Sekající se pc

Zpráva

hkotrc · #1 Příspěvek od **hkotrc** » 03 pro 2014 19:07

Dobrý den,
vím, že počítač je zastaralý a pomalý, ale jsem stále dotazován, jestli tam není havěť či vir.

Log:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Spravce at 2014-12-03 19:04:30
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 53 GB (69%) free of 76 GB
Total RAM: 1023 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:04:54, on 3.12.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Movies App\Datamngr\DatamngrCoordinator.exe
C:\Program Files\Java\jre7\bin\jqs.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Movies App\Datamngr\DatamngrCoordinator.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WandouLabs\wandoujia_helper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\Spravce\Plocha\RSIT.exe
C:\Program Files\trend micro\Spravce.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?o=APN10645A& ... 91-539&t=4
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Movies Search App (Dist. by Bandoo Media, Inc.) - {c0caa5fe-7c9c-4dca-a265-63cf55379d1a} - C:\PROGRA~1\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Movies Search App (Dist. by Bandoo Media, Inc.) - {c0caa5fe-7c9c-4dca-a265-63cf55379d1a} - C:\PROGRA~1\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CCleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: wandoujia_helper.lnk = C:\Program Files\WandouLabs\wandoujia_helper.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Datamngr Coordinator (DatamngrCoordinator) - Bandoo Media Inc. - C:\Program Files\Movies App\Datamngr\DatamngrCoordinator.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 5563 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job - c:\Program Files\Microsoft Security Client\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges
C:\WINDOWS\tasks\MpIdleTask.job - c:\Program Files\Microsoft Security Client\MpCmdRun.exe -IdleTask -TaskName MpIdleTask

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Spravce\Data aplikací\Mozilla\Firefox\Profiles\i0cjxqex.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.search.ask.com/?o=APN10645A& ... 91-539&t=4"
prefs.js - "keyword.URL" - "http://dts.search.ask.com/sr?src=ffb&gc ... PN10645&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.152 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.67.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Documents and Settings\Spravce\Data aplikací\Mozilla\Firefox\Profiles\i0cjxqex.default\extensions\
{c0caa5fe-7c9c-4dca-a265-63cf55379d1a}

C:\Documents and Settings\Spravce\Data aplikací\Mozilla\Firefox\Profiles\i0cjxqex.default\searchplugins\
Ask.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-07 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c0caa5fe-7c9c-4dca-a265-63cf55379d1a}]
Movies Search App (Dist. by Bandoo Media, Inc.) - C:\PROGRA~1\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll [2014-07-03 115584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-07 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{c0caa5fe-7c9c-4dca-a265-63cf55379d1a} - Movies Search App (Dist. by Bandoo Media, Inc.) - C:\PROGRA~1\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll [2014-07-03 115584]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-08-19 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-08-19 13925480]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-01-27 947152]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-07-25 256896]
"iTunesHelper"=C:\Program Files\iTunesHelper.exe [2014-10-15 157480]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"CCleaner"=C:\Program Files\CCleaner\CCleaner.exe [2014-08-21 4796696]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2014-10-01 22065760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-08-18 1753192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2005-07-12 81920]

