Zdravim,
kamarád mi nyní přinesl noťas že mu to nejede. Po klasickém vyčištění ( Malwarebytes, Spyware Terminator ) nejedou win normálně. Nejde spustit spouta věcí z nabýdky start.
Předem za pomoc děkuji.
zde log:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-12-2014 01
Ran by a (administrator) on DOMA-22NHZ4XD0W on 10-12-2014 20:18:26
Running from C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha
Loaded Profile: a (Available profiles: a)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(Crawler.com) C:\Program Files\Spyware Terminator\st_rsser.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1208320 2010-07-13] (Motorola Inc.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [598016 2010-07-13] (Realtek Semiconductor Corp.)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-uninstall ... QA5ADcAMwA (the data entry has 283 more characters).
Winlogon\Notify\dimsntfy: C:\WINDOWS\System32\dimsntfy.dll ()
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... R}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-839522115-746137067-854245398-1003\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-839522115-746137067-854245398-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
URLSearchHook: [S-1-5-21-839522115-746137067-854245398-1003] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://www.webhledani.cz/results.aspx?i ... earchTerms}
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://www.webhledani.cz/results.aspx?i ... earchTerms}
SearchScopes: HKU\S-1-5-21-839522115-746137067-854245398-1003 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={AF12 ... 2011-12-07 09:11:03&v=10.2.0.3&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-839522115-746137067-854245398-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={AF12 ... 2011-12-07 09:11:03&v=10.2.0.3&sap=dsp&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Data aplikací\Mozilla\Firefox\Profiles\uv9tusdk.default
FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: AVG Secure Search
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
FF Extension: Seznam lištička - C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Data aplikací\Mozilla\Firefox\Profiles\uv9tusdk.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2014-09-02]
Chrome:
=======
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132608 2008-04-14] () [File not signed]
S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [33792 2008-04-14] () [File not signed]
S3 hkmsvc; C:\WINDOWS\System32\kmsvc.dll [61440 2008-04-14] () [File not signed]
S3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2008-04-14] () [File not signed]
S3 mnmsrvc; C:\WINDOWS\System32\mnmsrvc.exe [32768 2008-04-14] () [File not signed]
S3 napagent; C:\WINDOWS\System32\qagentrt.dll [293376 2008-04-14] () [File not signed]
S2 Schedule; C:\WINDOWS\system32\schedsvc.dll [192512 2008-04-14] () [File not signed]
R2 ST2012_Svc; C:\Program Files\Spyware Terminator\st_rsser.exe [587472 2012-09-07] (Crawler.com)
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [52224 2008-04-14] () [File not signed]
S2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [80896 2008-04-14] () [File not signed]
S2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-14] () [File not signed]
S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129024 2008-04-14] () [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4071272 2010-07-13] (Realtek Semiconductor Corp.)
R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys [105088 2010-07-13] (Realtek Semiconductor Corporation ) [File not signed]
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R3 smserial; C:\WINDOWS\System32\DRIVERS\smserial.sys [1090304 2010-07-13] (Motorola Inc.) [File not signed]
R1 sp_rsdrv2; C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] () [File not signed]
R1 VD_FileDisk; C:\WINDOWS\system32\Drivers\VD_FileDisk.sys [15872 2006-01-13] (Flint Incorporation) [File not signed]
R3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2216064 2010-07-13] (Intel® Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-10 20:18 - 2014-12-10 20:18 - 00008138 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\FRST.txt
2014-12-10 20:18 - 2014-12-10 20:18 - 00000000 ____D () C:\FRST
2014-12-10 20:13 - 2014-12-10 21:07 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\FRSTLauncher (1).exe
2014-12-10 20:13 - 2014-12-10 20:47 - 01111040 _____ (Farbar) C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\FRST.exe
2014-12-09 22:28 - 2014-12-09 22:29 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\čistka
2014-12-09 22:26 - 2014-12-10 20:15 - 00000840 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-09 21:41 - 2014-12-09 21:44 - 00008115 _____ () C:\WINDOWS\svcpack.log
2014-12-09 21:41 - 2014-12-09 21:41 - 00000000 ____D () C:\WINDOWS\system32\CatRoot_bak
2014-12-09 21:37 - 2014-12-10 20:15 - 00038463 _____ () C:\WINDOWS\setupapi.log
2014-12-09 21:18 - 2014-12-09 21:18 - 00069232 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2014-12-09 21:18 - 2014-12-09 21:18 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\AVAST Software
2014-12-09 21:18 - 2014-12-09 21:18 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\AVAST Software
2014-12-09 21:14 - 2014-12-09 21:14 - 00004044 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Dokumenty\cc_20141209_211417.reg
2014-12-09 21:09 - 2014-12-09 21:09 - 00000079 _____ () C:\WINDOWS\wininit.ini
2014-12-09 21:02 - 2014-12-09 21:09 - 00065536 _____ () C:\WINDOWS\system32\config\Spybot -.evt
2014-12-09 21:01 - 2014-12-09 21:17 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
2014-12-09 21:01 - 2014-12-09 21:17 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
