octets] ##########

Re: zavirované pc

Napsal: 14 kvě 2014 09:27
od vyosek
:arrow: Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do okna vlozte skript nize

  • Kód: Vybrat vše

    autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;
  • Nasledne kliknete na Run Script
  • PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Re: zavirované pc

Napsal: 14 kvě 2014 09:52
od tomas000
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by pavel on st 14.05.2014 at 10:37:43,73.
Systém Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: D:\Documents and Settings\pavel\Plocha\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

14.5.2014 10:38:30 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

D:\Program Files\Mozilla Firefox\defaults\preferences\pref.js deleted
D:\DOCUME~1\ALLUSE~1\DATAAP~1\LaunchURL.bat deleted
D:\WINDOWS\system32\rlls.dll deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="D:\Program Files\AVAST Software\Avast\WebRep\FF" [09.04.2013 12:55]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... {startPage}"

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

D:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
D:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
D:\Documents and Settings\pavel\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
D:\Documents and Settings\pavel\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== D:\zoek_backup content ======================

D:\zoek_backup (files=4 folders=0 594182 bytes)

==== Empty Temp Folders ======================

D:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

D:\WINDOWS\Temp successfully emptied
D:\DOCUME~1\pavel\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

D:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"D:\Documents and Settings\pavel\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on st 14.05.2014 at 10:48:04,67 ======================

Re: zavirované pc

Napsal: 14 kvě 2014 10:54
od vyosek
Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

Re: zavirované pc

Napsal: 14 kvě 2014 11:05
od tomas000
Snad jsem vše udělal správně:)
______________________________________________________________________________________________________________

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-05-2014 01
Ran by pavel (administrator) on PAVEL-8A5959E7B on 14-05-2014 12:02:15
Running from D:\Documents and Settings\pavel\Plocha
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) D:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ATI Technologies Inc.) D:\WINDOWS\system32\ati2evxx.exe
(VIA Technologies, Inc.) D:\WINDOWS\system32\KaraokeSer.exe
(TeamViewer GmbH) D:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(ASUSTeK Computer Inc.) D:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastUI.exe
(Logitech Inc.) D:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Advanced Micro Devices Inc.) D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TeamViewer GmbH) D:\Program Files\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) D:\Program Files\TeamViewer\Version8\tv_w32.exe
(VIA Technologies, Inc.) D:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
(Microsoft Corporation) D:\Program Files\Messenger\msmsgs.exe
() D:\Documents and Settings\pavel\Data aplikací\Seznam.cz\bin\szndesktop.exe
(TeamViewer GmbH) D:\Program Files\TeamViewer\Version8\TeamViewer_Desktop.exe
(Microsoft Corporation) D:\WINDOWS\system32\wscntfy.exe
(forum.viry.cz) D:\Documents and Settings\pavel\Plocha\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Six Engine] => D:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe [5756544 2010-02-03] (ASUSTeK Computer Inc.)
HKLM\...\Run: [avast] => D:\Program Files\AVAST Software\Avast\avastUI.exe [4767304 2013-03-07] (AVAST Software)
HKLM\...\Run: [Start WingMan Profiler] => D:\Program Files\Logitech\Gaming Software\LWEMon.exe [153672 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [Adobe ARM] => D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [StartCCC] => D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2012-11-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HDAudDeck] => D:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [41118320 2011-12-06] (VIA Technologies, Inc.)
HKLM\...\Run: [seznam-listicka-distribuce] => D:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Run: [RelevantKnowledge] => D:\program files\relevantknowledge\rlvknlg.exe -boot
Winlogon\Notify\AtiExtEvent: D:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\S-1-5-21-1844237615-1482476501-1801674531-1004\...\Run: [DAEMON Tools Lite] => D:\Program Files\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-1844237615-1482476501-1801674531-1004\...\Run: [MSMSGS] => D:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1844237615-1482476501-1801674531-1004\...\Run: [cz.seznam.software.autoupdate] => D:\Documents and Settings\pavel\Data aplikací\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1844237615-1482476501-1801674531-1004\...\Run: [cz.seznam.software.szndesktop] => D:\Documents and Settings\pavel\Data aplikací\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-1844237615-1482476501-1801674531-1004\...\Run: [Overwolf] => D:\Program Files\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-1844237615-1482476501-1801674531-1004\...\MountPoints2: {6553f7f1-a238-11e2-865e-50465d06cd52} - H:\setup.exe