C:\Documents and Settings\Spravce\Nabídka Start\Programy\Po spuštění
wandoujia_helper.lnk - C:\Program Files\WandouLabs\wandoujia_helper.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"E:\_Data\Hry\Counter-Strike 1.6 Non-Steam\hl.exe"="E:\_Data\Hry\Counter-Strike 1.6 Non-Steam\hl.exe:*:Disabled:Half-Life Launcher"
"E:\_Data\Hry\EA GAMES\Need for Speed Underground 2\speed2.exe"="E:\_Data\Hry\EA GAMES\Need for Speed Underground 2\speed2.exe:*:Enabled:speed2"
"C:\Program Files\WandouLabs\wandoujia2.exe"="C:\Program Files\WandouLabs\wandoujia2.exe:*:Enabled:SnapPea"
"C:\Program Files\iTunes.exe"="C:\Program Files\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\dtuser.exe"="C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\dtuser.exe:*:Enabled:Movies Search App (Dist. by Bandoo Media, Inc.) DTX Broker"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"midi1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2014-12-03 19:04:30 ----D---- C:\rsit
2014-12-03 19:04:30 ----D---- C:\Program Files\trend micro
2014-11-30 20:27:36 ----SHD---- C:\Config.Msi
2014-11-23 14:13:57 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2014-11-23 14:13:57 ----A---- C:\WINDOWS\system32\x3daudio1_2.dll
2014-11-23 14:13:56 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2014-11-23 14:13:56 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2014-11-23 14:13:55 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2014-11-23 14:13:54 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2014-11-23 14:13:52 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2014-11-23 14:13:50 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2014-11-23 14:13:50 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2014-11-23 14:13:48 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2014-11-23 14:13:47 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2014-11-23 14:13:46 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2014-11-23 14:13:46 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2014-11-23 14:13:45 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2014-11-23 14:13:45 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2014-11-23 14:13:45 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2014-11-23 14:13:44 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2014-11-23 14:13:44 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2014-11-23 14:13:43 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2014-11-23 14:13:42 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2014-11-23 14:13:41 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2014-11-23 14:13:31 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2014-11-23 14:13:31 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2014-11-23 14:13:31 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2014-11-23 14:13:29 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2014-11-23 14:13:29 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2014-11-23 14:13:28 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2014-11-23 14:13:28 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2014-11-23 14:13:27 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2014-11-23 14:13:26 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2014-11-23 14:12:47 ----A---- C:\WINDOWS\game.ini
2014-11-23 13:58:19 ----D---- C:\Program Files\Activision
2014-11-23 13:53:53 ----SHD---- C:\WINDOWS\ftpcache
2014-11-23 13:52:52 ----D---- C:\Documents and Settings\Spravce\Data aplikací\searchresultstb
2014-11-22 18:26:57 ----D---- C:\Program Files\MyPC Backup
2014-11-22 18:24:16 ----D---- C:\Documents and Settings\Spravce\Data aplikací\ilividbandoomoviestoolbar
2014-11-22 18:23:33 ----D---- C:\Program Files\Movies App
2014-11-22 18:23:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\Datamngr
2014-11-22 18:14:20 ----D---- C:\Program Files\Plug-Ins
2014-11-21 20:22:19 ----D---- C:\Documents and Settings\Spravce\Data aplikací\Apple Computer
2014-11-21 20:21:43 ----A---- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2014-11-21 20:21:22 ----D---- C:\Program Files\Mozilla Plugins
2014-11-21 20:21:18 ----D---- C:\Program Files\iTunesMiniPlayer.Resources
2014-11-21 20:21:13 ----D---- C:\Program Files\iTunesHelper.Resources
2014-11-21 20:19:52 ----D---- C:\Program Files\iTunes.Resources
2014-11-21 20:19:45 ----D---- C:\Program Files\iPod
2014-11-21 20:19:30 ----D---- C:\Program Files\CD Configuration
2014-11-21 20:19:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-11-21 20:19:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2014-11-21 20:18:34 ----DC---- C:\WINDOWS\system32\DRVSTORE
2014-11-21 20:15:41 ----D---- C:\Program Files\Common Files\Apple
2014-11-21 20:15:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple
2014-11-09 18:29:19 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2014-11-09 18:29:04 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
2014-11-09 18:28:36 ----A---- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys
2014-11-09 18:28:35 ----A---- C:\WINDOWS\system32\WdfCoInstaller01007.dll
2014-11-09 18:26:47 ----D---- C:\SnapPea
2014-11-09 18:26:44 ----D---- C:\Documents and Settings\Spravce\Data aplikací\WandoujiaUsbDriver
2014-11-09 18:26:16 ----D---- C:\Documents and Settings\Spravce\Data aplikací\Wandoujia2
2014-11-09 18:25:46 ----D---- C:\Program Files\WandouLabs