2014-12-09 20:54 - 2014-12-09 20:54 - 00000762 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Dokumenty\cc_20141209_205432.reg
2014-12-09 20:23 - 2014-12-09 20:31 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spyware Terminator
2014-12-09 20:23 - 2014-12-09 20:31 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spyware Terminator
2014-12-09 20:23 - 2014-12-09 20:23 - 00000000 ____D () C:\Program Files\Spyware Terminator
2014-12-09 20:23 - 2014-12-09 20:23 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Spyware Terminator 2012
2014-12-09 20:23 - 2014-12-09 20:23 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Spyware Terminator 2012
2014-12-09 20:23 - 2014-12-09 20:23 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Data aplikací\Spyware Terminator
2014-12-09 20:23 - 2011-06-21 11:24 - 00032768 _____ () C:\WINDOWS\system32\Drivers\sp_rsdrv2.sys
2014-12-09 20:19 - 2014-12-09 21:17 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-12-09 20:01 - 2014-12-09 20:01 - 00000442 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Dokumenty\cc_20141209_200121.reg
2014-12-09 17:30 - 2014-12-09 17:30 - 00262144 _____ () C:\WINDOWS\system32\config\DEFAULT.rb1
2014-12-09 17:30 - 2014-12-09 17:30 - 00000000 ____H () C:\WINDOWS\system32\config\SYSTEM.rb1.LOG
2014-12-09 17:30 - 2014-12-09 17:30 - 00000000 ____H () C:\WINDOWS\system32\config\SOFTWARE.rb1.LOG
2014-12-09 17:30 - 2014-12-09 17:30 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.rb1.LOG
2014-12-09 17:21 - 2014-12-09 17:21 - 00000000 ____D () C:\Program Files\WinASO
2014-12-09 17:21 - 2014-12-09 17:21 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\WinASO
2014-12-09 17:21 - 2014-12-09 17:21 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\WinASO
2014-12-08 23:51 - 2014-12-08 23:51 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-12-08 23:51 - 2014-12-08 23:51 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2014-12-08 23:51 - 2014-12-08 23:51 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2014-12-08 23:51 - 2014-12-08 23:51 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Data aplikací\Malwarebytes
2014-12-08 23:51 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-08 23:48 - 2014-12-08 23:48 - 00000293 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\Místní disk (C).lnk
2014-12-08 23:37 - 2014-12-08 23:37 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Data aplikací\SUPERAntiSpyware.com
2014-12-08 23:36 - 2014-12-08 23:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\SUPERAntiSpyware.com
2014-12-08 23:36 - 2014-12-08 23:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\SUPERAntiSpyware.com
2014-12-08 23:35 - 2014-12-08 23:35 - 00026338 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Dokumenty\cc_20141208_233509.reg
2014-12-08 23:35 - 2014-12-08 23:35 - 00000596 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Dokumenty\cc_20141208_233529.reg
2014-12-08 23:35 - 2014-12-08 23:35 - 00000082 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Dokumenty\cc_20141208_233546.reg
2014-12-08 23:33 - 2014-12-08 23:34 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-08 23:32 - 2014-12-10 20:09 - 00000000 ____D () C:\čištění
2014-12-08 22:54 - 2014-12-08 22:55 - 00000000 ____D () C:\WINDOWS\pss
2014-12-08 22:27 - 2014-12-08 22:27 - 00000000 __SHD () C:\found.000
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-10 20:18 - 2014-08-31 05:03 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha
2014-12-10 20:18 - 2014-08-31 05:03 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Local Settings\Temp
2014-12-10 19:43 - 2010-07-13 22:22 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-12-10 19:43 - 2010-07-13 22:22 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-12-10 19:40 - 2014-08-31 05:03 - 00000178 ___SH () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\ntuser.ini
2014-12-10 19:40 - 2010-07-13 17:32 - 00000000 ____D () C:\WINDOWS\security
2014-12-09 22:29 - 2010-07-13 22:21 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Plocha
2014-12-09 22:23 - 2010-07-13 17:34 - 00000211 ___SH () C:\boot.ini
2014-12-09 22:23 - 2001-10-25 13:00 - 00000507 _____ () C:\WINDOWS\win.ini
2014-12-09 22:23 - 2001-10-25 13:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-12-09 21:18 - 2014-08-31 05:03 - 00000000 ___HD () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Local Settings\Data aplikací
2014-12-09 21:18 - 2010-07-13 22:20 - 00000000 __RHD () C:\Documents and Settings\All Users.WINDOWS\Data aplikací
2014-12-09 21:14 - 2014-08-31 05:03 - 00000000 ___RD () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Dokumenty
2014-12-09 21:13 - 2014-08-31 05:03 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W
2014-12-09 21:02 - 2010-07-13 22:21 - 00000000 ___RD () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy
2014-12-09 21:02 - 2010-07-13 22:21 - 00000000 ___RD () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy
2014-12-09 20:52 - 2010-07-13 22:51 - 00000000 ____D () C:\WINDOWS\SHELLNEW
2014-12-09 20:52 - 2010-07-13 22:51 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-12-09 20:52 - 2010-07-13 17:36 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-09 20:47 - 2010-07-13 17:32 - 00000000 ____D () C:\WINDOWS\system
2014-12-09 20:23 - 2014-08-31 05:03 - 00000000 __RHD () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Data aplikací
2014-12-09 20:00 - 2010-07-13 22:21 - 00000000 ___RD () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start
2014-12-09 17:31 - 2010-07-13 22:20 - 00262144 _____ () C:\WINDOWS\system32\config\SAM.rb2
2014-12-09 17:31 - 2010-07-13 22:19 - 19136512 _____ () C:\WINDOWS\system32\config\SOFTWARE.rb2
2014-12-09 17:31 - 2010-07-13 22:19 - 04718592 _____ () C:\WINDOWS\system32\config\SYSTEM.rb2
2014-12-09 17:30 - 2010-07-13 20:37 - 00000000 __SHD () C:\Documents and Settings\NetworkService.NT AUTHORITY
2014-12-09 17:30 - 2010-07-13 20:37 - 00000000 __SHD () C:\Documents and Settings\LocalService.NT AUTHORITY
2014-12-09 17:25 - 2010-07-13 22:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Driver Checker
2014-12-09 17:25 - 2010-07-13 22:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Driver Checker
2014-12-09 00:01 - 2010-07-13 22:16 - 00000000 ____D () C:\WINDOWS\twain_32
2014-12-08 22:17 - 2010-07-13 20:40 - 00000000 ____D () C:\Documents and Settings\a\Local Settings\Temp
2014-12-08 21:48 - 2010-07-13 20:40 - 00000000 ____D () C:\Documents and Settings\a
2014-12-08 21:37 - 2001-10-25 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Postarší noťas
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Postarší noťas
- Přílohy
-
- Addition.rar
- (3.93 KiB) Staženo 59 x
-
Rudy
- Site Admin
- Příspěvky: 119557
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Postarší noťas
Zdravím!
Zkuste nejprve tuto utilitu:
Zkuste nejprve tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Postarší noťas
# AdwCleaner v4.105 - Report created 10/12/2014 at 21:30:10
# Updated 08/12/2014 by Xplode
# Database : 2014-12-08.2 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : a - DOMA-22NHZ4XD0W
# Running from : C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\adwcleaner_4.105.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : mnmsrvc
***** [ Files / Folders ] *****
File Deleted : C:\WINDOWS\system32\mnmsrvc.exe
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
***** [ Browsers ] *****
-\\ Internet Explorer v6.0.2900.5512
-\\ Mozilla Firefox v11.0 (cs)
*************************
AdwCleaner[R0].txt - [1742 octets] - [10/12/2014 21:28:05]
AdwCleaner[S0].txt - [1689 octets] - [10/12/2014 21:30:10]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1749 octets] ##########
# Updated 08/12/2014 by Xplode
# Database : 2014-12-08.2 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : a - DOMA-22NHZ4XD0W
# Running from : C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\adwcleaner_4.105.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : mnmsrvc
***** [ Files / Folders ] *****
File Deleted : C:\WINDOWS\system32\mnmsrvc.exe
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
***** [ Browsers ] *****
-\\ Internet Explorer v6.0.2900.5512
-\\ Mozilla Firefox v11.0 (cs)
*************************
AdwCleaner[R0].txt - [1742 octets] - [10/12/2014 21:28:05]
AdwCleaner[S0].txt - [1689 octets] - [10/12/2014 21:30:10]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1749 octets] ##########
-
Rudy
- Site Admin
- Příspěvky: 119557
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Postarší noťas
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Postarší noťas
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-12-2014 01
Ran by a (administrator) on DOMA-22NHZ4XD0W on 10-12-2014 21:40:16
Running from C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha
Loaded Profile: a (Available profiles: a)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(Crawler.com) C:\Program Files\Spyware Terminator\st_rsser.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1208320 2010-07-13] (Motorola Inc.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [598016 2010-07-13] (Realtek Semiconductor Corp.)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-uninstall ... QA5ADcAMwA (the data entry has 283 more characters).
Winlogon\Notify\dimsntfy: C:\WINDOWS\System32\dimsntfy.dll ()
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... R}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-839522115-746137067-854245398-1003\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-839522115-746137067-854245398-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
URLSearchHook: [S-1-5-21-839522115-746137067-854245398-1003] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://www.webhledani.cz/results.aspx?i ... earchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Data aplikací\Mozilla\Firefox\Profiles\uv9tusdk.default
FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: AVG Secure Search
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
FF Extension: Seznam lištička - C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Data aplikací\Mozilla\Firefox\Profiles\uv9tusdk.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2014-09-02]
Chrome:
=======
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132608 2008-04-14] () [File not signed]
S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [33792 2008-04-14] () [File not signed]
S3 hkmsvc; C:\WINDOWS\System32\kmsvc.dll [61440 2008-04-14] () [File not signed]
S3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2008-04-14] () [File not signed]
S3 napagent; C:\WINDOWS\System32\qagentrt.dll [293376 2008-04-14] () [File not signed]
S2 Schedule; C:\WINDOWS\system32\schedsvc.dll [192512 2008-04-14] () [File not signed]
R2 ST2012_Svc; C:\Program Files\Spyware Terminator\st_rsser.exe [587472 2012-09-07] (Crawler.com)
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [52224 2008-04-14] () [File not signed]
S2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [80896 2008-04-14] () [File not signed]
S2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-14] () [File not signed]
S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129024 2008-04-14] () [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4071272 2010-07-13] (Realtek Semiconductor Corp.)