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - D:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2010-01-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: D:\Documents and Settings\pavel\Data aplikací\Mozilla\Firefox\Profiles\rqo5s7bi.default
FF Plugin: @adobe.com/FlashPlayer - D:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - D:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - D:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: D:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: D:\Program Files\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: D:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: D:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Site Matcher - D:\Documents and Settings\pavel\Data aplikací\Mozilla\Firefox\Profiles\rqo5s7bi.default\Extensions\sitematcher@sitematcher.com [2014-05-06]
FF Extension: Seznam lištička - D:\Documents and Settings\pavel\Data aplikací\Mozilla\Firefox\Profiles\rqo5s7bi.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2014-05-02]
FF Extension: Kinotip! Finder and Dowloander! - D:\Documents and Settings\pavel\Data aplikací\Mozilla\Firefox\Profiles\rqo5s7bi.default\Extensions\sracka@pica.cz.xpi [2014-04-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - D:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - D:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-09]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (YouTube) - D:\Documents and Settings\pavel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-04]
CHR Extension: (Vyhledvn Google) - D:\Documents and Settings\pavel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-04]
CHR Extension: (Penenka Google) - D:\Documents and Settings\pavel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-04]
CHR Extension: (Gmail) - D:\Documents and Settings\pavel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-04]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248 2013-03-07] (AVAST Software)
R2 KaraokeService; D:\WINDOWS\system32\KaraokeSer.exe [88688 2011-11-11] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R1 AmdPPM; D:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R1 AsIO; D:\WINDOWS\System32\drivers\AsIO.sys [11296 2009-08-04] ()
R3 asmthub3; D:\WINDOWS\System32\DRIVERS\asmthub3.sys [100328 2011-02-24] (ASMedia Technology Inc)
R3 asmtxhci; D:\WINDOWS\System32\DRIVERS\asmtxhci.sys [308200 2011-02-24] (ASMedia Technology Inc)
R2 aswFsBlk; D:\WINDOWS\system32\Drivers\aswFsBlk.sys [29816 2013-03-07] (AVAST Software)
R2 aswMonFlt; D:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-03-07] (AVAST Software)
R1 AswRdr; D:\WINDOWS\system32\Drivers\AswRdr.sys [49760 2013-03-07] (AVAST Software)
R0 aswRvrt; D:\WINDOWS\system32\Drivers\aswRvrt.sys [49248 2013-03-07] ()
R1 aswSnx; D:\WINDOWS\system32\Drivers\aswSnx.sys [765736 2013-03-07] (AVAST Software)
R1 aswSP; D:\WINDOWS\system32\Drivers\aswSP.sys [368176 2013-03-07] (AVAST Software)
R1 aswTdi; D:\WINDOWS\system32\Drivers\aswTdi.sys [62376 2013-03-07] (AVAST Software)
S3 aswVmm; D:\WINDOWS\system32\Drivers\aswVmm.sys [164736 2013-03-07] ()
R3 AtiHDAudioService; D:\WINDOWS\System32\drivers\AtihdXP3.sys [103040 2012-05-14] (Advanced Micro Devices)
S3 CCDECODE; D:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 dtsoftbus01; D:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [242240 2013-04-10] (DT Soft Ltd)
S1 DumpDrv; D:\WINDOWS\system32\Drivers\DumpDrv.sys [9472 2010-01-14] (Microsoft Corporation)
R3 MTsensor; D:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 NdisIP; D:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 VIAHdAudAddService; D:\WINDOWS\System32\drivers\viahduaa.sys [2820608 2011-12-02] (VIA Technologies, Inc.)
R3 WmBEnum; D:\WINDOWS\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
S3 WmFilter; D:\WINDOWS\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
S3 WmHidLo; D:\WINDOWS\System32\drivers\WmHidLo.sys [31816 2010-04-27] (Logitech Inc.)
R3 WmVirHid; D:\WINDOWS\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