======List of files/folders modified in the last 1 month======

2014-12-03 19:04:37 ----D---- C:\WINDOWS\Prefetch
2014-12-03 19:04:30 ----RD---- C:\Program Files
2014-12-03 19:01:49 ----D---- C:\WINDOWS\system32\CatRoot2
2014-12-03 18:59:48 ----D---- C:\WINDOWS\Temp
2014-12-03 18:59:32 ----D---- C:\Documents and Settings\Spravce\Data aplikací\Skype
2014-12-03 18:59:11 ----D---- C:\WINDOWS\SoftwareDistribution
2014-12-03 18:57:51 ----D---- C:\WINDOWS
2014-12-02 21:17:42 ----N---- C:\WINDOWS\SchedLgU.Txt
2014-12-02 14:42:45 ----SD---- C:\WINDOWS\Tasks
2014-12-01 17:37:43 ----HD---- C:\WINDOWS\inf
2014-12-01 17:36:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-12-01 17:36:13 ----D---- C:\WINDOWS\system32\cs-cz
2014-12-01 17:36:13 ----D---- C:\WINDOWS\system32
2014-12-01 17:36:13 ----D---- C:\WINDOWS\Help
2014-12-01 17:36:13 ----D---- C:\Program Files\Internet Explorer
2014-11-30 20:33:50 ----D---- C:\Program Files\Google
2014-11-30 20:33:49 ----SHD---- C:\WINDOWS\Installer
2014-11-23 14:13:58 ----D---- C:\WINDOWS\system32\DirectX
2014-11-23 14:13:41 ----RSD---- C:\WINDOWS\assembly
2014-11-23 14:13:33 ----D---- C:\WINDOWS\Microsoft.NET
2014-11-23 14:12:41 ----HD---- C:\Program Files\InstallShield Installation Information
2014-11-22 18:28:29 ----D---- C:\WINDOWS\WinSxS
2014-11-21 20:21:44 ----D---- C:\WINDOWS\system32\drivers
2014-11-21 20:15:41 ----D---- C:\Program Files\Common Files
2014-11-09 18:26:19 ----RSD---- C:\WINDOWS\Fonts
2014-11-04 21:12:40 ----SD---- C:\Documents and Settings\Spravce\Data aplikací\Microsoft
2014-11-04 19:51:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2013-01-20 195296]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R1 AmdK8;Ovladač procesoru AMD Athlon64; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 38400]
R1 F06DEFF2-5B9C-490D-910F-35D3A9119622;F06DEFF2-5B9C-490D-910F-35D3A9119622; \??\C:\Program Files\Movies App\Datamngr\setmgrc2.cfg []
R2 regi;regi; \??\C:\WINDOWS\system32\drivers\regi.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-07-15 3640000]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2012-10-03 26840]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-08-19 9902112]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-08-11 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-08-11 12928]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 HTCAND32;HTC Device Driver; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [2014-11-09 24576]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-01-19 503144]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 DatamngrCoordinator;Datamngr Coordinator; C:\Program Files\Movies App\Datamngr\DatamngrCoordinator.exe [2014-11-11 3573448]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2014-10-07 182696]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-01-27 20456]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-08-19 155752]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-10 189728]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2014-10-15 540968]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2014-04-03 315008]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-10-11 114288]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

#2 Příspěvek od **Márty84** » 03 pro 2014 19:13

Zdravim

hkotrc píše:ale jsem stále dotazován, jestli tam není havěť či vir

A kym?

Havet tam je.

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Spustte ho.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.

hkotrc · #3 Příspěvek od **hkotrc** » 07 pro 2014 10:41

Sestra používá toto pc.

Log:
# AdwCleaner v4.103 - Report created 01/01/2005 at 14:16:29
# Updated 01/12/2014 by Xplode
# Database : 2014-12-03.1 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Spravce - P-ELA
# Running from : C:\Documents and Settings\Spravce\Plocha\adwcleaner_4.103.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : DatamngrCoordinator
[#] Service Deleted : F06DEFF2-5B9C-490D-910F-35D3A9119622

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\DataMngr
[!] Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Datamngr
[!] Folder Deleted : C:\Program Files\Movies App
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Documents and Settings\Spravce\Local Settings\Data aplikací\torch
Folder Deleted : C:\Documents and Settings\Spravce\AppData\LocalLow\DataMngr
Folder Deleted : C:\Documents and Settings\Spravce\Data aplikací\pdfforge
Folder Deleted : C:\Documents and Settings\Spravce\Data aplikací\searchresultstb
File Deleted : C:\Documents and Settings\Spravce\Data aplikací\Mozilla\Firefox\Profiles\i0cjxqex.default\searchplugins\Ask.xml

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\APNDTX
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\torch
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\torch

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v33.0 (x86 cs)

[i0cjxqex.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Ask.com");
[i0cjxqex.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.search.ask.com/?o=APN10645A&gct=hp& ... 91-539&t=4");
[i0cjxqex.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=2155&systemid=406&v=n14591-539&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=0371371289414297&o=APN10645&q=");

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [3455 octets] - [01/01/2005 14:09:32]
AdwCleaner[S0].txt - [3160 octets] - [01/01/2005 14:16:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3220 octets] ##########

#4 Příspěvek od **Márty84** » 07 pro 2014 11:08

Udelejte !!!kompletni!!! kontrolu s MBAM http://www.bleepingcomputer.com/downloa ... re/dl/241/ (musite stahnout verzi 1.75, odmitnout upgrade a aktualizovat jen virovou databazi) a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce. Navod zde http://forum.viry.cz/viewtopic.php?f=29&t=115222

hkotrc · #5 Příspěvek od **hkotrc** » 07 pro 2014 20:26

Log MBAM:

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2014.12.07.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Spravce :: P-ELA [administrátor]

Ochrana: Povolena

7.12.2014 15:43:59
MBAM-log-2014-12-07 (20-24-57).txt

Typ: Kompletní kontrola (C:\|E:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 406131
Uplynulý čas: 4 hodin, 38 minut, 34 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 9
HKCR\CLSID\{c0caa5fe-7c9c-4dca-a265-63cf55379d1a} (PUP.Optional.SearchApp.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0CAA5FE-7C9C-4DCA-A265-63CF55379D1A} (PUP.Optional.SearchApp.A) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C0CAA5FE-7C9C-4DCA-A265-63CF55379D1A} (PUP.Optional.SearchApp.A) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C0CAA5FE-7C9C-4DCA-A265-63CF55379D1A} (PUP.Optional.SearchApp.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0CAA5FE-7C9C-4DCA-A265-63CF55379D1A} (PUP.Optional.SearchApp.A) -> Nebyla provedena žádná instrukce.
HKCU\Software\ilividbandoomoviestoolbar (PUP.Optional.MoviesToolBar.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\${dtUserElevationPolicyID} (PUP.Optional.DataMangr.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilividbandoomoviestoolbarFF (PUP.Optional.Bandoo.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilividbandoomoviestoolbarIE (PUP.Optional.Bandoo.A) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{C0CAA5FE-7C9C-4DCA-A265-63CF55379D1A} (PUP.Optional.SearchApp.A) -> Data: Movies Search App (Dist. by Bandoo Media, Inc.) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{c0caa5fe-7c9c-4dca-a265-63cf55379d1a} (PUP.Optional.SearchApp.A) -> Data: -> Nebyla provedena žádná instrukce.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 1
C:\Documents and Settings\Spravce\Data aplikací\ilividbandoomoviestoolbar (PUP.Optional.MoviesToolBar.A) -> Nebyla provedena žádná instrukce.

Nalezené soubory: 17
C:\AdwCleaner\Quarantine\C\Program Files\MyPC Backup\DEL_MyPC Backup.exe.vir (PUP.Optional.MyPCBackup.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{46FF54C2-434E-4210-B163-93332E7BDA0E}\RP57\A0008519.exe (PUP.Optional.Bandoo) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{46FF54C2-434E-4210-B163-93332E7BDA0E}\RP68\A0013596.exe (PUP.Optional.MyPCBackup.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{46FF54C2-434E-4210-B163-93332E7BDA0E}\RP68\A0013625.cfg (PUP.Optional.Bandoo.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{46FF54C2-434E-4210-B163-93332E7BDA0E}\RP68\A0013628.dll (PUP.Optional.Bandoo.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{46FF54C2-434E-4210-B163-93332E7BDA0E}\RP68\A0013631.exe (PUP.Optional.Bandoo.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{46FF54C2-434E-4210-B163-93332E7BDA0E}\RP68\A0013632.exe (PUP.Optional.Bandoo.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{46FF54C2-434E-4210-B163-93332E7BDA0E}\RP68\A0013633.dll (PUP.Optional.Bandoo.A) -> Nebyla provedena žádná instrukce.
E:\Install\Asus_K8N4-E-Deluxe\GotClip_Setup.exe (Trojan.Agent.NS) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Spravce\Data aplikací\ilividbandoomoviestoolbar\apnuserid.dat (PUP.Optional.MoviesToolBar.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Spravce\Data aplikací\ilividbandoomoviestoolbar\appid.dat (PUP.Optional.MoviesToolBar.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Spravce\Data aplikací\ilividbandoomoviestoolbar\dtx.ini (PUP.Optional.MoviesToolBar.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Spravce\Data aplikací\ilividbandoomoviestoolbar\geodata.xml (PUP.Optional.MoviesToolBar.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Spravce\Data aplikací\ilividbandoomoviestoolbar\guid.dat (PUP.Optional.MoviesToolBar.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Spravce\Data aplikací\ilividbandoomoviestoolbar\preferences.dat (PUP.Optional.MoviesToolBar.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Spravce\Data aplikací\ilividbandoomoviestoolbar\sysid.dat (PUP.Optional.MoviesToolBar.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Spravce\Data aplikací\ilividbandoomoviestoolbar\trackid.dat (PUP.Optional.MoviesToolBar.A) -> Nebyla provedena žádná instrukce.

(konec)

#6 Příspěvek od **Márty84** » 07 pro 2014 21:05

Postupujte presne v tomto poradi.
1) MBAM nezavirejte, jen minimalizujte.
2) Vymazte/Vypnete vytvareni bodu obnovy http://forum.viry.cz/viewtopic.php?f=46&t=47040 , ale nerestartujte pc.
3) Ted nechte nalezy MBAM odstranit a restartujte pc.
4) Zopakujte test s MBAM a napiste jeho vysledek a podle toho zvolim dalsi postup.

Pokud bude cisto, zapnete zase funkci vytvareni bodu obnovy, at pak na to nezapomenem.

hkotrc · #7 Příspěvek od **hkotrc** » 09 pro 2014 18:19

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2014.12.08.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Spravce :: P-ELA [administrátor]

1.1.2005 4:30:05
mbam-log-2005-01-01 (04-30-05).txt

Typ: Kompletní kontrola (C:\|E:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 401250
Uplynulý čas: 1 hodin, 59 minut, 7 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

#8 Příspěvek od **Márty84** » 09 pro 2014 19:41

MBAM muzete odinstalovat.