R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys [105088 2010-07-13] (Realtek Semiconductor Corporation ) [File not signed]
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R3 smserial; C:\WINDOWS\System32\DRIVERS\smserial.sys [1090304 2010-07-13] (Motorola Inc.) [File not signed]
R1 sp_rsdrv2; C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] () [File not signed]
R1 VD_FileDisk; C:\WINDOWS\system32\Drivers\VD_FileDisk.sys [15872 2006-01-13] (Flint Incorporation) [File not signed]
R3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2216064 2010-07-13] (Intel® Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-10 21:39 - 2014-12-10 21:40 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\1 log frst
2014-12-10 21:31 - 2014-12-10 21:31 - 00001829 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\Nový objekt - Textový dokument.txt
2014-12-10 21:27 - 2014-12-10 22:21 - 02166272 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\adwcleaner_4.105.exe
2014-12-10 21:27 - 2014-12-10 21:30 - 00000000 ____D () C:\AdwCleaner
2014-12-10 20:18 - 2014-12-10 21:40 - 00007241 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\FRST.txt
2014-12-10 20:18 - 2014-12-10 21:40 - 00000000 ____D () C:\FRST
2014-12-10 20:13 - 2014-12-10 21:07 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\FRSTLauncher (1).exe
2014-12-10 20:13 - 2014-12-10 20:47 - 01111040 _____ (Farbar) C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\FRST.exe
2014-12-09 22:28 - 2014-12-09 22:29 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\čistka
2014-12-09 22:26 - 2014-12-10 20:15 - 00000840 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-09 21:41 - 2014-12-09 21:44 - 00008115 _____ () C:\WINDOWS\svcpack.log
2014-12-09 21:41 - 2014-12-09 21:41 - 00000000 ____D () C:\WINDOWS\system32\CatRoot_bak
2014-12-09 21:37 - 2014-12-10 21:30 - 00038815 _____ () C:\WINDOWS\setupapi.log
2014-12-09 21:18 - 2014-12-09 21:18 - 00069232 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2014-12-09 21:18 - 2014-12-09 21:18 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\AVAST Software
2014-12-09 21:18 - 2014-12-09 21:18 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\AVAST Software
2014-12-09 21:14 - 2014-12-09 21:14 - 00004044 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Dokumenty\cc_20141209_211417.reg
2014-12-09 21:09 - 2014-12-09 21:09 - 00000079 _____ () C:\WINDOWS\wininit.ini
2014-12-09 21:02 - 2014-12-09 21:09 - 00065536 _____ () C:\WINDOWS\system32\config\Spybot -.evt
2014-12-09 21:01 - 2014-12-09 21:17 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
2014-12-09 21:01 - 2014-12-09 21:17 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
2014-12-09 20:54 - 2014-12-09 20:54 - 00000762 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Dokumenty\cc_20141209_205432.reg
2014-12-09 20:23 - 2014-12-09 20:31 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spyware Terminator
2014-12-09 20:23 - 2014-12-09 20:31 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spyware Terminator
2014-12-09 20:23 - 2014-12-09 20:23 - 00000000 ____D () C:\Program Files\Spyware Terminator
2014-12-09 20:23 - 2014-12-09 20:23 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Spyware Terminator 2012
2014-12-09 20:23 - 2014-12-09 20:23 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Spyware Terminator 2012
2014-12-09 20:23 - 2014-12-09 20:23 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Data aplikací\Spyware Terminator
2014-12-09 20:23 - 2011-06-21 11:24 - 00032768 _____ () C:\WINDOWS\system32\Drivers\sp_rsdrv2.sys
2014-12-09 20:19 - 2014-12-09 21:17 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-12-09 20:01 - 2014-12-09 20:01 - 00000442 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Dokumenty\cc_20141209_200121.reg
2014-12-09 17:30 - 2014-12-09 17:30 - 00262144 _____ () C:\WINDOWS\system32\config\DEFAULT.rb1
2014-12-09 17:30 - 2014-12-09 17:30 - 00000000 ____H () C:\WINDOWS\system32\config\SYSTEM.rb1.LOG
2014-12-09 17:30 - 2014-12-09 17:30 - 00000000 ____H () C:\WINDOWS\system32\config\SOFTWARE.rb1.LOG
2014-12-09 17:30 - 2014-12-09 17:30 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.rb1.LOG
2014-12-09 17:21 - 2014-12-09 17:21 - 00000000 ____D () C:\Program Files\WinASO
2014-12-09 17:21 - 2014-12-09 17:21 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\WinASO
2014-12-09 17:21 - 2014-12-09 17:21 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\WinASO
2014-12-08 23:51 - 2014-12-08 23:51 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-12-08 23:51 - 2014-12-08 23:51 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2014-12-08 23:51 - 2014-12-08 23:51 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2014-12-08 23:51 - 2014-12-08 23:51 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Data aplikací\Malwarebytes
2014-12-08 23:51 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-08 23:48 - 2014-12-08 23:48 - 00000293 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\Místní disk (C).lnk
