VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Postarší noťas

https://forum.viry.cz:443/viewtopic.php?t=141784

Stránka 1 z 2

Postarší noťas

Napsal: 10 pro 2014 21:32
od Kukemale
Zdravim,
kamarád mi nyní přinesl noťas že mu to nejede. Po klasickém vyčištění ( Malwarebytes, Spyware Terminator ) nejedou win normálně. Nejde spustit spouta věcí z nabýdky start.
Předem za pomoc děkuji.

zde log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-12-2014 01
Ran by a (administrator) on DOMA-22NHZ4XD0W on 10-12-2014 20:18:26
Running from C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha
Loaded Profile: a (Available profiles: a)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(Crawler.com) C:\Program Files\Spyware Terminator\st_rsser.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1208320 2010-07-13] (Motorola Inc.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [598016 2010-07-13] (Realtek Semiconductor Corp.)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-uninstall ... QA5ADcAMwA (the data entry has 283 more characters).
Winlogon\Notify\dimsntfy: C:\WINDOWS\System32\dimsntfy.dll ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... R}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-839522115-746137067-854245398-1003\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-839522115-746137067-854245398-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
URLSearchHook: [S-1-5-21-839522115-746137067-854245398-1003] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://www.webhledani.cz/results.aspx?i ... earchTerms}
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://www.webhledani.cz/results.aspx?i ... earchTerms}
SearchScopes: HKU\S-1-5-21-839522115-746137067-854245398-1003 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={AF12 ... 2011-12-07 09:11:03&v=10.2.0.3&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-839522115-746137067-854245398-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={AF12 ... 2011-12-07 09:11:03&v=10.2.0.3&sap=dsp&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Data aplikací\Mozilla\Firefox\Profiles\uv9tusdk.default
FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: AVG Secure Search
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
FF Extension: Seznam lištička - C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Data aplikací\Mozilla\Firefox\Profiles\uv9tusdk.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2014-09-02]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132608 2008-04-14] () [File not signed]
S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [33792 2008-04-14] () [File not signed]
S3 hkmsvc; C:\WINDOWS\System32\kmsvc.dll [61440 2008-04-14] () [File not signed]
S3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2008-04-14] () [File not signed]
S3 mnmsrvc; C:\WINDOWS\System32\mnmsrvc.exe [32768 2008-04-14] () [File not signed]
S3 napagent; C:\WINDOWS\System32\qagentrt.dll [293376 2008-04-14] () [File not signed]
S2 Schedule; C:\WINDOWS\system32\schedsvc.dll [192512 2008-04-14] () [File not signed]
R2 ST2012_Svc; C:\Program Files\Spyware Terminator\st_rsser.exe [587472 2012-09-07] (Crawler.com)
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [52224 2008-04-14] () [File not signed]
S2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [80896 2008-04-14] () [File not signed]
S2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-14] () [File not signed]
S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129024 2008-04-14] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4071272 2010-07-13] (Realtek Semiconductor Corp.)
R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys [105088 2010-07-13] (Realtek Semiconductor Corporation ) [File not signed]
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R3 smserial; C:\WINDOWS\System32\DRIVERS\smserial.sys [1090304 2010-07-13] (Motorola Inc.) [File not signed]
R1 sp_rsdrv2; C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] () [File not signed]
R1 VD_FileDisk; C:\WINDOWS\system32\Drivers\VD_FileDisk.sys [15872 2006-01-13] (Flint Incorporation) [File not signed]
R3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2216064 2010-07-13] (Intel® Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-10 20:18 - 2014-12-10 20:18 - 00008138 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\FRST.txt
2014-12-10 20:18 - 2014-12-10 20:18 - 00000000 ____D () C:\FRST
2014-12-10 20:13 - 2014-12-10 21:07 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\FRSTLauncher (1).exe
2014-12-10 20:13 - 2014-12-10 20:47 - 01111040 _____ (Farbar) C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\FRST.exe
2014-12-09 22:28 - 2014-12-09 22:29 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\čistka
2014-12-09 22:26 - 2014-12-10 20:15 - 00000840 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-09 21:41 - 2014-12-09 21:44 - 00008115 _____ () C:\WINDOWS\svcpack.log
2014-12-09 21:41 - 2014-12-09 21:41 - 00000000 ____D () C:\WINDOWS\system32\CatRoot_bak
2014-12-09 21:37 - 2014-12-10 20:15 - 00038463 _____ () C:\WINDOWS\setupapi.log
2014-12-09 21:18 - 2014-12-09 21:18 - 00069232 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2014-12-09 21:18 - 2014-12-09 21:18 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\AVAST Software
2014-12-09 21:18 - 2014-12-09 21:18 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\AVAST Software
2014-12-09 21:14 - 2014-12-09 21:14 - 00004044 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Dokumenty\cc_20141209_211417.reg
2014-12-09 21:09 - 2014-12-09 21:09 - 00000079 _____ () C:\WINDOWS\wininit.ini
2014-12-09 21:02 - 2014-12-09 21:09 - 00065536 _____ () C:\WINDOWS\system32\config\Spybot -.evt
2014-12-09 21:01 - 2014-12-09 21:17 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
2014-12-09 21:01 - 2014-12-09 21:17 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
2014-12-09 20:54 - 2014-12-09 20:54 - 00000762 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Dokumenty\cc_20141209_205432.reg
2014-12-09 20:23 - 2014-12-09 20:31 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spyware Terminator
2014-12-09 20:23 - 2014-12-09 20:31 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spyware Terminator
2014-12-09 20:23 - 2014-12-09 20:23 - 00000000 ____D () C:\Program Files\Spyware Terminator
2014-12-09 20:23 - 2014-12-09 20:23 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Spyware Terminator 2012
2014-12-09 20:23 - 2014-12-09 20:23 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Spyware Terminator 2012
2014-12-09 20:23 - 2014-12-09 20:23 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Data aplikací\Spyware Terminator
2014-12-09 20:23 - 2011-06-21 11:24 - 00032768 _____ () C:\WINDOWS\system32\Drivers\sp_rsdrv2.sys
2014-12-09 20:19 - 2014-12-09 21:17 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-12-09 20:01 - 2014-12-09 20:01 - 00000442 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Dokumenty\cc_20141209_200121.reg
2014-12-09 17:30 - 2014-12-09 17:30 - 00262144 _____ () C:\WINDOWS\system32\config\DEFAULT.rb1
2014-12-09 17:30 - 2014-12-09 17:30 - 00000000 ____H () C:\WINDOWS\system32\config\SYSTEM.rb1.LOG
2014-12-09 17:30 - 2014-12-09 17:30 - 00000000 ____H () C:\WINDOWS\system32\config\SOFTWARE.rb1.LOG
2014-12-09 17:30 - 2014-12-09 17:30 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.rb1.LOG
2014-12-09 17:21 - 2014-12-09 17:21 - 00000000 ____D () C:\Program Files\WinASO
2014-12-09 17:21 - 2014-12-09 17:21 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\WinASO
2014-12-09 17:21 - 2014-12-09 17:21 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\WinASO
2014-12-08 23:51 - 2014-12-08 23:51 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-12-08 23:51 - 2014-12-08 23:51 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2014-12-08 23:51 - 2014-12-08 23:51 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2014-12-08 23:51 - 2014-12-08 23:51 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Data aplikací\Malwarebytes
2014-12-08 23:51 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-08 23:48 - 2014-12-08 23:48 - 00000293 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\Místní disk (C).lnk
2014-12-08 23:37 - 2014-12-08 23:37 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Data aplikací\SUPERAntiSpyware.com
2014-12-08 23:36 - 2014-12-08 23:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\SUPERAntiSpyware.com
2014-12-08 23:36 - 2014-12-08 23:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\SUPERAntiSpyware.com
2014-12-08 23:35 - 2014-12-08 23:35 - 00026338 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Dokumenty\cc_20141208_233509.reg
2014-12-08 23:35 - 2014-12-08 23:35 - 00000596 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Dokumenty\cc_20141208_233529.reg
2014-12-08 23:35 - 2014-12-08 23:35 - 00000082 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Dokumenty\cc_20141208_233546.reg
2014-12-08 23:33 - 2014-12-08 23:34 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-08 23:32 - 2014-12-10 20:09 - 00000000 ____D () C:\čištění
2014-12-08 22:54 - 2014-12-08 22:55 - 00000000 ____D () C:\WINDOWS\pss
2014-12-08 22:27 - 2014-12-08 22:27 - 00000000 __SHD () C:\found.000

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-10 20:18 - 2014-08-31 05:03 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha
2014-12-10 20:18 - 2014-08-31 05:03 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Local Settings\Temp
2014-12-10 19:43 - 2010-07-13 22:22 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-12-10 19:43 - 2010-07-13 22:22 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-12-10 19:40 - 2014-08-31 05:03 - 00000178 ___SH () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\ntuser.ini
2014-12-10 19:40 - 2010-07-13 17:32 - 00000000 ____D () C:\WINDOWS\security
2014-12-09 22:29 - 2010-07-13 22:21 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Plocha
2014-12-09 22:23 - 2010-07-13 17:34 - 00000211 ___SH () C:\boot.ini
2014-12-09 22:23 - 2001-10-25 13:00 - 00000507 _____ () C:\WINDOWS\win.ini
2014-12-09 22:23 - 2001-10-25 13:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-12-09 21:18 - 2014-08-31 05:03 - 00000000 ___HD () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Local Settings\Data aplikací
2014-12-09 21:18 - 2010-07-13 22:20 - 00000000 __RHD () C:\Documents and Settings\All Users.WINDOWS\Data aplikací
2014-12-09 21:14 - 2014-08-31 05:03 - 00000000 ___RD () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Dokumenty
2014-12-09 21:13 - 2014-08-31 05:03 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W
2014-12-09 21:02 - 2010-07-13 22:21 - 00000000 ___RD () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy
2014-12-09 21:02 - 2010-07-13 22:21 - 00000000 ___RD () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy
2014-12-09 20:52 - 2010-07-13 22:51 - 00000000 ____D () C:\WINDOWS\SHELLNEW
2014-12-09 20:52 - 2010-07-13 22:51 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-12-09 20:52 - 2010-07-13 17:36 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-09 20:47 - 2010-07-13 17:32 - 00000000 ____D () C:\WINDOWS\system
2014-12-09 20:23 - 2014-08-31 05:03 - 00000000 __RHD () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Data aplikací
2014-12-09 20:00 - 2010-07-13 22:21 - 00000000 ___RD () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start
2014-12-09 17:31 - 2010-07-13 22:20 - 00262144 _____ () C:\WINDOWS\system32\config\SAM.rb2
2014-12-09 17:31 - 2010-07-13 22:19 - 19136512 _____ () C:\WINDOWS\system32\config\SOFTWARE.rb2
2014-12-09 17:31 - 2010-07-13 22:19 - 04718592 _____ () C:\WINDOWS\system32\config\SYSTEM.rb2
2014-12-09 17:30 - 2010-07-13 20:37 - 00000000 __SHD () C:\Documents and Settings\NetworkService.NT AUTHORITY
2014-12-09 17:30 - 2010-07-13 20:37 - 00000000 __SHD () C:\Documents and Settings\LocalService.NT AUTHORITY
2014-12-09 17:25 - 2010-07-13 22:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Driver Checker
2014-12-09 17:25 - 2010-07-13 22:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Driver Checker
2014-12-09 00:01 - 2010-07-13 22:16 - 00000000 ____D () C:\WINDOWS\twain_32
2014-12-08 22:17 - 2010-07-13 20:40 - 00000000 ____D () C:\Documents and Settings\a\Local Settings\Temp
2014-12-08 21:48 - 2010-07-13 20:40 - 00000000 ____D () C:\Documents and Settings\a
2014-12-08 21:37 - 2001-10-25 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Re: Postarší noťas

Napsal: 10 pro 2014 22:17
od Rudy
Zdravím!
Zkuste nejprve tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: Postarší noťas

Napsal: 10 pro 2014 22:31
od Kukemale
# AdwCleaner v4.105 - Report created 10/12/2014 at 21:30:10
# Updated 08/12/2014 by Xplode
# Database : 2014-12-08.2 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : a - DOMA-22NHZ4XD0W
# Running from : C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\adwcleaner_4.105.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : mnmsrvc

***** [ Files / Folders ] *****

File Deleted : C:\WINDOWS\system32\mnmsrvc.exe

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512


-\\ Mozilla Firefox v11.0 (cs)


*************************

AdwCleaner[R0].txt - [1742 octets] - [10/12/2014 21:28:05]
AdwCleaner[S0].txt - [1689 octets] - [10/12/2014 21:30:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1749 octets] ##########

Re: Postarší noťas

Napsal: 10 pro 2014 22:35
od Rudy
Dejte nový log FRST.

Re: Postarší noťas

Napsal: 10 pro 2014 22:43
od Kukemale
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-12-2014 01
Ran by a (administrator) on DOMA-22NHZ4XD0W on 10-12-2014 21:40:16
Running from C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha
Loaded Profile: a (Available profiles: a)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(Crawler.com) C:\Program Files\Spyware Terminator\st_rsser.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1208320 2010-07-13] (Motorola Inc.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [598016 2010-07-13] (Realtek Semiconductor Corp.)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-uninstall ... QA5ADcAMwA (the data entry has 283 more characters).
Winlogon\Notify\dimsntfy: C:\WINDOWS\System32\dimsntfy.dll ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... R}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-839522115-746137067-854245398-1003\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-839522115-746137067-854245398-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
URLSearchHook: [S-1-5-21-839522115-746137067-854245398-1003] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://www.webhledani.cz/results.aspx?i ... earchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Data aplikací\Mozilla\Firefox\Profiles\uv9tusdk.default
FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: AVG Secure Search
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
FF Extension: Seznam lištička - C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Data aplikací\Mozilla\Firefox\Profiles\uv9tusdk.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2014-09-02]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132608 2008-04-14] () [File not signed]
S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [33792 2008-04-14] () [File not signed]
S3 hkmsvc; C:\WINDOWS\System32\kmsvc.dll [61440 2008-04-14] () [File not signed]
S3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2008-04-14] () [File not signed]
S3 napagent; C:\WINDOWS\System32\qagentrt.dll [293376 2008-04-14] () [File not signed]
S2 Schedule; C:\WINDOWS\system32\schedsvc.dll [192512 2008-04-14] () [File not signed]
R2 ST2012_Svc; C:\Program Files\Spyware Terminator\st_rsser.exe [587472 2012-09-07] (Crawler.com)
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [52224 2008-04-14] () [File not signed]
S2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [80896 2008-04-14] () [File not signed]
S2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-14] () [File not signed]
S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129024 2008-04-14] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4071272 2010-07-13] (Realtek Semiconductor Corp.)
R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys [105088 2010-07-13] (Realtek Semiconductor Corporation ) [File not signed]
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R3 smserial; C:\WINDOWS\System32\DRIVERS\smserial.sys [1090304 2010-07-13] (Motorola Inc.) [File not signed]
R1 sp_rsdrv2; C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] () [File not signed]
R1 VD_FileDisk; C:\WINDOWS\system32\Drivers\VD_FileDisk.sys [15872 2006-01-13] (Flint Incorporation) [File not signed]
R3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2216064 2010-07-13] (Intel® Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-10 21:39 - 2014-12-10 21:40 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\1 log frst
2014-12-10 21:31 - 2014-12-10 21:31 - 00001829 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\Nový objekt - Textový dokument.txt
2014-12-10 21:27 - 2014-12-10 22:21 - 02166272 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\adwcleaner_4.105.exe
2014-12-10 21:27 - 2014-12-10 21:30 - 00000000 ____D () C:\AdwCleaner
2014-12-10 20:18 - 2014-12-10 21:40 - 00007241 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\FRST.txt
2014-12-10 20:18 - 2014-12-10 21:40 - 00000000 ____D () C:\FRST
2014-12-10 20:13 - 2014-12-10 21:07 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\FRSTLauncher (1).exe
2014-12-10 20:13 - 2014-12-10 20:47 - 01111040 _____ (Farbar) C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\FRST.exe
2014-12-09 22:28 - 2014-12-09 22:29 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\čistka
2014-12-09 22:26 - 2014-12-10 20:15 - 00000840 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-09 21:41 - 2014-12-09 21:44 - 00008115 _____ () C:\WINDOWS\svcpack.log
2014-12-09 21:41 - 2014-12-09 21:41 - 00000000 ____D () C:\WINDOWS\system32\CatRoot_bak
2014-12-09 21:37 - 2014-12-10 21:30 - 00038815 _____ () C:\WINDOWS\setupapi.log
2014-12-09 21:18 - 2014-12-09 21:18 - 00069232 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2014-12-09 21:18 - 2014-12-09 21:18 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\AVAST Software
2014-12-09 21:18 - 2014-12-09 21:18 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\AVAST Software
2014-12-09 21:14 - 2014-12-09 21:14 - 00004044 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Dokumenty\cc_20141209_211417.reg
2014-12-09 21:09 - 2014-12-09 21:09 - 00000079 _____ () C:\WINDOWS\wininit.ini
2014-12-09 21:02 - 2014-12-09 21:09 - 00065536 _____ () C:\WINDOWS\system32\config\Spybot -.evt
2014-12-09 21:01 - 2014-12-09 21:17 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
2014-12-09 21:01 - 2014-12-09 21:17 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
2014-12-09 20:54 - 2014-12-09 20:54 - 00000762 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Dokumenty\cc_20141209_205432.reg
2014-12-09 20:23 - 2014-12-09 20:31 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spyware Terminator
2014-12-09 20:23 - 2014-12-09 20:31 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spyware Terminator
2014-12-09 20:23 - 2014-12-09 20:23 - 00000000 ____D () C:\Program Files\Spyware Terminator
2014-12-09 20:23 - 2014-12-09 20:23 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Spyware Terminator 2012
2014-12-09 20:23 - 2014-12-09 20:23 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Spyware Terminator 2012
2014-12-09 20:23 - 2014-12-09 20:23 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Data aplikací\Spyware Terminator
2014-12-09 20:23 - 2011-06-21 11:24 - 00032768 _____ () C:\WINDOWS\system32\Drivers\sp_rsdrv2.sys
2014-12-09 20:19 - 2014-12-09 21:17 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-12-09 20:01 - 2014-12-09 20:01 - 00000442 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Dokumenty\cc_20141209_200121.reg
2014-12-09 17:30 - 2014-12-09 17:30 - 00262144 _____ () C:\WINDOWS\system32\config\DEFAULT.rb1
2014-12-09 17:30 - 2014-12-09 17:30 - 00000000 ____H () C:\WINDOWS\system32\config\SYSTEM.rb1.LOG
2014-12-09 17:30 - 2014-12-09 17:30 - 00000000 ____H () C:\WINDOWS\system32\config\SOFTWARE.rb1.LOG
2014-12-09 17:30 - 2014-12-09 17:30 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.rb1.LOG
2014-12-09 17:21 - 2014-12-09 17:21 - 00000000 ____D () C:\Program Files\WinASO
2014-12-09 17:21 - 2014-12-09 17:21 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\WinASO
2014-12-09 17:21 - 2014-12-09 17:21 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\WinASO
2014-12-08 23:51 - 2014-12-08 23:51 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-12-08 23:51 - 2014-12-08 23:51 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2014-12-08 23:51 - 2014-12-08 23:51 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2014-12-08 23:51 - 2014-12-08 23:51 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Data aplikací\Malwarebytes
2014-12-08 23:51 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-08 23:48 - 2014-12-08 23:48 - 00000293 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha\Místní disk (C).lnk
2014-12-08 23:37 - 2014-12-08 23:37 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Data aplikací\SUPERAntiSpyware.com
2014-12-08 23:36 - 2014-12-08 23:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\SUPERAntiSpyware.com
2014-12-08 23:36 - 2014-12-08 23:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Data aplikací\SUPERAntiSpyware.com
2014-12-08 23:35 - 2014-12-08 23:35 - 00026338 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Dokumenty\cc_20141208_233509.reg
2014-12-08 23:35 - 2014-12-08 23:35 - 00000596 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Dokumenty\cc_20141208_233529.reg
2014-12-08 23:35 - 2014-12-08 23:35 - 00000082 _____ () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Dokumenty\cc_20141208_233546.reg
2014-12-08 23:33 - 2014-12-08 23:34 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-08 23:32 - 2014-12-10 20:09 - 00000000 ____D () C:\čištění
2014-12-08 22:54 - 2014-12-08 22:55 - 00000000 ____D () C:\WINDOWS\pss
2014-12-08 22:27 - 2014-12-08 22:27 - 00000000 __SHD () C:\found.000

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-10 21:40 - 2014-08-31 05:03 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha
2014-12-10 21:40 - 2014-08-31 05:03 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Local Settings\Temp
2014-12-10 21:33 - 2010-07-13 22:22 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-12-10 21:33 - 2010-07-13 22:22 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-12-10 21:30 - 2014-08-31 05:03 - 00000178 ___SH () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\ntuser.ini
2014-12-10 19:40 - 2010-07-13 17:32 - 00000000 ____D () C:\WINDOWS\security
2014-12-09 22:29 - 2010-07-13 22:21 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Plocha
2014-12-09 22:23 - 2010-07-13 17:34 - 00000211 ___SH () C:\boot.ini
2014-12-09 22:23 - 2001-10-25 13:00 - 00000507 _____ () C:\WINDOWS\win.ini
2014-12-09 22:23 - 2001-10-25 13:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-12-09 21:18 - 2014-08-31 05:03 - 00000000 ___HD () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Local Settings\Data aplikací
2014-12-09 21:18 - 2010-07-13 22:20 - 00000000 __RHD () C:\Documents and Settings\All Users.WINDOWS\Data aplikací
2014-12-09 21:14 - 2014-08-31 05:03 - 00000000 ___RD () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Dokumenty
2014-12-09 21:13 - 2014-08-31 05:03 - 00000000 ____D () C:\Documents and Settings\a.DOMA-22NHZ4XD0W
2014-12-09 21:02 - 2010-07-13 22:21 - 00000000 ___RD () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy
2014-12-09 21:02 - 2010-07-13 22:21 - 00000000 ___RD () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy
2014-12-09 20:52 - 2010-07-13 22:51 - 00000000 ____D () C:\WINDOWS\SHELLNEW
2014-12-09 20:52 - 2010-07-13 22:51 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-12-09 20:52 - 2010-07-13 17:36 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-09 20:47 - 2010-07-13 17:32 - 00000000 ____D () C:\WINDOWS\system
2014-12-09 20:23 - 2014-08-31 05:03 - 00000000 __RHD () C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Data aplikací
2014-12-09 20:00 - 2010-07-13 22:21 - 00000000 ___RD () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start
2014-12-09 17:31 - 2010-07-13 22:20 - 00262144 _____ () C:\WINDOWS\system32\config\SAM.rb2
2014-12-09 17:31 - 2010-07-13 22:19 - 19136512 _____ () C:\WINDOWS\system32\config\SOFTWARE.rb2
2014-12-09 17:31 - 2010-07-13 22:19 - 04718592 _____ () C:\WINDOWS\system32\config\SYSTEM.rb2
2014-12-09 17:30 - 2010-07-13 20:37 - 00000000 __SHD () C:\Documents and Settings\NetworkService.NT AUTHORITY
2014-12-09 17:30 - 2010-07-13 20:37 - 00000000 __SHD () C:\Documents and Settings\LocalService.NT AUTHORITY
2014-12-09 17:25 - 2010-07-13 22:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Driver Checker
2014-12-09 17:25 - 2010-07-13 22:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Driver Checker
2014-12-09 00:01 - 2010-07-13 22:16 - 00000000 ____D () C:\WINDOWS\twain_32
2014-12-08 22:17 - 2010-07-13 20:40 - 00000000 ____D () C:\Documents and Settings\a\Local Settings\Temp
2014-12-08 21:48 - 2010-07-13 20:40 - 00000000 ____D () C:\Documents and Settings\a
2014-12-08 21:37 - 2001-10-25 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl

Some content of TEMP:
====================
C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Re: Postarší noťas

Napsal: 11 pro 2014 17:21
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-839522115-746137067-854245398-1003\Software\Microsoft\Internet Explorer\Main,Local Page =
URLSearchHook: [S-1-5-21-839522115-746137067-854245398-1003] ATTENTION ==> Default URLSearchHook is missing.
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
C:\Program Files\Skype\Toolbars
C:\Documents and Settings\a\Local Settings\Temp
C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Local Settings\Temp
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Postarší noťas

Napsal: 11 pro 2014 21:09
od Kukemale
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-12-2014 01
Ran by a at 2014-12-11 20:09:05 Run:1
Running from C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Plocha
Loaded Profile: a (Available profiles: a)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-839522115-746137067-854245398-1003\Software\Microsoft\Internet Explorer\Main,Local Page =
URLSearchHook: [S-1-5-21-839522115-746137067-854245398-1003] ATTENTION ==> Default URLSearchHook is missing.
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
C:\Program Files\Skype\Toolbars
C:\Documents and Settings\a\Local Settings\Temp
C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Local Settings\Temp
End
*****************

HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Local Page => Value not found.
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Local Page => Value not found.
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Local Page => Value not found.
HKU\S-1-5-21-839522115-746137067-854245398-1003\Software\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully.
Error setting Default URLSearchHook.
"HKCR\PROTOCOLS\Handler\skype-ie-addon-data" => Key deleted successfully.
"HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => Key deleted successfully.
C:\Program Files\Skype\Toolbars => Moved successfully.
C:\Documents and Settings\a\Local Settings\Temp => Moved successfully.
C:\Documents and Settings\a.DOMA-22NHZ4XD0W\Local Settings\Temp => Moved successfully.

==== End of Fixlog ====

Re: Postarší noťas

Napsal: 11 pro 2014 21:12
od Rudy
Smazáno. Nastala nějaká změna?

Re: Postarší noťas

Napsal: 11 pro 2014 21:23
od Kukemale
Problém stále přetrvává.

Re: Postarší noťas

Napsal: 11 pro 2014 21:50
od Rudy
Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Re: Postarší noťas

Napsal: 11 pro 2014 23:45
od Kukemale
v průběhu instalace Malearebytes - několikrát:

Interní chyba: Expression error ´Runtime Error (at 85:109):
External exception E06D7363.´

na konci instalace :

Interní chyba: Expression error ´Runtime Error (at 53:89):
External exception E06D7363.´

Re: Postarší noťas

Napsal: 12 pro 2014 17:11
od Rudy
Zkuste to v nouz. režimu.

Re: Postarší noťas

Napsal: 13 pro 2014 10:51
od Kukemale
to samé, jen na konci jiná hláška:

v průběhu instalace Malearebytes - několikrát:

Interní chyba: Expression error ´Runtime Error (at 85:109):
External exception E06D7363.´

na konci instalace :

Runtime Error (at 75:252);
External exception E06D7363

Re: Postarší noťas

Napsal: 13 pro 2014 11:42
od Rudy
Zkuste CureIt: http://www.stahuj.centrum.cz/utility_a_ ... eb-cureit/ .

Re: Postarší noťas

Napsal: 13 pro 2014 16:22
od Kukemale
Při instalaci Dr. WEB Curelt!:

Správná inicializace aplikace (0xc0000022) se nezdařila
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz