VIRY.CZ

Prosím o kontrolu.
Díky


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by zdenek (administrator) on ZDENEK on 20-09-2014 04:22:43
Running from C:\Documents and Settings\zdenek\Plocha
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(SafeNet Inc.) C:\WINDOWS\system32\hasplms.exe
(Intel Corporation) C:\WINDOWS\system32\IPROSetMonitor.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Opera Software) C:\Program Files\Opera\opera.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [rurimy] => C:\ks\rurimy.exe [917504 2008-04-15] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM\...\Run: [KeyLogger] => C:\Documents and Settings\zdenek\KeyLogger.exe [50176 2013-12-13] ()
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\...\Run: [] => [X]
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sadrokartoninterier.cz
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\zdenek\Data aplikací\Mozilla\Firefox\Profiles\fttanwyr.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Lišta Centrum.cz - C:\Documents and Settings\zdenek\Data aplikací\Mozilla\Firefox\Profiles\fttanwyr.default\Extensions\toolbar@centrumholdings.com [2014-03-29]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-08-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-08-20]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2014-03-21]

Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSearchURL: Default -> https://mail.google.com/mail/?extsrc=mailto&url=%s
CHR CustomProfile: C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-19]
CHR Extension: (Facebook) - C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2014-05-19]
CHR Extension: (My Car) - C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\fgnbcikpejkcghcggmjcmbhabjkmkfhg [2014-05-19]
CHR Extension: (converter) - C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gncebhdkjgopkmaklokjadihihfakeoi [2014-05-18]
CHR Extension: (Centrum.cz Email Notifikátor) - C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\hmmnahgmbjnpgdoadbfoficgoamahklm [2014-05-19]
CHR Extension: (Calculator) - C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\kdkgihpbaofhkiliohfepioflkkbapao [2014-05-19]
CHR Extension: (Dropdown List of Most Visited Links) - C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\logbmehmiacemkimbpcbjgaikobdndah [2014-05-18]
CHR Extension: (News and Pictures) - C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\mfkkkggciojbhfhehfaodadkoheomhbc [2014-05-19]
CHR Extension: (Google Wallet) - C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-19]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-18]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\zdenek\LOCALS~1\DATAAP~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-07-18]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-18] (AVAST Software)
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4683144 2014-03-11] (SafeNet Inc.)
R2 Intel(R) PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [109728 2011-02-28] (Intel Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-07-18] (Oracle Corporation)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151744 2014-02-13] (IObit)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SystemExplorerHelpService; C:\Program Files\System Explorer\service\SystemExplorerService.exe [567144 2014-08-13] (Mister Group)
S3 LOCG Service; C:\LOCG\Service\LOCG.Service.exe [X]
S2 LOCG Update Service; C:\LOCG\UpdateService\Locg.UpdateService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [425352 2014-03-11] (SafeNet Inc.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2000-01-01] (Creative)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-18] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-18] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-18] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-18] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-07-18] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-18] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-18] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-18] ()
S3 DrvAgent32; C:\WINDOWS\system32\Drivers\DrvAgent32.sys [23456 2014-02-02] (Phoenix Technologies) [File not signed]
R3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [171152 2008-08-20] (Intel Corporation)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [234888 2014-03-11] (SafeNet Inc.)
S3 IObitUnlocker; C:\Program Files\IObit\IObit Unlocker\IObitUnlocker.sys [26248 2011-03-09] ()
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2000-01-01] (Creative Technology Ltd.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [25434 2000-01-01] (Realtek Semiconductor Corporation )
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13464 2014-07-18] ()
R1 tStLib; C:\WINDOWS\System32\drivers\tStLib.sys [55232 2014-03-18] (StdLib)
S3 VClone; C:\WINDOWS\System32\DRIVERS\VClone.sys [30720 2013-07-24] (Elaborate Bytes AG) [File not signed]
S3 catchme; \??\C:\DOCUME~1\zdenek\LOCALS~1\Temp\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
U3 TlntSvr; No ImagePath
S3 UltraMonMirror; system32\DRIVERS\UltraMonMirror.sys [X]
U3 uftdypog; \??\C:\DOCUME~1\zdenek\LOCALS~1\Temp\uftdypog.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-20 04:22 - 2014-09-20 04:23 - 00013667 _____ () C:\Documents and Settings\zdenek\Plocha\FRST.txt
2014-09-20 04:22 - 2014-09-20 04:22 - 00000000 ____D () C:\FRST
2014-09-20 04:21 - 2014-09-20 04:21 - 01097728 _____ (Farbar) C:\Documents and Settings\zdenek\Plocha\FRST.exe
2014-09-20 03:50 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-09-20 03:49 - 2014-09-20 03:52 - 00000000 ____D () C:\AdwCleaner
2014-09-20 03:32 - 2014-09-20 03:32 - 00090112 _____ () C:\WINDOWS\Minidump\Mini092014-01.dmp
2014-09-20 03:02 - 2014-09-20 03:03 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\IObit Unlocker
2014-09-14 08:06 - 2014-09-14 08:39 - 00000000 ___SD () C:\ComboFix
2014-09-14 08:06 - 2011-06-26 08:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-09-14 08:06 - 2010-11-07 19:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-09-14 08:06 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-09-14 08:06 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-09-14 08:06 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-09-14 08:06 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-09-14 08:06 - 2000-08-31 02:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-09-14 08:06 - 2000-08-31 02:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-09-14 08:06 - 2000-08-31 02:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-09-14 07:55 - 2014-09-14 07:55 - 00000000 ____D () C:\WINDOWS\erdnt
2014-09-14 07:47 - 2014-09-14 07:47 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-09-14 07:47 - 2014-09-14 07:47 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Spybot - Search & Destroy
2014-09-12 22:39 - 2014-09-20 03:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-10 05:45 - 2014-09-12 06:53 - 00024064 _____ () C:\Documents and Settings\zdenek\Plocha\beránek.xls
2014-09-10 05:35 - 2014-09-12 06:59 - 00024064 _____ () C:\Documents and Settings\zdenek\Plocha\PŘEŠTICE.xls
2014-08-24 11:15 - 2014-08-24 11:06 - 00015326 _____ () C:\Quarantine.lst
2014-08-24 11:15 - 2014-08-24 11:06 - 00006761 _____ () C:\Quarantine.reg
2014-08-24 09:16 - 2014-08-24 09:16 - 00000000 ____D () C:\Documents and Settings\LocalService\Nabídka Start\Programy
2014-08-24 09:16 - 2014-08-24 09:16 - 00000000 ____D () C:\Documents and Settings\LocalService\Nabídka Start
2014-08-24 09:14 - 2014-08-24 09:14 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-08-24 09:14 - 2014-08-24 09:14 - 00001842 _____ () C:\Documents and Settings\All Users\Nabídka Start\Programy\Spybot-S&D Start Center.lnk
2014-08-24 09:14 - 2014-08-24 09:14 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Spybot - Search & Destroy 2
2014-08-24 09:14 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2014-08-24 09:13 - 2014-08-24 09:16 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-08-24 08:27 - 2014-09-07 09:22 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\SystemExplorer
2014-08-24 08:27 - 2014-08-24 08:27 - 00000000 ____D () C:\Program Files\System Explorer
2014-08-24 08:27 - 2014-08-24 08:27 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\System Explorer

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-20 04:25 - 2013-08-07 07:08 - 00000000 ____D () C:\Documents and Settings\zdenek\Local Settings\Temp
2014-09-20 04:23 - 2014-09-20 04:22 - 00013667 _____ () C:\Documents and Settings\zdenek\Plocha\FRST.txt
2014-09-20 04:22 - 2014-09-20 04:22 - 00000000 ____D () C:\FRST
2014-09-20 04:22 - 2013-08-07 07:08 - 00000000 ____D () C:\Documents and Settings\zdenek\Plocha
2014-09-20 04:21 - 2014-09-20 04:21 - 01097728 _____ (Farbar) C:\Documents and Settings\zdenek\Plocha\FRST.exe
2014-09-20 03:56 - 2013-08-07 07:01 - 01146448 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-20 03:54 - 2013-08-10 11:59 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-09-20 03:54 - 2013-08-10 11:59 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-09-20 03:53 - 2013-08-07 07:06 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-20 03:52 - 2014-09-20 03:49 - 00000000 ____D () C:\AdwCleaner
2014-09-20 03:52 - 2013-08-07 07:08 - 00000178 ___SH () C:\Documents and Settings\zdenek\ntuser.ini
2014-09-20 03:52 - 2013-08-07 07:06 - 00032574 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-20 03:51 - 2014-09-12 22:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-20 03:51 - 2013-08-07 08:51 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-09-20 03:51 - 2013-08-07 07:08 - 00000000 __RHD () C:\Documents and Settings\zdenek\Data aplikací
2014-09-20 03:51 - 2013-08-07 07:08 - 00000000 ___HD () C:\Documents and Settings\zdenek\Local Settings\Data aplikací
2014-09-20 03:32 - 2014-09-20 03:32 - 00090112 _____ () C:\WINDOWS\Minidump\Mini092014-01.dmp
2014-09-20 03:32 - 2014-02-26 18:43 - 00000000 ____D () C:\WINDOWS\Minidump
2014-09-20 03:08 - 2013-08-17 07:39 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-09-20 03:08 - 2013-08-09 07:39 - 00000000 ___RD () C:\Documents and Settings\zdenek\Plocha\Čištění
2014-09-20 03:03 - 2014-09-20 03:02 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\IObit Unlocker
2014-09-20 03:02 - 2014-02-13 13:02 - 00000000 ____D () C:\Program Files\IObit
2014-09-20 03:02 - 2013-08-07 08:51 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-09-20 02:11 - 2014-02-13 13:02 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\ProductData
2014-09-20 02:10 - 2008-04-14 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-19 20:36 - 2013-08-07 07:08 - 00000000 ____D () C:\Documents and Settings\zdenek
2014-09-19 18:12 - 2013-11-14 05:10 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2014-09-19 05:45 - 2014-03-27 12:43 - 00000000 ____D () C:\AdmWin
2014-09-16 06:35 - 2014-08-03 19:44 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-16 06:35 - 2013-08-09 19:31 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-09-16 06:35 - 2013-08-09 19:31 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-09-14 17:09 - 2014-05-04 08:05 - 00102912 ___SH () C:\Documents and Settings\zdenek\Plocha\Thumbs.db
2014-09-14 08:39 - 2014-09-14 08:06 - 00000000 ___SD () C:\ComboFix
2014-09-14 08:39 - 2013-08-07 07:06 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2014-09-14 08:11 - 2014-06-03 18:38 - 00000000 ____D () C:\Documents and Settings\zdenek\.ScreamingFrogSEOSpider
2014-09-14 07:55 - 2014-09-14 07:55 - 00000000 ____D () C:\WINDOWS\erdnt
2014-09-14 07:47 - 2014-09-14 07:47 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-09-14 07:47 - 2014-09-14 07:47 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Spybot - Search & Destroy
2014-09-13 18:21 - 2013-06-24 06:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-12 19:54 - 2014-03-27 10:17 - 00000000 ____D () C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Temp
2014-09-12 06:59 - 2014-09-10 05:35 - 00024064 _____ () C:\Documents and Settings\zdenek\Plocha\PŘEŠTICE.xls
2014-09-12 06:53 - 2014-09-10 05:45 - 00024064 _____ () C:\Documents and Settings\zdenek\Plocha\beránek.xls
2014-09-10 07:45 - 2013-08-20 16:46 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-10 07:28 - 2013-08-10 10:05 - 98758480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-08 19:01 - 2013-07-26 13:26 - 00000000 ____D () C:\Documents and Settings\zdenek\Data aplikací\vlc
2014-09-08 18:58 - 2013-07-26 13:22 - 00031232 _____ () C:\Documents and Settings\zdenek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-07 09:22 - 2014-08-24 08:27 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\SystemExplorer
2014-09-05 06:53 - 2013-08-09 07:35 - 00000000 ___RD () C:\Documents and Settings\zdenek\Plocha\Kancelář
2014-08-24 19:40 - 2013-08-10 07:31 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-08-24 19:39 - 2013-08-07 08:51 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
2014-08-24 11:06 - 2014-08-24 11:15 - 00015326 _____ () C:\Quarantine.lst
2014-08-24 11:06 - 2014-08-24 11:15 - 00006761 _____ () C:\Quarantine.reg
2014-08-24 09:57 - 2013-07-26 07:26 - 00000000 ____D () C:\Documents and Settings\zdenek\Dokumenty\Stažené soubory
2014-08-24 09:16 - 2014-08-24 09:16 - 00000000 ____D () C:\Documents and Settings\LocalService\Nabídka Start\Programy
2014-08-24 09:16 - 2014-08-24 09:16 - 00000000 ____D () C:\Documents and Settings\LocalService\Nabídka Start
2014-08-24 09:16 - 2014-08-24 09:13 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-08-24 09:16 - 2013-08-07 07:06 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-08-24 09:14 - 2014-08-24 09:14 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-08-24 09:14 - 2014-08-24 09:14 - 00001842 _____ () C:\Documents and Settings\All Users\Nabídka Start\Programy\Spybot-S&D Start Center.lnk
2014-08-24 09:14 - 2014-08-24 09:14 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Spybot - Search & Destroy 2
2014-08-24 09:10 - 2013-08-23 14:43 - 00000000 ____D () C:\WINDOWS\pss
2014-08-24 09:10 - 2013-08-07 08:50 - 00000211 __RSH () C:\boot.ini
2014-08-24 09:10 - 2008-04-14 14:00 - 00000649 _____ () C:\WINDOWS\win.ini
2014-08-24 09:10 - 2008-04-14 14:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-08-24 08:49 - 2013-08-07 07:08 - 00000000 ____D () C:\Documents and Settings\zdenek\Nabídka Start\Programy
2014-08-24 08:27 - 2014-08-24 08:27 - 00000000 ____D () C:\Program Files\System Explorer
2014-08-24 08:27 - 2014-08-24 08:27 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\System Explorer
2014-08-23 10:35 - 2014-05-24 20:02 - 00000000 ____D () C:\ASol

Files to move or delete:
====================
C:\Documents and Settings\zdenek\KeyLogger.exe


Some content of TEMP:
====================
C:\Documents and Settings\zdenek\Local Settings\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Zdravím!
Spusťte nejprve tuto utilitu:

Stáhněte AdwCleaner http://www.stahuj.centrum.cz/utility_a_ ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve >Scan< a potom na >Clean< (smazat)
Proběhne skenováni a pak se objeví log, který sem vložte.

Keylogger máte v PC vědomě?

Zdravím

vkládám log. O keylogeru nevím

# AdwCleaner v3.310 - Report created 20/09/2014 at 21:32:14
# Updated 12/09/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : zdenek - ZDENEK
# Running from : C:\Documents and Settings\zdenek\Plocha\adwcleaner_3.310.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Program Files\Mozilla Firefox\.autoreg

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v32.0.2 (x86 cs)

[ File : C:\Documents and Settings\zdenek\Data aplikací\Mozilla\Firefox\Profiles\fttanwyr.default\prefs.js ]


-\\ Google Chrome v37.0.2062.120

[ File : C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [10363 octets] - [20/09/2014 03:49:09]
AdwCleaner[R1].txt - [1232 octets] - [20/09/2014 21:28:23]
AdwCleaner[S0].txt - [10609 octets] - [20/09/2014 03:51:37]
AdwCleaner[S1].txt - [1107 octets] - [20/09/2014 21:32:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1167 octets] ##########

Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM\...\Run: [rurimy] => C:\ks\rurimy.exe [917504 2008-04-15] ()
C:\ks\rurimy.exe
HKLM\...\Run: [KeyLogger] => C:\Documents and Settings\zdenek\KeyLogger.exe [50176 2013-12-13] ()
C:\Documents and Settings\zdenek\KeyLogger.exe
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\...\Run: [] => [X]
CHR Extension: (Facebook) - C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2014-05-19]
U3 TlntSvr; No ImagePath
U3 uftdypog; \??\C:\DOCUME~1\zdenek\LOCALS~1\Temp\uftdypog.sys [X]
C:\DOCUME~1\zdenek\LOCALS~1\Temp\uftdypog.sys
C:\Documents and Settings\zdenek\Local Settings\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.