2014-12-08 23:37 - 2014-12-08 23:37 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Data aplikací\SUPERAntiSpyware.com
2014-12-08 23:36 - 2014-12-08 23:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\SUPERAntiSpyware.com
2014-12-08 23:36 - 2014-12-08 23:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\SUPERAntiSpyware.com
2014-12-08 23:35 - 2014-12-08 23:35 - 00026338 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Dokumenty\cc_20141208_233509.reg
2014-12-08 23:35 - 2014-12-08 23:35 - 00000596 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Dokumenty\cc_20141208_233529.reg
2014-12-08 23:35 - 2014-12-08 23:35 - 00000082 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Dokumenty\cc_20141208_233546.reg
2014-12-08 23:33 - 2014-12-08 23:34 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-08 23:32 - 2014-12-10 20:09 - 00000000 ____D () C:\čištění
2014-12-08 22:54 - 2014-12-08 22:55 - 00000000 ____D () C:\WINDOWS\pss
2014-12-08 22:27 - 2014-12-08 22:27 - 00000000 __SHD () C:\found.000
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-10 21:40 - 2014-08-31 05:03 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha
2014-12-10 21:40 - 2014-08-31 05:03 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Local Settings\Temp
2014-12-10 21:33 - 2010-07-13 22:22 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-12-10 21:33 - 2010-07-13 22:22 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-12-10 21:30 - 2014-08-31 05:03 - 00000178 ___SH () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\ntuser.ini
2014-12-10 19:40 - 2010-07-13 17:32 - 00000000 ____D () C:\WINDOWS\security
2014-12-09 22:29 - 2010-07-13 22:21 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Plocha
2014-12-09 22:23 - 2010-07-13 17:34 - 00000211 ___SH () C:\boot.ini
2014-12-09 22:23 - 2001-10-25 13:00 - 00000507 _____ () C:\WINDOWS\win.ini
2014-12-09 22:23 - 2001-10-25 13:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-12-09 21:18 - 2014-08-31 05:03 - 00000000 ___HD () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Local Settings\Data aplikací
2014-12-09 21:18 - 2010-07-13 22:20 - 00000000 __RHD () C:\Documents and Settings\All Users.WINDOWS\Data aplikací
2014-12-09 21:14 - 2014-08-31 05:03 - 00000000 ___RD () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Dokumenty
2014-12-09 21:13 - 2014-08-31 05:03 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W
2014-12-09 21:02 - 2010-07-13 22:21 - 00000000 ___RD () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy
2014-12-09 21:02 - 2010-07-13 22:21 - 00000000 ___RD () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy
2014-12-09 20:52 - 2010-07-13 22:51 - 00000000 ____D () C:\WINDOWS\SHELLNEW
2014-12-09 20:52 - 2010-07-13 22:51 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-12-09 20:52 - 2010-07-13 17:36 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-09 20:47 - 2010-07-13 17:32 - 00000000 ____D () C:\WINDOWS\system
2014-12-09 20:23 - 2014-08-31 05:03 - 00000000 __RHD () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Data aplikací
2014-12-09 20:00 - 2010-07-13 22:21 - 00000000 ___RD () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start
2014-12-09 17:31 - 2010-07-13 22:20 - 00262144 _____ () C:\WINDOWS\system32\config\SAM.rb2
2014-12-09 17:31 - 2010-07-13 22:19 - 19136512 _____ () C:\WINDOWS\system32\config\SOFTWARE.rb2
2014-12-09 17:31 - 2010-07-13 22:19 - 04718592 _____ () C:\WINDOWS\system32\config\SYSTEM.rb2
2014-12-09 17:30 - 2010-07-13 20:37 - 00000000 __SHD () C:\Documents and Settings\NetworkService.NT AUTHORITY
2014-12-09 17:30 - 2010-07-13 20:37 - 00000000 __SHD () C:\Documents and Settings\LocalService.NT AUTHORITY
2014-12-09 17:25 - 2010-07-13 22:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Driver Checker
2014-12-09 17:25 - 2010-07-13 22:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Driver Checker
2014-12-09 00:01 - 2010-07-13 22:16 - 00000000 ____D () C:\WINDOWS\twain_32
2014-12-08 22:17 - 2010-07-13 20:40 - 00000000 ____D () C:\Documents and Settings\a\Local Settings\Temp
2014-12-08 21:48 - 2010-07-13 20:40 - 00000000 ____D () C:\Documents and Settings\a
2014-12-08 21:37 - 2001-10-25 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
Some content of TEMP:
====================
C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Local Settings\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Ran by a (administrator) on DOMA-22NHZ4XD0W on 10-12-2014 21:40:16
Running from C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha
Loaded Profile: a (Available profiles: a)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(Crawler.com) C:\Program Files\Spyware Terminator\st_rsser.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1208320 2010-07-13] (Motorola Inc.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [598016 2010-07-13] (Realtek Semiconductor Corp.)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-uninstall ... QA5ADcAMwA (the data entry has 283 more characters).
Winlogon\Notify\dimsntfy: C:\WINDOWS\System32\dimsntfy.dll ()
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... R}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-839522115-746137067-854245398-1003\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-839522115-746137067-854245398-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
URLSearchHook: [S-1-5-21-839522115-746137067-854245398-1003] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://www.webhledani.cz/results.aspx?i ... earchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Data aplikací\Mozilla\Firefox\Profiles\uv9tusdk.default
FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: AVG Secure Search
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
FF Extension: Seznam lištička - C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Data aplikací\Mozilla\Firefox\Profiles\uv9tusdk.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2014-09-02]
Chrome:
=======
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132608 2008-04-14] () [File not signed]
S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [33792 2008-04-14] () [File not signed]
S3 hkmsvc; C:\WINDOWS\System32\kmsvc.dll [61440 2008-04-14] () [File not signed]
S3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2008-04-14] () [File not signed]
S3 napagent; C:\WINDOWS\System32\qagentrt.dll [293376 2008-04-14] () [File not signed]
S2 Schedule; C:\WINDOWS\system32\schedsvc.dll [192512 2008-04-14] () [File not signed]
R2 ST2012_Svc; C:\Program Files\Spyware Terminator\st_rsser.exe [587472 2012-09-07] (Crawler.com)
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [52224 2008-04-14] () [File not signed]
S2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [80896 2008-04-14] () [File not signed]
S2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-14] () [File not signed]
S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129024 2008-04-14] () [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4071272 2010-07-13] (Realtek Semiconductor Corp.)
R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys [105088 2010-07-13] (Realtek Semiconductor Corporation ) [File not signed]
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R3 smserial; C:\WINDOWS\System32\DRIVERS\smserial.sys [1090304 2010-07-13] (Motorola Inc.) [File not signed]
R1 sp_rsdrv2; C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] () [File not signed]
R1 VD_FileDisk; C:\WINDOWS\system32\Drivers\VD_FileDisk.sys [15872 2006-01-13] (Flint Incorporation) [File not signed]
R3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2216064 2010-07-13] (Intel® Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-10 21:39 - 2014-12-10 21:40 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\1 log frst
2014-12-10 21:31 - 2014-12-10 21:31 - 00001829 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\Nový objekt - Textový dokument.txt
2014-12-10 21:27 - 2014-12-10 22:21 - 02166272 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\adwcleaner_4.105.exe
2014-12-10 21:27 - 2014-12-10 21:30 - 00000000 ____D () C:\AdwCleaner
2014-12-10 20:18 - 2014-12-10 21:40 - 00007241 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\FRST.txt
2014-12-10 20:18 - 2014-12-10 21:40 - 00000000 ____D () C:\FRST
2014-12-10 20:13 - 2014-12-10 21:07 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\FRSTLauncher (1).exe
2014-12-10 20:13 - 2014-12-10 20:47 - 01111040 _____ (Farbar) C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\FRST.exe
2014-12-09 22:28 - 2014-12-09 22:29 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\čistka
2014-12-09 22:26 - 2014-12-10 20:15 - 00000840 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-09 21:41 - 2014-12-09 21:44 - 00008115 _____ () C:\WINDOWS\svcpack.log
2014-12-09 21:41 - 2014-12-09 21:41 - 00000000 ____D () C:\WINDOWS\system32\CatRoot_bak
2014-12-09 21:37 - 2014-12-10 21:30 - 00038815 _____ () C:\WINDOWS\setupapi.log
2014-12-09 21:18 - 2014-12-09 21:18 - 00069232 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2014-12-09 21:18 - 2014-12-09 21:18 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\AVAST Software
2014-12-09 21:18 - 2014-12-09 21:18 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\AVAST Software
2014-12-09 21:14 - 2014-12-09 21:14 - 00004044 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Dokumenty\cc_20141209_211417.reg
2014-12-09 21:09 - 2014-12-09 21:09 - 00000079 _____ () C:\WINDOWS\wininit.ini
2014-12-09 21:02 - 2014-12-09 21:09 - 00065536 _____ () C:\WINDOWS\system32\config\Spybot -.evt
2014-12-09 21:01 - 2014-12-09 21:17 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
2014-12-09 21:01 - 2014-12-09 21:17 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
2014-12-09 20:54 - 2014-12-09 20:54 - 00000762 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Dokumenty\cc_20141209_205432.reg
2014-12-09 20:23 - 2014-12-09 20:31 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spyware Terminator
2014-12-09 20:23 - 2014-12-09 20:31 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spyware Terminator
2014-12-09 20:23 - 2014-12-09 20:23 - 00000000 ____D () C:\Program Files\Spyware Terminator
2014-12-09 20:23 - 2014-12-09 20:23 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Spyware Terminator 2012
2014-12-09 20:23 - 2014-12-09 20:23 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Spyware Terminator 2012
2014-12-09 20:23 - 2014-12-09 20:23 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Data aplikací\Spyware Terminator
2014-12-09 20:23 - 2011-06-21 11:24 - 00032768 _____ () C:\WINDOWS\system32\Drivers\sp_rsdrv2.sys
2014-12-09 20:19 - 2014-12-09 21:17 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-12-09 20:01 - 2014-12-09 20:01 - 00000442 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Dokumenty\cc_20141209_200121.reg
2014-12-09 17:30 - 2014-12-09 17:30 - 00262144 _____ () C:\WINDOWS\system32\config\DEFAULT.rb1
2014-12-09 17:30 - 2014-12-09 17:30 - 00000000 ____H () C:\WINDOWS\system32\config\SYSTEM.rb1.LOG
2014-12-09 17:30 - 2014-12-09 17:30 - 00000000 ____H () C:\WINDOWS\system32\config\SOFTWARE.rb1.LOG
2014-12-09 17:30 - 2014-12-09 17:30 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.rb1.LOG
2014-12-09 17:21 - 2014-12-09 17:21 - 00000000 ____D () C:\Program Files\WinASO
2014-12-09 17:21 - 2014-12-09 17:21 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\WinASO
2014-12-09 17:21 - 2014-12-09 17:21 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\WinASO
2014-12-08 23:51 - 2014-12-08 23:51 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-12-08 23:51 - 2014-12-08 23:51 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2014-12-08 23:51 - 2014-12-08 23:51 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2014-12-08 23:51 - 2014-12-08 23:51 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Data aplikací\Malwarebytes
2014-12-08 23:51 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-08 23:48 - 2014-12-08 23:48 - 00000293 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\Místní disk (C).lnk
2014-12-08 23:37 - 2014-12-08 23:37 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Data aplikací\SUPERAntiSpyware.com
2014-12-08 23:36 - 2014-12-08 23:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\SUPERAntiSpyware.com
2014-12-08 23:36 - 2014-12-08 23:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\SUPERAntiSpyware.com
2014-12-08 23:35 - 2014-12-08 23:35 - 00026338 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Dokumenty\cc_20141208_233509.reg
2014-12-08 23:35 - 2014-12-08 23:35 - 00000596 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Dokumenty\cc_20141208_233529.reg
2014-12-08 23:35 - 2014-12-08 23:35 - 00000082 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Dokumenty\cc_20141208_233546.reg
2014-12-08 23:33 - 2014-12-08 23:34 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-08 23:32 - 2014-12-10 20:09 - 00000000 ____D () C:\čištění
2014-12-08 22:54 - 2014-12-08 22:55 - 00000000 ____D () C:\WINDOWS\pss
2014-12-08 22:27 - 2014-12-08 22:27 - 00000000 __SHD () C:\found.000
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-10 21:40 - 2014-08-31 05:03 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha
2014-12-10 21:40 - 2014-08-31 05:03 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Local Settings\Temp
2014-12-10 21:33 - 2010-07-13 22:22 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-12-10 21:33 - 2010-07-13 22:22 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-12-10 21:30 - 2014-08-31 05:03 - 00000178 ___SH () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\ntuser.ini
2014-12-10 19:40 - 2010-07-13 17:32 - 00000000 ____D () C:\WINDOWS\security
2014-12-09 22:29 - 2010-07-13 22:21 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Plocha
2014-12-09 22:23 - 2010-07-13 17:34 - 00000211 ___SH () C:\boot.ini
2014-12-09 22:23 - 2001-10-25 13:00 - 00000507 _____ () C:\WINDOWS\win.ini
2014-12-09 22:23 - 2001-10-25 13:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-12-09 21:18 - 2014-08-31 05:03 - 00000000 ___HD () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Local Settings\Data aplikací
2014-12-09 21:18 - 2010-07-13 22:20 - 00000000 __RHD () C:\Documents and Settings\All Users.WINDOWS\Data aplikací
2014-12-09 21:14 - 2014-08-31 05:03 - 00000000 ___RD () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Dokumenty
2014-12-09 21:13 - 2014-08-31 05:03 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W
2014-12-09 21:02 - 2010-07-13 22:21 - 00000000 ___RD () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy
2014-12-09 21:02 - 2010-07-13 22:21 - 00000000 ___RD () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy
2014-12-09 20:52 - 2010-07-13 22:51 - 00000000 ____D () C:\WINDOWS\SHELLNEW
2014-12-09 20:52 - 2010-07-13 22:51 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-12-09 20:52 - 2010-07-13 17:36 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-09 20:47 - 2010-07-13 17:32 - 00000000 ____D () C:\WINDOWS\system
2014-12-09 20:23 - 2014-08-31 05:03 - 00000000 __RHD () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Data aplikací
2014-12-09 20:00 - 2010-07-13 22:21 - 00000000 ___RD () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start
2014-12-09 17:31 - 2010-07-13 22:20 - 00262144 _____ () C:\WINDOWS\system32\config\SAM.rb2
2014-12-09 17:31 - 2010-07-13 22:19 - 19136512 _____ () C:\WINDOWS\system32\config\SOFTWARE.rb2
2014-12-09 17:31 - 2010-07-13 22:19 - 04718592 _____ () C:\WINDOWS\system32\config\SYSTEM.rb2
2014-12-09 17:30 - 2010-07-13 20:37 - 00000000 __SHD () C:\Documents and Settings\NetworkService.NT AUTHORITY
2014-12-09 17:30 - 2010-07-13 20:37 - 00000000 __SHD () C:\Documents and Settings\LocalService.NT AUTHORITY
2014-12-09 17:25 - 2010-07-13 22:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Driver Checker
2014-12-09 17:25 - 2010-07-13 22:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Driver Checker
2014-12-09 00:01 - 2010-07-13 22:16 - 00000000 ____D () C:\WINDOWS\twain_32
2014-12-08 22:17 - 2010-07-13 20:40 - 00000000 ____D () C:\Documents and Settings\a\Local Settings\Temp
2014-12-08 21:48 - 2010-07-13 20:40 - 00000000 ____D () C:\Documents and Settings\a
2014-12-08 21:37 - 2001-10-25 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
Some content of TEMP:
====================
C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Local Settings\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
-
Rudy
- Site Admin
- Příspěvky: 119557
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Postarší noťas
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-839522115-746137067-854245398-1003\Software\Microsoft\Internet Explorer\Main,Local Page =
URLSearchHook: [S-1-5-21-839522115-746137067-854245398-1003] ATTENTION ==> Default URLSearchHook is missing.
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
C:\Program Files\Skype\Toolbars
C:\Documents and Settings\a\Local Settings\Temp
C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Local Settings\Temp
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Postarší noťas
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-12-2014 01
Ran by a at 2014-12-11 20:09:05 Run:1
Running from C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha
Loaded Profile: a (Available profiles: a)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-839522115-746137067-854245398-1003\Software\Microsoft\Internet Explorer\Main,Local Page =
URLSearchHook: [S-1-5-21-839522115-746137067-854245398-1003] ATTENTION ==> Default URLSearchHook is missing.
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
C:\Program Files\Skype\Toolbars
C:\Documents and Settings\a\Local Settings\Temp
C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Local Settings\Temp
End
*****************
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Local Page => Value not found.
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Local Page => Value not found.
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Local Page => Value not found.
HKU\S-1-5-21-839522115-746137067-854245398-1003\Software\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully.
Error setting Default URLSearchHook.
"HKCR\PROTOCOLS\Handler\skype-ie-addon-data" => Key deleted successfully.
"HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => Key deleted successfully.
C:\Program Files\Skype\Toolbars => Moved successfully.
C:\Documents and Settings\a\Local Settings\Temp => Moved successfully.
C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Local Settings\Temp => Moved successfully.
==== End of Fixlog ====
Ran by a at 2014-12-11 20:09:05 Run:1
Running from C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha
Loaded Profile: a (Available profiles: a)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-839522115-746137067-854245398-1003\Software\Microsoft\Internet Explorer\Main,Local Page =
URLSearchHook: [S-1-5-21-839522115-746137067-854245398-1003] ATTENTION ==> Default URLSearchHook is missing.
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
C:\Program Files\Skype\Toolbars
C:\Documents and Settings\a\Local Settings\Temp
C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Local Settings\Temp
End
*****************
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Local Page => Value not found.
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Local Page => Value not found.
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Local Page => Value not found.
HKU\S-1-5-21-839522115-746137067-854245398-1003\Software\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully.
Error setting Default URLSearchHook.
"HKCR\PROTOCOLS\Handler\skype-ie-addon-data" => Key deleted successfully.
"HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => Key deleted successfully.
C:\Program Files\Skype\Toolbars => Moved successfully.
C:\Documents and Settings\a\Local Settings\Temp => Moved successfully.
C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Local Settings\Temp => Moved successfully.
==== End of Fixlog ====
-
Rudy
- Site Admin
- Příspěvky: 119557
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Postarší noťas
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Postarší noťas
Problém stále přetrvává.
-
Rudy
- Site Admin
- Příspěvky: 119557
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Postarší noťas
Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Postarší noťas
v průběhu instalace Malearebytes - několikrát:
Interní chyba: Expression error ´Runtime Error (at 85:109):
External exception E06D7363.´
na konci instalace :
Interní chyba: Expression error ´Runtime Error (at 53:89):
External exception E06D7363.´
Interní chyba: Expression error ´Runtime Error (at 85:109):
External exception E06D7363.´
na konci instalace :
Interní chyba: Expression error ´Runtime Error (at 53:89):
External exception E06D7363.´
-
Rudy
- Site Admin
- Příspěvky: 119557
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Postarší noťas
Zkuste to v nouz. režimu.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Postarší noťas
to samé, jen na konci jiná hláška:
v průběhu instalace Malearebytes - několikrát:
Interní chyba: Expression error ´Runtime Error (at 85:109):
External exception E06D7363.´
na konci instalace :
Runtime Error (at 75:252);
External exception E06D7363
v průběhu instalace Malearebytes - několikrát:
Interní chyba: Expression error ´Runtime Error (at 85:109):
External exception E06D7363.´
na konci instalace :
Runtime Error (at 75:252);
External exception E06D7363
-
Rudy
- Site Admin
- Příspěvky: 119557
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Postarší noťas
Zkuste CureIt: http://www.stahuj.centrum.cz/utility_a_ ... eb-cureit/ .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Postarší noťas
Při instalaci Dr. WEB Curelt!:
Správná inicializace aplikace (0xc0000022) se nezdařila
Správná inicializace aplikace (0xc0000022) se nezdařila
Přispějete na provoz fóra?