VIRY.CZ

Zravíčko ...
Po nějaké době se mi do ruky dostal PC který bude za roky co ho rodinka používá asi pěkně pěkně ... pěkně ... =)
Věřím ve vaši pomoc a předem děkuji=)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01
Ran by lehkozivova (administrator) on LEHKOZIVOVA on 16-07-2014 12:04:52
Running from C:\Documents and Settings\lehkozivova\Plocha
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Connect\BackService.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
() C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Luis Cobian) C:\Program Files\Cobian Backup 8\Cobian.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Hewlett-Packard Company) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(HP) C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
() C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(ICQ, LLC.) C:\Program Files\ICQ7.6\ICQ.exe
(Gemfor s.r.o.) C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
() C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmW.exe
() C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmwj.exe
(Luis Cobian) C:\Program Files\Cobian Backup 8\cbInterface.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(forum.viry.cz) C:\Documents and Settings\lehkozivova\Plocha\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NeroCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [ZyngaGamesAgent] => C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe [841544 2010-11-15] (Splashtop Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20025960 2011-01-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [Cobian Backup 8] => C:\Program Files\Cobian Backup 8\Cobian.exe [499200 2006-08-25] (Luis Cobian)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1648264 2013-04-25] (Ask)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2004-09-13] (Hewlett-Packard Company)
HKLM\...\Run: [ToolBoxFX] => C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [45056 2006-02-02] (HP)
HKLM\...\Run: [Launcher6015N] => C:\Program Files\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe [2571264 2011-05-19] (Xerox)
HKLM\...\Run: [6015N RUN] => C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe [357376 2012-01-03] ()
HKLM\...\Run: [StatusAutoRun6015N] => C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe [3658240 2012-01-03] ()
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [187984 2014-06-30] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1645522239-413027322-839522115-1003\...\Run: [ICQ] => C:\Program Files\ICQ7.6\ICQ.exe [127040 2011-11-01] (ICQ, LLC.)
HKU\S-1-5-21-1645522239-413027322-839522115-1003\...\Run: [T-Mobile CManager] => C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe [2166552 2013-10-31] (Gemfor s.r.o.)
HKU\S-1-5-21-1645522239-413027322-839522115-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1645522239-413027322-839522115-1003\...\Run: [AdobeChk] => C:\Documents and Settings\lehkozivova\Data aplikací\AdobeChk\chk.exe [148992 2014-07-16] (Cubypowersoft)
HKU\S-1-5-21-1645522239-413027322-839522115-1003\...\MountPoints2: {b10bd6fa-7e98-11e3-8955-50e54926f7f1} - E:\Autorun.exe
HKU\S-1-5-21-1645522239-413027322-839522115-1003\...\MountPoints2: {b10bd6fd-7e98-11e3-8955-50e54926f7f1} - E:\Autorun.exe
HKU\S-1-5-21-1645522239-413027322-839522115-1003\...\MountPoints2: {b10bd701-7e98-11e3-8955-50e54926f7f1} - E:\Autorun.exe
Startup: C:\Documents and Settings\lehkozivova\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKCU - {00724743-D36B-4F79-8956-13A9431CDF06} URL = http://websearch.ask.com/redirect?clien ... C2A65E403B
BHO: Podpora odkazu pro Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.4.2/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinsta ... s-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 217.197.152.132 217.197.144.22

FireFox:
========
FF ProfilePath: C:\Documents and Settings\lehkozivova\Data aplikací\Mozilla\Firefox\Profiles\ecrk67au.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Web Components - C:\Program Files\Web Components\npWebVideoPlugin.dll ()
FF SearchPlugin: C:\Documents and Settings\lehkozivova\Data aplikací\Mozilla\Firefox\Profiles\ecrk67au.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Ask Toolbar - C:\Documents and Settings\lehkozivova\Data aplikací\Mozilla\Firefox\Profiles\ecrk67au.default\Extensions\toolbar@ask.com [2013-02-24]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-18]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-10-27]
FF HKLM\...\Firefox\Extensions: [{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}] - C:\Program Files\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}
FF Extension: Splashtop Connect Companion - C:\Program Files\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} [2011-10-27]
FF HKLM\...\Firefox\Extensions: [{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}] - C:\Program Files\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}
FF Extension: Splashtop Connect - C:\Program Files\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} [2011-10-27]
FF HKLM\...\Firefox\Extensions: [{d9284e50-81fc-11da-a72b-0800200c9a66}] - C:\Program Files\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66}
FF Extension: Yoono - C:\Program Files\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66} [2011-10-27]

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1028688 2014-06-24] (Avira Operations GmbH & Co. KG)
S3 AppleChargerSrv; C:\WINDOWS\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [138832 2014-06-30] (Avira Operations GmbH & Co. KG)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-07] (Oracle Corporation)
R2 MbnExt; C:\Program Files\T-Mobile\Web'n'walk Manager\MbnExt.dll [417128 2013-12-02] (Gemfor s.r.o.)
R2 SCBackService; C:\Program Files\Splashtop\Splashtop Connect\BackService.exe [477000 2010-11-15] (Splashtop Inc.)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3048136 2012-07-05] (Skype Technologies S.A.)
R2 WCUService_STC_FF; C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [493384 2011-03-24] (Splashtop Inc.)
R2 XRNADB; C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe [79872 2012-01-03] () [File not signed]

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 AppleCharger; C:\WINDOWS\System32\DRIVERS\AppleCharger.sys [18544 2011-01-10] ()
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 GemCCID; C:\WINDOWS\System32\DRIVERS\GemCCID.sys [98816 2013-04-24] (Gemalto)
S3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [95616 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\WINDOWS\System32\DRIVERS\ew_jucdcecm.sys [70016 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\WINDOWS\System32\DRIVERS\ew_juextctrl.sys [27520 2012-04-23] (Huawei Technologies Co., Ltd.)
R3 MEI; C:\WINDOWS\System32\DRIVERS\HECI.sys [41088 2010-09-21] (Intel Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2014-02-25] (Avira GmbH)
U2 CertPropSvc;
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [249472 2012-04-20] (Huawei Technologies Co., Ltd.)
S3 gdrv; \??\C:\WINDOWS\gdrv.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-16 12:04 - 2014-07-16 12:05 - 00016462 _____ () C:\Documents and Settings\lehkozivova\Plocha\FRST.txt
2014-07-16 12:04 - 2014-07-16 12:04 - 00000000 ____D () C:\FRST
2014-07-16 12:01 - 2014-07-16 12:02 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\lehkozivova\Plocha\FRSTLauncher.exe
2014-07-16 12:01 - 2014-07-16 12:01 - 01077248 _____ (Farbar) C:\Documents and Settings\lehkozivova\Plocha\FRST.exe
2014-07-15 13:16 - 2014-07-15 13:16 - 00000000 ____D () C:\Documents and Settings\lehkozivova\Data aplikací\AdobeChk
2014-07-06 08:59 - 2014-07-06 08:59 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\TeamViewer 9
2014-06-18 09:19 - 2014-06-18 09:19 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-07-16 12:05 - 2014-07-16 12:04 - 00016462 _____ () C:\Documents and Settings\lehkozivova\Plocha\FRST.txt
2014-07-16 12:05 - 2011-10-27 12:45 - 00000000 ____D () C:\Documents and Settings\lehkozivova\Local Settings\Temp
2014-07-16 12:04 - 2014-07-16 12:04 - 00000000 ____D () C:\FRST
2014-07-16 12:04 - 2011-11-01 10:37 - 00000000 ____D () C:\Documents and Settings\lehkozivova\Data aplikací\Skype
2014-07-16 12:04 - 2011-10-27 12:45 - 00000000 ___HD () C:\Documents and Settings\lehkozivova\Local Settings\Data aplikací
2014-07-16 12:04 - 2011-10-27 12:45 - 00000000 ____D () C:\Documents and Settings\lehkozivova\Plocha
2014-07-16 12:02 - 2014-07-16 12:01 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\lehkozivova\Plocha\FRSTLauncher.exe
2014-07-16 12:01 - 2014-07-16 12:01 - 01077248 _____ (Farbar) C:\Documents and Settings\lehkozivova\Plocha\FRST.exe
2014-07-16 12:01 - 2013-02-24 22:11 - 00000246 _____ () C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
2014-07-16 11:58 - 2011-10-27 20:29 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-07-16 11:43 - 2012-07-02 08:17 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-16 11:39 - 2014-04-08 14:02 - 00000000 _____ () C:\sparkraw.log
2014-07-16 08:36 - 2011-10-27 12:43 - 00032574 _____ () C:\WINDOWS\SchedLgU.Txt
2014-07-16 08:07 - 2014-03-13 09:27 - 00002283 _____ () C:\Documents and Settings\All Users\Plocha\Skype.lnk
2014-07-16 03:00 - 2011-10-27 12:41 - 01197417 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-15 14:01 - 2013-01-03 11:44 - 00002563 _____ () C:\Documents and Settings\lehkozivova\Plocha\Microsoft Office Word 2007.lnk
2014-07-15 13:16 - 2014-07-15 13:16 - 00000000 ____D () C:\Documents and Settings\lehkozivova\Data aplikací\AdobeChk
2014-07-15 13:16 - 2011-10-27 12:45 - 00000000 __RHD () C:\Documents and Settings\lehkozivova\Data aplikací
2014-07-15 08:44 - 2011-10-27 20:32 - 00001128 _____ () C:\WINDOWS\wiadebug.log
2014-07-10 10:11 - 2014-03-20 11:06 - 00000234 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-07-10 10:11 - 2011-10-27 20:32 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-07-10 10:11 - 2004-08-18 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-07-10 10:10 - 2014-05-03 03:16 - 00300474 _____ () C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-1645522239-413027322-839522115-1003-0.dat
2014-07-10 10:10 - 2014-04-29 03:37 - 00300474 _____ () C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
2014-07-10 10:10 - 2014-04-28 12:13 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Package Cache
2014-07-10 10:10 - 2013-01-03 11:43 - 00065536 _____ () C:\WINDOWS\system32\config\ODiag.evt
2014-07-10 10:10 - 2011-10-27 12:45 - 00000178 ___SH () C:\Documents and Settings\lehkozivova\ntuser.ini
2014-07-10 10:10 - 2011-10-27 12:45 - 00000000 ____D () C:\Documents and Settings\lehkozivova
2014-07-10 10:10 - 2011-10-27 12:43 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-10 03:02 - 2013-07-17 13:20 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-10 03:01 - 2013-01-03 11:39 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2014-07-10 03:01 - 2011-10-27 14:29 - 93585272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-09 15:43 - 2012-07-02 08:17 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-07-09 15:43 - 2011-10-27 13:55 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-07-08 15:00 - 2014-03-20 11:06 - 00000228 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-07-06 08:59 - 2014-07-06 08:59 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\TeamViewer 9
2014-07-06 08:59 - 2011-10-27 20:29 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-07-04 12:40 - 2014-04-28 12:17 - 00000000 ____D () C:\Program Files\Avira
2014-07-04 12:40 - 2014-04-28 12:17 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Avira
2014-06-24 12:28 - 2014-04-28 12:20 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-06-20 12:34 - 2012-04-26 08:38 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-18 09:19 - 2014-06-18 09:19 - 00000000 ____D () C:\Program Files\Mozilla Firefox

Some content of TEMP:
====================
C:\Documents and Settings\lehkozivova\Local Settings\Temp\APNStub.exe
C:\Documents and Settings\lehkozivova\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\lehkozivova\Local Settings\Temp\Deldevice.dll
C:\Documents and Settings\lehkozivova\Local Settings\Temp\DelVista.dll
C:\Documents and Settings\lehkozivova\Local Settings\Temp\FP_PL_PFS_INSTALLER-1.exe
C:\Documents and Settings\lehkozivova\Local Settings\Temp\FP_PL_PFS_INSTALLER.exe
C:\Documents and Settings\lehkozivova\Local Settings\Temp\InitBDE.exe
C:\Documents and Settings\lehkozivova\Local Settings\Temp\Installer.dll
C:\Documents and Settings\lehkozivova\Local Settings\Temp\jre-6u29-windows-i586-iftw-rv_d654423.exe
C:\Documents and Settings\lehkozivova\Local Settings\Temp\jre-6u34-windows-i586-iftw.exe
C:\Documents and Settings\lehkozivova\Local Settings\Temp\jre-6u35-windows-i586-iftw.exe
C:\Documents and Settings\lehkozivova\Local Settings\Temp\jre-6u39-windows-i586-iftw.exe
C:\Documents and Settings\lehkozivova\Local Settings\Temp\jre-7u15-windows-i586-iftw.exe
C:\Documents and Settings\lehkozivova\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\lehkozivova\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\lehkozivova\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\lehkozivova\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\lehkozivova\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\lehkozivova\Local Settings\Temp\jre-7u60-windows-i586-iftw.exe
C:\Documents and Settings\lehkozivova\Local Settings\Temp\setup.exe
C:\Documents and Settings\lehkozivova\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\lehkozivova\Local Settings\Temp\_hpcdb_2_0.exe
C:\Documents and Settings\lehkozivova\Local Settings\Temp\_is266.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job => C:\Program Files\Ask.com\UpdateTask.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\lehkozivova\Plocha" je 204 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\ICQ7.6\\ICQ.exe"="C:\\Program Files\\ICQ7.6\\ICQ.exe:*:Enabled:ICQ7.6"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\ICQ7.6\\ICQ.exe"="C:\\Program Files\\ICQ7.6\\ICQ.exe:*:Enabled:ICQ7.6"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\\setup\\HPZNET01.EXE"="D:\\setup\\HPZNET01.EXE:*:Enabled:hpznet01.exe"
"D:\\setup\\hppapd.exe"="D:\\setup\\hppapd.exe:*:Enabled:hppapd.exe"
"D:\\setup\\HPPNICIFS01.EXE"="D:\\setup\\HPPNICIFS01.EXE:*:Enabled:hppnicifs01.exe"
"D:\\setup\\HPNTWKEXE.EXE"="D:\\setup\\HPNTWKEXE.EXE:*:Enabled:hpntwkexe.exe"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\TeamViewer\\Version9\\TeamViewer.exe"="C:\\Program Files\\TeamViewer\\Version9\\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\\Program Files\\TeamViewer\\Version9\\TeamViewer_Service.exe"="C:\\Program Files\\TeamViewer\\Version9\\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000

==================== End Of Log ==============================

Dodatek -
Teď se máma přiznala, že otevřela email ohledně nezaplacených pohledávek nebo čeho, který ji vystrašil, bylo v něm údajně něco na rozbalení ... všechno spustila :-/

Zdravím!
Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

ComboFix 14-07-16.01 - lehkozivova 16.07.2014 13:30:45.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1959.1038 [GMT 2:00]
Spuštěný z: c:\documents and settings\lehkozivova\Plocha\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\LEHKOZ~1\LOCALS~1\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\documents and settings\lehkozivova\Local Settings\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\delete.bat
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-06-16 do 2014-07-16 )))))))))))))))))))))))))))))))
.
.
2014-07-16 10:04 . 2014-07-16 10:04 -------- d-----w- C:\FRST
2014-07-15 11:16 . 2014-07-15 11:16 -------- d-----w- c:\documents and settings\lehkozivova\Data aplikací\AdobeChk
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 13:43 . 2012-07-02 06:17 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-09 13:43 . 2011-10-27 11:55 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-24 10:28 . 2014-04-28 10:20 97648 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-05-22 10:24 . 2014-04-28 10:20 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-05-07 13:02 . 2014-06-13 11:07 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-05-07 12:42 . 2014-06-13 11:07 145408 ----a-w- c:\windows\system32\javacpl.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2013-04-25 1520776]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7.6\ICQ.exe" [2011-11-01 127040]
"T-Mobile CManager"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2013-10-31 2166552]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-05-08 21444224]
"AdobeChk"="c:\documents and settings\lehkozivova\Data aplikací\AdobeChk\chk.exe" [2014-07-16 148992]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ZyngaGamesAgent"="c:\program files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-13 142360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-13 176152]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-13 145944]
"RTHDCPL"="RTHDCPL.EXE" [2011-01-03 20025960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Cobian Backup 8"="c:\program files\Cobian Backup 8\Cobian.exe" [2006-08-25 499200]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2013-04-25 1648264]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-02-02 45056]
"Launcher6015N"="c:\program files\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe" [2011-05-19 2571264]
"6015N RUN"="c:\program files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe" [2012-01-03 357376]
"StatusAutoRun6015N"="c:\program files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe" [2012-01-03 3658240]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-06-24 750160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-06-30 187984]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\lehkozivova\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version9\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version9\\TeamViewer_Service.exe"=
.
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [27.10.2011 13:17 18544]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [28.4.2014 12:20 37352]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [28.4.2014 12:20 430160]
R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [30.6.2014 12:08 138832]
R2 MbnExt;Mobile Broadband Extension Service;c:\windows\system32\svchost.exe -k MbnExt [18.8.2004 14:00 14336]
R2 SCBackService;Splashtop Connect Service;c:\program files\Splashtop\Splashtop Connect\BackService.exe [15.11.2010 13:21 477000]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [5.7.2012 18:41 3048136]
R2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [10.4.2014 10:14 5037888]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [27.10.2011 13:17 2655768]
R2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;c:\program files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [24.3.2011 6:37 493384]
R2 XRNADB;XRcnStatutsDatabase;c:\program files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe [3.1.2012 10:03 79872]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [31.1.2014 11:44 76544]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [27.10.2011 13:17 41088]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [23.10.2013 9:15 172192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [27.10.2011 13:16 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [31.1.2014 11:44 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [31.1.2014 11:44 11136]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [24.4.2013 7:12 98816]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [31.1.2014 11:44 95616]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys [31.1.2014 11:44 70016]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [31.1.2014 11:44 27520]
S4 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [28.4.2014 12:20 1028688]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
MbnExt REG_MULTI_SZ MbnExt
.
Obsah adresáře 'Naplánované úlohy'
.
2014-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-02 13:43]
.
2014-07-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-14 23:28]
.
2014-07-16 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-14 23:28]
.
2014-07-16 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2013-04-25 15:36]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 217.197.152.132 217.197.144.22
FF - ProfilePath - c:\documents and settings\lehkozivova\Data aplikací\Mozilla\Firefox\Profiles\ecrk67au.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-16 13:39
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1992)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\HPZipm12.exe
c:\program files\TeamViewer\Version9\TeamViewer.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\RTHDCPL.EXE
c:\program files\TeamViewer\Version9\tv_w32.exe
c:\program files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmW.exe
c:\program files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmwj.exe
c:\program files\Cobian Backup 8\cbInterface.exe
c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\taskmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
.
**************************************************************************
.
Celkový čas: 2014-07-16 13:43:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-07-16 11:43
.
Před spuštěním: Volných bajtů: 468 192 452 608
Po spuštění: Volných bajtů: 469 594 525 696
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - CFD85825B5A259ABBC000D047A0E1808
413FC2A0C716421B3158746D63736515

Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Folder::
c:\program files\Ask.com

File::
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"=-
"SunJavaUpdateSched"=-

Driver::
Skype C2C Service

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Reboot::

Uložte naplochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spsutí a vykoná příkazy ze skriptu.

Obrázek

ComboFix 14-07-16.01 - lehkozivova 16.07.2014 14:41:24.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1959.1217 [GMT 2:00]
Spuštěný z: c:\documents and settings\lehkozivova\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\lehkozivova\Plocha\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\LEHKOZ~1\LOCALS~1\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\documents and settings\lehkozivova\Local Settings\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\precache.exe
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\Updater\config.xml
c:\program files\Ask.com\Updater\Updater.exe
c:\program files\Ask.com\UpdateTask.exe
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SKYPE_C2C_SERVICE
-------\Service_Skype C2C Service
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-06-16 do 2014-07-16 )))))))))))))))))))))))))))))))
.
.
2014-07-16 10:04 . 2014-07-16 10:04 -------- d-----w- C:\FRST
2014-07-15 11:16 . 2014-07-15 11:16 -------- d-----w- c:\documents and settings\lehkozivova\Data aplikací\AdobeChk
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 13:43 . 2012-07-02 06:17 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-09 13:43 . 2011-10-27 11:55 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-24 10:28 . 2014-04-28 10:20 97648 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-05-22 10:24 . 2014-04-28 10:20 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-05-07 13:02 . 2014-06-13 11:07 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-05-07 12:42 . 2014-06-13 11:07 145408 ----a-w- c:\windows\system32\javacpl.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7.6\ICQ.exe" [2011-11-01 127040]
"T-Mobile CManager"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2013-10-31 2166552]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-05-08 21444224]
"AdobeChk"="c:\documents and settings\lehkozivova\Data aplikací\AdobeChk\chk.exe" [2014-07-16 148992]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ZyngaGamesAgent"="c:\program files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-13 142360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-13 176152]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-13 145944]
"RTHDCPL"="RTHDCPL.EXE" [2011-01-03 20025960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Cobian Backup 8"="c:\program files\Cobian Backup 8\Cobian.exe" [2006-08-25 499200]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-02-02 45056]
"Launcher6015N"="c:\program files\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe" [2011-05-19 2571264]
"6015N RUN"="c:\program files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe" [2012-01-03 357376]
"StatusAutoRun6015N"="c:\program files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe" [2012-01-03 3658240]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-06-24 750160]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-06-30 187984]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\lehkozivova\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version9\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version9\\TeamViewer_Service.exe"=
.
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [27.10.2011 13:17 18544]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [28.4.2014 12:20 37352]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [28.4.2014 12:20 430160]
R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [30.6.2014 12:08 138832]
R2 MbnExt;Mobile Broadband Extension Service;c:\windows\system32\svchost.exe -k MbnExt [18.8.2004 14:00 14336]
R2 SCBackService;Splashtop Connect Service;c:\program files\Splashtop\Splashtop Connect\BackService.exe [15.11.2010 13:21 477000]
R2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [10.4.2014 10:14 5037888]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [27.10.2011 13:17 2655768]
R2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;c:\program files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [24.3.2011 6:37 493384]
R2 XRNADB;XRcnStatutsDatabase;c:\program files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe [3.1.2012 10:03 79872]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [31.1.2014 11:44 76544]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [27.10.2011 13:17 41088]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [23.10.2013 9:15 172192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [27.10.2011 13:16 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [31.1.2014 11:44 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [31.1.2014 11:44 11136]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [24.4.2013 7:12 98816]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [31.1.2014 11:44 95616]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys [31.1.2014 11:44 70016]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [31.1.2014 11:44 27520]
S4 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [28.4.2014 12:20 1028688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
MbnExt REG_MULTI_SZ MbnExt
.
Obsah adresáře 'Naplánované úlohy'
.
2014-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-02 13:43]
.
2014-07-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-14 23:28]
.
2014-07-16 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-14 23:28]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 217.197.152.132 217.197.144.22
FF - ProfilePath - c:\documents and settings\lehkozivova\Data aplikací\Mozilla\Firefox\Profiles\ecrk67au.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-16 14:48
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1096)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\logonui.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\HPZipm12.exe
c:\program files\TeamViewer\Version9\TeamViewer.exe
c:\program files\TeamViewer\Version9\tv_w32.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\RTHDCPL.EXE
c:\program files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmW.exe
c:\program files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmwj.exe
c:\program files\Cobian Backup 8\cbInterface.exe
c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
.
**************************************************************************
.
Celkový čas: 2014-07-16 14:52:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-07-16 12:52
ComboFix2.txt 2014-07-16 11:43
.
Před spuštěním: Volných bajtů: 469 594 832 896
Po spuštění: Volných bajtů: 469 490 233 344
.
- - End Of File - - ABCA21C1B3913E5F7656381E3094ED7A
413FC2A0C716421B3158746D63736515

Smazáno. CF odinstalujte pomocí T-Cleaneru: http://vyosek.tym.cz/pro_usery/T-Cleaner.exe . Nastala nějaká změna?

Co zkouším já, zdá se mi PC už úplně OK, rychleji naběhne atd atd ...
Nechám rodinku PC zatěžkat a kdyby něco, dám vědět, prozatím moc moc děkuji za pomoc!!

Prozatím nemáte zač!

VIRY.CZ

zpomalení PC, problém s přihlášením k osobnímu účtu

zpomalení PC, problém s přihlášením k osobnímu účtu

Re: zpomalení PC, problém s přihlášením k osobnímu účtu

Re: zpomalení PC, problém s přihlášením k osobnímu účtu

Re: zpomalení PC, problém s přihlášením k osobnímu účtu

Re: zpomalení PC, problém s přihlášením k osobnímu účtu

Re: zpomalení PC, problém s přihlášením k osobnímu účtu

Re: zpomalení PC, problém s přihlášením k osobnímu účtu

Re: zpomalení PC, problém s přihlášením k osobnímu účtu

Re: zpomalení PC, problém s přihlášením k osobnímu účtu