Dejte log podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100

hkotrc · #9 Příspěvek od **hkotrc** » 14 pro 2014 13:49

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-12-2014
Ran by Spravce (administrator) on P-ELA on 14-12-2014 13:43:12
Running from C:\Documents and Settings\Spravce\Plocha
Loaded Profile: Spravce (Available profiles: Spravce)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunesHelper.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Program Files\WandouLabs\wandoujia_helper.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(forum.viry.cz) C:\Documents and Settings\Spravce\Plocha\FRSTLauncher.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-1957994488-1336601894-725345543-1004\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner.exe [4796696 2014-08-21] (Piriform Ltd)
HKU\S-1-5-21-1957994488-1336601894-725345543-1004\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1957994488-1336601894-725345543-1004\...\MountPoints2: {9cba1328-4fbc-11e4-9de5-0015f2079965} - "Start PC.exe"
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
Startup: C:\Documents and Settings\Spravce\Nabídka Start\Programy\Po spuštění\wandoujia_helper.lnk
ShortcutTarget: wandoujia_helper.lnk -> C:\Program Files\WandouLabs\wandoujia_helper.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... R}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1957994488-1336601894-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
URLSearchHook: HKU\S-1-5-21-1957994488-1336601894-725345543-1004 - Modul přiřazení adres URL - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-1957994488-1336601894-725345543-1004 -> DefaultScope {7BD1707F-AF95-4708-B003-721088BB5057} URL = http://search.seznam.cz/?q={searchTerms ... chmodule_2
SearchScopes: HKU\S-1-5-21-1957994488-1336601894-725345543-1004 -> {7BD1707F-AF95-4708-B003-721088BB5057} URL = http://search.seznam.cz/?q={searchTerms ... chmodule_2
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1957994488-1336601894-725345543-1004 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Spravce\Data aplikací\Mozilla\Firefox\Profiles\i0cjxqex.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml
FF Extension: Movies Search App (Dist. by Bandoo Media, Inc.) - C:\Documents and Settings\Spravce\Data aplikací\Mozilla\Firefox\Profiles\i0cjxqex.default\Extensions\{c0caa5fe-7c9c-4dca-a265-63cf55379d1a} [2014-11-22]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Spravce\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Documents and Settings\Spravce\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2005-01-02]
CHR Extension: (Disk Google) - C:\Documents and Settings\Spravce\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2005-01-02]
CHR Extension: (YouTube) - C:\Documents and Settings\Spravce\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2005-01-02]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\Spravce\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2005-01-02]
CHR Extension: (Gmail) - C:\Documents and Settings\Spravce\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2005-01-02]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-07] (Oracle Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [3640000 2005-07-15] (Realtek Semiconductor Corp.) [File not signed]
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
S3 HTCAND32; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [24576 2014-11-09] (HTC, Corporation) [File not signed]
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
R3 ms_mpu401; C:\WINDOWS\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [33536 2005-08-11] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [12928 2005-08-11] (NVIDIA Corporation)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-14 13:43 - 2014-12-14 13:43 - 00009805 _____ () C:\Documents and Settings\Spravce\Plocha\FRST.txt
2014-12-14 13:42 - 2014-12-14 13:43 - 00000000 ____D () C:\FRST
2014-12-14 11:34 - 2014-12-14 11:34 - 00001897 _____ () C:\WINDOWS\setupapi.log
2014-12-13 20:58 - 2014-12-13 20:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-11 20:53 - 2014-12-11 20:53 - 00000000 ___SD () C:\Documents and Settings\Spravce\UserData
2014-12-07 15:34 - 2014-12-07 15:34 - 00000000 ____D () C:\Documents and Settings\Spravce\Data aplikací\Malwarebytes
2014-12-07 15:33 - 2014-12-07 15:33 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-12-07 10:17 - 2014-12-07 10:43 - 00000110 _____ () C:\AdwCleanerDebug.txt
2014-12-07 10:16 - 2014-12-07 10:17 - 02153472 _____ () C:\Documents and Settings\Spravce\Plocha\adwcleaner_4.104.exe
2014-12-04 18:29 - 2008-04-14 00:15 - 00060032 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2014-12-04 18:29 - 2008-04-14 00:15 - 00060032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBAUDIO.sys
2014-12-04 15:53 - 2014-12-04 15:54 - 00000000 ____D () C:\Documents and Settings\Spravce\Plocha\Alergie, Astma
2014-12-03 19:04 - 2014-12-03 19:04 - 00000000 ____D () C:\rsit
2014-12-03 19:04 - 2014-12-03 19:04 - 00000000 ____D () C:\Program Files\trend micro
2014-12-03 19:03 - 2014-12-03 19:03 - 01107968 _____ () C:\Documents and Settings\Spravce\Plocha\RSIT.exe
2014-11-30 20:36 - 2014-11-30 20:36 - 00001709 _____ () C:\Documents and Settings\Spravce\Plocha\Call of Duty(R) 4 - Modern Warfare(TM) Singleplayer.lnk
2014-11-23 14:13 - 2007-05-31 19:30 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2014-11-23 14:13 - 2007-05-31 19:29 - 00018280 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_2.dll
2014-11-23 14:13 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2014-11-23 14:13 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2014-11-23 14:13 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2014-11-23 14:13 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2014-11-23 14:13 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2014-11-23 14:13 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2014-11-23 14:13 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2014-11-23 14:13 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2014-11-23 14:13 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2014-11-23 14:13 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2014-11-23 14:13 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2014-11-23 14:13 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2014-11-23 14:13 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2014-11-23 14:13 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2014-11-23 14:13 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2014-11-23 14:13 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2014-11-23 14:13 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2014-11-23 14:13 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2014-11-23 14:13 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2014-11-23 14:13 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2014-11-23 14:13 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2014-11-23 14:13 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2014-11-23 14:13 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2014-11-23 14:13 - 2005-12-05 18:07 - 00061136 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput9_1_0.dll