R3 WmXlCore; D:\WINDOWS\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
S4 IntelIde; No ImagePath
U5 Sdbus; D:\Windows\System32\Drivers\Sdbus.sys [80384 2010-01-14] (Microsoft Corporation)
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-14 12:02 - 2014-05-14 12:02 - 00011222 _____ () D:\Documents and Settings\pavel\Plocha\FRST.txt
2014-05-14 12:01 - 2014-05-14 12:02 - 00000000 ____D () D:\FRST
2014-05-14 12:01 - 2014-05-14 12:01 - 00112640 _____ (forum.viry.cz) D:\Documents and Settings\pavel\Plocha\FRSTLauncher.exe
2014-05-14 11:59 - 2014-05-14 11:59 - 01056256 _____ (Farbar) D:\Documents and Settings\pavel\Plocha\FRST.exe
2014-05-14 10:43 - 2014-05-14 10:37 - 00024064 _____ () D:\WINDOWS\zoek-delete.exe
2014-05-14 10:38 - 2014-05-14 10:48 - 00005015 _____ () D:\zoek-results.log
2014-05-14 10:37 - 2014-05-14 10:42 - 00000000 ____D () D:\zoek_backup
2014-05-14 10:36 - 2014-05-14 10:36 - 01285120 _____ () D:\Documents and Settings\pavel\Plocha\zoek.exe
2014-05-14 10:12 - 2014-05-14 10:13 - 00000000 ____D () D:\AdwCleaner
2014-05-14 10:12 - 2014-05-14 10:12 - 01325827 _____ () D:\Documents and Settings\pavel\Plocha\adwcleaner.exe
2014-05-14 10:12 - 2010-08-30 08:34 - 00507228 _____ () D:\WINDOWS\system32\sqlite3.dll
2014-05-14 10:11 - 2014-05-14 10:11 - 00003679 _____ () D:\Documents and Settings\pavel\Plocha\JRT.txt
2014-05-14 09:49 - 2014-05-14 09:49 - 00000000 ____D () D:\WINDOWS\ERUNT
2014-05-14 09:46 - 2014-05-14 09:45 - 01016261 _____ (Thisisu) D:\Documents and Settings\pavel\Plocha\JRT.exe
2014-05-14 08:57 - 2014-05-14 08:57 - 00781909 _____ () D:\Documents and Settings\pavel\Plocha\RSIT.exe
2014-05-14 08:57 - 2014-05-14 08:57 - 00000000 ____D () D:\rsit
2014-05-14 08:57 - 2014-05-14 08:57 - 00000000 ____D () D:\Program Files\trend micro
2014-05-13 20:22 - 2014-05-13 20:22 - 00000235 _____ () D:\Documents and Settings\pavel\Plocha\httpsfbcdn-sphotos-h-a.akamaihd.nethphotos-ak-prn2vt34.0-1210346945_10202008779674084_1160257255_n.jpgoh=46039505d27d9241f73.URL
2014-05-10 09:58 - 2014-05-10 09:58 - 00000000 ____D () D:\Program Files\Mozilla Firefox
2014-05-08 19:58 - 2014-05-08 19:59 - 00000000 ____D () D:\Documents and Settings\pavel\Plocha\BMW M3 E30
2014-05-08 18:40 - 2014-05-08 18:40 - 01700352 _____ (Microsoft Corporation) D:\WINDOWS\system32\gdiplus.dll
2014-05-06 18:38 - 2014-05-08 18:42 - 00000000 ____D () D:\Documents and Settings\pavel\Local Settings\Data aplikací\COMODO
2014-05-06 18:38 - 2014-05-08 18:42 - 00000000 ____D () D:\Documents and Settings\All Users\Nabídka Start\Programy\Comodo
2014-05-06 18:36 - 2014-05-06 18:36 - 00000851 _____ () D:\Documents and Settings\pavel\Plocha\Zmenšení AVI.lnk
2014-05-06 18:36 - 2014-05-06 18:36 - 00000000 ____D () D:\Documents and Settings\pavel\Nabídka Start\Programy\FormatFactory
2014-05-06 18:35 - 2014-05-06 18:35 - 00000000 ____D () D:\Program Files\FreeTime
2014-05-06 18:33 - 2014-05-06 18:34 - 41082542 _____ () D:\Rally Francie-trenink_trans.avi
2014-05-06 15:14 - 2014-05-06 15:14 - 01658934 _____ () D:\2014-05-06 15-14-20.BMP
2014-05-06 15:14 - 2014-05-06 15:14 - 01658934 _____ () D:\2014-05-06 15-14-18.BMP
2014-05-06 14:27 - 2014-05-06 14:27 - 00000000 ____D () D:\Program Files\SiteLookup
2014-05-01 21:28 - 2014-05-01 21:50 - 00000000 ____D () D:\Program Files\Mozilla Thunderbird
2014-05-01 12:48 - 2014-05-09 14:52 - 00000585 _____ () D:\WINDOWS\DXError.log
2014-05-01 12:48 - 2014-05-09 14:52 - 00000216 _____ () D:\WINDOWS\DirectX.log
2014-05-01 12:13 - 2014-05-01 12:13 - 00000333 _____ () D:\Documents and Settings\pavel\Plocha\EXE_RALLY_TEAM_7.scn
2014-04-21 19:34 - 2014-04-21 19:34 - 00000318 _____ () D:\Documents and Settings\pavel\Plocha\SDÍLEJ.CZ Manager.appref-ms
2014-04-21 19:34 - 2014-04-21 19:34 - 00000000 ____D () D:\Documents and Settings\pavel\Nabídka Start\Programy\SDÍLEJ.CZ
2014-04-21 19:22 - 2014-05-14 11:53 - 00000466 ____H () D:\WINDOWS\Tasks\User_Feed_Synchronization-{417ACF23-7A75-45E4-99E8-EC04093D4AAA}.job
2014-04-21 19:22 - 2014-04-21 19:22 - 00000000 __SHD () D:\Documents and Settings\pavel\IECompatCache

==================== One Month Modified Files and Folders =======

2014-05-14 12:02 - 2014-05-14 12:02 - 00011222 _____ () D:\Documents and Settings\pavel\Plocha\FRST.txt
2014-05-14 12:02 - 2014-05-14 12:01 - 00000000 ____D () D:\FRST
2014-05-14 12:02 - 2013-04-09 11:22 - 00000000 ____D () D:\Documents and Settings\pavel\Plocha
2014-05-14 12:01 - 2014-05-14 12:01 - 00112640 _____ (forum.viry.cz) D:\Documents and Settings\pavel\Plocha\FRSTLauncher.exe
2014-05-14 12:01 - 2013-04-09 11:22 - 00000000 ___HD () D:\Documents and Settings\pavel\Local Settings\Data aplikací
2014-05-14 11:59 - 2014-05-14 11:59 - 01056256 _____ (Farbar) D:\Documents and Settings\pavel\Plocha\FRST.exe
2014-05-14 11:53 - 2014-04-21 19:22 - 00000466 ____H () D:\WINDOWS\Tasks\User_Feed_Synchronization-{417ACF23-7A75-45E4-99E8-EC04093D4AAA}.job
2014-05-14 11:29 - 2013-04-10 20:34 - 00000914 _____ () D:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-14 10:53 - 2013-09-21 19:10 - 00000000 ____D () D:\Documents and Settings\pavel\Data aplikací\Seznam.cz
2014-05-14 10:52 - 2013-04-09 12:56 - 01174996 _____ () D:\WINDOWS\system32\PerfStringBackup.INI
2014-05-14 10:49 - 2013-04-09 11:10 - 01943849 _____ () D:\WINDOWS\WindowsUpdate.log
2014-05-14 10:48 - 2014-05-14 10:38 - 00005015 _____ () D:\zoek-results.log
2014-05-14 10:48 - 2013-04-09 12:59 - 00000157 _____ () D:\WINDOWS\wiadebug.log
2014-05-14 10:48 - 2013-04-09 12:59 - 00000049 _____ () D:\WINDOWS\wiaservc.log
2014-05-14 10:48 - 2013-04-09 12:56 - 00000314 ____H () D:\WINDOWS\Tasks\avast! Emergency Update.job
2014-05-14 10:48 - 2008-04-14 13:00 - 00002206 _____ () D:\WINDOWS\system32\wpa.dbl
2014-05-14 10:47 - 2013-11-04 22:16 - 00000278 _____ () D:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1844237615-1482476501-1801674531-1004.job
2014-05-14 10:47 - 2013-04-09 11:27 - 00524288 _____ () D:\WINDOWS\system32\config\ACEEvent.evt
2014-05-14 10:47 - 2013-04-09 11:22 - 00000178 ___SH () D:\Documents and Settings\pavel\ntuser.ini
2014-05-14 10:47 - 2013-04-09 11:22 - 00000000 ____D () D:\Documents and Settings\pavel
2014-05-14 10:47 - 2013-04-09 11:21 - 00032304 _____ () D:\WINDOWS\SchedLgU.Txt
2014-05-14 10:47 - 2013-04-09 11:21 - 00000006 ____H () D:\WINDOWS\Tasks\SA.DAT
2014-05-14 10:42 - 2014-05-14 10:37 - 00000000 ____D () D:\zoek_backup
2014-05-14 10:42 - 2013-04-09 12:55 - 00000000 __RHD () D:\Documents and Settings\All Users\Data aplikací
2014-05-14 10:37 - 2014-05-14 10:43 - 00024064 _____ () D:\WINDOWS\zoek-delete.exe
2014-05-14 10:36 - 2014-05-14 10:36 - 01285120 _____ () D:\Documents and Settings\pavel\Plocha\zoek.exe
2014-05-14 10:13 - 2014-05-14 10:12 - 00000000 ____D () D:\AdwCleaner
2014-05-14 10:13 - 2013-04-09 12:56 - 00000000 ___RD () D:\Documents and Settings\All Users\Nabídka Start\Programy
2014-05-14 10:13 - 2013-04-09 12:56 - 00000000 ___RD () D:\Documents and Settings\All Users\Nabídka Start
2014-05-14 10:12 - 2014-05-14 10:12 - 01325827 _____ () D:\Documents and Settings\pavel\Plocha\adwcleaner.exe
2014-05-14 10:11 - 2014-05-14 10:11 - 00003679 _____ () D:\Documents and Settings\pavel\Plocha\JRT.txt
2014-05-14 09:50 - 2013-04-09 11:22 - 00000000 __RHD () D:\Documents and Settings\pavel\Data aplikací
2014-05-14 09:49 - 2014-05-14 09:49 - 00000000 ____D () D:\WINDOWS\ERUNT
2014-05-14 09:45 - 2014-05-14 09:46 - 01016261 _____ (Thisisu) D:\Documents and Settings\pavel\Plocha\JRT.exe
2014-05-14 08:57 - 2014-05-14 08:57 - 00781909 _____ () D:\Documents and Settings\pavel\Plocha\RSIT.exe
2014-05-14 08:57 - 2014-05-14 08:57 - 00000000 ____D () D:\rsit
2014-05-14 08:57 - 2014-05-14 08:57 - 00000000 ____D () D:\Program Files\trend micro
