Nenacte se plocha, ikony

Zpráva

kajca · #1 Příspěvek od **kajca** » 11 říj 2014 17:28

Dobrý den, potřebovala bych pomoct s tímto problémem. Stalo se mi to před asi měsícem poprvé, od té doby to dělá při každém spuštění PC. Po přihlaseni se mi objeví nějaké dvě chyby, že se nepodařilo nakonfigurovat nastavení uživatele a odpočítává se 30 sekund a pak se automaticky dá ok. Potom probíhá vše obvykle- zobrazí se načítaní s modrou obrazovkou, ale pak se nenačte obvyklá plocha, změní se mi tapeta(ta windows louka) a v hornim levem rohu se objevi okno, kde běží nějaké opětovné konfigurování programů. Do dneška jsem to nijak neřešila, protože se to pak vždy rozběhlo a ikony se nakonec zobrazily-akorát jsem vždycky přišla o ulozenou práci z minuleho dne, tak jsem musela zalohovat pred vypnutim treba na flashku. Dnes se mi ale stalo, že se to okno v levem hornim rohu seklo na nějakem programu a zadne ikony, ani start panel se nenacetl. Dalo se pres ctrl alt delete dostat na procesy, ale nerozumím tomu, tak jsem zašla sem. Ted jsem v nouzovem rezimu a budu moc ráda, když mi pomůžete, protože jsem absolutně bezradná!

prikladam log z FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-10-2014 (ATTENTION: ====> FRST version is 30 days old and could be outdated)
Ran by Kajka (administrator) on KAJA on 10-11-2014 18:02:21
Running from C:\Documents and Settings\TEMP.KAJA\Dokumenty\Downloads
Loaded Profile: Kajka (Available profiles: Kajka)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\WINDOWS\system32\WgaTray.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AzMixerSel] => C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [53248 2005-06-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16132608 2007-05-28] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [SweetIM] => C:\Program Files\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKLM\...\Run: [Sweetpacks Communicator] => C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.)
HKLM\...\Run: [Lexmark X1100 Series] => C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [57344 2003-08-19] (Lexmark International, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-10] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/xilisoftdownl ... E63118BE13}
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?sr ... 1F3B57AB6D}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/wind ... 7930842078
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 7930876094
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 79.127.192.230 79.127.195.194