2014-11-23 14:13 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2014-11-23 14:13 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2014-11-23 14:13 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2014-11-23 14:13 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2014-11-23 14:12 - 2014-11-23 14:12 - 00000319 _____ () C:\WINDOWS\game.ini
2014-11-23 14:12 - 2014-11-23 14:12 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Activision
2014-11-23 13:58 - 2014-11-23 13:58 - 00000000 ____D () C:\Program Files\Activision
2014-11-23 13:53 - 2014-11-23 13:53 - 00000000 __SHD () C:\WINDOWS\ftpcache
2014-11-22 18:14 - 2014-11-22 18:16 - 00000000 ____D () C:\Program Files\Plug-Ins
2014-11-21 20:22 - 2014-11-21 20:23 - 00000000 ____D () C:\Documents and Settings\Spravce\Data aplikací\Apple Computer
2014-11-21 20:22 - 2014-11-21 20:22 - 00000000 ____D () C:\Documents and Settings\Spravce\Local Settings\Data aplikací\Apple Computer
2014-11-21 20:21 - 2014-11-21 20:21 - 00001467 _____ () C:\Documents and Settings\All Users\Plocha\iTunes.lnk
2014-11-21 20:21 - 2014-11-21 20:21 - 00000000 ____D () C:\Program Files\Mozilla Plugins
2014-11-21 20:21 - 2014-11-21 20:21 - 00000000 ____D () C:\Program Files\iTunesMiniPlayer.Resources
2014-11-21 20:21 - 2014-11-21 20:21 - 00000000 ____D () C:\Program Files\iTunesHelper.Resources
2014-11-21 20:21 - 2014-11-21 20:21 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\iTunes
2014-11-21 20:21 - 2012-10-03 16:14 - 00026840 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2014-11-21 20:19 - 2014-11-21 20:21 - 00000000 ____D () C:\Program Files\iTunes.Resources
2014-11-21 20:19 - 2014-11-21 20:21 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-11-21 20:19 - 2014-11-21 20:19 - 00000000 ____D () C:\Program Files\iPod
2014-11-21 20:19 - 2014-11-21 20:19 - 00000000 ____D () C:\Program Files\CD Configuration
2014-11-21 20:19 - 2014-11-21 20:19 - 00000000 ____D () C:\Documents and Settings\Spravce\Local Settings\Data aplikací\Apple
2014-11-21 20:19 - 2014-11-21 20:19 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2014-11-21 20:18 - 2014-11-21 20:18 - 00000000 ____D () C:\Documents and Settings\LocalService\Data aplikací\Apple Computer
2014-11-21 20:15 - 2014-11-22 18:34 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-21 20:15 - 2014-11-21 20:18 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Apple
2014-11-21 20:12 - 2014-11-21 20:12 - 109829936 _____ (Apple Inc.) C:\Documents and Settings\Spravce\Plocha\iTunesSetup.exe
2014-11-17 13:05 - 2014-11-17 13:05 - 00000623 _____ () C:\Documents and Settings\Spravce\Plocha\GTA San Andreas.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-14 13:43 - 2014-10-02 10:50 - 00000000 ____D () C:\Documents and Settings\Spravce\Plocha
2014-12-14 13:43 - 2014-10-02 10:50 - 00000000 ____D () C:\Documents and Settings\Spravce\Local Settings\Temp
2014-12-14 13:42 - 2014-10-02 10:50 - 00000000 ___HD () C:\Documents and Settings\Spravce\Local Settings\Data aplikací
2014-12-14 13:35 - 2005-01-02 11:03 - 00000000 ____D () C:\Documents and Settings\Spravce\Data aplikací\Skype
2014-12-14 13:08 - 2014-10-02 13:58 - 00000366 ____H () C:\WINDOWS\Tasks\MpIdleTask.job
2014-12-14 11:46 - 2014-10-02 13:58 - 00000396 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-12-14 11:46 - 2014-10-02 10:48 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-12-14 11:35 - 2005-01-01 02:33 - 00751098 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-14 11:34 - 2014-11-09 18:25 - 00000000 ____D () C:\Program Files\WandouLabs
2014-12-14 11:34 - 2014-10-02 10:50 - 00000000 ____D () C:\Documents and Settings\Spravce
2014-12-14 11:34 - 2005-01-01 02:33 - 00000159 ____N () C:\WINDOWS\wiadebug.log
2014-12-14 11:34 - 2005-01-01 02:33 - 00000050 ____N () C:\WINDOWS\wiaservc.log
2014-12-14 11:33 - 2014-10-02 10:49 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-14 11:33 - 2005-01-01 19:03 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-13 22:34 - 2014-10-02 10:49 - 00032270 ____N () C:\WINDOWS\SchedLgU.Txt
2014-12-13 20:35 - 2006-03-02 13:00 - 00012984 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-12 10:13 - 2014-10-02 11:05 - 00000000 ___RD () C:\Dokumenty
2014-12-10 19:26 - 2005-01-02 11:03 - 00002283 _____ () C:\Documents and Settings\All Users\Plocha\Skype.lnk
2014-12-07 15:33 - 2014-10-02 12:37 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-12-07 15:33 - 2014-10-02 12:37 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-12-07 10:19 - 2005-01-01 14:09 - 00000000 ____D () C:\AdwCleaner
2014-12-03 19:58 - 2014-11-09 18:26 - 00000000 ____D () C:\Documents and Settings\Spravce\Data aplikací\Wandoujia2
2014-12-01 17:36 - 2014-10-02 12:30 - 00000000 ____D () C:\WINDOWS\Help
2014-12-01 17:36 - 2014-10-02 10:50 - 00000807 _____ () C:\Documents and Settings\Spravce\Nabídka Start\Programy\Internet Explorer.lnk
2014-11-30 20:34 - 2014-10-02 11:04 - 00000000 ____D () C:\Documents and Settings\Spravce\Plocha\Údržba
2014-11-30 20:33 - 2005-01-02 11:10 - 00000000 ____D () C:\Program Files\Google
2014-11-30 20:31 - 2014-10-02 12:30 - 00000000 ____D () C:\WINDOWS\Media
2014-11-23 14:13 - 2014-10-02 10:44 - 00000000 ____D () C:\WINDOWS\system32\DirectX
2014-11-23 14:13 - 2005-01-02 09:31 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-11-23 14:12 - 2014-10-02 13:15 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-11-23 13:52 - 2014-10-02 10:50 - 00000000 ___RD () C:\Documents and Settings\Spravce\Nabídka Start\Programy
2014-11-22 18:31 - 2014-10-02 10:50 - 00000000 ___RD () C:\Documents and Settings\Spravce\Nabídka Start\Programy\Po spuštění
2014-11-21 20:18 - 2014-10-02 10:49 - 00000000 ____D () C:\Documents and Settings\LocalService\Data aplikací
2014-11-19 20:41 - 2005-01-02 10:31 - 00002515 _____ () C:\Documents and Settings\Spravce\Plocha\Microsoft Office Word 2007.lnk

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Disk) (Fixed) (Total:74.52 GB) (Free:54.13 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (COD4MW) (CDROM) (Total:6.32 GB) (Free:0 GB) UDF
Drive e: (Disk) (Fixed) (Total:74.52 GB) (Free:29.87 GB) NTFS

Available physical RAM: 447.36 MB
Total physical RAM: 1023.48 MB
Percentage of memory in use: 56%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 74.5 GB) (Disk ID: 32D532D4)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
Disk: 1 (Size: 74.5 GB) (Disk ID: A4DEA4DE)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\MpIdleTask.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Spravce\Plocha" je 2165 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan
Reim ECHO je vypnut.

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"E:\\_Data\\Hry\\Counter-Strike 1.6 Non-Steam\\hl.exe"="E:\\_Data\\Hry\\Counter-Strike 1.6 Non-Steam\\hl.exe:*:Disabled:Half-Life Launcher"
"E:\\_Data\\Hry\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"="E:\\_Data\\Hry\\EA GAMES\\Need for Speed Underground 2\\speed2.exe:*:Enabled:speed2"
"C:\\Program Files\\WandouLabs\\wandoujia2.exe"="C:\\Program Files\\WandouLabs\\wandoujia2.exe:*:Enabled:SnapPea"
"C:\\Program Files\\iTunes.exe"="C:\\Program Files\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Movies App\\Datamngr\\SRTOOL~1\\IE\\dtuser.exe"="C:\\Program Files\\Movies App\\Datamngr\\SRTOOL~1\\IE\\dtuser.exe:*:Enabled:Movies Search App (Dist. by Bandoo Media, Inc.) DTX Broker"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000

==================== End Of Log ==============================

#10 Příspěvek od **Márty84** » 14 pro 2014 22:01

hkotrc píše:***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Spravce\Plocha" je 2165 MB.

Velikost plochy by nemela preshovat 200 - 300 MB! Brzdi to chod pc. Cili ji trosku uklidte a na plochu dejte jen zastupce. Jen pozor na obcasnou chybu, ze uzivatele maji na plose slozku, v ni dalsi a v ni dalsi a do te to schovaji. To je sice hezke, ale plochu to nezmensi, jen je to v jinem supliku

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-1957994488-1336601894-725345543-1004\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner.exe [4796696 2014-08-21] (Piriform Ltd)
HKU\S-1-5-21-1957994488-1336601894-725345543-1004\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1957994488-1336601894-725345543-1004\...\MountPoints2: {9cba1328-4fbc-11e4-9de5-0015f2079965} - "Start PC.exe"
Startup: C:\Documents and Settings\Spravce\Nabídka Start\Programy\Po spuštění\wandoujia_helper.lnk
ShortcutTarget: wandoujia_helper.lnk -> C:\Program Files\WandouLabs\wandoujia_helper.exe ()
C:\Program Files\WandouLabs

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-07] (Oracle Corporation)

2014-12-03 19:58 - 2014-11-09 18:26 - 00000000 ____D () C:\Documents and Settings\Spravce\Data aplikací\Wandoujia2

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

hkotrc · #11 Příspěvek od **hkotrc** » 19 pro 2014 15:28

Plochu jsem ji vyčistil, teď má pod 200MB.

Log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-12-2014
Ran by Spravce at 2014-12-19 15:20:17 Run:1
Running from C:\Documents and Settings\Spravce\Plocha
Loaded Profile: Spravce (Available profiles: Spravce)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-1957994488-1336601894-725345543-1004\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner.exe [4796696 2014-08-21] (Piriform Ltd)
HKU\S-1-5-21-1957994488-1336601894-725345543-1004\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1957994488-1336601894-725345543-1004\...\MountPoints2: {9cba1328-4fbc-11e4-9de5-0015f2079965} - "Start PC.exe"
Startup: C:\Documents and Settings\Spravce\Nabídka Start\Programy\Po spuštění\wandoujia_helper.lnk
ShortcutTarget: wandoujia_helper.lnk -> C:\Program Files\WandouLabs\wandoujia_helper.exe ()
C:\Program Files\WandouLabs

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-07] (Oracle Corporation)

2014-12-03 19:58 - 2014-11-09 18:26 - 00000000 ____D () C:\Documents and Settings\Spravce\Data aplikací\Wandoujia2

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper => value deleted successfully.
HKU\S-1-5-21-1957994488-1336601894-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner => value deleted successfully.
HKU\S-1-5-21-1957994488-1336601894-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => value deleted successfully.
"HKU\S-1-5-21-1957994488-1336601894-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9cba1328-4fbc-11e4-9de5-0015f2079965}" => Key deleted successfully.
"HKCR\CLSID\{9cba1328-4fbc-11e4-9de5-0015f2079965}" => Key not found.
C:\Documents and Settings\Spravce\Nabídka Start\Programy\Po spuštění\wandoujia_helper.lnk => Moved successfully.
C:\Program Files\WandouLabs\wandoujia_helper.exe => Moved successfully.
C:\Program Files\WandouLabs => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
JavaQuickStarterService => Service deleted successfully.
C:\Documents and Settings\Spravce\Data aplikací\Wandoujia2 => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 23.1 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

#12 Příspěvek od **Márty84** » 19 pro 2014 18:55

vyosek píše: T-Cleaner http://tharifas.sweb.cz/T-Cleaner.exe
Stahnete a spustte

Pro potvrzeni volby mackejte A, Enter

Po pouziti utilitu smazte

Antiviry mohou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Stahnete OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.
Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.

Pak napiste, jak je na tom pc.

18.1. pro neaktivitu

http://forum.viry.cz/viewtopic.php?f=12&t=123975

VIRY.CZ

Sekající se pc

Sekající se pc

Re: Sekající se pc

Re: Sekající se pc

Re: Sekající se pc

Re: Sekající se pc

Re: Sekající se pc

Re: Sekající se pc

Re: Sekající se pc

Re: Sekající se pc

Re: Sekající se pc

Re: Sekající se pc

Re: Sekající se pc