2014-05-13 20:34 - 2013-04-10 21:00 - 00000000 ____D () D:\Documents and Settings\pavel\Data aplikací\Skype
2014-05-13 20:27 - 2013-11-02 21:16 - 00000349 _____ () D:\Documents and Settings\All Users\Dokumenty\PCLECHAL.INI
2014-05-13 20:22 - 2014-05-13 20:22 - 00000235 _____ () D:\Documents and Settings\pavel\Plocha\httpsfbcdn-sphotos-h-a.akamaihd.nethphotos-ak-prn2vt34.0-1210346945_10202008779674084_1160257255_n.jpgoh=46039505d27d9241f73.URL
2014-05-13 18:43 - 2013-04-10 21:00 - 00002283 _____ () D:\Documents and Settings\All Users\Plocha\Skype.lnk
2014-05-12 21:27 - 2013-11-04 22:16 - 00000286 _____ () D:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1844237615-1482476501-1801674531-1004.job
2014-05-10 11:30 - 2013-04-09 11:51 - 00000000 ____D () D:\Program Files\Mozilla Maintenance Service
2014-05-10 09:58 - 2014-05-10 09:58 - 00000000 ____D () D:\Program Files\Mozilla Firefox
2014-05-09 14:52 - 2014-05-01 12:48 - 00000585 _____ () D:\WINDOWS\DXError.log
2014-05-09 14:52 - 2014-05-01 12:48 - 00000216 _____ () D:\WINDOWS\DirectX.log
2014-05-09 13:43 - 2013-04-09 11:07 - 00010922 _____ () D:\WINDOWS\wmsetup.log
2014-05-08 19:59 - 2014-05-08 19:58 - 00000000 ____D () D:\Documents and Settings\pavel\Plocha\BMW M3 E30
2014-05-08 18:42 - 2014-05-06 18:38 - 00000000 ____D () D:\Documents and Settings\pavel\Local Settings\Data aplikací\COMODO
2014-05-08 18:42 - 2014-05-06 18:38 - 00000000 ____D () D:\Documents and Settings\All Users\Nabídka Start\Programy\Comodo
2014-05-08 18:42 - 2013-04-09 12:56 - 00000000 ____D () D:\Documents and Settings\All Users\Plocha
2014-05-08 18:40 - 2014-05-08 18:40 - 01700352 _____ (Microsoft Corporation) D:\WINDOWS\system32\gdiplus.dll
2014-05-06 18:38 - 2013-04-09 11:22 - 00000000 ___RD () D:\Documents and Settings\pavel\Dokumenty
2014-05-06 18:36 - 2014-05-06 18:36 - 00000851 _____ () D:\Documents and Settings\pavel\Plocha\Zmenšení AVI.lnk
2014-05-06 18:36 - 2014-05-06 18:36 - 00000000 ____D () D:\Documents and Settings\pavel\Nabídka Start\Programy\FormatFactory
2014-05-06 18:36 - 2013-04-09 11:22 - 00000000 ___RD () D:\Documents and Settings\pavel\Nabídka Start\Programy
2014-05-06 18:35 - 2014-05-06 18:35 - 00000000 ____D () D:\Program Files\FreeTime
2014-05-06 18:34 - 2014-05-06 18:33 - 41082542 _____ () D:\Rally Francie-trenink_trans.avi
2014-05-06 15:14 - 2014-05-06 15:14 - 01658934 _____ () D:\2014-05-06 15-14-20.BMP
2014-05-06 15:14 - 2014-05-06 15:14 - 01658934 _____ () D:\2014-05-06 15-14-18.BMP
2014-05-06 14:27 - 2014-05-06 14:27 - 00000000 ____D () D:\Program Files\SiteLookup
2014-05-03 10:55 - 2014-02-27 14:21 - 00000000 ____D () D:\Documents and Settings\pavel\Local Settings\Data aplikací\Deployment
2014-05-01 21:50 - 2014-05-01 21:28 - 00000000 ____D () D:\Program Files\Mozilla Thunderbird
2014-05-01 12:13 - 2014-05-01 12:13 - 00000333 _____ () D:\Documents and Settings\pavel\Plocha\EXE_RALLY_TEAM_7.scn
2014-04-29 18:29 - 2013-04-10 20:34 - 00692400 _____ (Adobe Systems Incorporated) D:\WINDOWS\system32\FlashPlayerApp.exe
2014-04-29 18:29 - 2013-04-10 20:34 - 00070832 _____ (Adobe Systems Incorporated) D:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-04-21 19:34 - 2014-04-21 19:34 - 00000318 _____ () D:\Documents and Settings\pavel\Plocha\SDÍLEJ.CZ Manager.appref-ms
2014-04-21 19:34 - 2014-04-21 19:34 - 00000000 ____D () D:\Documents and Settings\pavel\Nabídka Start\Programy\SDÍLEJ.CZ
2014-04-21 19:22 - 2014-04-21 19:22 - 00000000 __SHD () D:\Documents and Settings\pavel\IECompatCache
2014-04-15 21:06 - 2014-04-13 10:46 - 05592560 _____ () D:\Documents and Settings\pavel\Plocha\fiesta_external_scrape.dds
2014-04-15 21:06 - 2014-04-13 10:45 - 05592560 _____ () D:\Documents and Settings\pavel\Plocha\fiesta_external.dds

==================== Bamital & volsnap Check =================

D:\WINDOWS\explorer.exe
[2010-01-14 17:00] - [2010-01-14 17:00] - 1034240 ____A (Microsoft Corporation) 8ab626e4e4b289646e11311e66fb0b88

D:\WINDOWS\system32\winlogon.exe
[2010-01-14 17:02] - [2010-01-14 17:02] - 0509440 ____A (Microsoft Corporation) 4212babcc4408b052193dabad9a691ab

D:\WINDOWS\system32\svchost.exe
[2010-01-14 17:01] - [2010-01-14 17:01] - 0014848 ____A (Microsoft Corporation) 67e38b4a549833e02d4d1617b5dbc318

D:\WINDOWS\system32\services.exe
[2010-01-14 17:01] - [2010-01-14 17:01] - 0111104 ____A (Microsoft Corporation) 3d107d45ccfdb266e91d84b52cd7f430

D:\WINDOWS\system32\User32.dll
[2010-01-14 17:02] - [2010-01-14 17:02] - 0578560 ____A (Microsoft Corporation) a88d1807ef5370f4313c58d137d6f7b4

D:\WINDOWS\system32\userinit.exe
[2008-04-14 13:00] - [2008-04-14 13:00] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239

D:\WINDOWS\system32\rpcss.dll
[2010-01-14 17:01] - [2010-01-14 17:01] - 0401408 ____A (Microsoft Corporation) c0bd34a62508ba68f146e22ce45919f9

ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
D:\WINDOWS\system32\Drivers\volsnap.sys
[2008-04-14 13:00] - [2008-04-14 13:00] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1





===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:30.03 GB) (Free:16.88 GB) NTFS
Drive e: () (Fixed) (Total:196.06 GB) (Free:195.75 GB) NTFS
Drive f: () (Fixed) (Total:705.32 GB) (Free:643.77 GB) NTFS
Drive h: (Burns Rally) (CDROM) (Total:1.37 GB) (Free:0 GB) CDFS

Available physical RAM: 2694.22 MB
Total physical RAM: 3326.04 MB
Percentage of memory in use: 18%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 932 GB) (Disk ID: 2B871F30)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=196 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=705 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=30 GB) - (Type=OF Extended)

==================== Scheduled Tasks (whitelisted) ==================

Task: D:\WINDOWS\Tasks\Adobe Flash Player Updater.job => D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: D:\WINDOWS\Tasks\avast! Emergency Update.job => D:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: D:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1844237615-1482476501-1801674531-1004.job => D:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: D:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1844237615-1482476501-1801674531-1004.job => D:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: D:\WINDOWS\Tasks\User_Feed_Synchronization-{417ACF23-7A75-45E4-99E8-EC04093D4AAA}.job => D:\WINDOWS\system32\msfeedssync.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "D:\Documents and Settings\pavel\Plocha" je 1416 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Nabdka Start^Programy^Po sputn^Windows Search.lnk
D:\PROGRA~1\WINDOW~2\WINDOW~1.EXE /startup [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\Skype\\Phone\\Skype.exe"="D:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"D:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"="D:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe:*:Enabled:Render Manager"
"D:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"="D:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe:*:Enabled:umi"
"D:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"="D:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin"
"D:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"="D:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"D:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"="D:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: zavirované pc

Napsal: 14 kvě 2014 12:12
od vyosek
:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    Start
HKLM\...\Run: [Adobe ARM] => D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [seznam-listicka-distribuce] => D:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Run: [RelevantKnowledge] => D:\program files\relevantknowledge\rlvknlg.exe -bootHKU\S-1-5-21-1844237615-1482476501-1801674531-1004\...\Run: [DAEMON Tools Lite] => D:\Program Files\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-1844237615-1482476501-1801674531-1004\...\Run: [MSMSGS] => D:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1844237615-1482476501-1801674531-1004\...\Run: [cz.seznam.software.autoupdate] => D:\Documents and Settings\pavel\Data aplikací\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1844237615-1482476501-1801674531-1004\...\Run: [cz.seznam.software.szndesktop] => D:\Documents and Settings\pavel\Data aplikací\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-1844237615-1482476501-1801674531-1004\...\MountPoints2: {6553f7f1-a238-11e2-865e-50465d06cd52} - H:\setup.exe

SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

D:\program files\relevantknowledge
2014-05-14 12:01 - 2014-05-14 12:01 - 00112640 _____ (forum.viry.cz) D:\Documents and Settings\pavel\Plocha\FRSTLauncher.exe
2014-05-14 10:43 - 2014-05-14 10:37 - 00024064 _____ () D:\WINDOWS\zoek-delete.exe
2014-05-14 10:38 - 2014-05-14 10:48 - 00005015 _____ () D:\zoek-results.log
2014-05-14 10:37 - 2014-05-14 10:42 - 00000000 ____D () D:\zoek_backup
2014-05-14 10:36 - 2014-05-14 10:36 - 01285120 _____ () D:\Documents and Settings\pavel\Plocha\zoek.exe
2014-05-14 10:12 - 2014-05-14 10:13 - 00000000 ____D () D:\AdwCleaner
2014-05-14 10:12 - 2014-05-14 10:12 - 01325827 _____ () D:\Documents and Settings\pavel\Plocha\adwcleaner.exe
2014-05-14 10:11 - 2014-05-14 10:11 - 00003679 _____ () D:\Documents and Settings\pavel\Plocha\JRT.txt
2014-05-14 09:46 - 2014-05-14 09:45 - 01016261 _____ (Thisisu) D:\Documents and Settings\pavel\Plocha\JRT.exe
2014-05-14 08:57 - 2014-05-14 08:57 - 00781909 _____ () D:\Documents and Settings\pavel\Plocha\RSIT.exe
2014-05-14 08:57 - 2014-05-14 08:57 - 00000000 ____D () D:\rsit
2014-05-14 08:57 - 2014-05-14 08:57 - 00000000 ____D () D:\Program Files\trend micro

Task: D:\WINDOWS\Tasks\Adobe Flash Player Updater.job => D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: D:\WINDOWS\Tasks\avast! Emergency Update.job => D:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: D:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1844237615-1482476501-1801674531-1004.job => D:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: D:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1844237615-1482476501-1801674531-1004.job => D:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: D:\WINDOWS\Tasks\User_Feed_Synchronization-{417ACF23-7A75-45E4-99E8-EC04093D4AAA}.job => D:\WINDOWS\system32\msfeedssync.exe

Hosts:
End
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny fixlist vedle FRST
:arrow: Spustte znovu FRST.exe
  • Kliknete na Fix
  • Probehne oprava a vytvori log Fixlog.txt
:arrow: Restart PC a dejte mi sem fixlog.txt

Re: zavirované pc

Napsal: 14 kvě 2014 12:22
od tomas000
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:11-05-2014 01
Ran by pavel at 2014-05-14 13:17:14 Run:1
Running from D:\Documents and Settings\pavel\Plocha
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [Adobe ARM] => D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe

Systems Incorporated)
HKLM\...\Run: [seznam-listicka-distribuce] => D:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472

2013-05-16] ()
HKLM\...\Run: [RelevantKnowledge] => D:\program files\relevantknowledge\rlvknlg.exe

-bootHKU\S-1-5-21-1844237615-1482476501-1801674531-1004\...\Run: [DAEMON Tools Lite] => D:\Program Files\DAEMON

Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-1844237615-1482476501-1801674531-1004\...\Run: [MSMSGS] => D:\Program Files\Messenger\msmsgs.exe

[1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1844237615-1482476501-1801674531-1004\...\Run: [cz.seznam.software.autoupdate] => D:\Documents and

Settings\pavel\Data aplikací\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1844237615-1482476501-1801674531-1004\...\Run: [cz.seznam.software.szndesktop] => D:\Documents and

Settings\pavel\Data aplikací\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-1844237615-1482476501-1801674531-1004\...\MountPoints2: {6553f7f1-a238-11e2-865e-50465d06cd52} -

H:\setup.exe

SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =

http://www.google.com/search?q={searchT ... oding}&sta

rtIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =

http://www.google.com/search?q={searchT ... oding}&sta

rtIndex={startIndex?}&startPage={startPage}

D:\program files\relevantknowledge
2014-05-14 12:01 - 2014-05-14 12:01 - 00112640 _____ (forum.viry.cz) D:\Documents and

Settings\pavel\Plocha\FRSTLauncher.exe
2014-05-14 10:43 - 2014-05-14 10:37 - 00024064 _____ () D:\WINDOWS\zoek-delete.exe
2014-05-14 10:38 - 2014-05-14 10:48 - 00005015 _____ () D:\zoek-results.log
2014-05-14 10:37 - 2014-05-14 10:42 - 00000000 ____D () D:\zoek_backup
2014-05-14 10:36 - 2014-05-14 10:36 - 01285120 _____ () D:\Documents and Settings\pavel\Plocha\zoek.exe
2014-05-14 10:12 - 2014-05-14 10:13 - 00000000 ____D () D:\AdwCleaner
2014-05-14 10:12 - 2014-05-14 10:12 - 01325827 _____ () D:\Documents and Settings\pavel\Plocha\adwcleaner.exe
2014-05-14 10:11 - 2014-05-14 10:11 - 00003679 _____ () D:\Documents and Settings\pavel\Plocha\JRT.txt
2014-05-14 09:46 - 2014-05-14 09:45 - 01016261 _____ (Thisisu) D:\Documents and Settings\pavel\Plocha\JRT.exe
2014-05-14 08:57 - 2014-05-14 08:57 - 00781909 _____ () D:\Documents and Settings\pavel\Plocha\RSIT.exe
2014-05-14 08:57 - 2014-05-14 08:57 - 00000000 ____D () D:\rsit
2014-05-14 08:57 - 2014-05-14 08:57 - 00000000 ____D () D:\Program Files\trend micro

