
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu - divné chování PC
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Prosím o kontrolu logu - divné chování PC
Logfile of random's system information tool 1.10 (written by random/random)
Run by Petr_K at 2014-06-13 12:18:15
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 58 GB (55%) free of 105 GB
Total RAM: 2046 MB (26% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:18:21, on 13.6.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HeleniProxyUI.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Cobian Backup 11\Cobian.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HPrintWebAPIShell.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Cobian Backup 11\cbInterface.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
c:\Portable_Ubuntu\TrayRun.exe
C:\WINDOWS\system32\cmd.exe
c:\Portable_Ubuntu\colinux-daemon.exe
c:\Portable_Ubuntu\colinux-console-nt.exe
c:\Portable_Ubuntu\colinux-slirp-net-daemon.exe
c:\Portable_Ubuntu\Xming\Xming.exe
c:\Portable_Ubuntu\pulseaudio-0.9.6\pulseaudio.exe
C:\Documents and Settings\Projekt\Data aplikací\Juniper Networks\Setup Client\JuniperSetupClient.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre7\bin\java.exe
C:\Documents and Settings\Projekt\Data aplikací\Juniper Networks\Juniper Citrix Services Client\dsCitrixProxy.exe
C:\PROGRA~1\Citrix\ICACLI~1\WFICA32.EXE
C:\Program Files\Bentley\MapPowerView\mappowerview.exe
D:\RSIT.exe
C:\Program Files\trend micro\Petr_K.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buenosearch.com/?babsrc=HP_s ... 2&tsp=5213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GEST] =
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Heleni Uploader] C:\Program Files\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HeleniProxyUI.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Cobian Backup 11] "C:\Program Files\Cobian Backup 11\Cobian.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4733013015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4733064265
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://juniper.net/dana-cached/setup/J ... tupSP1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/Juni ... Client.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C61C1E4-8A2E-4DEF-A50D-2A1B19CE131E}: NameServer = 10.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3C61C1E4-8A2E-4DEF-A50D-2A1B19CE131E}: NameServer = 10.0.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3C61C1E4-8A2E-4DEF-A50D-2A1B19CE131E}: NameServer = 10.0.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks, Inc. - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\bin\apache\apache2.4.4\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe
--
End of file - 12086 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe -c
C:\WINDOWS\tasks\run_portable_ubuntu.job - C:\Portable_Ubuntu\run_portable_ubuntu.bat
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default
prefs.js - "browser.search.useDBForOrder" - "false"
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {20a82645-c095-46ed-80e3-08825760534b}:1.1, jqs@sun.com:1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10"
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.126 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_126.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.60.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\components\
IICAClient.xpt
C:\Program Files\Mozilla Firefox\plugins\
CCMSDK.dll
cgpcfg.dll
CgpCore.dll
confmgr.dll
ctxlogging.dll
ctxmui.dll
ICAClObj.class
icafile.dll
icalogon.dll
npicaN.dll
sslsdk_b.dll
TcpPServ.dll
C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\extensions\
foxyproxy@eric.h.jung
C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\searchplugins\
buenosearch.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-05-07 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-05-07 171944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-03 16876032]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2008-06-18 77824]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2008-06-19 2808832]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"GEST"== []
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2013-03-21 5078504]
"Heleni Uploader"=C:\Program Files\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HeleniProxyUI.exe [2011-04-01 130560]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
""= []
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
"Cobian Backup 11"=C:\Program Files\Cobian Backup 11\Cobian.exe [2012-12-06 720896]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"ConnectionCenter"=C:\Program Files\Citrix\ICA Client\concentr.exe [2012-03-28 309184]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-05-07 256896]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-18 122880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Program Files\wamp\bin\apache\Apache2.2.11\bin\httpd.exe"="C:\Program Files\wamp\bin\apache\Apache2.2.11\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\wamp\bin\apache\Apache2.4.4\bin\httpd.exe"="C:\Program Files\wamp\bin\apache\Apache2.4.4\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Documents and Settings\Projekt\Data aplikací\uTorrent\utorrent.exe"="C:\Documents and Settings\Projekt\Data aplikací\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"D:\Disk C\_MICHAL\__\martin\aoe2\empires2.exe"="D:\Disk C\_MICHAL\__\martin\aoe2\empires2.exe:*:Enabled:Age of Empires II"
"C:\Program Files\Hewlett-Packard\HP ePrintAndShare\InstantPrinting\HPePrintAndShare.exe"="C:\Program Files\Hewlett-Packard\HP ePrintAndShare\InstantPrinting\HPePrintAndShare.exe:*:Enabled:HP Networked Printer Installer"
"C:\ubuntu\Portable_Ubuntu\pulseaudio-0.9.6\pulseaudio.exe"="C:\ubuntu\Portable_Ubuntu\pulseaudio-0.9.6\pulseaudio.exe:*:Enabled:pulseaudio"
"C:\ubuntu\Portable_Ubuntu\Xming\Xming.exe"="C:\ubuntu\Portable_Ubuntu\Xming\Xming.exe:*:Enabled:Xming X Server"
"C:\ubuntu\Portable_Ubuntu\colinux-slirp-net-daemon.exe"="C:\ubuntu\Portable_Ubuntu\colinux-slirp-net-daemon.exe:*:Enabled:coLinux daemon program"
"C:\Portable_Ubuntu\Xming\Xming.exe"="C:\Portable_Ubuntu\Xming\Xming.exe:*:Enabled:Xming X Server"
"C:\Portable_Ubuntu\colinux-slirp-net-daemon.exe"="C:\Portable_Ubuntu\colinux-slirp-net-daemon.exe:*:Enabled:coLinux daemon program"
"C:\Portable_Ubuntu\pulseaudio-0.9.6\pulseaudio.exe"="C:\Portable_Ubuntu\pulseaudio-0.9.6\pulseaudio.exe:*:Enabled:pulseaudio"
"C:\Program Files\Tomasello Software\WinCron\WinCron.exe"="C:\Program Files\Tomasello Software\WinCron\WinCron.exe:*:Enabled:WinCron - Task Scheduling Application (MAIN)"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.FFDS"=ff_vfw.dll
"VIDC.X264"=x264vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.l3codecp"=l3codecp.acm
======File associations======
.js - open - "D:\Disk C\INSTAL\Adobe.Dreamweaver.CS5.Lite.Portable\Dreamweaver.exe" "%1"
======List of files/folders created in the last 1 month======
2014-06-13 12:18:15 ----D---- C:\rsit
2014-06-13 12:18:15 ----D---- C:\Program Files\trend micro
2014-06-11 10:18:52 ----D---- C:\Program Files\Mozilla Thunderbird
2014-06-09 14:51:49 ----D---- C:\Documents and Settings\Projekt\Data aplikací\Juniper Networks
2014-06-09 14:51:22 ----D---- C:\Documents and Settings\Projekt\Data aplikací\Oracle
2014-06-09 14:50:55 ----D---- C:\Program Files\Common Files\Java
2014-06-09 14:50:50 ----A---- C:\WINDOWS\system32\javaws.exe
2014-06-09 14:50:44 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-06-09 14:50:44 ----A---- C:\WINDOWS\system32\javaw.exe
2014-06-09 14:50:44 ----A---- C:\WINDOWS\system32\java.exe
2014-06-09 14:48:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Juniper Networks
2014-06-09 14:48:41 ----D---- C:\Program Files\Juniper Networks
2014-06-09 14:48:40 ----D---- C:\Program Files\Common Files\Juniper Networks
2014-06-09 14:45:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Citrix
2014-06-09 14:44:52 ----D---- C:\Documents and Settings\Projekt\Data aplikací\ICAClient
2014-06-09 14:44:41 ----D---- C:\Program Files\Citrix
2014-05-23 08:16:18 ----D---- C:\WINDOWS\Minidump
2014-05-22 10:51:06 ----A---- C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-05-14 11:31:39 ----D---- C:\Program Files\Common Files\DESIGNER
======List of files/folders modified in the last 1 month======
2014-06-13 12:18:15 ----RD---- C:\Program Files
2014-06-13 12:18:15 ----D---- C:\WINDOWS\Prefetch
2014-06-13 12:05:28 ----D---- C:\WINDOWS\Temp
2014-06-13 08:43:29 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-06-12 15:25:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-06-12 15:25:44 ----SHD---- C:\WINDOWS\Installer
2014-06-12 15:25:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2014-06-12 15:23:18 ----A---- C:\WINDOWS\system32\MRT.exe
2014-06-09 16:23:22 ----D---- C:\WINDOWS
2014-06-09 14:50:55 ----D---- C:\Program Files\Common Files
2014-06-09 14:50:50 ----D---- C:\WINDOWS\system32
2014-06-09 14:50:44 ----D---- C:\Program Files\Java
2014-06-09 14:49:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-09 14:48:45 ----SD---- C:\WINDOWS\Downloaded Program Files
2014-06-09 14:45:02 ----HD---- C:\WINDOWS\inf
2014-06-09 14:45:01 ----D---- C:\WINDOWS\system32\drivers
2014-06-09 14:45:00 ----D---- C:\WINDOWS\system32\CatRoot2
2014-06-09 14:44:51 ----D---- C:\Program Files\Mozilla Firefox
2014-06-09 12:15:28 ----D---- C:\sken
2014-06-05 11:51:06 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 ctxusbm;Citrix USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\ctxusbm.sys [2012-03-19 64800]
R1 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2013-01-10 161368]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2013-01-10 122240]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2013-01-10 105784]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 CoLinuxDriver;CoLinuxDriver; \??\c:\Portable_Ubuntu\linux.sys []
R2 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2012-06-03 5504]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-18 2849280]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-03 4745216]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-04 105856]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdXP3.sys [2012-05-14 103040]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtHDMI.sys [2008-06-18 3692288]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-18 512000]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2013-03-21 1341664]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2014-05-07 182696]
R2 JuniperAccessService;Juniper Unified Network Service; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2014-01-30 166232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-05 262320]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2013-07-29 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-05-12 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 wampapache;wampapache; C:\Program Files\wamp\bin\apache\apache2.4.4\bin\httpd.exe [2013-06-23 22016]
S3 wampmysqld;wampmysqld; C:\Program Files\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe [2013-06-23 10923520]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Run by Petr_K at 2014-06-13 12:18:15
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 58 GB (55%) free of 105 GB
Total RAM: 2046 MB (26% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:18:21, on 13.6.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HeleniProxyUI.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Cobian Backup 11\Cobian.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HPrintWebAPIShell.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Cobian Backup 11\cbInterface.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
c:\Portable_Ubuntu\TrayRun.exe
C:\WINDOWS\system32\cmd.exe
c:\Portable_Ubuntu\colinux-daemon.exe
c:\Portable_Ubuntu\colinux-console-nt.exe
c:\Portable_Ubuntu\colinux-slirp-net-daemon.exe
c:\Portable_Ubuntu\Xming\Xming.exe
c:\Portable_Ubuntu\pulseaudio-0.9.6\pulseaudio.exe
C:\Documents and Settings\Projekt\Data aplikací\Juniper Networks\Setup Client\JuniperSetupClient.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre7\bin\java.exe
C:\Documents and Settings\Projekt\Data aplikací\Juniper Networks\Juniper Citrix Services Client\dsCitrixProxy.exe
C:\PROGRA~1\Citrix\ICACLI~1\WFICA32.EXE
C:\Program Files\Bentley\MapPowerView\mappowerview.exe
D:\RSIT.exe
C:\Program Files\trend micro\Petr_K.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buenosearch.com/?babsrc=HP_s ... 2&tsp=5213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GEST] =
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Heleni Uploader] C:\Program Files\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HeleniProxyUI.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Cobian Backup 11] "C:\Program Files\Cobian Backup 11\Cobian.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4733013015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4733064265
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://juniper.net/dana-cached/setup/J ... tupSP1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/Juni ... Client.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C61C1E4-8A2E-4DEF-A50D-2A1B19CE131E}: NameServer = 10.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3C61C1E4-8A2E-4DEF-A50D-2A1B19CE131E}: NameServer = 10.0.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3C61C1E4-8A2E-4DEF-A50D-2A1B19CE131E}: NameServer = 10.0.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks, Inc. - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\bin\apache\apache2.4.4\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe
--
End of file - 12086 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe -c
C:\WINDOWS\tasks\run_portable_ubuntu.job - C:\Portable_Ubuntu\run_portable_ubuntu.bat
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default
prefs.js - "browser.search.useDBForOrder" - "false"
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {20a82645-c095-46ed-80e3-08825760534b}:1.1, jqs@sun.com:1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10"
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.126 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_126.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.60.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\components\
IICAClient.xpt
C:\Program Files\Mozilla Firefox\plugins\
CCMSDK.dll
cgpcfg.dll
CgpCore.dll
confmgr.dll
ctxlogging.dll
ctxmui.dll
ICAClObj.class
icafile.dll
icalogon.dll
npicaN.dll
sslsdk_b.dll
TcpPServ.dll
C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\extensions\
foxyproxy@eric.h.jung
C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\searchplugins\
buenosearch.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-05-07 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-05-07 171944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-03 16876032]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2008-06-18 77824]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2008-06-19 2808832]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"GEST"== []
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2013-03-21 5078504]
"Heleni Uploader"=C:\Program Files\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HeleniProxyUI.exe [2011-04-01 130560]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
""= []
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
"Cobian Backup 11"=C:\Program Files\Cobian Backup 11\Cobian.exe [2012-12-06 720896]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"ConnectionCenter"=C:\Program Files\Citrix\ICA Client\concentr.exe [2012-03-28 309184]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-05-07 256896]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-18 122880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Program Files\wamp\bin\apache\Apache2.2.11\bin\httpd.exe"="C:\Program Files\wamp\bin\apache\Apache2.2.11\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\wamp\bin\apache\Apache2.4.4\bin\httpd.exe"="C:\Program Files\wamp\bin\apache\Apache2.4.4\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Documents and Settings\Projekt\Data aplikací\uTorrent\utorrent.exe"="C:\Documents and Settings\Projekt\Data aplikací\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"D:\Disk C\_MICHAL\__\martin\aoe2\empires2.exe"="D:\Disk C\_MICHAL\__\martin\aoe2\empires2.exe:*:Enabled:Age of Empires II"
"C:\Program Files\Hewlett-Packard\HP ePrintAndShare\InstantPrinting\HPePrintAndShare.exe"="C:\Program Files\Hewlett-Packard\HP ePrintAndShare\InstantPrinting\HPePrintAndShare.exe:*:Enabled:HP Networked Printer Installer"
"C:\ubuntu\Portable_Ubuntu\pulseaudio-0.9.6\pulseaudio.exe"="C:\ubuntu\Portable_Ubuntu\pulseaudio-0.9.6\pulseaudio.exe:*:Enabled:pulseaudio"
"C:\ubuntu\Portable_Ubuntu\Xming\Xming.exe"="C:\ubuntu\Portable_Ubuntu\Xming\Xming.exe:*:Enabled:Xming X Server"
"C:\ubuntu\Portable_Ubuntu\colinux-slirp-net-daemon.exe"="C:\ubuntu\Portable_Ubuntu\colinux-slirp-net-daemon.exe:*:Enabled:coLinux daemon program"
"C:\Portable_Ubuntu\Xming\Xming.exe"="C:\Portable_Ubuntu\Xming\Xming.exe:*:Enabled:Xming X Server"
"C:\Portable_Ubuntu\colinux-slirp-net-daemon.exe"="C:\Portable_Ubuntu\colinux-slirp-net-daemon.exe:*:Enabled:coLinux daemon program"
"C:\Portable_Ubuntu\pulseaudio-0.9.6\pulseaudio.exe"="C:\Portable_Ubuntu\pulseaudio-0.9.6\pulseaudio.exe:*:Enabled:pulseaudio"
"C:\Program Files\Tomasello Software\WinCron\WinCron.exe"="C:\Program Files\Tomasello Software\WinCron\WinCron.exe:*:Enabled:WinCron - Task Scheduling Application (MAIN)"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.FFDS"=ff_vfw.dll
"VIDC.X264"=x264vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.l3codecp"=l3codecp.acm
======File associations======
.js - open - "D:\Disk C\INSTAL\Adobe.Dreamweaver.CS5.Lite.Portable\Dreamweaver.exe" "%1"
======List of files/folders created in the last 1 month======
2014-06-13 12:18:15 ----D---- C:\rsit
2014-06-13 12:18:15 ----D---- C:\Program Files\trend micro
2014-06-11 10:18:52 ----D---- C:\Program Files\Mozilla Thunderbird
2014-06-09 14:51:49 ----D---- C:\Documents and Settings\Projekt\Data aplikací\Juniper Networks
2014-06-09 14:51:22 ----D---- C:\Documents and Settings\Projekt\Data aplikací\Oracle
2014-06-09 14:50:55 ----D---- C:\Program Files\Common Files\Java
2014-06-09 14:50:50 ----A---- C:\WINDOWS\system32\javaws.exe
2014-06-09 14:50:44 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-06-09 14:50:44 ----A---- C:\WINDOWS\system32\javaw.exe
2014-06-09 14:50:44 ----A---- C:\WINDOWS\system32\java.exe
2014-06-09 14:48:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Juniper Networks
2014-06-09 14:48:41 ----D---- C:\Program Files\Juniper Networks
2014-06-09 14:48:40 ----D---- C:\Program Files\Common Files\Juniper Networks
2014-06-09 14:45:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Citrix
2014-06-09 14:44:52 ----D---- C:\Documents and Settings\Projekt\Data aplikací\ICAClient
2014-06-09 14:44:41 ----D---- C:\Program Files\Citrix
2014-05-23 08:16:18 ----D---- C:\WINDOWS\Minidump
2014-05-22 10:51:06 ----A---- C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-05-14 11:31:39 ----D---- C:\Program Files\Common Files\DESIGNER
======List of files/folders modified in the last 1 month======
2014-06-13 12:18:15 ----RD---- C:\Program Files
2014-06-13 12:18:15 ----D---- C:\WINDOWS\Prefetch
2014-06-13 12:05:28 ----D---- C:\WINDOWS\Temp
2014-06-13 08:43:29 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-06-12 15:25:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-06-12 15:25:44 ----SHD---- C:\WINDOWS\Installer
2014-06-12 15:25:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2014-06-12 15:23:18 ----A---- C:\WINDOWS\system32\MRT.exe
2014-06-09 16:23:22 ----D---- C:\WINDOWS
2014-06-09 14:50:55 ----D---- C:\Program Files\Common Files
2014-06-09 14:50:50 ----D---- C:\WINDOWS\system32
2014-06-09 14:50:44 ----D---- C:\Program Files\Java
2014-06-09 14:49:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-09 14:48:45 ----SD---- C:\WINDOWS\Downloaded Program Files
2014-06-09 14:45:02 ----HD---- C:\WINDOWS\inf
2014-06-09 14:45:01 ----D---- C:\WINDOWS\system32\drivers
2014-06-09 14:45:00 ----D---- C:\WINDOWS\system32\CatRoot2
2014-06-09 14:44:51 ----D---- C:\Program Files\Mozilla Firefox
2014-06-09 12:15:28 ----D---- C:\sken
2014-06-05 11:51:06 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 ctxusbm;Citrix USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\ctxusbm.sys [2012-03-19 64800]
R1 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2013-01-10 161368]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2013-01-10 122240]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2013-01-10 105784]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 CoLinuxDriver;CoLinuxDriver; \??\c:\Portable_Ubuntu\linux.sys []
R2 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2012-06-03 5504]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-18 2849280]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-03 4745216]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-04 105856]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdXP3.sys [2012-05-14 103040]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtHDMI.sys [2008-06-18 3692288]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-18 512000]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2013-03-21 1341664]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2014-05-07 182696]
R2 JuniperAccessService;Juniper Unified Network Service; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2014-01-30 166232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-05 262320]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2013-07-29 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-05-12 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 wampapache;wampapache; C:\Program Files\wamp\bin\apache\apache2.4.4\bin\httpd.exe [2013-06-23 22016]
S3 wampmysqld;wampmysqld; C:\Program Files\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe [2013-06-23 10923520]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Re: Prosím o kontrolu logu - divné chování PC
Zdravím, tohle fixni v HJT :
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
HJT najdeš zde :
C:\Program Files\trend micro\Petr_K.exe
Fix znamená že spustíš HJT
jako admin
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
V naplánovaných úlohách smaž :
Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP
Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP
Smaž nepotřebné soubory
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
čištění registru je třeba několikrát zopakovat !
Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém
Stáhni a ulož na plochu AdwCleaner,
ukonči všechny programy včetně prohlížeče a dvojklikem spusť,
objeví se okno kde vlevo nahoře klikni na Scan.
Po té proběhne sken a po jeho skončení klikni na Report a to co na Tebe vypadne mi sem zkopíruj.
Pak použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
HJT najdeš zde :
C:\Program Files\trend micro\Petr_K.exe
Fix znamená že spustíš HJT

v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
V naplánovaných úlohách smaž :
Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP
Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP
Smaž nepotřebné soubory
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
čištění registru je třeba několikrát zopakovat !
Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém
Stáhni a ulož na plochu AdwCleaner,
ukonči všechny programy včetně prohlížeče a dvojklikem spusť,
objeví se okno kde vlevo nahoře klikni na Scan.
Po té proběhne sken a po jeho skončení klikni na Report a to co na Tebe vypadne mi sem zkopíruj.
Pak použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !
Re: Prosím o kontrolu logu - divné chování PC
Zdravím zasílám report z AdwCleaner:
# AdwCleaner v3.212 - Report created 13/06/2014 at 15:56:52
# Updated 05/06/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Petr_K - PETRK
# Running from : C:\Documents and Settings\Projekt\Plocha\adwcleaner_3.212.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\invalidprefs.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\invalidprefs.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\invalidprefs.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\invalidprefs.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\invalidprefs.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\invalidprefs.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\invalidprefs.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\invalidprefs.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\invalidprefs.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\invalidprefs.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\searchplugins\buenosearch.xml
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\searchplugins\buenosearch.xml
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\searchplugins\buenosearch.xml
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\searchplugins\buenosearch.xml
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\searchplugins\buenosearch.xml
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\searchplugins\buenosearch.xml
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\searchplugins\buenosearch.xml
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\searchplugins\buenosearch.xml
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\searchplugins\buenosearch.xml
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\searchplugins\buenosearch.xml
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\user.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\user.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\user.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\user.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\user.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\user.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\user.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\user.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\user.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\user.js
Folder Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\ICQToolbarData
Folder Found : C:\Documents and Settings\Projekt\Data aplikací\pdfforge
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\Conduit
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrI ... 2&tsp=5213
-\\ Mozilla Firefox v29.0.1 (cs)
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
Line Found : user_pref("extensions.buenosearch.admin", false);
Line Found : user_pref("extensions.buenosearch.aflt", "babsst");
Line Found : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Line Found : user_pref("extensions.buenosearch.autoRvrt", "false");
Line Found : user_pref("extensions.buenosearch.dfltLng", "en");
Line Found : user_pref("extensions.buenosearch.excTlbr", false);
Line Found : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Line Found : user_pref("extensions.buenosearch.id", "6006fab2000000000000001fd0a4f00e");
Line Found : user_pref("extensions.buenosearch.instlDay", "16170");
Line Found : user_pref("extensions.buenosearch.instlRef", "sst");
Line Found : user_pref("extensions.buenosearch.newTab", false);
Line Found : user_pref("extensions.buenosearch.prdct", "buenosearch");
Line Found : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Line Found : user_pref("extensions.buenosearch.rvrt", "false");
Line Found : user_pref("extensions.buenosearch.smplGrp", "none");
Line Found : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.tlbrId", "base");
Line Found : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Line Found : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.715:10:27");
Line Found : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
Line Found : user_pref("extensions.buenosearch.admin", false);
Line Found : user_pref("extensions.buenosearch.aflt", "babsst");
Line Found : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Line Found : user_pref("extensions.buenosearch.autoRvrt", "false");
Line Found : user_pref("extensions.buenosearch.dfltLng", "en");
Line Found : user_pref("extensions.buenosearch.excTlbr", false);
Line Found : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Line Found : user_pref("extensions.buenosearch.id", "6006fab2000000000000001fd0a4f00e");
Line Found : user_pref("extensions.buenosearch.instlDay", "16170");
Line Found : user_pref("extensions.buenosearch.instlRef", "sst");
Line Found : user_pref("extensions.buenosearch.newTab", false);
Line Found : user_pref("extensions.buenosearch.prdct", "buenosearch");
Line Found : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Line Found : user_pref("extensions.buenosearch.rvrt", "false");
Line Found : user_pref("extensions.buenosearch.smplGrp", "none");
Line Found : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.tlbrId", "base");
Line Found : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Line Found : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.715:10:27");
Line Found : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
Line Found : user_pref("extensions.buenosearch.admin", false);
Line Found : user_pref("extensions.buenosearch.aflt", "babsst");
Line Found : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Line Found : user_pref("extensions.buenosearch.autoRvrt", "false");
Line Found : user_pref("extensions.buenosearch.dfltLng", "en");
Line Found : user_pref("extensions.buenosearch.excTlbr", false);
Line Found : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Line Found : user_pref("extensions.buenosearch.id", "6006fab2000000000000001fd0a4f00e");
Line Found : user_pref("extensions.buenosearch.instlDay", "16170");
Line Found : user_pref("extensions.buenosearch.instlRef", "sst");
Line Found : user_pref("extensions.buenosearch.newTab", false);
Line Found : user_pref("extensions.buenosearch.prdct", "buenosearch");
Line Found : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Line Found : user_pref("extensions.buenosearch.rvrt", "false");
Line Found : user_pref("extensions.buenosearch.smplGrp", "none");
Line Found : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.tlbrId", "base");
Line Found : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Line Found : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.715:10:27");
Line Found : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
Line Found : user_pref("extensions.buenosearch.admin", false);
Line Found : user_pref("extensions.buenosearch.aflt", "babsst");
Line Found : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Line Found : user_pref("extensions.buenosearch.autoRvrt", "false");
Line Found : user_pref("extensions.buenosearch.dfltLng", "en");
Line Found : user_pref("extensions.buenosearch.excTlbr", false);
Line Found : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Line Found : user_pref("extensions.buenosearch.id", "6006fab2000000000000001fd0a4f00e");
Line Found : user_pref("extensions.buenosearch.instlDay", "16170");
Line Found : user_pref("extensions.buenosearch.instlRef", "sst");
Line Found : user_pref("extensions.buenosearch.newTab", false);
Line Found : user_pref("extensions.buenosearch.prdct", "buenosearch");
Line Found : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Line Found : user_pref("extensions.buenosearch.rvrt", "false");
Line Found : user_pref("extensions.buenosearch.smplGrp", "none");
Line Found : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.tlbrId", "base");
Line Found : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Line Found : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.715:10:27");
Line Found : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
Line Found : user_pref("extensions.buenosearch.admin", false);
Line Found : user_pref("extensions.buenosearch.aflt", "babsst");
Line Found : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Line Found : user_pref("extensions.buenosearch.autoRvrt", "false");
Line Found : user_pref("extensions.buenosearch.dfltLng", "en");
Line Found : user_pref("extensions.buenosearch.excTlbr", false);
Line Found : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Line Found : user_pref("extensions.buenosearch.id", "6006fab2000000000000001fd0a4f00e");
Line Found : user_pref("extensions.buenosearch.instlDay", "16170");
Line Found : user_pref("extensions.buenosearch.instlRef", "sst");
Line Found : user_pref("extensions.buenosearch.newTab", false);
Line Found : user_pref("extensions.buenosearch.prdct", "buenosearch");
Line Found : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Line Found : user_pref("extensions.buenosearch.rvrt", "false");
Line Found : user_pref("extensions.buenosearch.smplGrp", "none");
Line Found : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.tlbrId", "base");
Line Found : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Line Found : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.715:10:27");
Line Found : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
Line Found : user_pref("extensions.buenosearch.admin", false);
Line Found : user_pref("extensions.buenosearch.aflt", "babsst");
Line Found : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Line Found : user_pref("extensions.buenosearch.autoRvrt", "false");
Line Found : user_pref("extensions.buenosearch.dfltLng", "en");
Line Found : user_pref("extensions.buenosearch.excTlbr", false);
Line Found : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Line Found : user_pref("extensions.buenosearch.id", "6006fab2000000000000001fd0a4f00e");
Line Found : user_pref("extensions.buenosearch.instlDay", "16170");
Line Found : user_pref("extensions.buenosearch.instlRef", "sst");
Line Found : user_pref("extensions.buenosearch.newTab", false);
Line Found : user_pref("extensions.buenosearch.prdct", "buenosearch");
Line Found : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Line Found : user_pref("extensions.buenosearch.rvrt", "false");
Line Found : user_pref("extensions.buenosearch.smplGrp", "none");
Line Found : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.tlbrId", "base");
Line Found : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Line Found : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.715:10:27");
Line Found : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
Line Found : user_pref("extensions.buenosearch.admin", false);
Line Found : user_pref("extensions.buenosearch.aflt", "babsst");
Line Found : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Line Found : user_pref("extensions.buenosearch.autoRvrt", "false");
Line Found : user_pref("extensions.buenosearch.dfltLng", "en");
Line Found : user_pref("extensions.buenosearch.excTlbr", false);
Line Found : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Line Found : user_pref("extensions.buenosearch.id", "6006fab2000000000000001fd0a4f00e");
Line Found : user_pref("extensions.buenosearch.instlDay", "16170");
Line Found : user_pref("extensions.buenosearch.instlRef", "sst");
Line Found : user_pref("extensions.buenosearch.newTab", false);
Line Found : user_pref("extensions.buenosearch.prdct", "buenosearch");
Line Found : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Line Found : user_pref("extensions.buenosearch.rvrt", "false");
Line Found : user_pref("extensions.buenosearch.smplGrp", "none");
Line Found : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.tlbrId", "base");
Line Found : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Line Found : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.715:10:27");
Line Found : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
Line Found : user_pref("extensions.buenosearch.admin", false);
Line Found : user_pref("extensions.buenosearch.aflt", "babsst");
Line Found : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Line Found : user_pref("extensions.buenosearch.autoRvrt", "false");
Line Found : user_pref("extensions.buenosearch.dfltLng", "en");
Line Found : user_pref("extensions.buenosearch.excTlbr", false);
Line Found : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Line Found : user_pref("extensions.buenosearch.id", "6006fab2000000000000001fd0a4f00e");
Line Found : user_pref("extensions.buenosearch.instlDay", "16170");
Line Found : user_pref("extensions.buenosearch.instlRef", "sst");
Line Found : user_pref("extensions.buenosearch.newTab", false);
Line Found : user_pref("extensions.buenosearch.prdct", "buenosearch");
Line Found : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Line Found : user_pref("extensions.buenosearch.rvrt", "false");
Line Found : user_pref("extensions.buenosearch.smplGrp", "none");
Line Found : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.tlbrId", "base");
Line Found : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Line Found : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.715:10:27");
Line Found : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
Line Found : user_pref("extensions.buenosearch.admin", false);
Line Found : user_pref("extensions.buenosearch.aflt", "babsst");
Line Found : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Line Found : user_pref("extensions.buenosearch.autoRvrt", "false");
Line Found : user_pref("extensions.buenosearch.dfltLng", "en");
Line Found : user_pref("extensions.buenosearch.excTlbr", false);
Line Found : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Line Found : user_pref("extensions.buenosearch.id", "6006fab2000000000000001fd0a4f00e");
Line Found : user_pref("extensions.buenosearch.instlDay", "16170");
Line Found : user_pref("extensions.buenosearch.instlRef", "sst");
Line Found : user_pref("extensions.buenosearch.newTab", false);
Line Found : user_pref("extensions.buenosearch.prdct", "buenosearch");
Line Found : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Line Found : user_pref("extensions.buenosearch.rvrt", "false");
Line Found : user_pref("extensions.buenosearch.smplGrp", "none");
Line Found : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.tlbrId", "base");
Line Found : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Line Found : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.715:10:27");
Line Found : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
Line Found : user_pref("extensions.buenosearch.admin", false);
Line Found : user_pref("extensions.buenosearch.aflt", "babsst");
Line Found : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Line Found : user_pref("extensions.buenosearch.autoRvrt", "false");
Line Found : user_pref("extensions.buenosearch.dfltLng", "en");
Line Found : user_pref("extensions.buenosearch.excTlbr", false);
Line Found : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Line Found : user_pref("extensions.buenosearch.id", "6006fab2000000000000001fd0a4f00e");
Line Found : user_pref("extensions.buenosearch.instlDay", "16170");
Line Found : user_pref("extensions.buenosearch.instlRef", "sst");
Line Found : user_pref("extensions.buenosearch.newTab", false);
Line Found : user_pref("extensions.buenosearch.prdct", "buenosearch");
Line Found : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Line Found : user_pref("extensions.buenosearch.rvrt", "false");
Line Found : user_pref("extensions.buenosearch.smplGrp", "none");
Line Found : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.tlbrId", "base");
Line Found : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Line Found : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.715:10:27");
Line Found : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
*************************
AdwCleaner[R0].txt - [22931 octets] - [13/06/2014 15:56:52]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [22992 octets] ##########
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org
Verze: v2014.06.13.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Petr_K :: PETRK [administrátor]
Ochrana: Povolena
13.6.2014 16:10:16
MBAM-log-2014-06-13 (16-17-40).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 257077
Uplynulý čas: 6 minut, 48 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 1
HKCU\Software\Softonic\Universal Downloader (PUP.Optional.Softonic.A) -> Nebyla provedena žádná instrukce.
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Špatný: (http://www.buenosearch.com/?babsrc=HP_s ... 2&tsp=5213) Dobrý: (http://www.google.com) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Nebyla provedena žádná instrukce.
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)
(konec)
Děkuji moc
# AdwCleaner v3.212 - Report created 13/06/2014 at 15:56:52
# Updated 05/06/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Petr_K - PETRK
# Running from : C:\Documents and Settings\Projekt\Plocha\adwcleaner_3.212.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\invalidprefs.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\invalidprefs.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\invalidprefs.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\invalidprefs.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\invalidprefs.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\invalidprefs.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\invalidprefs.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\invalidprefs.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\invalidprefs.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\invalidprefs.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\searchplugins\buenosearch.xml
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\searchplugins\buenosearch.xml
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\searchplugins\buenosearch.xml
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\searchplugins\buenosearch.xml
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\searchplugins\buenosearch.xml
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\searchplugins\buenosearch.xml
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\searchplugins\buenosearch.xml
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\searchplugins\buenosearch.xml
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\searchplugins\buenosearch.xml
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\searchplugins\buenosearch.xml
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\user.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\user.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\user.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\user.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\user.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\user.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\user.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\user.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\user.js
File Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\user.js
Folder Found : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\ICQToolbarData
Folder Found : C:\Documents and Settings\Projekt\Data aplikací\pdfforge
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\Conduit
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrI ... 2&tsp=5213
-\\ Mozilla Firefox v29.0.1 (cs)
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
Line Found : user_pref("extensions.buenosearch.admin", false);
Line Found : user_pref("extensions.buenosearch.aflt", "babsst");
Line Found : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Line Found : user_pref("extensions.buenosearch.autoRvrt", "false");
Line Found : user_pref("extensions.buenosearch.dfltLng", "en");
Line Found : user_pref("extensions.buenosearch.excTlbr", false);
Line Found : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Line Found : user_pref("extensions.buenosearch.id", "6006fab2000000000000001fd0a4f00e");
Line Found : user_pref("extensions.buenosearch.instlDay", "16170");
Line Found : user_pref("extensions.buenosearch.instlRef", "sst");
Line Found : user_pref("extensions.buenosearch.newTab", false);
Line Found : user_pref("extensions.buenosearch.prdct", "buenosearch");
Line Found : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Line Found : user_pref("extensions.buenosearch.rvrt", "false");
Line Found : user_pref("extensions.buenosearch.smplGrp", "none");
Line Found : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.tlbrId", "base");
Line Found : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Line Found : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.715:10:27");
Line Found : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
Line Found : user_pref("extensions.buenosearch.admin", false);
Line Found : user_pref("extensions.buenosearch.aflt", "babsst");
Line Found : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Line Found : user_pref("extensions.buenosearch.autoRvrt", "false");
Line Found : user_pref("extensions.buenosearch.dfltLng", "en");
Line Found : user_pref("extensions.buenosearch.excTlbr", false);
Line Found : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Line Found : user_pref("extensions.buenosearch.id", "6006fab2000000000000001fd0a4f00e");
Line Found : user_pref("extensions.buenosearch.instlDay", "16170");
Line Found : user_pref("extensions.buenosearch.instlRef", "sst");
Line Found : user_pref("extensions.buenosearch.newTab", false);
Line Found : user_pref("extensions.buenosearch.prdct", "buenosearch");
Line Found : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Line Found : user_pref("extensions.buenosearch.rvrt", "false");
Line Found : user_pref("extensions.buenosearch.smplGrp", "none");
Line Found : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.tlbrId", "base");
Line Found : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Line Found : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.715:10:27");
Line Found : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
Line Found : user_pref("extensions.buenosearch.admin", false);
Line Found : user_pref("extensions.buenosearch.aflt", "babsst");
Line Found : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Line Found : user_pref("extensions.buenosearch.autoRvrt", "false");
Line Found : user_pref("extensions.buenosearch.dfltLng", "en");
Line Found : user_pref("extensions.buenosearch.excTlbr", false);
Line Found : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Line Found : user_pref("extensions.buenosearch.id", "6006fab2000000000000001fd0a4f00e");
Line Found : user_pref("extensions.buenosearch.instlDay", "16170");
Line Found : user_pref("extensions.buenosearch.instlRef", "sst");
Line Found : user_pref("extensions.buenosearch.newTab", false);
Line Found : user_pref("extensions.buenosearch.prdct", "buenosearch");
Line Found : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Line Found : user_pref("extensions.buenosearch.rvrt", "false");
Line Found : user_pref("extensions.buenosearch.smplGrp", "none");
Line Found : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.tlbrId", "base");
Line Found : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Line Found : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.715:10:27");
Line Found : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
Line Found : user_pref("extensions.buenosearch.admin", false);
Line Found : user_pref("extensions.buenosearch.aflt", "babsst");
Line Found : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Line Found : user_pref("extensions.buenosearch.autoRvrt", "false");
Line Found : user_pref("extensions.buenosearch.dfltLng", "en");
Line Found : user_pref("extensions.buenosearch.excTlbr", false);
Line Found : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Line Found : user_pref("extensions.buenosearch.id", "6006fab2000000000000001fd0a4f00e");
Line Found : user_pref("extensions.buenosearch.instlDay", "16170");
Line Found : user_pref("extensions.buenosearch.instlRef", "sst");
Line Found : user_pref("extensions.buenosearch.newTab", false);
Line Found : user_pref("extensions.buenosearch.prdct", "buenosearch");
Line Found : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Line Found : user_pref("extensions.buenosearch.rvrt", "false");
Line Found : user_pref("extensions.buenosearch.smplGrp", "none");
Line Found : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.tlbrId", "base");
Line Found : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Line Found : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.715:10:27");
Line Found : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
Line Found : user_pref("extensions.buenosearch.admin", false);
Line Found : user_pref("extensions.buenosearch.aflt", "babsst");
Line Found : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Line Found : user_pref("extensions.buenosearch.autoRvrt", "false");
Line Found : user_pref("extensions.buenosearch.dfltLng", "en");
Line Found : user_pref("extensions.buenosearch.excTlbr", false);
Line Found : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Line Found : user_pref("extensions.buenosearch.id", "6006fab2000000000000001fd0a4f00e");
Line Found : user_pref("extensions.buenosearch.instlDay", "16170");
Line Found : user_pref("extensions.buenosearch.instlRef", "sst");
Line Found : user_pref("extensions.buenosearch.newTab", false);
Line Found : user_pref("extensions.buenosearch.prdct", "buenosearch");
Line Found : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Line Found : user_pref("extensions.buenosearch.rvrt", "false");
Line Found : user_pref("extensions.buenosearch.smplGrp", "none");
Line Found : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.tlbrId", "base");
Line Found : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Line Found : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.715:10:27");
Line Found : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
Line Found : user_pref("extensions.buenosearch.admin", false);
Line Found : user_pref("extensions.buenosearch.aflt", "babsst");
Line Found : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Line Found : user_pref("extensions.buenosearch.autoRvrt", "false");
Line Found : user_pref("extensions.buenosearch.dfltLng", "en");
Line Found : user_pref("extensions.buenosearch.excTlbr", false);
Line Found : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Line Found : user_pref("extensions.buenosearch.id", "6006fab2000000000000001fd0a4f00e");
Line Found : user_pref("extensions.buenosearch.instlDay", "16170");
Line Found : user_pref("extensions.buenosearch.instlRef", "sst");
Line Found : user_pref("extensions.buenosearch.newTab", false);
Line Found : user_pref("extensions.buenosearch.prdct", "buenosearch");
Line Found : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Line Found : user_pref("extensions.buenosearch.rvrt", "false");
Line Found : user_pref("extensions.buenosearch.smplGrp", "none");
Line Found : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.tlbrId", "base");
Line Found : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Line Found : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.715:10:27");
Line Found : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
Line Found : user_pref("extensions.buenosearch.admin", false);
Line Found : user_pref("extensions.buenosearch.aflt", "babsst");
Line Found : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Line Found : user_pref("extensions.buenosearch.autoRvrt", "false");
Line Found : user_pref("extensions.buenosearch.dfltLng", "en");
Line Found : user_pref("extensions.buenosearch.excTlbr", false);
Line Found : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Line Found : user_pref("extensions.buenosearch.id", "6006fab2000000000000001fd0a4f00e");
Line Found : user_pref("extensions.buenosearch.instlDay", "16170");
Line Found : user_pref("extensions.buenosearch.instlRef", "sst");
Line Found : user_pref("extensions.buenosearch.newTab", false);
Line Found : user_pref("extensions.buenosearch.prdct", "buenosearch");
Line Found : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Line Found : user_pref("extensions.buenosearch.rvrt", "false");
Line Found : user_pref("extensions.buenosearch.smplGrp", "none");
Line Found : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.tlbrId", "base");
Line Found : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Line Found : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.715:10:27");
Line Found : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
Line Found : user_pref("extensions.buenosearch.admin", false);
Line Found : user_pref("extensions.buenosearch.aflt", "babsst");
Line Found : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Line Found : user_pref("extensions.buenosearch.autoRvrt", "false");
Line Found : user_pref("extensions.buenosearch.dfltLng", "en");
Line Found : user_pref("extensions.buenosearch.excTlbr", false);
Line Found : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Line Found : user_pref("extensions.buenosearch.id", "6006fab2000000000000001fd0a4f00e");
Line Found : user_pref("extensions.buenosearch.instlDay", "16170");
Line Found : user_pref("extensions.buenosearch.instlRef", "sst");
Line Found : user_pref("extensions.buenosearch.newTab", false);
Line Found : user_pref("extensions.buenosearch.prdct", "buenosearch");
Line Found : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Line Found : user_pref("extensions.buenosearch.rvrt", "false");
Line Found : user_pref("extensions.buenosearch.smplGrp", "none");
Line Found : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.tlbrId", "base");
Line Found : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Line Found : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.715:10:27");
Line Found : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
Line Found : user_pref("extensions.buenosearch.admin", false);
Line Found : user_pref("extensions.buenosearch.aflt", "babsst");
Line Found : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Line Found : user_pref("extensions.buenosearch.autoRvrt", "false");
Line Found : user_pref("extensions.buenosearch.dfltLng", "en");
Line Found : user_pref("extensions.buenosearch.excTlbr", false);
Line Found : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Line Found : user_pref("extensions.buenosearch.id", "6006fab2000000000000001fd0a4f00e");
Line Found : user_pref("extensions.buenosearch.instlDay", "16170");
Line Found : user_pref("extensions.buenosearch.instlRef", "sst");
Line Found : user_pref("extensions.buenosearch.newTab", false);
Line Found : user_pref("extensions.buenosearch.prdct", "buenosearch");
Line Found : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Line Found : user_pref("extensions.buenosearch.rvrt", "false");
Line Found : user_pref("extensions.buenosearch.smplGrp", "none");
Line Found : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.tlbrId", "base");
Line Found : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Line Found : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.715:10:27");
Line Found : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
Line Found : user_pref("extensions.buenosearch.admin", false);
Line Found : user_pref("extensions.buenosearch.aflt", "babsst");
Line Found : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Line Found : user_pref("extensions.buenosearch.autoRvrt", "false");
Line Found : user_pref("extensions.buenosearch.dfltLng", "en");
Line Found : user_pref("extensions.buenosearch.excTlbr", false);
Line Found : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Line Found : user_pref("extensions.buenosearch.id", "6006fab2000000000000001fd0a4f00e");
Line Found : user_pref("extensions.buenosearch.instlDay", "16170");
Line Found : user_pref("extensions.buenosearch.instlRef", "sst");
Line Found : user_pref("extensions.buenosearch.newTab", false);
Line Found : user_pref("extensions.buenosearch.prdct", "buenosearch");
Line Found : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Line Found : user_pref("extensions.buenosearch.rvrt", "false");
Line Found : user_pref("extensions.buenosearch.smplGrp", "none");
Line Found : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.tlbrId", "base");
Line Found : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Found : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Line Found : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.715:10:27");
Line Found : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
*************************
AdwCleaner[R0].txt - [22931 octets] - [13/06/2014 15:56:52]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [22992 octets] ##########
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org
Verze: v2014.06.13.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Petr_K :: PETRK [administrátor]
Ochrana: Povolena
13.6.2014 16:10:16
MBAM-log-2014-06-13 (16-17-40).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 257077
Uplynulý čas: 6 minut, 48 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 1
HKCU\Software\Softonic\Universal Downloader (PUP.Optional.Softonic.A) -> Nebyla provedena žádná instrukce.
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Špatný: (http://www.buenosearch.com/?babsrc=HP_s ... 2&tsp=5213) Dobrý: (http://www.google.com) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Nebyla provedena žádná instrukce.
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)
(konec)
Děkuji moc
Re: Prosím o kontrolu logu - divné chování PC
Znovu spusť AdwCleaner ale tentokrát klikni na Clean,
proběhne restart PC kdy dojde ke smazání nepořádku.
Po té mi sem zase zkopíruj Report.
To co Mbam našel nech smazat a pak mi sem dej zase log.
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
V případě nejasností je ZDE obrázkový návod.
proběhne restart PC kdy dojde ke smazání nepořádku.
Po té mi sem zase zkopíruj Report.
To co Mbam našel nech smazat a pak mi sem dej zase log.
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
V případě nejasností je ZDE obrázkový návod.
Re: Prosím o kontrolu logu - divné chování PC
Děkuji moc za rady a zasílám výsledky skenů:
ADWCLEANER
# AdwCleaner v3.212 - Report created 16/06/2014 at 09:07:41
# Updated 05/06/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Petr_K - PETRK
# Running from : C:\Documents and Settings\Projekt\Plocha\adwcleaner_3.212.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\Projekt\Data aplikací\pdfforge
Folder Deleted : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\ICQToolbarData
File Deleted : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\invalidprefs.js
File Deleted : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\searchplugins\buenosearch.xml
File Deleted : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v29.0.1 (cs)
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
Line Deleted : user_pref("extensions.buenosearch.admin", false);
Line Deleted : user_pref("extensions.buenosearch.aflt", "babsst");
Line Deleted : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Line Deleted : user_pref("extensions.buenosearch.autoRvrt", "false");
Line Deleted : user_pref("extensions.buenosearch.dfltLng", "en");
Line Deleted : user_pref("extensions.buenosearch.excTlbr", false);
Line Deleted : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.buenosearch.id", "6006fab2000000000000001fd0a4f00e");
Line Deleted : user_pref("extensions.buenosearch.instlDay", "16170");
Line Deleted : user_pref("extensions.buenosearch.instlRef", "sst");
Line Deleted : user_pref("extensions.buenosearch.newTab", false);
Line Deleted : user_pref("extensions.buenosearch.prdct", "buenosearch");
Line Deleted : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Line Deleted : user_pref("extensions.buenosearch.rvrt", "false");
Line Deleted : user_pref("extensions.buenosearch.smplGrp", "none");
Line Deleted : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Deleted : user_pref("extensions.buenosearch.tlbrId", "base");
Line Deleted : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Deleted : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Line Deleted : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.715:10:27");
Line Deleted : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [23073 octets] - [13/06/2014 15:56:52]
AdwCleaner[R1].txt - [23134 octets] - [16/06/2014 09:06:46]
AdwCleaner[S0].txt - [4526 octets] - [16/06/2014 09:07:41]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4586 octets] ##########
MBAM
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org
Verze: v2014.06.16.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Petr_K :: PETRK [administrátor]
Ochrana: Povolena
16.6.2014 9:21:48
mbam-log-2014-06-16 (09-21-48).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 257679
Uplynulý čas: 7 minut, 51 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Přesun do karantény a opravení se zdařilo.
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)
(konec)
COMBOFIX
ComboFix 14-06-16.01 - Petr_K 16.06.2014 9:52.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1385 [GMT 2:00]
Spuštěný z: c:\documents and settings\Projekt\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Projekt\WINDOWS
c:\windows\system32\abracadabra08092011.exe
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-05-16 do 2014-06-16 )))))))))))))))))))))))))))))))
.
.
2014-06-13 14:07 . 2014-06-13 14:07 -------- d-----w- c:\documents and settings\Projekt\Data aplikací\Malwarebytes
2014-06-13 14:07 . 2014-06-13 14:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-06-13 14:06 . 2014-06-13 14:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2014-06-13 14:06 . 2014-06-13 14:06 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-06-13 14:06 . 2014-05-12 05:26 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-13 14:06 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-13 13:56 . 2014-06-16 07:07 -------- d-----w- C:\AdwCleaner
2014-06-13 10:18 . 2014-06-13 13:45 -------- d-----w- c:\program files\trend micro
2014-06-13 10:18 . 2014-06-13 10:18 -------- d-----w- C:\rsit
2014-06-11 08:18 . 2014-06-13 06:43 -------- d-----w- c:\program files\Mozilla Thunderbird
2014-06-09 12:51 . 2014-06-09 12:51 -------- d-----w- c:\documents and settings\Projekt\Data aplikací\Juniper Networks
2014-06-09 12:51 . 2014-06-09 12:51 -------- d-----w- c:\documents and settings\Projekt\Data aplikací\Oracle
2014-06-09 12:50 . 2014-06-09 12:50 -------- d-----w- c:\program files\Common Files\Java
2014-06-09 12:50 . 2014-05-07 12:42 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-06-09 12:50 . 2014-05-07 13:02 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-06-09 12:48 . 2014-06-09 12:48 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Juniper Networks
2014-06-09 12:48 . 2014-06-09 12:48 -------- d-----w- c:\program files\Juniper Networks
2014-06-09 12:48 . 2014-06-09 12:48 -------- d-----w- c:\program files\Common Files\Juniper Networks
2014-06-09 12:45 . 2014-06-09 12:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Citrix
2014-06-09 12:44 . 2014-06-09 13:55 -------- d-----w- c:\documents and settings\Projekt\Data aplikací\ICAClient
2014-06-09 12:44 . 2014-06-09 12:44 -------- d-----w- c:\documents and settings\Projekt\Local Settings\Data aplikací\Citrix
2014-06-09 12:44 . 2014-06-09 12:44 -------- d-----w- c:\program files\Citrix
2014-05-22 08:51 . 2014-06-05 09:51 4050432 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-05 09:51 . 2013-07-25 06:59 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-05 09:51 . 2013-07-25 06:59 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-31 20:46 . 2014-03-31 20:46 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2014-03-31 20:46 . 2014-03-31 20:46 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-03-28 00:04 . 2012-03-28 00:04 124864 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2012-03-28 00:47 . 2012-03-28 00:47 13760 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2012-03-28 00:06 . 2012-03-28 00:06 71104 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2012-03-28 00:05 . 2012-03-28 00:05 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2012-03-28 00:05 . 2012-03-28 00:05 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2012-03-28 00:03 . 2012-03-28 00:03 255936 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2012-03-28 00:05 . 2012-03-28 00:05 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2012-03-28 00:05 . 2012-03-28 00:05 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2012-03-19 07:21 . 2012-03-19 07:21 903096 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2012-03-28 00:06 . 2012-03-28 00:06 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="=" [X]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-03 16876032]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-03-21 5078504]
"Heleni Uploader"="c:\program files\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HeleniProxyUI.exe" [2011-04-01 130560]
"Cobian Backup 11"="c:\program files\Cobian Backup 11\Cobian.exe" [2012-12-05 720896]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2012-03-28 309184]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\wamp\\bin\\apache\\Apache2.4.4\\bin\\httpd.exe"=
"c:\\Documents and Settings\\Projekt\\Data aplikací\\uTorrent\\utorrent.exe"=
"d:\\Disk C\\_MICHAL\\__\\martin\\aoe2\\empires2.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP ePrintAndShare\\InstantPrinting\\HPePrintAndShare.exe"=
"c:\\Portable_Ubuntu\\Xming\\Xming.exe"=
"c:\\Portable_Ubuntu\\colinux-slirp-net-daemon.exe"=
"c:\\Portable_Ubuntu\\pulseaudio-0.9.6\\pulseaudio.exe"=
"c:\\Program Files\\Tomasello Software\\WinCron\\WinCron.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [19.3.2012 9:18 64800]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [10.1.2013 10:25 122240]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [10.1.2013 10:25 105784]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.3.2013 15:19 1341664]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [30.1.2014 0:05 166232]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [13.6.2014 16:07 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [23.10.2013 9:15 172192]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [25.7.2013 7:43 103040]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13.6.2014 16:06 22856]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - COLINUXDRIVER
*Deregistered* - CoLinuxDriver
.
Obsah adresáře 'Naplánované úlohy'
.
2014-06-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-25 09:51]
.
2014-06-10 c:\windows\Tasks\run_portable_ubuntu.job
- c:\portable_ubuntu\run_portable_ubuntu.bat [2014-02-10 19:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: Interfaces\{3C61C1E4-8A2E-4DEF-A50D-2A1B19CE131E}: NameServer = 10.0.0.1
FF - ProfilePath - c:\documents and settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2009-12-03 17:10; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Monty 2.0 - c:\program files\EGÚ Brno
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-16 10:00
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_126_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_126_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_64_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_64_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2014-06-16 10:02:31
ComboFix-quarantined-files.txt 2014-06-16 08:02
.
Před spuštěním: Volných bajtů: 62 204 485 632
Po spuštění: Volných bajtů: 62 238 068 736
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - EC388635BDC22937F08FC39A89CFF9E5
413FC2A0C716421B3158746D63736515
Předem děkuji
ADWCLEANER
# AdwCleaner v3.212 - Report created 16/06/2014 at 09:07:41
# Updated 05/06/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Petr_K - PETRK
# Running from : C:\Documents and Settings\Projekt\Plocha\adwcleaner_3.212.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\Projekt\Data aplikací\pdfforge
Folder Deleted : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\ICQToolbarData
File Deleted : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\invalidprefs.js
File Deleted : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\searchplugins\buenosearch.xml
File Deleted : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v29.0.1 (cs)
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
Line Deleted : user_pref("extensions.buenosearch.admin", false);
Line Deleted : user_pref("extensions.buenosearch.aflt", "babsst");
Line Deleted : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Line Deleted : user_pref("extensions.buenosearch.autoRvrt", "false");
Line Deleted : user_pref("extensions.buenosearch.dfltLng", "en");
Line Deleted : user_pref("extensions.buenosearch.excTlbr", false);
Line Deleted : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.buenosearch.id", "6006fab2000000000000001fd0a4f00e");
Line Deleted : user_pref("extensions.buenosearch.instlDay", "16170");
Line Deleted : user_pref("extensions.buenosearch.instlRef", "sst");
Line Deleted : user_pref("extensions.buenosearch.newTab", false);
Line Deleted : user_pref("extensions.buenosearch.prdct", "buenosearch");
Line Deleted : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Line Deleted : user_pref("extensions.buenosearch.rvrt", "false");
Line Deleted : user_pref("extensions.buenosearch.smplGrp", "none");
Line Deleted : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Deleted : user_pref("extensions.buenosearch.tlbrId", "base");
Line Deleted : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5213");
Line Deleted : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Line Deleted : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.715:10:27");
Line Deleted : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
[ File : C:\Documents and Settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [23073 octets] - [13/06/2014 15:56:52]
AdwCleaner[R1].txt - [23134 octets] - [16/06/2014 09:06:46]
AdwCleaner[S0].txt - [4526 octets] - [16/06/2014 09:07:41]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4586 octets] ##########
MBAM
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org
Verze: v2014.06.16.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Petr_K :: PETRK [administrátor]
Ochrana: Povolena
16.6.2014 9:21:48
mbam-log-2014-06-16 (09-21-48).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 257679
Uplynulý čas: 7 minut, 51 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Přesun do karantény a opravení se zdařilo.
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)
(konec)
COMBOFIX
ComboFix 14-06-16.01 - Petr_K 16.06.2014 9:52.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1385 [GMT 2:00]
Spuštěný z: c:\documents and settings\Projekt\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Projekt\WINDOWS
c:\windows\system32\abracadabra08092011.exe
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-05-16 do 2014-06-16 )))))))))))))))))))))))))))))))
.
.
2014-06-13 14:07 . 2014-06-13 14:07 -------- d-----w- c:\documents and settings\Projekt\Data aplikací\Malwarebytes
2014-06-13 14:07 . 2014-06-13 14:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-06-13 14:06 . 2014-06-13 14:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2014-06-13 14:06 . 2014-06-13 14:06 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-06-13 14:06 . 2014-05-12 05:26 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-13 14:06 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-13 13:56 . 2014-06-16 07:07 -------- d-----w- C:\AdwCleaner
2014-06-13 10:18 . 2014-06-13 13:45 -------- d-----w- c:\program files\trend micro
2014-06-13 10:18 . 2014-06-13 10:18 -------- d-----w- C:\rsit
2014-06-11 08:18 . 2014-06-13 06:43 -------- d-----w- c:\program files\Mozilla Thunderbird
2014-06-09 12:51 . 2014-06-09 12:51 -------- d-----w- c:\documents and settings\Projekt\Data aplikací\Juniper Networks
2014-06-09 12:51 . 2014-06-09 12:51 -------- d-----w- c:\documents and settings\Projekt\Data aplikací\Oracle
2014-06-09 12:50 . 2014-06-09 12:50 -------- d-----w- c:\program files\Common Files\Java
2014-06-09 12:50 . 2014-05-07 12:42 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-06-09 12:50 . 2014-05-07 13:02 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-06-09 12:48 . 2014-06-09 12:48 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Juniper Networks
2014-06-09 12:48 . 2014-06-09 12:48 -------- d-----w- c:\program files\Juniper Networks
2014-06-09 12:48 . 2014-06-09 12:48 -------- d-----w- c:\program files\Common Files\Juniper Networks
2014-06-09 12:45 . 2014-06-09 12:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Citrix
2014-06-09 12:44 . 2014-06-09 13:55 -------- d-----w- c:\documents and settings\Projekt\Data aplikací\ICAClient
2014-06-09 12:44 . 2014-06-09 12:44 -------- d-----w- c:\documents and settings\Projekt\Local Settings\Data aplikací\Citrix
2014-06-09 12:44 . 2014-06-09 12:44 -------- d-----w- c:\program files\Citrix
2014-05-22 08:51 . 2014-06-05 09:51 4050432 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-05 09:51 . 2013-07-25 06:59 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-05 09:51 . 2013-07-25 06:59 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-31 20:46 . 2014-03-31 20:46 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2014-03-31 20:46 . 2014-03-31 20:46 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-03-28 00:04 . 2012-03-28 00:04 124864 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2012-03-28 00:47 . 2012-03-28 00:47 13760 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2012-03-28 00:06 . 2012-03-28 00:06 71104 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2012-03-28 00:05 . 2012-03-28 00:05 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2012-03-28 00:05 . 2012-03-28 00:05 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2012-03-28 00:03 . 2012-03-28 00:03 255936 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2012-03-28 00:05 . 2012-03-28 00:05 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2012-03-28 00:05 . 2012-03-28 00:05 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2012-03-19 07:21 . 2012-03-19 07:21 903096 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2012-03-28 00:06 . 2012-03-28 00:06 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="=" [X]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-03 16876032]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-03-21 5078504]
"Heleni Uploader"="c:\program files\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HeleniProxyUI.exe" [2011-04-01 130560]
"Cobian Backup 11"="c:\program files\Cobian Backup 11\Cobian.exe" [2012-12-05 720896]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2012-03-28 309184]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\wamp\\bin\\apache\\Apache2.4.4\\bin\\httpd.exe"=
"c:\\Documents and Settings\\Projekt\\Data aplikací\\uTorrent\\utorrent.exe"=
"d:\\Disk C\\_MICHAL\\__\\martin\\aoe2\\empires2.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP ePrintAndShare\\InstantPrinting\\HPePrintAndShare.exe"=
"c:\\Portable_Ubuntu\\Xming\\Xming.exe"=
"c:\\Portable_Ubuntu\\colinux-slirp-net-daemon.exe"=
"c:\\Portable_Ubuntu\\pulseaudio-0.9.6\\pulseaudio.exe"=
"c:\\Program Files\\Tomasello Software\\WinCron\\WinCron.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [19.3.2012 9:18 64800]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [10.1.2013 10:25 122240]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [10.1.2013 10:25 105784]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.3.2013 15:19 1341664]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [30.1.2014 0:05 166232]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [13.6.2014 16:07 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [23.10.2013 9:15 172192]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [25.7.2013 7:43 103040]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13.6.2014 16:06 22856]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - COLINUXDRIVER
*Deregistered* - CoLinuxDriver
.
Obsah adresáře 'Naplánované úlohy'
.
2014-06-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-25 09:51]
.
2014-06-10 c:\windows\Tasks\run_portable_ubuntu.job
- c:\portable_ubuntu\run_portable_ubuntu.bat [2014-02-10 19:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: Interfaces\{3C61C1E4-8A2E-4DEF-A50D-2A1B19CE131E}: NameServer = 10.0.0.1
FF - ProfilePath - c:\documents and settings\Projekt\Data aplikací\Mozilla\Firefox\Profiles\0yofnm1c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2009-12-03 17:10; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Monty 2.0 - c:\program files\EGÚ Brno
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-16 10:00
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_126_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_126_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_64_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_64_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2014-06-16 10:02:31
ComboFix-quarantined-files.txt 2014-06-16 08:02
.
Před spuštěním: Volných bajtů: 62 204 485 632
Po spuštění: Volných bajtů: 62 238 068 736
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - EC388635BDC22937F08FC39A89CFF9E5
413FC2A0C716421B3158746D63736515
Předem děkuji
Re: Prosím o kontrolu logu - divné chování PC
Přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Odinstaluj Mbam a pak dej vědět jaký je stav PC po našem úklidu
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Odinstaluj Mbam a pak dej vědět jaký je stav PC po našem úklidu

Re: Prosím o kontrolu logu - divné chování PC
Zdravím,
děkuji moc za veškerou pomoc při odvirování PC. Počítač jsem ráno zapnul a cca 3x po naběhnutí windows XP zatuhnul. Pak jsem spustil nouzový režim, kde jsem Všechny programy na odvirování včetně ComboFix odinstaloval a pak počítač naběhnul. Nevím proč PC cca 3x zatuhlo, ale nyní se zdá vše v pořádku.
Děkuji moc
děkuji moc za veškerou pomoc při odvirování PC. Počítač jsem ráno zapnul a cca 3x po naběhnutí windows XP zatuhnul. Pak jsem spustil nouzový režim, kde jsem Všechny programy na odvirování včetně ComboFix odinstaloval a pak počítač naběhnul. Nevím proč PC cca 3x zatuhlo, ale nyní se zdá vše v pořádku.
Děkuji moc
Re: Prosím o kontrolu logu - divné chování PC
Ahoj,Sparhawk píše:Zdravím,
Nevím proč PC cca 3x zatuhlo, ale nyní se zdá vše v pořádku.
zřejmě se "srovnával" po odvirování, ještě ho nějaký den pozoruj a pak napiš a když nebude problém zamknu to tady.
Re: Prosím o kontrolu logu - divné chování PC
Počítač v naprostém pořádku a již se neseká.
děkuji moc
děkuji moc