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-09-18]
FF HKLM\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files\BetterSurf\ff
FF HKLM\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha684.net] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha684\ff
FF HKLM\...\Firefox\Extensions: [ext@VideoPlayerV3beta802.net] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta802\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaWatchV1home757.net] - C:\Program Files\MediaWatchV1\MediaWatchV1home757\ff
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-07]
FF Extension: No Name - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha684\ff [Not Found]
FF Extension: No Name - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta802\ff [Not Found]
FF Extension: No Name - C:\Program Files\MediaWatchV1\MediaWatchV1home757\ff [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "https://www.google.cz/", "hxxp://youtube.com/"
CHR Profile: C:\Documents and Settings\TEMP.KAJA\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Documents and Settings\TEMP.KAJA\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-10]
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\TEMP.KAJA\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-10]
CHR Extension: (Disk Google) - C:\Documents and Settings\TEMP.KAJA\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-10]
CHR Extension: (Seznam Lištička - Email) - C:\Documents and Settings\TEMP.KAJA\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2014-11-10]
CHR Extension: (Seznam Lištička - Slovník) - C:\Documents and Settings\TEMP.KAJA\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2014-11-10]
CHR Extension: (YouTube) - C:\Documents and Settings\TEMP.KAJA\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-10]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\TEMP.KAJA\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-10]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\TEMP.KAJA\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-10]
CHR Extension: (avast! SafePrice) - C:\Documents and Settings\TEMP.KAJA\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-11-10]
CHR Extension: (Tabulky Google) - C:\Documents and Settings\TEMP.KAJA\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-10]
CHR Extension: (avast! Online Security) - C:\Documents and Settings\TEMP.KAJA\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-10]
CHR Extension: (Peněženka Google) - C:\Documents and Settings\TEMP.KAJA\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-10]
CHR Extension: (SweetPacks Chrome Extension) - C:\Documents and Settings\TEMP.KAJA\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj [2014-11-10]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Documents and Settings\TEMP.KAJA\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2014-11-10]
CHR Extension: (Gmail) - C:\Documents and Settings\TEMP.KAJA\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-10]
CHR HKLM\...\Chrome\Extension: [acbmobkheekoilodhgplfjjoegbgpill] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha684\ch\WebexpEnhancedV1alpha684.crx []
CHR HKLM\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files\BetterSurf\ch\Chrome.crx []
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-10]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-10]
CHR HKLM\...\Chrome\Extension: [hbhgilhodidclojaglkkdheamiihigcm] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta802\ch\VideoPlayerV3beta802.crx [2014-08-10]
CHR HKLM\...\Chrome\Extension: [kkfajjgblglopfefcmdlelfcfgbpfkhm] - C:\Program Files\MediaWatchV1\MediaWatchV1home757\ch\MediaWatchV1home757.crx [2014-08-10]
CHR HKLM\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\System32\mjcm\SweetNT.crx [2014-07-22]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-10] (AVAST Software)
S2 IBUpdaterService; C:\WINDOWS\system32\dmwu.exe [2387760 2014-09-17] ()
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-10] (Oracle Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 OverwolfUpdater; C:\Program Files\Overwolf\OverwolfUpdater.exe [998176 2014-09-21] (Overwolf LTD)
S2 PanService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-08-10] ()
S2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-08-10] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-08-10] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-08-10] ()
S1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-08-10] (AVAST Software)
S1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-08-10] (AVAST Software)
S1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-08-10] (AVAST Software)
S0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-08-10] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [209664 2006-12-22] (Conexant Systems, Inc.)
S3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [988800 2006-12-22] (Conexant Systems, Inc.)
S0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2206976 2007-04-30] (Intel Corporation)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S2 WCMVCAM; C:\WINDOWS\System32\DRIVERS\wcmvcam.sys [1068216 2012-04-15] (Windows (R) Win 7 DDK provider)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 18:01 - 2014-11-10 18:02 - 00000000 ____D () C:\FRST
2014-11-10 17:57 - 2014-11-10 17:58 - 00000000 ____D () C:\Program Files\trend micro
2014-11-10 17:57 - 2014-11-10 17:57 - 00000000 ____D () C:\rsit
2014-11-10 17:52 - 2014-11-10 17:52 - 00000000 ____D () C:\Documents and Settings\TEMP.KAJA\Local Settings\Data aplikací\Google
2014-11-10 17:51 - 2014-11-10 18:02 - 00000000 ____D () C:\Documents and Settings\TEMP.KAJA\Local Settings\Temp
2014-11-10 17:51 - 2014-11-10 17:57 - 00000000 ____D () C:\Documents and Settings\TEMP.KAJA\Dokumenty
2014-11-10 17:51 - 2014-11-10 17:52 - 00000000 ___HD () C:\Documents and Settings\TEMP.KAJA\Local Settings\Data aplikací
2014-11-10 17:51 - 2014-11-10 17:51 - 00000020 ___SH () C:\Documents and Settings\TEMP.KAJA\ntuser.ini
2014-11-10 17:51 - 2014-11-10 17:51 - 00000000 ____D () C:\WINDOWS\CSC
2014-11-10 17:51 - 2014-11-10 17:51 - 00000000 ____D () C:\Documents and Settings\TEMP.KAJA
2014-11-10 17:51 - 2013-01-13 18:51 - 00000000 ____D () C:\Documents and Settings\TEMP.KAJA\Local Settings\Data aplikací\Microsoft Help
2014-11-10 17:51 - 2013-01-13 18:48 - 00000000 __SHD () C:\Documents and Settings\TEMP.KAJA\IETldCache
2014-11-10 17:51 - 2013-01-11 19:42 - 00001599 _____ () C:\Documents and Settings\TEMP.KAJA\Nabídka Start\Programy\Vzdálená pomoc.lnk
2014-11-10 17:51 - 2013-01-11 19:42 - 00000000 ___RD () C:\Documents and Settings\TEMP.KAJA\Nabídka Start\Programy\Příslušenství
2014-11-10 17:51 - 2013-01-11 19:42 - 00000000 ___RD () C:\Documents and Settings\TEMP.KAJA\Nabídka Start\Programy
2014-11-10 17:51 - 2013-01-11 19:41 - 00000792 _____ () C:\Documents and Settings\TEMP.KAJA\Nabídka Start\Programy\Windows Media Player.lnk
2014-11-10 17:51 - 2013-01-11 19:39 - 00000000 __RHD () C:\Documents and Settings\TEMP.KAJA\Data aplikací
2014-11-10 17:51 - 2013-01-11 19:39 - 00000000 ___RD () C:\Documents and Settings\TEMP.KAJA\Nabídka Start\Programy\Po spuštění
2014-11-10 17:51 - 2013-01-11 19:39 - 00000000 ___RD () C:\Documents and Settings\TEMP.KAJA\Nabídka Start
2014-11-10 17:51 - 2013-01-11 19:39 - 00000000 ___HD () C:\Documents and Settings\TEMP.KAJA\Okolní tiskárny
2014-11-10 17:51 - 2013-01-11 19:39 - 00000000 ___HD () C:\Documents and Settings\TEMP.KAJA\Okolní síť
2014-11-10 17:51 - 2013-01-11 19:39 - 00000000 ____D () C:\Documents and Settings\TEMP.KAJA\Plocha
2014-11-10 17:51 - 2013-01-11 19:39 - 00000000 ____D () C:\Documents and Settings\TEMP.KAJA\Oblíbené položky
2014-11-10 17:51 - 2013-01-11 19:37 - 00000000 ___HD () C:\Documents and Settings\TEMP.KAJA\Šablony
2014-11-09 14:40 - 2014-11-09 14:40 - 00000000 ____D () C:\Documents and Settings\TEMP\Local Settings\Data aplikací\Temp
2014-11-09 14:36 - 2014-11-09 20:53 - 00000178 ___SH () C:\Documents and Settings\TEMP\ntuser.ini
2014-11-09 14:36 - 2014-11-09 14:37 - 00000738 _____ () C:\Documents and Settings\TEMP\Nabídka Start\Programy\Outlook Express.lnk
2014-11-09 14:36 - 2014-11-09 14:36 - 00000803 _____ () C:\Documents and Settings\TEMP\Nabídka Start\Programy\Internet Explorer.lnk
2014-11-09 14:36 - 2014-11-09 14:36 - 00000000 ____D () C:\Documents and Settings\TEMP\Local Settings\Data aplikací\SWDS
2014-11-09 14:36 - 2014-11-09 14:36 - 00000000 ____D () C:\Documents and Settings\TEMP\Local Settings\Data aplikací\Google
2014-11-09 14:35 - 2014-11-09 20:53 - 00000000 ___HD () C:\Documents and Settings\TEMP\Local Settings\Data aplikací
2014-11-09 14:35 - 2014-11-09 20:53 - 00000000 ____D () C:\Documents and Settings\TEMP
2014-11-09 14:35 - 2014-11-09 20:51 - 00000000 ____D () C:\Documents and Settings\TEMP\Local Settings\Temp
2014-11-09 14:35 - 2014-11-09 14:37 - 00000000 ___RD () C:\Documents and Settings\TEMP\Oblíbené položky
2014-11-09 14:35 - 2014-11-09 14:36 - 00000792 _____ () C:\Documents and Settings\TEMP\Nabídka Start\Programy\Windows Media Player.lnk
2014-11-09 14:35 - 2014-11-09 14:36 - 00000000 ___RD () C:\Documents and Settings\TEMP\Nabídka Start\Programy\Příslušenství
2014-11-09 14:35 - 2014-11-09 14:36 - 00000000 ___RD () C:\Documents and Settings\TEMP\Nabídka Start\Programy
2014-11-09 14:35 - 2013-01-13 18:51 - 00000000 ____D () C:\Documents and Settings\TEMP\Local Settings\Data aplikací\Microsoft Help
2014-11-09 14:35 - 2013-01-11 19:42 - 00001599 _____ () C:\Documents and Settings\TEMP\Nabídka Start\Programy\Vzdálená pomoc.lnk
2014-11-09 14:35 - 2013-01-11 19:39 - 00000000 ___RD () C:\Documents and Settings\TEMP\Nabídka Start\Programy\Po spuštění
2014-11-09 14:35 - 2013-01-11 19:39 - 00000000 ___RD () C:\Documents and Settings\TEMP\Nabídka Start
2014-11-09 14:35 - 2013-01-11 19:39 - 00000000 ___HD () C:\Documents and Settings\TEMP\Okolní tiskárny
2014-11-09 14:35 - 2013-01-11 19:39 - 00000000 ___HD () C:\Documents and Settings\TEMP\Okolní síť
2014-11-09 14:35 - 2013-01-11 19:39 - 00000000 ____D () C:\Documents and Settings\TEMP\Plocha
2014-11-09 14:35 - 2013-01-11 19:37 - 00000000 ___HD () C:\Documents and Settings\TEMP\Šablony
2014-10-28 12:32 - 2014-10-28 12:32 - 00001896 _____ () C:\Documents and Settings\All Users\Plocha\Skype.lnk
2014-10-28 12:32 - 2014-10-28 12:32 - 00000000 ___RD () C:\Program Files\Skype
2014-10-28 12:32 - 2014-10-28 12:32 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-10-28 12:32 - 2014-10-28 12:32 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Skype
2014-10-28 00:25 - 2014-11-04 14:19 - 00002287 _____ () C:\WINDOWS\setupapi.log
2014-10-17 13:54 - 2014-11-10 16:48 - 00012386 _____ () C:\WINDOWS\wmsetup.log
2014-10-16 19:19 - 2014-10-16 19:19 - 00000682 _____ () C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
2014-10-16 19:19 - 2014-10-16 19:19 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-16 19:19 - 2014-10-16 19:19 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\CCleaner

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 18:01 - 2014-03-29 19:50 - 00000396 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-11-10 17:55 - 2013-01-11 19:40 - 01030536 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-10 17:51 - 2013-01-11 19:46 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-11-10 17:51 - 2013-01-11 19:40 - 01833130 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-10 17:51 - 2001-10-25 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-10 17:49 - 2013-01-11 19:46 - 00032464 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-10 17:49 - 2013-01-11 19:46 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-10 17:49 - 2013-01-11 19:42 - 00000275 _____ () C:\WINDOWS\wiadebug.log
2014-11-10 17:28 - 2013-01-11 19:39 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-11-10 17:23 - 2013-01-12 01:22 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-10 17:11 - 2013-01-12 11:21 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-10 17:01 - 2013-10-07 19:46 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-11-10 17:01 - 2013-01-15 23:09 - 00000382 _____ () C:\WINDOWS\Tasks\AmiUpdXp.job
2014-11-10 17:01 - 2013-01-12 01:22 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-10 16:54 - 2013-01-11 19:42 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-10 16:52 - 2013-01-16 01:47 - 00000992 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-515967899-963894560-839522115-1003UA.job
2014-11-09 18:38 - 2014-09-26 17:38 - 00000388 _____ () C:\WINDOWS\Tasks\Overwolf Updater Task.job
2014-11-09 01:52 - 2013-01-16 01:47 - 00000970 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-515967899-963894560-839522115-1003Core.job
2014-11-07 16:31 - 2013-12-19 19:19 - 00000000 ____D () C:\Program Files\Lexmark X1100 Series
2014-11-07 06:14 - 2013-01-12 11:40 - 00065536 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2014-10-28 21:48 - 2013-12-27 11:22 - 00348128 _____ () C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
2014-10-28 21:48 - 2013-01-11 19:46 - 00000000 ___HD () C:\Documents and Settings\LocalService\Local Settings\Data aplikací
2014-10-28 12:32 - 2013-01-14 16:51 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Skype
2014-10-28 12:32 - 2013-01-11 19:39 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-10-28 12:32 - 2013-01-11 19:39 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-10-26 16:28 - 2014-06-26 13:39 - 00000000 ____D () C:\WINDOWS\system32\mjcm
2014-10-26 16:27 - 2013-06-02 17:39 - 00000000 ____D () C:\WINDOWS\system32\WNLT
2014-10-26 16:27 - 2013-06-02 17:39 - 00000000 ____D () C:\WINDOWS\system32\ARFC
2014-10-25 01:30 - 2013-01-12 01:23 - 00001813 _____ () C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
2014-10-23 20:11 - 2013-01-12 11:21 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-10-23 20:11 - 2013-01-12 11:21 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-10-22 23:38 - 2014-09-26 17:31 - 00000000 ____D () C:\Program Files\Overwolf
2014-10-22 17:41 - 2014-09-26 17:36 - 00000000 ____D () C:\Program Files\Common Files\Overwolf
2014-10-16 19:22 - 2013-07-03 10:22 - 00000000 ____D () C:\WINDOWS\Minidump
2014-10-16 19:13 - 2014-03-13 18:33 - 00000222 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-10-16 19:12 - 2014-03-13 18:33 - 00000216 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-10-15 02:15 - 2013-01-12 11:36 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2014-10-15 02:14 - 2013-07-11 21:57 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-15 02:03 - 2013-01-11 21:06 - 98758480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

Some content of TEMP:
====================
C:\Documents and Settings\Kajka\Local Settings\Temp\AskSLib.dll
C:\Documents and Settings\Kajka\Local Settings\Temp\bundlesweetimsetup.exe
C:\Documents and Settings\Kajka\Local Settings\Temp\converter.exe
C:\Documents and Settings\Kajka\Local Settings\Temp\drvinstal1.exe
C:\Documents and Settings\Kajka\Local Settings\Temp\GenericUninstall.exe
C:\Documents and Settings\Kajka\Local Settings\Temp\mgsqlite3.dll
C:\Documents and Settings\Kajka\Local Settings\Temp\PIPInstaller_PTV_.exe
C:\Documents and Settings\Kajka\Local Settings\Temp\rtdrvmon.exe
C:\Documents and Settings\Kajka\Local Settings\Temp\RtkBtMnt.exe
C:\Documents and Settings\Kajka\Local Settings\Temp\set-app.exe
C:\Documents and Settings\Kajka\Local Settings\Temp\setup_wm.exe
C:\Documents and Settings\Kajka\Local Settings\Temp\Shortcut_bundlesweetimsetup.exe
C:\Documents and Settings\Kajka\Local Settings\Temp\SimboApp.exe
C:\Documents and Settings\Kajka\Local Settings\Temp\SIMEEIInstaller.exe
C:\Documents and Settings\Kajka\Local Settings\Temp\uninstaller.exe
C:\Documents and Settings\Kajka\Local Settings\Temp\Updater.exe
C:\Documents and Settings\Kajka\Local Settings\Temp\vcredist_x86.exe
C:\Documents and Settings\Kajka\Local Settings\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-266f1643.exe
C:\Documents and Settings\TEMP\Local Settings\Temp\rtdrvmon.exe
C:\Documents and Settings\TEMP\Local Settings\Temp\RtkBtMnt.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

#2 Příspěvek od **Márty84** » 11 říj 2014 18:18

Zdravim

Zkuste bod obnovy s datem pred timto problemem. Mate nejake nezvykle umisteni slozek, v TEMP, tam by to byt nemelo

kajca · #3 Příspěvek od **kajca** » 11 říj 2014 18:23

A můžete mi poradit, jak na ten bod obnovy najet? Pak by to mělo být zase ok ?

#4 Příspěvek od **Márty84** » 11 říj 2014 18:32

kajca píše:A můžete mi poradit, jak na ten bod obnovy najet?

Kliknete na Start - Programy - Prislusenstvi - Systemove nastroje - Obnoveni systemu. Zaskrtnete Obnovit predchozi stav pocitace a kliknete na Dalsi
Pak by se mely objevit vytvorene body obnovy. Nechte si zobrazit vsechny a zkuste najit nejaky starsi, nez ty problemy zacly. Na ten kliknete a potvrdte. Pozor, dojde k restartu pc (tak zase kdyztak zazalohujte co potrebujete) a bude chvili trvat, nez to dojede. Mozna se to tim opravi.

kajca · #5 Příspěvek od **kajca** » 11 říj 2014 21:51

Zjistila jsem, že jsem měla vypnut ten nástroj na obnovení systemu, takže tam nemám žádné body, kromě toho, když jsem to předchvilkou povolila. Takže tudy cesta asi nepovede

#6 Příspěvek od **Márty84** » 12 říj 2014 00:55

To je spatna zprava

Zkusime tedy nejdrive mrknout po haveti a pak opravu.

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Spustte ho.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.

Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte ComboFix.
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

kajca · #7 Příspěvek od **kajca** » 12 říj 2014 19:11

Děkuji moc, zkusila jsem vytvořit druhý profil ,a problém s ikonami už zmizel, za co jsem moc ráda, ale pokud tam je nějaký vir tak budu mít lepší pocit, když ho vymažeme.

tady jsou logy.

# AdwCleaner v4.000 - Report created 12/10/2014 at 19:37:35
# DB v2014-10-12.3
# Updated 12/10/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : pokus - KAJA
# Running from : C:\Documents and Settings\pokus\Dokumenty\Downloads\adwcleaner_4.000.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : IBUpdaterService

***** [ Files / Folders ] *****

Folder Deleted : C:\WINDOWS\system32\ARFC
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Ask
Folder Deleted : C:\WINDOWS\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Folder Deleted : C:\WINDOWS\system32\jmdp
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\SweetIM
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\Program Files\sweetpacks bundle uninstaller
[!] Folder Deleted : C:\Documents and Settings\Kajka\Data aplikací\Toolbar4
Folder Deleted : C:\WINDOWS\system32\WNLT
[!] Folder Deleted : C:\Documents and Settings\pokus\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
[!] Folder Deleted : C:\Documents and Settings\TEMP.KAJA\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
[!] Folder Deleted : C:\Documents and Settings\pokus\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
[!] Folder Deleted : C:\Documents and Settings\TEMP.KAJA\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
File Deleted : C:\WINDOWS\system32\dmwu.exe
File Deleted : C:\WINDOWS\system32\hfpapi.dll
File Deleted : C:\WINDOWS\system32\ImhxxpComm.dll
File Deleted : C:\Documents and Settings\pokus\AppData\LocalLow\SkwConfig.bin

***** [ Scheduled Tasks ] *****

Task Deleted : AmiUpdXp

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [xz123@ya456.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0113A098-06EA-4776-A011-D75590778F1E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\WINDOWS\system32\ARFC\wrtc.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\PANDORA.TV\PanService\PanProcess.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\PANDORA.TV\PanService\PandoraService.exe]
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKLM\SOFTWARE\BetterSurf
Key Deleted : HKLM\SOFTWARE\MediaWatchV1
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\WNLT
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ea8fa6be-29be-4af2-9352-841f83215eb0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SweetIM Bundle by SweetPacks
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SweetIM Bundle by SweetPacks
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v37.0.2062.124

*************************

AdwCleaner[R0].txt - [17673 octets] - [12/10/2014 19:33:30]
AdwCleaner[S0].txt - [17749 octets] - [12/10/2014 19:37:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17810 octets] ##########

ComboFix 14-10-04.01 - pokus 12.10.2014 19:52:57.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2038.1467 [GMT 2:00]
Spuštěný z: c:\documents and settings\pokus\Dokumenty\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system\BisonC27.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-09-12 do 2014-10-12 )))))))))))))))))))))))))))))))
.
.
2014-11-11 18:09 . 2014-09-09 01:24 8806800 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{3C520489-FAD3-44DC-A35C-BC6F9BD86F53}\mpengine.dll
2014-11-11 09:43 . 2014-09-09 01:24 8806800 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-10 22:04 . 2014-10-12 17:41 -------- d-----w- c:\documents and settings\pokus
2014-11-10 17:01 . 2014-11-10 21:54 -------- d-----w- C:\FRST
2014-11-10 16:57 . 2014-11-10 21:54 -------- d-----w- c:\program files\trend micro
2014-11-10 16:57 . 2014-11-10 16:57 -------- d-----w- C:\rsit
2014-11-09 13:35 . 2014-11-09 19:53 -------- d-----w- c:\documents and settings\TEMP
2014-10-28 11:32 . 2014-10-28 11:32 -------- d-----w- c:\program files\Common Files\Skype
2014-10-28 11:32 . 2014-10-28 11:32 -------- d-----r- c:\program files\Skype
2014-10-16 18:19 . 2014-10-16 18:19 -------- d-----w- c:\program files\CCleaner
2014-10-12 17:47 . 2014-10-12 17:47 39464 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{3C520489-FAD3-44DC-A35C-BC6F9BD86F53}\MpKsl17cb1567.sys
2014-10-12 17:33 . 2014-10-12 17:38 -------- d-----w- C:\AdwCleaner
2014-09-26 22:41 . 2014-09-26 22:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Overwolf
2014-09-26 16:36 . 2014-10-22 16:41 -------- d-----w- c:\program files\Common Files\Overwolf
2014-09-26 16:34 . 2014-09-26 16:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Overwolf
2014-09-26 16:31 . 2014-10-22 22:38 -------- d-----w- c:\program files\Overwolf
2014-09-26 16:26 . 2014-09-26 16:26 -------- d-----w- c:\program files\TeamSpeak 3 Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-23 19:11 . 2013-01-12 10:21 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-10-23 19:11 . 2013-01-12 10:21 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-22 06:41 . 2013-01-12 10:21 231568 ------w- c:\windows\system32\MpSigStub.exe
2014-09-16 14:20 . 2013-06-02 16:39 632656 ----a-w- c:\windows\system32\msvcr80.dll
2014-09-16 14:20 . 2013-06-02 16:39 554832 ----a-w- c:\windows\system32\msvcp80.dll
2014-09-16 14:20 . 2013-06-02 16:39 479232 ----a-w- c:\windows\system32\msvcm80.dll
2014-09-16 14:20 . 2011-02-19 22:03 421200 ----a-w- c:\windows\system32\msvcp100.dll
2014-09-16 14:20 . 2011-02-18 23:40 773968 ----a-w- c:\windows\system32\msvcr100.dll
2014-08-10 17:35 . 2013-10-07 18:46 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-08-10 17:34 . 2013-10-07 18:46 57800 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-08-10 17:34 . 2013-10-07 18:46 779536 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-08-10 17:34 . 2013-10-07 18:46 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-10 17:34 . 2014-05-25 16:40 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-10 17:34 . 2013-10-07 18:46 55112 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2014-08-10 17:34 . 2013-10-07 18:46 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-10 17:34 . 2013-10-07 18:46 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-08-10 17:34 . 2014-08-10 17:34 43152 ----a-w- c:\windows\avastSS.scr
2014-08-10 17:34 . 2013-10-07 18:46 276432 ----a-w- c:\windows\system32\aswBoot.exe
2014-08-10 16:54 . 2014-08-10 16:55 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-08-10 16:54 . 2014-08-10 16:55 145408 ----a-w- c:\windows\system32\javacpl.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-10 17:34 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-10 4085896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Java\\jre7\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PanProcess.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:ZAV
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [7.10.2013 20:46 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [7.10.2013 20:46 192352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [7.10.2013 20:46 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [7.10.2013 20:46 414520]
R1 MpKsl17cb1567;MpKsl17cb1567;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{3C520489-FAD3-44DC-A35C-BC6F9BD86F53}\MpKsl17cb1567.sys [12.10.2014 19:47 39464]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [25.5.2014 18:40 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [7.10.2013 20:46 67824]
R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [29.3.2013 21:05 625304]
R2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\wcmvcam.sys [15.4.2012 23:32 1068216]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3.4.2014 21:21 315008]
S3 OverwolfUpdater;Overwolf Updater Windows SCM;c:\program files\Overwolf\OverwolfUpdater.exe [21.9.2014 10:59 998176]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSL17CB1567
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-25 00:24 1096520 ----a-w- c:\program files\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-10-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-12 19:11]
.
2014-10-12 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-10 17:34]
.
2014-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-12 00:22]
.
2014-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-12 00:22]
.
2014-10-12 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2014-03-11 09:13]
.
2014-10-16 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-11 23:28]
.
2014-11-11 c:\windows\Tasks\Overwolf Updater Task.job
- c:\program files\Overwolf\OverwolfUpdater.exe [2014-09-21 08:59]
.
2014-10-16 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-11 23:28]
.
.
------- Doplňkový sken -------
.
mStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 79.127.192.230 79.127.195.194
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-10-12 20:00
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2014-10-12 20:02:47
ComboFix-quarantined-files.txt 2014-10-12 18:02
.
Před spuštěním: Volných bajtů: 18 748 149 760
Po spuštění: Volných bajtů: 20 241 997 824
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - FCA824E388283539BC3E7CF90B9A16B5
413FC2A0C716421B3158746D63736515

#8 Příspěvek od **Márty84** » 13 říj 2014 02:36

No, vytvorenim noveho uctu jste to trosku obesla, ale procistit to chce, aby se to za chvilku nestalo i tam

Mate tam dva antiviry. Avast a Microsoft Security Essentials. Odinstalujte Microsoft Security Essentials, jinak dochazi ke kolizi stitu.

Presunte ComboFix na plochu, jinak to nebude fungovat.

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

Folder::
C:\Documents and Settings\Kajka\Data aplikací\Toolbar4
C:\Documents and Settings\pokus\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
C:\Documents and Settings\TEMP.KAJA\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
C:\Documents and Settings\pokus\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
C:\Documents and Settings\TEMP.KAJA\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
"MSC"=-
"SunJavaUpdateSched"=-

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

Driver::
MpKsl17cb1567
PanService

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

kajca · #9 Příspěvek od **kajca** » 13 říj 2014 18:34

Jo, to mě taky napadlo, že by to asi nebylo na dlouho

Díky moc za Váš čas

Tu je ten log:

ComboFix 14-10-04.01 - pokus 13.10.2014 19:20:56.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2038.1602 [GMT 2:00]
Spuštěný z: c:\documents and settings\pokus\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\pokus\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-09-13 do 2014-10-13 )))))))))))))))))))))))))))))))
.
.
2014-11-10 22:04 . 2014-10-12 17:41 -------- d-----w- c:\documents and settings\pokus
2014-11-10 17:01 . 2014-11-10 21:54 -------- d-----w- C:\FRST
2014-11-10 16:57 . 2014-11-10 21:54 -------- d-----w- c:\program files\trend micro
2014-11-10 16:57 . 2014-11-10 16:57 -------- d-----w- C:\rsit
2014-11-09 13:35 . 2014-11-09 19:53 -------- d-----w- c:\documents and settings\TEMP
2014-10-28 11:32 . 2014-10-28 11:32 -------- d-----w- c:\program files\Common Files\Skype
2014-10-28 11:32 . 2014-10-28 11:32 -------- d-----r- c:\program files\Skype
2014-10-16 18:19 . 2014-10-16 18:19 -------- d-----w- c:\program files\CCleaner
2014-10-12 17:33 . 2014-10-12 17:38 -------- d-----w- C:\AdwCleaner
2014-09-26 22:41 . 2014-09-26 22:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Overwolf
2014-09-26 16:36 . 2014-10-22 16:41 -------- d-----w- c:\program files\Common Files\Overwolf
2014-09-26 16:34 . 2014-09-26 16:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Overwolf
2014-09-26 16:31 . 2014-10-22 22:38 -------- d-----w- c:\program files\Overwolf
2014-09-26 16:26 . 2014-09-26 16:26 -------- d-----w- c:\program files\TeamSpeak 3 Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-23 19:11 . 2013-01-12 10:21 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-10-23 19:11 . 2013-01-12 10:21 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-22 06:41 . 2013-01-12 10:21 231568 ------w- c:\windows\system32\MpSigStub.exe
2014-09-16 14:20 . 2013-06-02 16:39 632656 ----a-w- c:\windows\system32\msvcr80.dll
2014-09-16 14:20 . 2013-06-02 16:39 554832 ----a-w- c:\windows\system32\msvcp80.dll
2014-09-16 14:20 . 2013-06-02 16:39 479232 ----a-w- c:\windows\system32\msvcm80.dll
2014-09-16 14:20 . 2011-02-19 22:03 421200 ----a-w- c:\windows\system32\msvcp100.dll
2014-09-16 14:20 . 2011-02-18 23:40 773968 ----a-w- c:\windows\system32\msvcr100.dll
2014-08-10 17:35 . 2013-10-07 18:46 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-08-10 17:34 . 2013-10-07 18:46 57800 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-08-10 17:34 . 2013-10-07 18:46 779536 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-08-10 17:34 . 2013-10-07 18:46 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-10 17:34 . 2014-05-25 16:40 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-10 17:34 . 2013-10-07 18:46 55112 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2014-08-10 17:34 . 2013-10-07 18:46 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-10 17:34 . 2013-10-07 18:46 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-08-10 17:34 . 2014-08-10 17:34 43152 ----a-w- c:\windows\avastSS.scr
2014-08-10 17:34 . 2013-10-07 18:46 276432 ----a-w- c:\windows\system32\aswBoot.exe
2014-08-10 16:54 . 2014-08-10 16:55 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-08-10 16:54 . 2014-08-10 16:55 145408 ----a-w- c:\windows\system32\javacpl.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-10 17:34 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-10 4085896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Java\\jre7\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PanProcess.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:ZAV
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [7.10.2013 20:46 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [7.10.2013 20:46 192352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [7.10.2013 20:46 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [7.10.2013 20:46 414520]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [25.5.2014 18:40 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [7.10.2013 20:46 67824]
R2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\wcmvcam.sys [15.4.2012 23:32 1068216]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3.4.2014 21:21 315008]
S3 OverwolfUpdater;Overwolf Updater Windows SCM;c:\program files\Overwolf\OverwolfUpdater.exe [21.9.2014 10:59 998176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-25 00:24 1096520 ----a-w- c:\program files\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-10-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-12 19:11]
.
2014-10-13 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-10 17:34]
.
2014-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-12 00:22]
.
2014-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-12 00:22]
.
2014-10-16 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-11 23:28]
.
2014-11-11 c:\windows\Tasks\Overwolf Updater Task.job
- c:\program files\Overwolf\OverwolfUpdater.exe [2014-09-21 08:59]
.
2014-10-16 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-11 23:28]
.
.
------- Doplňkový sken -------
.
mStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 79.127.192.230 79.127.195.194
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-10-13 19:28
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2224)
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1029\GrooveIntlResource.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Lexmark X1100 Series\lxbkbmon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\docume~1\pokus\LOCALS~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Celkový čas: 2014-10-13 19:31:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-10-13 17:31
ComboFix2.txt 2014-10-13 17:13
ComboFix3.txt 2014-10-12 18:02
.
Před spuštěním: Volných bajtů: 20 321 529 856
Po spuštění: Volných bajtů: 20 314 972 160
.
- - End Of File - - A919853BDB14C3371F077CE57021D312
413FC2A0C716421B3158746D63736515

#10 Příspěvek od **Márty84** » 13 říj 2014 19:19

Nemate zac

Udelejte !!!kompletni!!! kontrolu s MBAM http://www.bleepingcomputer.com/downloa ... re/dl/241/ (musite stahnout verzi 1.75, odmitnout upgrade a aktualizovat jen virovou databazi) a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce. Navod zde http://forum.viry.cz/viewtopic.php?f=29&t=115222

kajca · #11 Příspěvek od **kajca** » 18 říj 2014 16:59

omlouvám se za delší prodlevu, z časovych důvodu to nešlo dříve.

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
http://www.malwarebytes.org

Verze: v2014.10.17.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
pokus :: KAJA [administrátor]

Ochrana: Povolena

17.10.2014 22:48:25
MBAM-log-2014-10-18 (17-56-04).txt

Typ: Kompletní kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 311970
Uplynulý čas: 1 hodin, 15 minut, 4 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GotClip (PUP.Adware.Gotclip.ScamLotto) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 1
C:\Documents and Settings\Kajka\Data aplikací\SwvUpdater (PUP.Software.Updater) -> Nebyla provedena žádná instrukce.

Nalezené soubory: 6
C:\Program Files\GotClip\Uninstall.exe (PUP.Adware.Gotclip.ScamLotto) -> Nebyla provedena žádná instrukce.
D:\Instalace\microsoft office 2010 FULL CZ + keygen\Microsoft Office 2010 CZ +aktivator - 100% funkční\Aktivátor\Aktivátor.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
D:\Pff\Download\SoftonicDownloader_for_samplisizer.exe (PUP.OfferBundler.ST) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Data aplikací\SwvUpdater\Updater.xml (PUP.Software.Updater) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Data aplikací\SwvUpdater\status.cfg (PUP.Software.Updater) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Data aplikací\SwvUpdater\Updater.exe (PUP.Software.Updater) -> Nebyla provedena žádná instrukce.

(konec)

#12 Příspěvek od **Márty84** » 18 říj 2014 17:40

Vsechny nalezy hodte do karanteny. Po restartu pc test zopakujte, at vime, jestli se to nevraci. Napiste vysledek testu a podle nej zvolim dalsi postup.

kajca · #13 Příspěvek od **kajca** » 26 říj 2014 09:25

Omlouvám se za delší prodlevu

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2014.10.24.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
pokus :: KAJA [administrátor]

Ochrana: Povolena

25.10.2014 23:26:23
MBAM-log-2014-10-26 (09-22-04).txt

Typ: Kompletní kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 433369
Uplynulý čas: 1 hodin, 25 minut, 10 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKLM\SOFTWARE\MediaWatchV1home757 (PUP.Optional.MediaWatch.A) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 3
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|ext@WebexpEnhancedV1alpha684.net (PUP.Optional.WebExpEnhanced.A) -> Data: C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha684\ff -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|ext@MediaWatchV1home757.net (PUP.Optional.MediaWatch.A) -> Data: C:\Program Files\MediaWatchV1\MediaWatchV1home757\ff -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\mozilla\Firefox\Extensions|ext@VideoPlayerV3beta802.net (PUP.Optional.VideoPlayer.A) -> Data: C:\Program Files\VideoPlayerV3\VideoPlayerV3beta802\ff -> Nebyla provedena žádná instrukce.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 8
C:\Program Files\Common Files\Config (PUP.Optional.OffersWizard.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Data aplikací\OpenCandy (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Data aplikací\OpenCandy\2CB3D65AD25A4B1B8FEDF40772C2C16D (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Data aplikací\OpenCandy\AC77E926DC0D4EA2BF4BA3D6B828220F (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Data aplikací\newnext.me (PUP.Optional.NextLive.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Data aplikací\newnext.me\cache (PUP.Optional.NextLive.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj (PUP.Optional.WhiteSmoke.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_1 (PUP.Optional.WhiteSmoke.A) -> Nebyla provedena žádná instrukce.

Nalezené soubory: 96
C:\Documents and Settings\Kajka\Data aplikací\OpenCandy\2CB3D65AD25A4B1B8FEDF40772C2C16D\Mobogenie_Setup_2.1.37_507.exe (PUP.Optional.NextLive.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Local Settings\Data aplikací\genienext\nengine.dll (PUP.Optional.NextLive.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Local Settings\Temp\set-app.exe (PUP.Optional.MediaWatch.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Local Settings\Temp\Shortcut_bundlesweetimsetup.exe (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Local Settings\Temp\SimboApp.exe (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Local Settings\Temp\Updater.exe (PUP.Optional.Amonetize.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Local Settings\Temp\bundlesweetimsetup.exe (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Local Settings\Temp\mgsqlite3.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Local Settings\Temp\drvinstal1.exe (PUP.Optional.OffersWizard.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Local Settings\Temp\scoped_dir_2984_2326\CRX_INSTALL\mgHelperGC.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Local Settings\Temp\2827278562\chromeupdaterfull.exe (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Communicator\mgcommon.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Communicator\mgcommunication.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Communicator\mgsimcommon.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Communicator\mgxml_wrapper.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Communicator\resources\sqlite\mgSqlite3.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mghooking.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\ContentPackagesActivationHandler.exe.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgArchive.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgcommon.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgcommunication.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgconfig.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgFlashPlayer.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgICQAuto.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgICQMessengerAdapter.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mglogger.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgMediaPlayer.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgMsnAuto.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgMsnMessengerAdapter.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgsimcommon.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgSweetIM.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgUpdateSupport.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgxml_wrapper.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgYahooAuto.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgYahooMessengerAdapter.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\SweetIM.exe.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{1460F139-64EC-4115-89F9-BFF3004D5D5B}\RP6\A0000215.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{1460F139-64EC-4115-89F9-BFF3004D5D5B}\RP6\A0000216.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{1460F139-64EC-4115-89F9-BFF3004D5D5B}\RP6\A0000217.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{1460F139-64EC-4115-89F9-BFF3004D5D5B}\RP6\A0000218.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{1460F139-64EC-4115-89F9-BFF3004D5D5B}\RP6\A0000219.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{1460F139-64EC-4115-89F9-BFF3004D5D5B}\RP6\A0000220.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{1460F139-64EC-4115-89F9-BFF3004D5D5B}\RP6\A0000221.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{1460F139-64EC-4115-89F9-BFF3004D5D5B}\RP6\A0000222.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{1460F139-64EC-4115-89F9-BFF3004D5D5B}\RP6\A0000223.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{1460F139-64EC-4115-89F9-BFF3004D5D5B}\RP6\A0000224.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{1460F139-64EC-4115-89F9-BFF3004D5D5B}\RP6\A0000225.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{1460F139-64EC-4115-89F9-BFF3004D5D5B}\RP6\A0000226.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{1460F139-64EC-4115-89F9-BFF3004D5D5B}\RP6\A0000227.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{1460F139-64EC-4115-89F9-BFF3004D5D5B}\RP6\A0000228.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{1460F139-64EC-4115-89F9-BFF3004D5D5B}\RP6\A0000229.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{1460F139-64EC-4115-89F9-BFF3004D5D5B}\RP6\A0000230.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{1460F139-64EC-4115-89F9-BFF3004D5D5B}\RP6\A0000231.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{1460F139-64EC-4115-89F9-BFF3004D5D5B}\RP6\A0000233.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{1460F139-64EC-4115-89F9-BFF3004D5D5B}\RP6\A0000236.exe (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{1460F139-64EC-4115-89F9-BFF3004D5D5B}\RP6\A0000237.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{1460F139-64EC-4115-89F9-BFF3004D5D5B}\RP6\A0000238.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{1460F139-64EC-4115-89F9-BFF3004D5D5B}\RP6\A0000239.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{1460F139-64EC-4115-89F9-BFF3004D5D5B}\RP6\A0000240.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{1460F139-64EC-4115-89F9-BFF3004D5D5B}\RP6\A0000241.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{1460F139-64EC-4115-89F9-BFF3004D5D5B}\RP6\A0000242.exe (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{1460F139-64EC-4115-89F9-BFF3004D5D5B}\RP6\A0000243.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{1460F139-64EC-4115-89F9-BFF3004D5D5B}\RP6\A0000214.exe (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{1460F139-64EC-4115-89F9-BFF3004D5D5B}\RP6\A0000232.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\WINDOWS\Installer\2c99a54.msi (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\WINDOWS\Installer\2c99a60.msi (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
D:\Dokumenty\Downloads\DownloadSetup (1).exe (PUP.Optional.InstallRex) -> Nebyla provedena žádná instrukce.
D:\Dokumenty\Downloads\DownloadSetup.exe (PUP.Optional.InstallRex) -> Nebyla provedena žádná instrukce.
D:\Dokumenty\Downloads\FastDownload (1).exe (PUP.Optional.InstallRex) -> Nebyla provedena žádná instrukce.
D:\Dokumenty\Downloads\FastDownload (2).exe (PUP.Optional.InstallRex) -> Nebyla provedena žádná instrukce.
D:\Dokumenty\Downloads\FastDownload.exe (PUP.Optional.InstallRex) -> Nebyla provedena žádná instrukce.
D:\Dokumenty\Downloads\GotClip_Setup (1).exe (PUP.Optional.Conduit.A) -> Nebyla provedena žádná instrukce.
D:\Dokumenty\Downloads\GotClip_Setup.exe (PUP.Optional.Conduit.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\Common Files\Config\ver.xml (PUP.Optional.OffersWizard.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\Common Files\Config\data.xml (PUP.Optional.OffersWizard.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Data aplikací\OpenCandy\AC77E926DC0D4EA2BF4BA3D6B828220F\chrometest.html (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Data aplikací\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Data aplikací\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_1\128.png (PUP.Optional.WhiteSmoke.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_1\19.png (PUP.Optional.WhiteSmoke.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_1\48.png (PUP.Optional.WhiteSmoke.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_1\background.html (PUP.Optional.WhiteSmoke.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_1\flavour.js (PUP.Optional.WhiteSmoke.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_1\keys.json (PUP.Optional.WhiteSmoke.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_1\logger.js (PUP.Optional.WhiteSmoke.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_1\main.js (PUP.Optional.WhiteSmoke.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_1\manifest.json (PUP.Optional.WhiteSmoke.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_1\newtab.html (PUP.Optional.WhiteSmoke.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_1\newtab.js (PUP.Optional.WhiteSmoke.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_1\popup.html (PUP.Optional.WhiteSmoke.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_1\popup.js (PUP.Optional.WhiteSmoke.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_1\simapp.js (PUP.Optional.WhiteSmoke.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kajka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_1\toolbar.js (PUP.Optional.WhiteSmoke.A) -> Nebyla provedena žádná instrukce.

(konec)

#14 Příspěvek od **Márty84** » 26 říj 2014 09:46

Smarja, tam je toho mnohem vic nez predtim? Co jste tam provadela?

Postupujte presne v tomto poradi.
1) MBAM nezavirejte, jen minimalizujte.
2) Vymazte/Vypnete vytvareni bodu obnovy http://forum.viry.cz/viewtopic.php?f=46&t=47040 , ale nerestartujte pc.
3) Ted nechte nalezy MBAM odstranit a restartujte pc.
4) Zopakujte test s MBAM a napiste jeho vysledek a podle toho zvolim dalsi postup.

Pokud bude cisto, zapnete zase funkci vytvareni bodu obnovy, at pak na to nezapomenem.

kajca · #15 Příspěvek od **kajca** » 27 říj 2014 19:39

Ja nevím, jak je to možné, asi na to mám talent a ani o tom nevím

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2014.10.26.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
pokus :: KAJA [administrátor]

Ochrana: Povolena

26.10.2014 15:42:48
mbam-log-2014-10-26 (15-42-48).txt

Typ: Kompletní kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 430652
Uplynulý čas: 1 hodin, 17 minut, 38 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

VIRY.CZ

Nenacte se plocha, ikony

Nenacte se plocha, ikony

Re: Nenacte se plocha, ikony

Re: Nenacte se plocha, ikony

Re: Nenacte se plocha, ikony

Re: Nenacte se plocha, ikony

Re: Nenacte se plocha, ikony

Re: Nenacte se plocha, ikony

Re: Nenacte se plocha, ikony

Re: Nenacte se plocha, ikony

Re: Nenacte se plocha, ikony

Re: Nenacte se plocha, ikony

Re: Nenacte se plocha, ikony

Re: Nenacte se plocha, ikony

Re: Nenacte se plocha, ikony

Re: Nenacte se plocha, ikony