Opakující se problém

Zpráva

Endru-x · #1 Příspěvek od **Endru-x** » 08 říj 2014 15:56

Zdravím,
opakuje se u mne stejný problém jako nedávno zde http://forum.viry.cz/viewtopic.php?f=13&t=140275,
přidala se i podoba rekl. banerů, které se sami vkládají do webových stránek takže na první pohled vypadají že tam patří, při snaze na něco kliknout ujíždí myš, atp
Log z adw a poté log z rsit níže
Děkuji předem

# AdwCleaner v3.311 - Report created 08/10/2014 at 16:45:53
# Updated 30/09/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : ATP13 - ATP13
# Running from : C:\Documents and Settings\ATP13\Plocha\adwcleaner_3.311.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v32.0.3 (x86 cs)

[ File : C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\a3hody0q.default\prefs.js ]

[ File : C:\Documents and Settings\ATP13\Data aplikací\Mozilla\Firefox\Profiles\yigveg2h.default\prefs.js ]

Line Deleted : user_pref("extensions.aEOPN29927080OCIFAPD100469180com61758.61758.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%2C%22anth[...]
Line Deleted : user_pref("extensions.aEOPN29927080OCIFAPD100469180com61758.61758.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%[...]

-\\ Google Chrome v

[ File : C:\Documents and Settings\ATP13\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [15252 octets] - [17/09/2014 07:47:29]
AdwCleaner[R1].txt - [1671 octets] - [08/10/2014 16:41:52]
AdwCleaner[R2].txt - [1731 octets] - [08/10/2014 16:45:13]
AdwCleaner[S0].txt - [14511 octets] - [17/09/2014 07:51:39]
AdwCleaner[S1].txt - [1656 octets] - [08/10/2014 16:45:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1716 octets] ##########

Logfile of random's system information tool 1.10 (written by random/random)
Run by ATP13 at 2014-10-08 16:48:51
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 10 GB (31%) free of 33 GB
Total RAM: 3032 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:49:12, on 8.10.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
c:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe
E:\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\WINDOWS\MHotkey.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\ATP13\Data aplikací\Seznam.cz\szninstall.exe
C:\WINDOWS\ChiFuncExt.exe
C:\Documents and Settings\ATP13\Plocha\RSIT.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\trend micro\ATP13.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\MICTOS~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LchDrvKey] LchDrvKey.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RDS\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RDS\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [CnwiDeviceAgent] C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "E:\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ADSK DLMSession] C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
O4 - HKLM\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKLM\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Documents and Settings\ATP13\Data aplikací\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Documents and Settings\ATP13\Data aplikací\Seznam.cz\bin\wszndesktop.exe" -q
O4 - Global Startup: imagePROGRAF Status Monitor.lnk = C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwism.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://E:\MICTOS~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://E:\MICTOS~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Mictosoft\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Mictosoft\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Mictosoft\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Mictosoft\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B2C0B8A-CFE3-4669-8C31-1FF393F42309}: NameServer = 10.0.0.1
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Canon imagePROGRAF Status Monitor - CANON INC - C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: vToolbarUpdater3.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe (file missing)

--
End of file - 8381 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe -c
C:\WINDOWS\tasks\User_Feed_Synchronization-{2EA5DFD5-E485-4540-B5F4-CEEC9C31E6E5}.job - C:\WINDOWS\system32\msfeedssync.exe sync

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\ATP13\Data aplikací\Mozilla\Firefox\Profiles\yigveg2h.default

prefs.js - "browser.startup.homepage" - "http://www.google.cz/"
prefs.js - "extensions.enabledItems" - "{AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, web2pdfextension@web2pdf.adobedotcom:1.0, jqs@sun.com:1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13"
prefs.js - "keyword.URL" - ""

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"web2pdfextension@web2pdf.adobedotcom"=E:\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.152 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.67.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=E:\MICTOS~1\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=E:\MICTOS~1\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Acrobat]
"Description"=Handles PDFs in-place in Firefox
"Path"=E:\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

E:\Mozilla\Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

E:\Mozilla\Firefox\plugins\
nppdf32.CZE
nppdf32.dll
nppdf32.HRV
nppdf32.HUN
nppdf32.POL
nppdf32.SKY
nppdf32.SLV

C:\Documents and Settings\ATP13\Data aplikací\Mozilla\Firefox\Profiles\yigveg2h.default\extensions\
EOPN29927080@OCIFAPD100469180.com
{ea614400-e918-4741-9a97-7a972ff7c30b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-09-17 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08 343424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - E:\MICTOS~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-09-17 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08 343424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08 343424]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-03-11 141336]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-03-11 173592]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2009-03-11 142872]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-02-03 18085888]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"LchDrvKey"=C:\WINDOWS\LchDrvKey.exe [2007-03-28 36864]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]
"JobHisInit"=C:\Program Files\RDS\RMClient\JobHisInit.exe [2005-11-01 151552]
"MplSetUp"=C:\Program Files\RDS\RMClient\MplSetUp.exe [2005-06-01 40960]
"CnwiDeviceAgent"=C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe [2009-10-09 64272]
"Adobe Acrobat Speed Launcher"=E:\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [2014-05-08 41336]
"Acrobat Assistant 8.0"=E:\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2014-05-08 840568]
"ADSK DLMSession"=C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [2012-05-15 1632216]
"Autodesk Sync"=C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2012-02-06 383424]
"DWQueuedReporting"=C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe [2013-03-06 520424]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"AVG_UI"=C:\Program Files\AVG\AVG2014\avgui.exe [2014-08-25 5188112]
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"cz.seznam.software.autoupdate"=C:\Documents and Settings\ATP13\Data aplikací\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Documents and Settings\ATP13\Data aplikací\Seznam.cz\bin\wszndesktop.exe [2013-04-12 92664]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
imagePROGRAF Status Monitor.lnk - C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwism.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2009-03-05 206848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
""=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Mictosoft\Microsoft Office\Office14\ONENOTE.EXE"="E:\Mictosoft\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"E:\Mictosoft\Microsoft Office\Office14\OUTLOOK.EXE"="E:\Mictosoft\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\xerox\NetworkScan\NSCSysUI_XEROX.exe"="C:\Program Files\xerox\NetworkScan\NSCSysUI_XEROX.exe:*:Enabled:SysTrayUI Module"
"C:\Documents and Settings\ATP13\Local Settings\Data aplikací\Akamai\netsession_win.exe"="C:\Documents and Settings\ATP13\Local Settings\Data aplikací\Akamai\netsession_win.exe:*:Disabled:Akamai NetSession Client"
"C:\Program Files\AVG\AVG2014\avgmfapx.exe"="C:\Program Files\AVG\AVG2014\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\AVG\AVG2014\avgnsx.exe"="C:\Program Files\AVG\AVG2014\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG2014\avgdiagex.exe"="C:\Program Files\AVG\AVG2014\avgdiagex.exe:*:Enabled:AVG Diagnostika 2014"
"C:\Program Files\AVG\AVG2014\avgemcx.exe"="C:\Program Files\AVG\AVG2014\avgemcx.exe:*:Enabled:Obecná kontrola pošty"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2014-09-22 09:19:55 ----D---- C:\_OTM
2014-09-17 08:01:53 ----D---- C:\Program Files\Common Files\Java
2014-09-17 08:01:47 ----A---- C:\WINDOWS\system32\javaws.exe
2014-09-17 08:01:40 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-09-17 08:01:39 ----A---- C:\WINDOWS\system32\javaw.exe
2014-09-17 08:01:39 ----A---- C:\WINDOWS\system32\java.exe
2014-09-17 08:01:29 ----D---- C:\Program Files\Java
2014-09-17 07:47:59 ----A---- C:\WINDOWS\system32\sqlite3.dll
2014-09-17 07:47:27 ----D---- C:\AdwCleaner
2014-09-16 11:24:27 ----D---- C:\Program Files\trend micro
2014-09-16 11:24:26 ----D---- C:\rsit
2014-09-16 11:08:54 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2014-09-16 11:08:54 ----A---- C:\WINDOWS\system32\drivers\mbamchameleon.sys
2014-09-16 11:08:54 ----A---- C:\WINDOWS\system32\drivers\mbam.sys

======List of files/folders modified in the last 1 month======

2014-10-08 16:49:10 ----D---- C:\WINDOWS\system32\CatRoot2
2014-10-08 16:47:32 ----D---- C:\WINDOWS\Temp
2014-10-08 16:46:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-10-08 16:46:04 ----D---- C:\WINDOWS\Prefetch
2014-10-08 16:29:47 ----D---- C:\Documents and Settings\ATP13\Data aplikací\Seznam.cz
2014-10-08 16:29:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2014-10-08 16:24:01 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-10-07 10:04:15 ----A---- C:\WINDOWS\hpbafd.ini
2014-10-06 09:10:06 ----D---- C:\WINDOWS\system32
2014-10-06 09:10:06 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-10-06 08:51:28 ----SHD---- C:\WINDOWS\Installer
2014-09-23 12:20:49 ----SD---- C:\Documents and Settings\ATP13\Data aplikací\Microsoft
2014-09-22 09:24:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG2014
2014-09-22 09:23:50 ----SHD---- C:\WINDOWS\CSC
2014-09-22 09:23:49 ----D---- C:\WINDOWS\Minidump
2014-09-22 09:23:49 ----D---- C:\WINDOWS
2014-09-22 09:19:57 ----RD---- C:\Program Files\Skype
2014-09-17 08:01:53 ----D---- C:\Program Files\Common Files
2014-09-17 08:01:29 ----RD---- C:\Program Files
2014-09-17 07:51:58 ----D---- C:\WINDOWS\system32\drivers
2014-09-17 07:51:47 ----SD---- C:\WINDOWS\Tasks
2014-09-16 11:02:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-09-11 14:41:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2014-09-11 14:41:18 ----D---- C:\WINDOWS\system32\MRT
2014-09-11 14:34:27 ----A---- C:\WINDOWS\system32\MRT.exe
2014-09-11 08:49:56 ----HD---- C:\WINDOWS\inf

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHX;AVGIDSHX; C:\WINDOWS\system32\DRIVERS\avgidshx.sys [2014-06-17 147736]
R0 Avglogx;AVG Logging Driver; C:\WINDOWS\system32\DRIVERS\avglogx.sys [2014-06-17 241944]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2014-08-06 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2014-06-17 27416]
R1 Avgdiskx;AVG Disk Driver; C:\WINDOWS\system32\DRIVERS\avgdiskx.sys [2014-06-30 121624]
R1 AVGIDSDriverl;AVGIDSDriverl; C:\WINDOWS\system32\DRIVERS\avgidsdriverlx.sys [2014-07-21 191256]
R1 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys [2014-06-17 21272]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2014-06-17 188696]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2014-06-17 197400]
R1 avgtp;avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K; C:\WINDOWS\system32\DRIVERS\e1k5132.sys [2008-10-24 149600]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2008-10-20 40832]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-03-05 6312928]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-02-03 5030912]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Autodesk Content Service;Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [2014-08-25 3242000]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [2014-08-25 289328]
R2 Canon imagePROGRAF Status Monitor;Canon imagePROGRAF Status Monitor; C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe [2009-10-09 688912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2014-09-17 182696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 vToolbarUpdater3.2.0;vToolbarUpdater3.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-06 267440]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-12-05 1044816]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-10-07 114288]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 08 říj 2014 17:12

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\Documents and Settings\ATP13\Local Settings\Data aplikací\Akamai

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Před skenem vypněte antivir a po něm restartujte PC. Dejte nový log RSIT.

Endru-x · #3 Příspěvek od **Endru-x** » 13 říj 2014 06:39

Bohužel na plochu se mi nedaří soubor uložit, přitom kamkoliv jinam ano (hlášení jako soubor nelze přesunout ověřte zda není používám nebo zda není plný disk), např pokud na ploše vytvořím složku tak do ní OTM bez problému uložím.

Endru-x · #4 Příspěvek od **Endru-x** » 13 říj 2014 06:41

Stažení na plochu je ve správci stahování vždy označeno jako že selhalo.

#5 Příspěvek od **Rudy** » 13 říj 2014 17:29

Můžete i jinam, OTM funguje z kteréhokoli adresáře.

Endru-x · #6 Příspěvek od **Endru-x** » 14 říj 2014 06:31

Logfile of random's system information tool 1.10 (written by random/random)
Run by ATP13 at 2014-10-14 07:30:28
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 10 GB (32%) free of 33 GB
Total RAM: 3032 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:31:01, on 14.10.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
c:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe
E:\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe
E:\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\ATP13\Data aplikací\Seznam.cz\szninstall.exe
C:\WINDOWS\MHotkey.exe
C:\WINDOWS\ChiFuncExt.exe
C:\Documents and Settings\ATP13\Plocha\RSIT.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\trend micro\ATP13.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\MICTOS~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LchDrvKey] LchDrvKey.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RDS\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RDS\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [CnwiDeviceAgent] C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "E:\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ADSK DLMSession] C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
O4 - HKLM\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKLM\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Documents and Settings\ATP13\Data aplikací\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Documents and Settings\ATP13\Data aplikací\Seznam.cz\bin\wszndesktop.exe" -q
O4 - Global Startup: imagePROGRAF Status Monitor.lnk = C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwism.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://E:\MICTOS~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://E:\MICTOS~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Mictosoft\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Mictosoft\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Mictosoft\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Mictosoft\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B2C0B8A-CFE3-4669-8C31-1FF393F42309}: NameServer = 10.0.0.1
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Canon imagePROGRAF Status Monitor - CANON INC - C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: vToolbarUpdater3.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe (file missing)

--
End of file - 8427 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe -c
C:\WINDOWS\tasks\User_Feed_Synchronization-{2EA5DFD5-E485-4540-B5F4-CEEC9C31E6E5}.job - C:\WINDOWS\system32\msfeedssync.exe sync

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\ATP13\Data aplikací\Mozilla\Firefox\Profiles\yigveg2h.default

prefs.js - "browser.startup.homepage" - "http://www.google.cz/"
prefs.js - "extensions.enabledItems" - "{AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, web2pdfextension@web2pdf.adobedotcom:1.0, jqs@sun.com:1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13"
prefs.js - "keyword.URL" - ""

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"web2pdfextension@web2pdf.adobedotcom"=E:\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.152 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.67.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=E:\MICTOS~1\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=E:\MICTOS~1\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Acrobat]
"Description"=Handles PDFs in-place in Firefox
"Path"=E:\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

E:\Mozilla\Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

E:\Mozilla\Firefox\plugins\
nppdf32.CZE
nppdf32.dll
nppdf32.HRV
nppdf32.HUN
nppdf32.POL
nppdf32.SKY
nppdf32.SLV

C:\Documents and Settings\ATP13\Data aplikací\Mozilla\Firefox\Profiles\yigveg2h.default\extensions\
EOPN29927080@OCIFAPD100469180.com
{ea614400-e918-4741-9a97-7a972ff7c30b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-09-17 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08 343424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - E:\MICTOS~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-09-17 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08 343424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08 343424]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-03-11 141336]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-03-11 173592]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2009-03-11 142872]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-02-03 18085888]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"LchDrvKey"=C:\WINDOWS\LchDrvKey.exe [2007-03-28 36864]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]
"JobHisInit"=C:\Program Files\RDS\RMClient\JobHisInit.exe [2005-11-01 151552]
"MplSetUp"=C:\Program Files\RDS\RMClient\MplSetUp.exe [2005-06-01 40960]
"CnwiDeviceAgent"=C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe [2009-10-09 64272]
"Adobe Acrobat Speed Launcher"=E:\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [2014-05-08 41336]
"Acrobat Assistant 8.0"=E:\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2014-05-08 840568]
"ADSK DLMSession"=C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [2012-05-15 1632216]
"Autodesk Sync"=C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2012-02-06 383424]
"DWQueuedReporting"=C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe [2013-03-06 520424]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"AVG_UI"=C:\Program Files\AVG\AVG2014\avgui.exe [2014-08-25 5188112]
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"cz.seznam.software.autoupdate"=C:\Documents and Settings\ATP13\Data aplikací\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Documents and Settings\ATP13\Data aplikací\Seznam.cz\bin\wszndesktop.exe [2013-04-12 92664]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
imagePROGRAF Status Monitor.lnk - C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwism.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2009-03-05 206848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
""=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Mictosoft\Microsoft Office\Office14\ONENOTE.EXE"="E:\Mictosoft\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"E:\Mictosoft\Microsoft Office\Office14\OUTLOOK.EXE"="E:\Mictosoft\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\xerox\NetworkScan\NSCSysUI_XEROX.exe"="C:\Program Files\xerox\NetworkScan\NSCSysUI_XEROX.exe:*:Enabled:SysTrayUI Module"
"C:\Documents and Settings\ATP13\Local Settings\Data aplikací\Akamai\netsession_win.exe"="C:\Documents and Settings\ATP13\Local Settings\Data aplikací\Akamai\netsession_win.exe:*:Disabled:Akamai NetSession Client"
"C:\Program Files\AVG\AVG2014\avgmfapx.exe"="C:\Program Files\AVG\AVG2014\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\AVG\AVG2014\avgnsx.exe"="C:\Program Files\AVG\AVG2014\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG2014\avgdiagex.exe"="C:\Program Files\AVG\AVG2014\avgdiagex.exe:*:Enabled:AVG Diagnostika 2014"
"C:\Program Files\AVG\AVG2014\avgemcx.exe"="C:\Program Files\AVG\AVG2014\avgemcx.exe:*:Enabled:Obecná kontrola pošty"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2014-09-22 09:19:55 ----D---- C:\_OTM
2014-09-17 08:01:53 ----D---- C:\Program Files\Common Files\Java
2014-09-17 08:01:47 ----A---- C:\WINDOWS\system32\javaws.exe
2014-09-17 08:01:40 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-09-17 08:01:39 ----A---- C:\WINDOWS\system32\javaw.exe
2014-09-17 08:01:39 ----A---- C:\WINDOWS\system32\java.exe
2014-09-17 08:01:29 ----D---- C:\Program Files\Java
2014-09-17 07:47:59 ----A---- C:\WINDOWS\system32\sqlite3.dll
2014-09-17 07:47:27 ----D---- C:\AdwCleaner
2014-09-16 11:24:27 ----D---- C:\Program Files\trend micro
2014-09-16 11:24:26 ----D---- C:\rsit
2014-09-16 11:08:54 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2014-09-16 11:08:54 ----A---- C:\WINDOWS\system32\drivers\mbamchameleon.sys
2014-09-16 11:08:54 ----A---- C:\WINDOWS\system32\drivers\mbam.sys

======List of files/folders modified in the last 1 month======

2014-10-14 07:30:59 ----D---- C:\WINDOWS\system32\CatRoot2
2014-10-14 07:30:09 ----D---- C:\WINDOWS\Temp
2014-10-14 07:28:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-10-14 07:27:01 ----D---- C:\Documents and Settings\ATP13\Data aplikací\Seznam.cz
2014-10-14 07:26:48 ----D---- C:\WINDOWS\Prefetch
2014-10-14 07:25:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2014-10-13 07:23:50 ----SHD---- C:\WINDOWS\Installer
2014-10-08 16:24:01 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-10-07 10:04:15 ----A---- C:\WINDOWS\hpbafd.ini
2014-10-06 09:10:06 ----D---- C:\WINDOWS\system32
2014-10-06 09:10:06 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-09-23 12:20:49 ----SD---- C:\Documents and Settings\ATP13\Data aplikací\Microsoft
2014-09-22 09:24:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG2014
2014-09-22 09:23:50 ----SHD---- C:\WINDOWS\CSC
2014-09-22 09:23:49 ----D---- C:\WINDOWS\Minidump
2014-09-22 09:23:49 ----D---- C:\WINDOWS
2014-09-22 09:19:57 ----RD---- C:\Program Files\Skype
2014-09-17 08:01:53 ----D---- C:\Program Files\Common Files
2014-09-17 08:01:29 ----RD---- C:\Program Files
2014-09-17 07:51:58 ----D---- C:\WINDOWS\system32\drivers
2014-09-17 07:51:47 ----SD---- C:\WINDOWS\Tasks
2014-09-16 11:02:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHX;AVGIDSHX; C:\WINDOWS\system32\DRIVERS\avgidshx.sys [2014-06-17 147736]
R0 Avglogx;AVG Logging Driver; C:\WINDOWS\system32\DRIVERS\avglogx.sys [2014-06-17 241944]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2014-08-06 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2014-06-17 27416]
R1 Avgdiskx;AVG Disk Driver; C:\WINDOWS\system32\DRIVERS\avgdiskx.sys [2014-06-30 121624]
R1 AVGIDSDriverl;AVGIDSDriverl; C:\WINDOWS\system32\DRIVERS\avgidsdriverlx.sys [2014-07-21 191256]
R1 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys [2014-06-17 21272]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2014-06-17 188696]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2014-06-17 197400]
R1 avgtp;avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K; C:\WINDOWS\system32\DRIVERS\e1k5132.sys [2008-10-24 149600]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2008-10-20 40832]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-03-05 6312928]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-02-03 5030912]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Autodesk Content Service;Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [2014-08-25 3242000]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [2014-08-25 289328]
R2 Canon imagePROGRAF Status Monitor;Canon imagePROGRAF Status Monitor; C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe [2009-10-09 688912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2014-09-17 182696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 vToolbarUpdater3.2.0;vToolbarUpdater3.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-06 267440]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-12-05 1044816]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-10-07 114288]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#7 Příspěvek od **Rudy** » 14 říj 2014 17:28

Smazáno. Znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC. Nastala nějaká změna?

Endru-x · #8 Příspěvek od **Endru-x** » 15 říj 2014 13:19

Více méně beze změn stále vyskakují okna. Možná trochu polevily reklamy co vypadají jako nicméně samovolně okna vyskakují stále

#9 Příspěvek od **Rudy** » 15 říj 2014 17:56

Spusťte ještě toto: http://thisisudax.org/downloads/JRT.exe . Dejte log.

Endru-x · #10 Příspěvek od **Endru-x** » 21 říj 2014 13:58

Log níže,
ještě jsem si všiml - ihned po otevření okna prohlížeče (mozilla) proběhne (problikne) krátké stahování cca (0,5 sec) jakoby se něco stáhlo, ačkoli ve správci stahování nic nového staženého není.

Většina samovolně otvíraných oken je má adresu která začíná all.ghoritm

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Microsoft Windows XP x86
Ran by ATP13 on Łt 21.10.2014 at 14:48:59,60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update hulatoo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util hulatoo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110511951168}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F2831DD4-2CCC-4EC8-9BE0-6BD042B9B4AB}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\ATP13\Data aplikacˇ\getrighttogo"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 21.10.2014 at 14:50:57,57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Endru-x · #11 Příspěvek od **Endru-x** » 21 říj 2014 14:02

Opravuji,
alh.gogorithm.com

#12 Příspěvek od **Rudy** » 21 říj 2014 17:59

Pokud stále vyskakují, dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

Endru-x · #13 Příspěvek od **Endru-x** » 23 říj 2014 13:57

ComboFix 14-10-21.01 - ATP13 23.10.2014 14:46:20.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3032.1980 [GMT 2:00]
Spuštěný z: c:\documents and settings\ATP13\Plocha\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Config\uninstinethnfd.exe
c:\program files\Common Files\Config\ver.xml
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETHFDRV
-------\Legacy_SERVICEUPDATER
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-09-23 do 2014-10-23 )))))))))))))))))))))))))))))))
.
.
2014-10-21 12:48 . 2014-10-21 12:48 -------- d-----w- c:\windows\ERUNT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-06 07:10 . 2012-04-07 12:59 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-10-06 07:10 . 2011-10-08 10:10 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-17 06:01 . 2014-09-17 06:01 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-09-17 06:01 . 2014-09-17 06:01 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-09-04 07:59 . 2014-09-04 07:59 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-08-06 08:49 . 2014-06-17 14:06 98584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cz.seznam.software.autoupdate"="c:\documents and settings\ATP13\Data aplikací\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\documents and settings\ATP13\Data aplikací\Seznam.cz\bin\wszndesktop.exe" [2013-04-12 92664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-11 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-11 142872]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
"LchDrvKey"="LchDrvKey.exe" [2007-03-28 36864]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"JobHisInit"="c:\program files\RDS\RMClient\JobHisInit.exe" [2005-11-01 151552]
"MplSetUp"="c:\program files\RDS\RMClient\MplSetUp.exe" [2005-06-01 40960]
"CnwiDeviceAgent"="c:\program files\Canon\imagePROGRAFStatusMonitor\cnwida.exe" [2009-10-09 64272]
"Adobe Acrobat Speed Launcher"="e:\adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2014-05-08 41336]
"Acrobat Assistant 8.0"="e:\adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2014-05-08 840568]
"ADSK DLMSession"="c:\program files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe" [2012-05-15 1632216]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 383424]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2013-03-06 520424]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-08-25 5188112]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
imagePROGRAF Status Monitor.lnk - c:\program files\Canon\imagePROGRAFStatusMonitor\cnwism.exe /w [2011-3-1 431888]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Mictosoft\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"e:\\Mictosoft\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50248:TCP"= 50248:TCP:Autodesk Content Service
"1038:TCP"= 1038:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R?2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [31.1.2012 11:46 19232]
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [17.6.2014 16:17 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [17.6.2014 16:18 241944]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [17.6.2014 16:06 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [30.6.2014 12:43 121624]
R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [17.6.2014 16:17 191256]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [17.6.2014 16:06 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [17.6.2014 16:22 188696]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [17.6.2014 16:21 197400]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [4.9.2014 9:59 42784]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [25.8.2014 11:42 3242000]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [25.8.2014 11:38 289328]
R2 Canon imagePROGRAF Status Monitor;Canon imagePROGRAF Status Monitor;c:\program files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe -service --> c:\program files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe -service [?]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [28.2.2011 15:08 149600]
S2 vToolbarUpdater3.2.0;vToolbarUpdater3.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28.2.2011 15:04 1684736]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2014-10-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 07:10]
.
2014-10-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-27 23:28]
.
2014-10-23 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-27 23:28]
.
2014-10-23 c:\windows\Tasks\User_Feed_Synchronization-{2EA5DFD5-E485-4540-B5F4-CEEC9C31E6E5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - e:\mictos~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - e:\mictos~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: Interfaces\{3B2C0B8A-CFE3-4669-8C31-1FF393F42309}: NameServer = 10.0.0.1
FF - ProfilePath - c:\documents and settings\ATP13\Data aplikací\Mozilla\Firefox\Profiles\yigveg2h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL -
FF - ExtSQL: !HIDDEN! 2011-03-01 18:27; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
------- Asociace souborů -------
.
.scr=AutoCADLTScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Akamai - c:\documents and settings\ATP13\Local Settings\Data aplikací\Akamai\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-10-23 14:51
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2456)
c:\windows\system32\AcSignIcon.dll
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\MHotkey.exe
c:\windows\ChiFuncExt.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2014-10-23 14:52:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-10-23 12:52
.
Před spuštěním: Volných bajtů: 10 573 459 456
Po spuštění: Volných bajtů: 10 413 477 888
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 20A4BDD0FBDE971E7420D1CA50351C74
413FC2A0C716421B3158746D63736515

#14 Příspěvek od **Rudy** » 23 říj 2014 18:28

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1038:TCP"=-
"5000:UDP"=-

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

Reboot::

Uložte na plochu jako CFScript.txt.Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spsutí a vykoná příkazy ze skriptu.

Obrázek

Endru-x · #15 Příspěvek od **Endru-x** » 27 říj 2014 08:33

ComboFix 14-10-27.01 - ATP13 27.10.2014 8:23.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3032.1904 [GMT 1:00]
Spuštěný z: c:\documents and settings\ATP13\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\ATP13\Plocha\CFScript.txt
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\AdobePDF.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-09-27 do 2014-10-27 )))))))))))))))))))))))))))))))
.
.
2014-10-21 12:48 . 2014-10-21 12:48 -------- d-----w- c:\windows\ERUNT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-06 07:10 . 2012-04-07 12:59 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-10-06 07:10 . 2011-10-08 10:10 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-17 06:01 . 2014-09-17 06:01 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-09-17 06:01 . 2014-09-17 06:01 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-09-04 07:59 . 2014-09-04 07:59 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-08-06 08:49 . 2014-06-17 14:06 98584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cz.seznam.software.autoupdate"="c:\documents and settings\ATP13\Data aplikací\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\documents and settings\ATP13\Data aplikací\Seznam.cz\bin\wszndesktop.exe" [2013-04-12 92664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-11 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-11 142872]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
"LchDrvKey"="LchDrvKey.exe" [2007-03-28 36864]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"JobHisInit"="c:\program files\RDS\RMClient\JobHisInit.exe" [2005-11-01 151552]
"MplSetUp"="c:\program files\RDS\RMClient\MplSetUp.exe" [2005-06-01 40960]
"CnwiDeviceAgent"="c:\program files\Canon\imagePROGRAFStatusMonitor\cnwida.exe" [2009-10-09 64272]
"Adobe Acrobat Speed Launcher"="e:\adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2014-05-08 41336]
"Acrobat Assistant 8.0"="e:\adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2014-05-08 840568]
"ADSK DLMSession"="c:\program files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe" [2012-05-15 1632216]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 383424]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2013-03-06 520424]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-08-25 5188112]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
imagePROGRAF Status Monitor.lnk - c:\program files\Canon\imagePROGRAFStatusMonitor\cnwism.exe /w [2011-3-1 431888]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Mictosoft\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"e:\\Mictosoft\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50248:TCP"= 50248:TCP:Autodesk Content Service
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [17.6.2014 15:17 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [17.6.2014 15:18 241944]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [17.6.2014 15:06 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [30.6.2014 11:43 121624]
R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [17.6.2014 15:17 191256]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [17.6.2014 15:06 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [17.6.2014 15:22 188696]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [17.6.2014 15:21 197400]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [4.9.2014 8:59 42784]
R2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [31.1.2012 10:46 19232]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [25.8.2014 10:42 3242000]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [25.8.2014 10:38 289328]
R2 Canon imagePROGRAF Status Monitor;Canon imagePROGRAF Status Monitor;c:\program files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe -service --> c:\program files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe -service [?]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [28.2.2011 14:08 149600]
S2 vToolbarUpdater3.2.0;vToolbarUpdater3.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28.2.2011 14:04 1684736]
.
Obsah adresáře 'Naplánované úlohy'
.
2014-10-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 07:10]
.
2014-10-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-27 23:28]
.
2014-10-27 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-27 23:28]
.
2014-10-27 c:\windows\Tasks\User_Feed_Synchronization-{2EA5DFD5-E485-4540-B5F4-CEEC9C31E6E5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - e:\mictos~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - e:\mictos~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: Interfaces\{3B2C0B8A-CFE3-4669-8C31-1FF393F42309}: NameServer = 10.0.0.1
FF - ProfilePath - c:\documents and settings\ATP13\Data aplikací\Mozilla\Firefox\Profiles\yigveg2h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL -
FF - ExtSQL: !HIDDEN! 2011-03-01 18:27; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-10-27 08:29
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(508)
c:\windows\system32\AcSignIcon.dll
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\MHotkey.exe
c:\windows\ChiFuncExt.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2014-10-27 08:31:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-10-27 07:31
ComboFix2.txt 2014-10-23 12:52
.
Před spuštěním: Volných bajtů: 10 359 312 384
Po spuštění: Volných bajtů: 10 344 599 552
.
- - End Of File - - 912B539D4FFEA4B86834A44B61E8419B
413FC2A0C716421B3158746D63736515

VIRY.CZ

Opakující se problém

Opakující se problém

Re: Opakující se problém

Re: Opakující se problém

Re: Opakující se problém

Re: Opakující se problém

Re: Opakující se problém

Re: Opakující se problém

Re: Opakující se problém

Re: Opakující se problém

Re: Opakující se problém

Re: Opakující se problém

Re: Opakující se problém

Re: Opakující se problém

Re: Opakující se problém

Re: Opakující se problém