Task: D:\WINDOWS\Tasks\Adobe Flash Player Updater.job =>

D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: D:\WINDOWS\Tasks\avast! Emergency Update.job => D:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: D:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1844237615-1482476501-1801674531-1004.job =>

D:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: D:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1844237615-1482476501-1801674531-1004.job =>

D:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: D:\WINDOWS\Tasks\User_Feed_Synchronization-{417ACF23-7A75-45E4-99E8-EC04093D4AAA}.job =>

D:\WINDOWS\system32\msfeedssync.exe
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\RelevantKnowledge] => D:\program

files\relevantknowledge\rlvknlg.exe -bootHKU\S-1-5-21-1844237615-1482476501-1801674531-1004\...\Run: [DAEMON Tools

Lite => Value not found.
HKU\S-1-5-21-1844237615-1482476501-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Run\\MSMSGS => Value

deleted successfully.
HKU\S-1-5-21-1844237615-1482476501-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software

.autoupdate => Value deleted successfully.
HKU\S-1-5-21-1844237615-1482476501-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software

.szndesktop => Value deleted successfully.
HKU\S-1-5-21-1844237615-1482476501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{

6553f7f1-a238-11e2-865e-50465d06cd52} => Key deleted successfully.
HKCR\CLSID\{6553f7f1-a238-11e2-865e-50465d06cd52} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted

successfully.
HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
"D:\program files\relevantknowledge" => File/Directory not found.
D:\Documents and Settings\pavel\Plocha\FRSTLauncher.exe => Moved successfully.
D:\WINDOWS\zoek-delete.exe => Moved successfully.
D:\zoek-results.log => Moved successfully.
D:\zoek_backup => Moved successfully.
D:\Documents and Settings\pavel\Plocha\zoek.exe => Moved successfully.
D:\AdwCleaner => Moved successfully.
D:\Documents and Settings\pavel\Plocha\adwcleaner.exe => Moved successfully.
D:\Documents and Settings\pavel\Plocha\JRT.txt => Moved successfully.
D:\Documents and Settings\pavel\Plocha\JRT.exe => Moved successfully.
D:\Documents and Settings\pavel\Plocha\RSIT.exe => Moved successfully.
D:\rsit => Moved successfully.
D:\Program Files\trend micro => Moved successfully.
D:\WINDOWS\Tasks\Adobe Flash Player Updater.job => Moved successfully.
D:\WINDOWS\Tasks\avast! Emergency Update.job => Moved successfully.
D:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1844237615-1482476501-1801674531-1004.job => Moved

successfully.
D:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1844237615-1482476501-1801674531-1004.job => Moved

successfully.
D:\WINDOWS\Tasks\User_Feed_Synchronization-{417ACF23-7A75-45E4-99E8-EC04093D4AAA}.job => Moved successfully.

==== End of Fixlog ====

Re: zavirované pc

Napsal: 14 kvě 2014 12:24
od vyosek
Fajn, jak se chova nas pacient??

Re: zavirované pc

Napsal: 14 kvě 2014 12:28
od tomas000
pacient se zdá býti v pořádku pane doktore:), všechno dělám na dálku přes teamviewer, ale vypadá to,že je to ok. Pokud to nevadí, napíšu zítra až na to otec odpoledne sám mrkne a já ráno přijdu z práce a dám vědět.

Prozatím moc děkuju a přeju příjemný den....vřelé díky :)

Re: zavirované pc

Napsal: 14 kvě 2014 12:38
od vyosek
Tak jeste uklidime :James008:

:arrow: T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

:arrow: Pak tedy napiste :)

Re: zavirované pc

Napsal: 21 kvě 2014 19:09
od tomas000
Po pár dnech opět zdravím:), omlouvám se za odmlku, ale nedostal jsem se k pc.

Otec mi asi tři dny poté volal, že pc je sice rychlejší, ale na běžných serverech ( seznam.cz, servery o rally atd.) mu stále vyskakují ty zprávy z avast o trojském koni. Dnes mi volal, že během dne mu to vyskočilo třikrát.

Pokud byste měl čas, bylo by možné poradit co a jak? Už zvažuji i nad variantou to přeinstalovat.

Děkuji

Re: zavirované pc

Napsal: 22 kvě 2014 15:45
od vyosek
Mohl bych poprosit o screeny hlasenich Avastu
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz