VIRY.CZ

Zdravím,

mohl by mi někdo prosím poradit, jak se zbavit tohoto viru? Díky.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.45.2
Run by uživatel at 10:03:50 on 2014-05-27
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.455 [GMT 2:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Internet Security 2014 *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dmwu.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Documents and Settings\uC:\Documents and Settings\uC:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\uC:\WINDOWS\system32\jmdp\stij.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\THEKMP~1\KMPlayer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\AVAST Software\Avast\setup\instup.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = http://www.bing.com
uSearch Bar = http://www.bing.com
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&src ... ORM=IE10SR
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000&st=18&barid={94941E4B-E587-11E1-B6F0-001C232A3D29}
uURLSearchHooks: UsProvider Class: {539F76FD-084E-4858-86D5-62F02F54AE86} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Webexp Enhanced: {640bee56-63ce-427a-b939-7c4307381b48} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Video Player: {955c4a77-a384-40fb-bb11-52785e977745} - c:\program files\videoplayerv3\videoplayerv3beta758\ie\VideoPlayerV3beta758.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\18.1.0.443\AVG Secure Search_toolbar.dll
BHO: {AA74D58F-ACD0-450D-A85E-6C04B171C044} - <orphaned>
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: {EA837F48-5AD1-443e-AE34-FFE03CBF3099} - <orphaned>
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\18.1.0.443\AVG Secure Search_toolbar.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "c:\documents and settings\uživatel\local settings\data aplikací\google\update\GoogleUpdate.exe" /c
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [SpeedUpMyComputer] c:\program files\smarttweak\speedupmycomputer\SpeedUpMyComputer.exe /ot /as
uRun: [cz.seznam.software.autoupdate] "c:\documents and settings\uživatel\data aplikací\seznam.cz\szninstall.exe" -c
uRun: [cz.seznam.software.szndesktop] "c:\documents and settings\uživatel\data aplikací\seznam.cz\bin\wszndesktop.exe" -q
uRun: [F.lux] "c:\documents and settings\uživatel\local settings\data aplikací\fluxsoftware\flux\flux.exe" /noshow
uRun: [Spotify Web Helper] "c:\documents and settings\uživatel\data aplikací\spotify\data\SpotifyWebHelper.exe"
uRun: [Spotify] "c:\documents and settings\uživatel\data aplikací\spotify\Spotify.exe" /uri spotify:autostart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Sweetpacks Communicator] c:\program files\sweetim\communicator\SweetPacksUpdateManager.exe
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [seznam-listicka-distribuce] "c:\program files\seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{19BBCE3F-8949-4151-92BA-9B0C24D9DA75} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C6542D5E-75A5-4E78-9BC5-049A5BC82C4A} : NameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\18.1.0\ViProtocol.dll
AppInit_DLLs= c:\docume~1\alluse~1\dataap~1\browse~1\23796~1.11\{16cdf~1\browse~1.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.153\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\uživatel\data aplikací\mozilla\firefox\profiles\2xrpg1fw.default\
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-1-12 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-1-12 180248]
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 149784]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 237848]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 107288]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 27416]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-1-12 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-1-12 410528]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-8-1 122136]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 198936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 192280]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 210200]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-30 42272]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-7-29 242240]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-1-12 67824]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
.
=============== Created Last 30 ================
.
2014-06-14 19:38:27 -------- d-----w- c:\documents and settings\uživatel\data aplikací\Ventrilo
2014-06-14 19:37:04 -------- d-----w- c:\program files\Ventrilo
2014-06-14 19:36:19 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2014-06-12 14:58:41 -------- d-sh--w- C:\found.000
2014-05-29 11:51:58 -------- d-----w- c:\documents and settings\uživatel\data aplikací\Leadertech
2014-05-15 16:50:21 -------- d-----w- C:\7818ba40a50da8bab1
2014-05-14 06:42:47 17938608 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
==================== Find3M ====================
.
2014-05-14 06:43:03 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-14 06:43:02 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-13 12:19:14 192280 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-05-13 12:17:24 237848 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-05-13 12:17:22 210200 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-05-13 12:17:22 122136 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-05-13 12:17:20 149784 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-05-13 12:09:12 198936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-05-13 12:04:36 27416 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-05-13 12:04:34 21272 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2014-04-28 19:00:07 42272 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-04-07 14:57:16 1863984 ----a-w- c:\windows\system32\dmwu.exe
2014-04-07 14:53:42 27136 ----a-w- c:\windows\system32\ImHttpComm.dll
2014-04-06 10:24:56 773968 ----a-w- c:\windows\system32\msvcr100.dll
2014-04-06 10:24:56 632656 ----a-w- c:\windows\system32\msvcr80.dll
2014-04-06 10:24:56 554832 ----a-w- c:\windows\system32\msvcp80.dll
2014-04-06 10:24:56 479232 ----a-w- c:\windows\system32\msvcm80.dll
2014-04-06 10:24:56 421200 ----a-w- c:\windows\system32\msvcp100.dll
2014-03-06 17:58:44 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:58:44 43520 ------w- c:\windows\system32\licmgr10.dll
2014-03-06 17:58:44 18944 ----a-w- c:\windows\system32\corpol.dll
2014-03-06 17:58:44 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-03-06 00:46:54 385024 ------w- c:\windows\system32\html.iec
2014-02-26 23:28:44 13312 ------w- c:\windows\system32\xp_eos.exe
.
============= FINISH: 10:07:06,09 ===============

Zdravim

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  emptyclsid;
  iedefaults;
  FFdefaults;
  CHRdefaults;
  emptyalltemp;
  resethosts;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Zoek.exe v5.0.0.0 Updated 22-06-2014
Tool run by u§ivatel on Łt 27.05.2014 at 16:33:32,39.
Systém Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\UIVATE~1\Plocha\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-27-121356.log 16197 bytes
C:\zoek-results2014-05-27-132719.log 4138 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [12.01.2014 12:14]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[12.01.2014 12:14]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.bing.com/search?q={searchTer ... ORM=IE10SR"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="http://search.live.com/results.aspx?q={ ... orm=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... {startPage}"

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Podzimov\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2580 folders=1109 252829481 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Reset Hosts File ======================

Hosts File Reset Successfully

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Program Files\SweetIM\Communicator\Microsoft.VC90.CRT\msvcr90.dll" not found
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Program Files\SweetIM" not found
"C:\Program Files\AVG Secure Search" not found
"C:\Program Files\AVG Secure Search" not found

==== EOF on Łt 27.05.2014 at 16:54:40,67 ======================

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill iExplore.exe:
  http://download.bleepingcomputer.com/gr ... xplore.exe
  
  Rkill uSeRiNiT.exe:
  http://download.bleepingcomputer.com/gr ... eRiNiT.exe
  
  Rkill WiNlOgOn.exe:
  http://download.bleepingcomputer.com/gr ... NlOgOn.exe

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Na plose vznikne log Rkill.txt ten mi sem vlozte
• Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Rkill 2.6.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/27/2014 08:42:57 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\System32\WLTRYSVC.EXE (PID: 272) [WD-HEUR]
* C:\WINDOWS\System32\bcmwltry.exe (PID: 316) [WD-HEUR]
* C:\WINDOWS\system32\KADxMain.exe (PID: 2664) [WD-HEUR]
* C:\WINDOWS\system32\WLTRAY.exe (PID: 3180) [WD-HEUR]

4 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

* Reparse Point/Junctions Found (Most likely legitimate)!

* C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
* C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:


127.0.0.1 localhost

Program finished at: 05/27/2014 08:46:14 PM
Execution time: 0 hours(s), 3 minute(s), and 17 seconds(s)

Jeste si pockam na ComboFix

ComboFix 14-06-27.01 - uživatel 27.05.2014 21:42:19.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.385 [GMT 2:00]
Spuštěný z: c:\documents and settings\u×ivatel\Dokumenty\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2014 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\_ctypes.pyd
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\_elementtree.pyd
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\_hashlib.pyd
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\_multiprocessing.pyd
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\_socket.pyd
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\_ssl.pyd
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\hashobjs_ext.pyd
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\pyexpat.pyd
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\pysqlite2._sqlite.pyd
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\python27.dll
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\pythoncom27.dll
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\PyWinTypes27.dll
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\select.pyd
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\unicodedata.pyd
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\win32api.pyd
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\win32com.shell.shell.pyd
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\win32crypt.pyd
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\win32event.pyd
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\win32file.pyd
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\win32gui.pyd
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\win32inet.pyd
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\win32pdh.pyd
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\win32pipe.pyd
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\win32process.pyd
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\win32profile.pyd
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\win32security.pyd
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\win32ts.pyd
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\windows._lib_cacheinvalidation.pyd
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\wx._animate.pyd
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\wx._controls_.pyd
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\wx._core_.pyd
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\wx._gdi_.pyd
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\wx._html2.pyd
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\wx._misc_.pyd
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\wx._windows_.pyd
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\wx._wizard.pyd
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\wxbase294u_net_vc90.dll
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\wxbase294u_vc90.dll
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\wxmsw294u_adv_vc90.dll
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\wxmsw294u_core_vc90.dll
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\wxmsw294u_html_vc90.dll
c:\docume~1\UIVATE~1\LOCALS~1\Temp\_MEI8322\wxmsw294u_webview_vc90.dll
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\_ctypes.pyd
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\_elementtree.pyd
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\_hashlib.pyd
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\_multiprocessing.pyd
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\_socket.pyd
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\_ssl.pyd
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\hashobjs_ext.pyd
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\pyexpat.pyd
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\pysqlite2._sqlite.pyd
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\python27.dll
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\pythoncom27.dll
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\PyWinTypes27.dll
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\select.pyd
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\unicodedata.pyd
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\win32api.pyd
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\win32com.shell.shell.pyd
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\win32crypt.pyd
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\win32event.pyd
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\win32file.pyd
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\win32gui.pyd
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\win32inet.pyd
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\win32pdh.pyd
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\win32pipe.pyd
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\win32process.pyd
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\win32profile.pyd
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\win32security.pyd
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\win32ts.pyd
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\windows._lib_cacheinvalidation.pyd
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\wx._animate.pyd
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\wx._controls_.pyd
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\wx._core_.pyd
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\wx._gdi_.pyd
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\wx._html2.pyd
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\wx._misc_.pyd
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\wx._windows_.pyd
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\wx._wizard.pyd
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\wxbase294u_net_vc90.dll
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\wxbase294u_vc90.dll
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\wxmsw294u_adv_vc90.dll
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\wxmsw294u_core_vc90.dll
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\wxmsw294u_html_vc90.dll
c:\documents and settings\uživatel\Local Settings\Temp\_MEI8322\wxmsw294u_webview_vc90.dll
c:\program files\Java\jre7\bin\jp2ssv.dll
c:\windows\IsUn0405.exe
c:\windows\msmqinst.log
c:\windows\system32\Cache
c:\windows\system32\Cache\07829a6f7146017d.fb
c:\windows\system32\Cache\09ce7b2c378cf909.fb
c:\windows\system32\Cache\110e94689952455f.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\295346c4fbe975ac.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\2cb4e3eb211f07c2.fb
c:\windows\system32\Cache\2f46ca5a25274ca8.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\5100f8d7a205e9b9.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\77e40e66d226da9e.fb
c:\windows\system32\Cache\7dc7563ea555fae3.fb
c:\windows\system32\Cache\7fc8db47f4904541.fb
c:\windows\system32\Cache\80b7401f9c64a050.fb
c:\windows\system32\Cache\8a6c8aacee7ea230.fb
c:\windows\system32\Cache\8a7570e98d4c83fb.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\a1a9af7ef4ed68fe.fb
c:\windows\system32\Cache\a5fe32d7d2eb2b07.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\b72857c297745729.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\def8170e15290fe4.fb
c:\windows\system32\Cache\e1143cb8a13ff8bc.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-04-27 do 2014-05-27 )))))))))))))))))))))))))))))))
.
.
2014-06-14 19:38 . 2014-06-14 19:38 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\Ventrilo
2014-06-14 19:37 . 2014-06-14 19:37 -------- d-----w- c:\program files\Ventrilo
2014-06-14 19:36 . 2014-06-14 19:36 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2014-05-29 11:51 . 2014-05-29 11:51 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\Leadertech
2014-05-27 14:50 . 2014-05-27 14:32 24064 ----a-w- c:\windows\zoek-delete.exe
2014-05-27 10:28 . 2014-05-27 12:20 -------- d-----w- C:\zoek_backup
2014-05-15 16:50 . 2014-05-15 17:12 -------- d-----w- C:\7818ba40a50da8bab1
2014-05-14 06:42 . 2014-05-14 06:42 17938608 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-14 06:43 . 2012-11-10 18:51 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-14 06:43 . 2012-11-10 18:51 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-13 12:19 . 2012-02-22 03:25 192280 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-05-13 12:17 . 2013-02-08 02:37 237848 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-05-13 12:17 . 2013-08-01 14:06 122136 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-05-13 12:17 . 2012-03-19 03:17 210200 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-05-13 12:17 . 2012-04-19 02:50 149784 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-05-13 12:17 . 2011-12-23 11:32 107288 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2014-05-13 12:09 . 2011-12-23 11:32 198936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-05-13 12:04 . 2012-01-31 02:46 27416 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-05-13 12:04 . 2011-12-23 11:32 21272 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2014-04-28 19:00 . 2012-08-30 17:14 42272 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-04-06 10:24 . 2013-06-05 07:12 773968 ----a-w- c:\windows\system32\msvcr100.dll
2014-04-06 10:24 . 2013-06-05 07:12 632656 ----a-w- c:\windows\system32\msvcr80.dll
2014-04-06 10:24 . 2013-06-05 07:12 554832 ----a-w- c:\windows\system32\msvcp80.dll
2014-04-06 10:24 . 2013-06-05 07:12 479232 ----a-w- c:\windows\system32\msvcm80.dll
2014-04-06 10:24 . 2013-06-05 07:12 421200 ----a-w- c:\windows\system32\msvcp100.dll
2014-03-06 17:58 . 2008-04-14 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:58 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2014-03-06 17:58 . 2008-04-14 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2014-03-06 17:58 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-03-06 00:46 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2014-02-26 23:28 . 2014-03-06 06:42 13312 ------w- c:\windows\system32\xp_eos.exe
2012-04-21 01:18 . 2012-07-29 05:37 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-12 10:14 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-06-05 15:46 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-06-05 15:46 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-06-05 15:46 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-06-05 15:46 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-06-05 15:46 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-06-05 15:46 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2014-06-05 24474752]
"cz.seznam.software.autoupdate"="c:\documents and settings\uživatel\Data aplikací\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\documents and settings\uživatel\Data aplikací\Seznam.cz\bin\wszndesktop.exe" [2013-04-12 92664]
"F.lux"="c:\documents and settings\uživatel\Local Settings\Data aplikací\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
"Spotify Web Helper"="c:\documents and settings\uživatel\Data aplikací\Spotify\Data\SpotifyWebHelper.exe" [2014-02-10 1171968]
"Spotify"="c:\documents and settings\uživatel\Data aplikací\Spotify\Spotify.exe" [2014-02-10 6118400]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-11 13594624]
"nwiz"="nwiz.exe" [2009-03-11 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-11 86016]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-05-13 5181456]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2010-10-29 2498560]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-12 3764024]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-7-31 113664]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Torrents Downloader\\torrents_downloader.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\uživatel\\Data aplikací\\Spotify\\spotify.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [12.1.2014 12:15 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [12.1.2014 12:15 180248]
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19.4.2012 4:50 149784]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [8.2.2013 4:37 237848]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31.1.2012 4:46 27416]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12.1.2014 12:15 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12.1.2014 12:15 410528]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [1.8.2013 16:06 122136]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23.12.2011 13:32 198936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23.12.2011 13:32 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [22.2.2012 5:25 192280]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [19.3.2012 5:17 210200]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [30.8.2012 19:14 42272]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [29.7.2012 8:08 242240]
R1 NvtSp50;Novatel Wireless NDIS 5 Single-Packet Read Protocol Driver;c:\windows\system32\drivers\NvtSp50.sys [10.6.2008 13:32 22016]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [12.1.2014 12:15 67824]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [13.5.2014 14:23 3644432]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [13.5.2014 14:15 292424]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [9.10.2013 11:58 3275136]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2.11.2006 12:32 97536]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5.9.2013 10:34 171680]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [23.10.2012 20:23 10502784]
S3 yvfquiuy;yvfquiuy; [x]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-12 16:31 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-10 06:43]
.
2014-05-27 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-12 10:14]
.
2014-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-24 18:40]
.
2014-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-24 18:40]
.
2014-06-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-06 23:28]
.
2014-05-27 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-06 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
mStart Page =
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{C6542D5E-75A5-4E78-9BC5-049A5BC82C4A}: NameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -
FF - ProfilePath - c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\2xrpg1fw.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxps://www.google.com/search
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-SpeedUpMyComputer - c:\program files\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
HKLM-Run-Sweetpacks Communicator - c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe
AddRemove-Adobe Photoshop 7.0 CE - c:\windows\ISUN0405.EXE
AddRemove-AVG Secure Search - c:\program files\AVG Secure Search\UNINSTALL.exe
AddRemove-Better Surf Plus - c:\program files\BetterSurf\BetterSurfPlus\uninstall.exe
AddRemove-MediaWatchV1home624 - c:\program files\MediaWatchV1\MediaWatchV1home624\uninstall.exe
AddRemove-Webexp Enhanced - c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha678\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-27 22:00
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3372)
c:\documents and settings\uživatel\Data aplikací\Seznam.cz\bin\20002libfoxloader.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\program files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\DellTPad\HidFind.exe
c:\documents and settings\uc:\documents and settings\uc:\documents and settings\uc:\windows\system32\ctfmon.exe
.
**************************************************************************
.
Celkový čas: 2014-05-27 22:08:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-05-27 20:08
.
Před spuštěním: Volných bajtů: 27 671 035 904
Po spuštění: Volných bajtů: 28 142 555 136
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 5583B15D284B6AEDD7BDED73964B92F2
413FC2A0C716421B3158746D63736515

Jak se chova PC, SSL chyba je stale? Pripadne poprosim o screen

chod pc se vyrazne zrychlil. nejde se dostat na google a jeho stranky (gmail, youtube, apod.). vyhazuje to tuto zpravu

Zkontrolujte systemove datum a cas, jestli jsou spravne nastaveny - toto je casty problem zpusobujici popsane potize...

jo, tak to bylo presne ono. moc diky. jste nejlepsi. koupim vam cokoladu

Tak jeste uklidime

Odinstalujte Combofix

• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse