Klavesnica sama pise ;

Zpráva

Walky · #1 Příspěvek od **Walky** » 22 úno 2015 14:06

Hned ako sa zapne tak kde zadavam heslo zacne pisat az kym nieco nestlacim na klavesnici. Niekedy to robi aj vo firefoxe. Je to starsi netbook a nic lepsie ako windows XP nerozbeha tak dufam ze to nevadi.

Logfile of random's system information tool 1.10 (written by random/random)
Run by anitka at 2015-02-22 13:52:11
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 8 GB (5%) free of 153 GB
Total RAM: 1015 MB (11% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:52:59, on 22. 2. 2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\STacSV.exe
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\HP\HPBTWD.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Weather Watcher\ww.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Lingea Shared\luc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\anitka\Plocha\RSIT.exe
C:\Program Files\trend micro\anitka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WebIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WebIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [HP BTW Detect Program] C:\Program Files\HP\HPBTWD.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - HKCU\..\Run: [tdguf] C:\Documents and Settings\anitka\tdguf.exe
O4 - HKCU\..\Run: [pffvb] C:\WINDOWS\system32\81yjkfv.exe
O4 - HKCU\..\Run: [avlmh] C:\WINDOWS\system32\3kfl60n.exe
O4 - HKCU\..\Run: [faa6m] C:\WINDOWS\system32\69y1uqq.exe
O4 - HKCU\..\Run: [rsnotpk] C:\WINDOWS\system32\xy70zvqq6c.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lingea Update Center.lnk = C:\Program Files\Common Files\Lingea Shared\luc.exe
O4 - Global Startup: Meniny.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Hledání panelu &AOL Toolbar - C:\Documents and Settings\All Users\Data aplikací\AOL\ieToolbar\resources\cs-CZ\local\search.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\TRANSLAT\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: BOTService - Sonic Solutions - C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\wdm\STacSV.exe

--
End of file - 12035 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job - C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe update all silent
C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\BackOnTrack Instant Restore Idle.job - C:\Program Files\Roxio\BackOnTrack\Instant Restore\RstIdle.exe
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe -c

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\anitka\Data aplikací\Mozilla\Firefox\Profiles\wl5ei3z9.default

prefs.js - "browser.startup.homepage" - "www.google.sk"
prefs.js - "extensions.enabledItems" - "jqs@sun.com:1.0, info@lingea.com:1.2, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2010.21, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.19"

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.305 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13]
"Description"=15.0.1.13
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

C:\Documents and Settings\anitka\Data aplikací\Mozilla\Firefox\Profiles\wl5ei3z9.default\extensions\
info@lingea.com
{003D3EDC-99B9-4a34-9C20-60CB94F7E829}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\TRANSLAT\WebIE.dll [2010-12-01 503808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-01-15 425680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-06-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-01-31 4528760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\TRANSLAT\WebIE.dll [2010-12-01 503808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-15 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-15 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-15 131072]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-03-30 483428]
"AESTFltr"=C:\WINDOWS\system32\AESTFltr.exe [2009-02-18 737280]
"HP BTW Detect Program"=C:\Program Files\HP\HPBTWD.exe [2009-03-30 319488]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-01-16 1418536]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-06-17 85160]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-04-07 2145000]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"TkBellExe"=C:\Program Files\Real\RealPlayer\update\realsched.exe [2012-01-15 296056]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2011-11-15 312376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-15 15360]
"WeatherWatcher"=C:\Program Files\Weather Watcher\ww.exe [2007-09-23 1024000]
"tdguf"=C:\Documents and Settings\anitka\tdguf.exe []
"pffvb"=C:\WINDOWS\system32\81yjkfv.exe []
"avlmh"=C:\WINDOWS\system32\3kfl60n.exe []
"faa6m"=C:\WINDOWS\system32\69y1uqq.exe []
"rsnotpk"=C:\WINDOWS\system32\xy70zvqq6c.exe []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2014-11-18 30520936]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Meniny.exe

C:\Documents and Settings\anitka\Nabídka Start\Programy\Po spuštění
Lingea Update Center.lnk - C:\Program Files\Common Files\Lingea Shared\luc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe"="C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary"
"C:\Program Files\Outlook Express\wab.exe"="C:\Program Files\Outlook Express\wab.exe:*:Enabled:Adresář systému Windows"
"C:\Documents and Settings\anitka\Local Settings\Temp\7zS5.tmp\SymNRT.exe"="C:\Documents and Settings\anitka\Local Settings\Temp\7zS5.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Program Files\Mozilla Firefox)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"msacm.siren"=sirenacm.dll

======List of files/folders created in the last 1 month======

2015-02-22 13:48:49 ----D---- C:\Program Files\trend micro
2015-02-22 13:48:47 ----D---- C:\rsit
2015-01-26 20:31:30 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2015-02-22 13:52:42 ----D---- C:\WINDOWS\temp
2015-02-22 13:52:22 ----D---- C:\Program Files\Weather Watcher
2015-02-22 13:51:54 ----D---- C:\WINDOWS\Prefetch
2015-02-22 13:48:49 ----RD---- C:\Program Files
2015-02-18 18:06:28 ----SHD---- C:\System Volume Information
2015-02-18 18:06:10 ----D---- C:\WINDOWS\Registration
2015-02-18 18:01:03 ----A---- C:\WINDOWS\wincmd.ini
2015-02-18 17:52:52 ----D---- C:\WINDOWS\system32\CatRoot2
2015-02-18 17:50:12 ----D---- C:\Documents and Settings\anitka\Data aplikací\Skype
2015-02-18 17:49:10 ----A---- C:\WINDOWS\win.ini
2015-02-18 17:48:36 ----SD---- C:\WINDOWS\Tasks
2015-02-18 17:47:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2015-02-16 10:00:01 ----D---- C:\WINDOWS\Minidump
2015-02-16 10:00:01 ----D---- C:\WINDOWS
2015-02-15 13:58:02 ----D---- C:\WINDOWS\system32\MRT
2015-02-15 13:32:10 ----A---- C:\WINDOWS\system32\MRT.exe
2015-02-11 09:13:10 ----D---- C:\WINDOWS\system32
2015-02-11 09:13:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-06 10:55:53 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-28 16:06:23 ----D---- C:\Program Files\Mozilla Maintenance Service

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-15 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-06-16 44944]
R0 SahdIa32;HDD Filter Driver; C:\WINDOWS\System32\Drivers\SahdIa32.sys [2008-12-11 21488]
R0 SaibIa32;Volume Filter Driver; C:\WINDOWS\System32\Drivers\SaibIa32.sys [2008-12-11 15856]
R0 SysCow;SysCow; C:\WINDOWS\system32\drivers\syscow32x.sys [2008-09-24 103792]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-29 77568]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-04-07 114984]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-12-17 26024]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2010-04-07 55232]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-15 40192]
R1 SaibVd32;Virtual Disk Driver; C:\WINDOWS\System32\Drivers\SaibVd32.sys [2008-12-11 25584]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2011-11-15 112096]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-04-07 139192]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2010-04-07 134488]
R3 AESTAud;AE Audio Service; C:\WINDOWS\system32\drivers\AESTAud.sys [2009-03-19 113664]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-06-10 1735040]
R3 btkrnl;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-06-24 991400]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-04-07 32584]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-15 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1c51x86.sys [2009-03-02 38912]
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2009-03-30 1550891]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2009-01-16 206512]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2013-07-17 123008]
R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2009-08-09 29696]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 hwdatacardq;hwdatacardq; \??\C:\WINDOWS\System32\DRIVERS\hwdatacardq.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-15 60800]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-07-25 47272]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DrvAgent32;DrvAgent32; \??\C:\WINDOWS\system32\Drivers\DrvAgent32.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-15 61824]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RTS5121.sys [2008-11-22 160256]
S3 Rts516xIR;Realtek IR Driver; C:\WINDOWS\system32\DRIVERS\Rts516xIR.sys []
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-15 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBCCID;Realtek Smartcard Reader Driver; C:\WINDOWS\system32\DRIVERS\Rts5161ccid.sys []
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-19 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WUDFRd;WUDFRd; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [2006-09-29 82944]
S4 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
S4 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\drivers\iaStor.sys [2008-09-13 327192]
S4 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service; C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2008-12-11 125424]
R2 BOTService;BOTService; C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [2009-03-19 203248]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-07-07 346720]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-04-07 810120]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-10 152984]
R2 Skype C2C Service;Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-01-31 3289208]
R2 STacSV;Audio Service; c:\program files\idt\wdm\STacSV.exe [2009-03-30 254042]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-15 14336]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-04-16 165192]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2014-04-03 315008]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06 267440]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-04-07 33560]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2015-01-26 114800]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 usnjsvc;Služba Čtení deníku USN sdílených složek programu Messenger; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-06 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **altrok** » 22 úno 2015 15:45

Zdravim

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne kose).

Ulozte na plochu rkill.exe, ukoncete vsechny aplikace a spustte - kdyby ho havet blokovala, pouzijte alternativni odkaz

http://download.bleepingcomputer.com/grinler/rkill.exe
http://download.bleepingcomputer.com/grinler/rkill.com
obsah logu vytvoreneho take na plose (rkill.txt) zaslete v pristi odpovedi
nerestartujte ted pocitac jinak prijdete o ucinek rkillu

POZOR - TATO UTILITA MA VELKOU SCHOPNOST MAZAT - NESPOUSTEJTE JI BEZ DOPORUCENI RADCE

Ulozte na plochu ComboFix.exe - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete antiviry a vsechny real-time ochrany
spustte ComboFix jako spravce (lepe pod uctem s administratorskym opravnenim)
s licencnimi podminkami souhlaste - Ano
pokud je nabidnuta instalace konzoly pro zotaveni, souhlaste
v prubehu skenovani nechte PC v klidu - nic nespoustejte a do okna CombFixu neklikejte
vysledek skenu naleznete v C:\ComboFix.txt, jehoz obsah mi zkopirujte do pristi odpovedi.

Walky · #3 Příspěvek od **Walky** » 22 úno 2015 18:27

tu je log

ComboFix 15-02-16.01 - anitka . 02. 2015 17:55:32.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.386 [GMT 1:00]
Spuštěný z: c:\documents and settings\anitka\Plocha\ComboFix.exe
AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\anitka\Documents .lnk
c:\documents and settings\anitka\Music .lnk
c:\documents and settings\anitka\New Folder .lnk
c:\documents and settings\anitka\Passwords .lnk
c:\documents and settings\anitka\Pictures .lnk
c:\documents and settings\anitka\tdguf.exe
c:\documents and settings\anitka\Video .lnk
c:\program files\HP\HPBTWD.exe
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\_000013_.tmp.dll
c:\windows\system32\_000014_.tmp.dll
c:\windows\system32\_000015_.tmp.dll
c:\windows\system32\_000016_.tmp.dll
c:\windows\system32\_000017_.tmp.dll
c:\windows\system32\_000018_.tmp.dll
c:\windows\system32\_000019_.tmp.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-01-22 do 2015-02-22 )))))))))))))))))))))))))))))))
.
.
2015-02-22 12:48 . 2015-02-22 12:52 -------- d-----w- c:\program files\trend micro
2015-02-22 12:48 . 2015-02-22 12:51 -------- d-----w- C:\rsit
2015-01-29 15:41 . 2015-01-29 15:41 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-06 09:55 . 2012-05-29 20:43 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-02-06 09:55 . 2012-02-24 09:57 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2008-03-09 05:25 . 2011-06-20 20:52 236 ----a-w- c:\program files\Common Files\dx.reg
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherWatcher"="c:\program files\Weather Watcher\ww.exe" [2007-09-23 1024000]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-11-18 30520936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-30 483428]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-18 737280]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-16 1418536]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-04-07 2145000]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-01-15 296056]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2011-11-15 312376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
c:\documents and settings\anitka\Nabídka Start\Programy\Po spuštění\
Lingea Update Center.lnk - c:\program files\Common Files\Lingea Shared\luc.exe [2010-5-21 275736]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Meniny.exe [1996-2-3 49312]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Outlook Express\\wab.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [10. 6. 2009 11:01 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [10. 6. 2009 11:01 15856]
R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [24. 9. 2008 21:09 103792]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7. 4. 2010 21:07 114984]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [10. 6. 2009 11:01 25584]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [11. 12. 2008 21:46 125424]
R2 BOTService;BOTService;c:\program files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [19. 3. 2009 11:04 203248]
R2 ekrn;ESET Service;c:\program files\Eset\ESET Smart Security\ekrn.exe [7. 4. 2010 21:07 810120]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [31. 1. 2013 9:38 3289208]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [10. 6. 2009 10:55 113664]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2. 3. 2009 22:03 38912]
S2 hwdatacardq;hwdatacardq;\??\c:\windows\System32\DRIVERS\hwdatacardq.sys --> c:\windows\System32\DRIVERS\hwdatacardq.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3. 4. 2014 19:21 315008]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [30. 7. 2012 14:08 23456]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [10. 6. 2009 10:56 160256]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2015-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-29 09:56]
.
2015-02-22 c:\windows\Tasks\BackOnTrack Instant Restore Idle.job
- c:\program files\Roxio\BackOnTrack\Instant Restore\RstIdle.exe [2009-03-19 10:05]
.
2015-02-09 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-25 23:28]
.
2015-02-22 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-25 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.sk/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Hledání panelu &AOL Toolbar - c:\documents and settings\All Users\Data aplikací\AOL\ieToolbar\resources\cs-CZ\local\search.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WebIE.dll
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
FF - ProfilePath - c:\documents and settings\anitka\Data aplikací\Mozilla\Firefox\Profiles\wl5ei3z9.default\
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - ExtSQL: !HIDDEN! 2009-09-26 13:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-tdguf - c:\documents and settings\anitka\tdguf.exe
HKCU-Run-pffvb - c:\windows\system32\81yjkfv.exe
HKCU-Run-avlmh - c:\windows\system32\3kfl60n.exe
HKCU-Run-faa6m - c:\windows\system32\69y1uqq.exe
HKCU-Run-rsnotpk - c:\windows\system32\xy70zvqq6c.exe
HKLM-Run-HP BTW Detect Program - c:\program files\HP\HPBTWD.exe
AddRemove-Language Teacher - c:\docume~1\anitka\LOCALS~1\Temp\UN32.EXE
AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
AddRemove-PC Translator - c:\docume~1\anitka\LOCALS~1\Temp\UN32.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-02-22 18:14
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(776)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\idt\wdm\STacSV.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Celkový čas: 2015-02-22 18:21:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-02-22 17:21
.
Před spuštěním: 7 765 053 440
Po spuštění: 9 286 119 424
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 9ADB97DBBA6C8AB66CBD06BFB6191624
5C616939100B85E558DA92B899A0FC36

#4 Příspěvek od **altrok** » 23 úno 2015 01:36

ESET je zakoupeny?

Pokud jeste nemate, presunte ComboFix na plochu.

Otevrete Poznamkovy blok (Start -> Spustit -> notepad)

zkopirujte do nej skript nize a ulozte na plochu jako CFScript (Typ souboru: Textovy dokument)

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"TkBellExe"=-

File::
c:\documents and settings\anitka\tdguf.exe
c:\windows\system32\81yjkfv.exe
c:\windows\system32\3kfl60n.exe
c:\windows\system32\69y1uqq.exe
c:\windows\system32\xy70zvqq6c.exe

RegNull::
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

ClearJavaCache::

Reboot::

Tento CFScript.txt chytte, doslova pretahnete nad ikonu ComboFixu a pustte.
Po restartu na Vas vyskoci log, jehoz obsah mi vlozte do dalsi odpovedi.

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou Windows. V tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Walky · #5 Příspěvek od **Walky** » 23 úno 2015 10:48

Neviem ci je zakupeny este lebo to nie je moj notebook ale spytam sa.

ComboFix 15-02-16.01 - anitka . 02. 2015 9:09.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.224 [GMT 1:00]
Spuštěný z: c:\documents and settings\anitka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\anitka\Plocha\CFScript.txt
AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý
.
.
FILE ::
"c:\documents and settings\anitka\tdguf.exe"
"c:\windows\system32\3kfl60n.exe"
"c:\windows\system32\69y1uqq.exe"
"c:\windows\system32\81yjkfv.exe"
"c:\windows\system32\xy70zvqq6c.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\EventSystem.log
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-01-23 do 2015-02-23 )))))))))))))))))))))))))))))))
.
.
2015-02-22 12:48 . 2015-02-22 12:52 -------- d-----w- c:\program files\trend micro
2015-02-22 12:48 . 2015-02-22 12:51 -------- d-----w- C:\rsit
2015-01-29 15:41 . 2015-01-29 15:41 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-06 09:55 . 2012-05-29 20:43 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-02-06 09:55 . 2012-02-24 09:57 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2008-03-09 05:25 . 2011-06-20 20:52 236 ----a-w- c:\program files\Common Files\dx.reg
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherWatcher"="c:\program files\Weather Watcher\ww.exe" [2007-09-23 1024000]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-11-18 30520936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-30 483428]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-18 737280]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-16 1418536]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-04-07 2145000]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2011-11-15 312376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
c:\documents and settings\anitka\Nabídka Start\Programy\Po spuštění\
Lingea Update Center.lnk - c:\program files\Common Files\Lingea Shared\luc.exe [2010-5-21 275736]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Meniny.exe [1996-2-3 49312]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Outlook Express\\wab.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [10. 6. 2009 11:01 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [10. 6. 2009 11:01 15856]
R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [24. 9. 2008 21:09 103792]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7. 4. 2010 21:07 114984]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [10. 6. 2009 11:01 25584]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [11. 12. 2008 21:46 125424]
R2 BOTService;BOTService;c:\program files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [19. 3. 2009 11:04 203248]
R2 ekrn;ESET Service;c:\program files\Eset\ESET Smart Security\ekrn.exe [7. 4. 2010 21:07 810120]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [31. 1. 2013 9:38 3289208]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [10. 6. 2009 10:55 113664]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2. 3. 2009 22:03 38912]
S2 hwdatacardq;hwdatacardq;\??\c:\windows\System32\DRIVERS\hwdatacardq.sys --> c:\windows\System32\DRIVERS\hwdatacardq.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3. 4. 2014 19:21 315008]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [30. 7. 2012 14:08 23456]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [10. 6. 2009 10:56 160256]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2015-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-29 09:56]
.
2015-02-23 c:\windows\Tasks\BackOnTrack Instant Restore Idle.job
- c:\program files\Roxio\BackOnTrack\Instant Restore\RstIdle.exe [2009-03-19 10:05]
.
2015-02-09 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-25 23:28]
.
2015-02-23 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-25 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.sk/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Hledání panelu &AOL Toolbar - c:\documents and settings\All Users\Data aplikací\AOL\ieToolbar\resources\cs-CZ\local\search.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WebIE.dll
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
FF - ProfilePath - c:\documents and settings\anitka\Data aplikací\Mozilla\Firefox\Profiles\wl5ei3z9.default\
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - ExtSQL: !HIDDEN! 2009-09-26 13:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-02-23 09:32
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3316)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\idt\wdm\STacSV.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Roxio\BackOnTrack\Instant Restore\UINotification.exe
.
**************************************************************************
.
Celkový čas: 2015-02-23 09:37:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-02-23 08:37
ComboFix2.txt 2015-02-22 17:21
.
Před spuštěním: 9 077 669 888
Po spuštění: 9 025 400 832
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - BA39B346B9C88DE1704215C99AE777D0
5C616939100B85E558DA92B899A0FC36

#6 Příspěvek od **altrok** » 23 úno 2015 18:12

Ona je totiz aktualne verze ESS 8 a nevidim duvod pro pouzivani verze 4.2

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

ukoncete vsechny programy
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Scan, pote na Cleaning
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

Walky · #7 Příspěvek od **Walky** » 23 úno 2015 19:49

# AdwCleaner v4.111 - Logfile created 23/02/2015 at 19:24:35
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : anitka - MINILAPTOP
# Running from : C:\Documents and Settings\anitka\Plocha\adwcleaner_4.111.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\anitka\Local Settings\Data aplikací\eSupport.com

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v35.0.1 (x86 sk)

*************************

AdwCleaner[R0].txt - [971 bytes] - [23/02/2015 19:15:29]
AdwCleaner[S0].txt - [903 bytes] - [23/02/2015 19:24:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [961 bytes] ##########

#8 Příspěvek od **altrok** » 23 úno 2015 20:11

Dejte log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101

Walky · #9 Příspěvek od **Walky** » 23 úno 2015 21:28

log z FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-02-2015
Ran by anitka (administrator) on MINILAPTOP on 23-02-2015 21:19:17
Running from C:\Documents and Settings\anitka\Plocha
Loaded Profiles: anitka (Available profiles: anitka)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Sonic Solutions) C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
() C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
(ESET) C:\Program Files\Eset\ESET Smart Security\ekrn.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Andrea Electronics Corporation) C:\WINDOWS\system32\AESTFltr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(ESET) C:\Program Files\Eset\ESET Smart Security\egui.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Singer's Creations) C:\Program Files\Weather Watcher\ww.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Lingea) C:\Program Files\Common Files\Lingea Shared\luc.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Documents and Settings\anitka\Plocha\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [483428 2009-03-30] (IDT, Inc.)
HKLM\...\Run: [AESTFltr] => C:\WINDOWS\system32\AESTFltr.exe [737280 2009-02-18] (Andrea Electronics Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1418536 2009-01-16] (Synaptics, Inc.)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2004-11-02] (Cyberlink Corp.)
HKLM\...\Run: [VirtualCloneDrive] => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [85160 2009-06-17] (Elaborate Bytes AG)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [2145000 2010-04-07] (ESET)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [312376 2011-11-15] (Power Software Ltd)
HKU\S-1-5-21-2632247924-638629528-3096988594-1006\...\Run: [WeatherWatcher] => C:\Program Files\Weather Watcher\ww.exe [1024000 2007-09-23] (Singer's Creations)
HKU\S-1-5-21-2632247924-638629528-3096988594-1006\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30520936 2014-11-18] (Skype Technologies S.A.)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Meniny.exe ()
Startup: C:\Documents and Settings\anitka\Nabídka Start\Programy\Po spuštění\Lingea Update Center.lnk
ShortcutTarget: Lingea Update Center.lnk -> C:\Program Files\Common Files\Lingea Shared\luc.exe (Lingea)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2632247924-638629528-3096988594-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-2632247924-638629528-3096988594-1006\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-2632247924-638629528-3096988594-1006\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2632247924-638629528-3096988594-1006 -> {76F100B9-A023-466A-B63B-AAD0388C3F9B} URL = http://www.google.co.uk/search?hl=en&q= ... rms}&meta=
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: WebTransBHO Class -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> C:\TRANSLAT\WebIE.dll ()
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: No Name -> {53707962-6F74-2D53-2644-206D7942484F} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: No Name -> {7E853D72-626A-48EC-A868-BA8D5E23E045} -> No File
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WebIE.dll ()
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4

FireFox:
========
FF ProfilePath: C:\Documents and Settings\anitka\Data aplikací\Mozilla\Firefox\Profiles\wl5ei3z9.default
FF Homepage: http://www.google.sk
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.1.13 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.1.13 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.1.13 -> C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.1.13 -> C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=15.0.1.13 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: LexFox - C:\Documents and Settings\anitka\Data aplikací\Mozilla\Firefox\Profiles\wl5ei3z9.default\Extensions\info@lingea.com [2010-12-01]
FF Extension: WebTran - C:\Documents and Settings\anitka\Data aplikací\Mozilla\Firefox\Profiles\wl5ei3z9.default\Extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829} [2010-12-11]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\anitka\Data aplikací\Mozilla\Firefox\Profiles\wl5ei3z9.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-03-02]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-26]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-09-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-25]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-01-15]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011-11-13]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-01-15]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-01-31]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [125424 2008-12-11] ()
R2 BOTService; C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [203248 2009-03-19] (Sonic Solutions)
S3 EhttpSrv; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [33560 2010-04-07] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [810120 2010-04-07] (ESET)
S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [152984 2009-06-10] (Sun Microsystems, Inc.)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-01-31] (Skype Technologies S.A.)
R2 STacSV; c:\program files\idt\wdm\STacSV.exe [254042 2009-03-30] (IDT, Inc.)
S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-18] (Microsoft Corporation)
R3 AESTAud; C:\WINDOWS\System32\drivers\AESTAud.sys [113664 2009-03-19] (Andrea Electronics Corporation)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1735040 2009-06-10] (Broadcom Corporation)
R3 btkrnl; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [991400 2008-06-24] (Broadcom Corporation.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [47272 2008-07-25] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 DrvAgent32; C:\WINDOWS\system32\Drivers\DrvAgent32.sys [23456 2012-07-30] (Phoenix Technologies) [File not signed]
R2 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [139192 2010-04-07] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [114984 2010-04-07] (ESET)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [26024 2009-12-17] (Elaborate Bytes AG)
R2 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [134488 2010-04-07] (ESET)
R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [32584 2010-04-07] (ESET)
R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [55232 2010-04-07] (ESET)
R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [38912 2009-03-02] (Atheros Communications, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 RSUSBSTOR; C:\WINDOWS\System32\Drivers\RTS5121.sys [160256 2008-11-22] (Realtek Semiconductor Corp.)
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [112096 2011-11-15] (Power Software Ltd)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1550891 2009-03-30] (IDT, Inc.)
R0 SysCow; C:\WINDOWS\System32\drivers\syscow32x.sys [103792 2008-09-24] (Sonic Solutions)
R3 VClone; C:\WINDOWS\System32\DRIVERS\VClone.sys [29696 2009-08-09] (Elaborate Bytes AG) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S2 hwdatacardq; \??\C:\WINDOWS\System32\DRIVERS\hwdatacardq.sys [X]
U4 RemoteRegistry; No ImagePath
S3 Rts516xIR; system32\DRIVERS\Rts516xIR.sys [X]
U3 TlntSvr; No ImagePath
S3 USBCCID; system32\DRIVERS\Rts5161ccid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-23 21:19 - 2015-02-23 21:21 - 00015493 _____ () C:\Documents and Settings\anitka\Plocha\FRST.txt
2015-02-23 21:18 - 2015-02-23 21:19 - 00000000 ____D () C:\FRST
2015-02-23 21:17 - 2015-02-23 21:17 - 01126912 _____ (Farbar) C:\Documents and Settings\anitka\Plocha\FRST.exe
2015-02-23 21:17 - 2015-02-23 21:17 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\anitka\Plocha\FRSTLauncher.exe
2015-02-23 19:15 - 2015-02-23 19:24 - 00000000 ____D () C:\AdwCleaner
2015-02-23 19:13 - 2015-02-23 19:14 - 02126848 _____ () C:\Documents and Settings\anitka\Plocha\adwcleaner_4.111.exe
2015-02-23 09:37 - 2015-02-23 09:37 - 00010476 _____ () C:\ComboFix.txt
2015-02-23 09:37 - 2015-02-23 09:37 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2015-02-23 09:32 - 2015-02-23 09:32 - 00000435 _____ () C:\WINDOWS\system.ini
2015-02-23 09:22 - 2015-02-23 21:21 - 00000000 ____D () C:\Documents and Settings\anitka\Local Settings\temp
2015-02-23 08:54 - 2015-02-23 08:55 - 00000000 _RSHD () C:\cmdcons
2015-02-22 17:44 - 2015-02-22 17:44 - 00000327 _____ () C:\Boot.bak
2015-02-22 17:44 - 2004-08-03 23:00 - 00261312 __RSH () C:\cmldr
2015-02-22 17:37 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-02-22 17:37 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-02-22 17:37 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-02-22 17:37 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-02-22 17:37 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-02-22 17:37 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-02-22 17:37 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-02-22 17:37 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-02-22 17:37 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-02-22 17:36 - 2015-02-23 09:37 - 00000000 ____D () C:\Qoobox
2015-02-22 17:36 - 2015-02-22 18:18 - 00000000 ____D () C:\WINDOWS\erdnt
2015-02-22 17:25 - 2015-02-22 17:27 - 00004328 _____ () C:\Documents and Settings\anitka\Plocha\Rkill.txt
2015-02-22 17:24 - 2015-02-22 17:25 - 05611903 ____R (Swearware) C:\Documents and Settings\anitka\Plocha\ComboFix.exe
2015-02-22 17:23 - 2015-02-22 17:24 - 01943800 _____ (Bleeping Computer, LLC) C:\Documents and Settings\anitka\Plocha\rkill.exe
2015-02-22 13:48 - 2015-02-22 13:52 - 00000000 ____D () C:\Program Files\trend micro
2015-02-22 13:48 - 2015-02-22 13:51 - 00000000 ____D () C:\rsit
2015-02-22 13:46 - 2015-02-22 13:47 - 01107968 _____ () C:\Documents and Settings\anitka\Plocha\RSIT.exe
2015-02-16 10:00 - 2015-02-16 09:59 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021615-01.dmp
2015-02-15 20:08 - 2015-02-15 20:08 - 00000541 _____ () C:\Documents and Settings\anitka\Plocha\GoogleEarthPluginSetup.lnk
2015-02-15 20:08 - 2015-02-15 20:08 - 00000367 _____ () C:\Documents and Settings\anitka\Plocha\__MACOSX.lnk
2015-01-29 16:41 - 2015-01-29 16:41 - 00000000 ____D () C:\Documents and Settings\LocalService\Data aplikací\McAfee
2015-01-26 20:31 - 2015-01-26 20:32 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-23 21:22 - 2014-12-01 17:56 - 00000282 _____ () C:\WINDOWS\Tasks\BackOnTrack Instant Restore Idle.job
2015-02-23 21:20 - 2009-09-26 10:44 - 00000000 ____D () C:\Program Files\Weather Watcher
2015-02-23 21:19 - 2009-09-21 18:37 - 00000000 ____D () C:\Documents and Settings\anitka\Plocha
2015-02-23 21:18 - 2009-09-21 18:37 - 00000000 ___HD () C:\Documents and Settings\anitka\Local Settings\Data aplikací
2015-02-23 19:55 - 2012-05-29 21:43 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-23 19:44 - 2008-12-01 23:01 - 00000626 _____ () C:\WINDOWS\win.ini
2015-02-23 19:43 - 2014-03-28 16:27 - 00000224 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2015-02-23 19:27 - 2008-12-01 23:22 - 02017764 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-23 19:26 - 2008-12-01 23:46 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-02-23 19:26 - 2008-12-01 23:46 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-02-23 19:26 - 2008-12-01 23:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-23 19:25 - 2009-09-21 18:37 - 00000272 ___SH () C:\Documents and Settings\anitka\ntuser.ini
2015-02-23 19:25 - 2008-12-01 23:22 - 00032514 _____ () C:\WINDOWS\SchedLgU.Txt
2015-02-23 14:14 - 2009-09-23 14:27 - 00002935 _____ () C:\WINDOWS\wincmd.ini
2015-02-23 12:12 - 2012-03-05 20:49 - 00308804 _____ () C:\WINDOWS\setupapi.log
2015-02-23 12:02 - 2009-09-22 02:20 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-02-23 09:07 - 2009-09-21 18:37 - 00000000 __RHD () C:\Documents and Settings\anitka\Data aplikací
2015-02-23 08:55 - 2008-12-01 22:46 - 00000327 __RSH () C:\boot.ini
2015-02-23 08:51 - 2009-09-22 02:21 - 00000000 ____D () C:\WINDOWS\system32\Restore
2015-02-23 08:50 - 2012-03-14 23:19 - 00004470 _____ () C:\WINDOWS\setupact.log
2015-02-22 18:09 - 2009-09-22 02:21 - 00000000 ____D () C:\Program Files\HP
2015-02-22 18:09 - 2009-09-21 18:37 - 00000000 ____D () C:\Documents and Settings\anitka
2015-02-18 18:06 - 2009-09-22 02:21 - 00000000 ____D () C:\WINDOWS\Registration
2015-02-18 17:50 - 2009-09-26 10:09 - 00000000 ____D () C:\Documents and Settings\anitka\Data aplikací\Skype
2015-02-18 17:50 - 2009-09-22 02:20 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2015-02-18 17:50 - 2009-09-22 02:20 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
2015-02-18 17:50 - 2009-09-22 02:20 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-02-18 17:50 - 2009-09-22 02:20 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2015-02-18 17:46 - 2008-12-01 23:22 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-16 10:00 - 2011-11-13 12:06 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-15 18:59 - 2013-10-22 16:20 - 00000000 ____D () C:\Documents and Settings\anitka\Plocha\DIA SKOLA
2015-02-15 13:58 - 2013-08-23 17:10 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-15 13:32 - 2009-10-02 22:24 - 113756392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-11 09:13 - 2008-12-01 23:03 - 01056954 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-10 21:15 - 2014-09-02 19:34 - 00000000 ____D () C:\Documents and Settings\anitka\Plocha\TURECKO
2015-02-09 17:34 - 2014-03-28 16:27 - 00000218 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2015-02-06 10:55 - 2012-05-29 21:43 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-06 10:55 - 2012-02-24 10:57 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-02-02 21:54 - 2014-04-23 18:20 - 00000000 ____D () C:\Documents and Settings\anitka\Plocha\SMSNG APRIL
2015-01-29 16:41 - 2009-09-22 02:20 - 00000000 ____D () C:\Documents and Settings\LocalService\Data aplikací
2015-01-28 16:06 - 2012-04-30 17:19 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2011-06-20 21:52 - 2008-03-09 06:25 - 0000236 _____ () C:\Program Files\Common Files\dx.reg
2009-09-21 18:51 - 2009-09-21 18:51 - 0000000 _____ () C:\Documents and Settings\anitka\Data aplikací\wklnhst.dat
2009-09-25 11:49 - 2014-10-29 13:52 - 0130048 _____ () C:\Documents and Settings\anitka\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-09-21 18:37 - 2009-09-21 18:45 - 0000126 _____ () C:\Documents and Settings\anitka\Local Settings\Data aplikací\fusioncache.dat

Some content of TEMP:
====================
C:\Documents and Settings\anitka\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\anitka\Local Settings\temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\BackOnTrack Instant Restore Idle.job => C:\Program Files\Roxio\BackOnTrack\Instant Restore\RstIdle.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: ESET Smart Security 4.2 (Disabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall (Disabled) {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\anitka\Plocha" je 18856 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Outlook Express\\wab.exe"="C:\\Program Files\\Outlook Express\\wab.exe:*:Enabled:Adres systmu Windows"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox (C:\\Program Files\\Mozilla Firefox)"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"139:TCP"="139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002"

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000

==================== End Of Log ==============================

#10 Příspěvek od **altrok** » 23 úno 2015 21:53

Velikost plochy by nemela presahovat 200 MB. Zpomaluje se pak start i samotny chod celeho PC.

Odinstalujte starou a zranitelnou verzi javy Java(TM) 6 Update 11. Pokud javu potrebujete, pak nainstalujte novou z java.com - pozor na adware pri jeji instalaci http://forum.viry.cz/viewtopic.php?p=1374438#p1374438 . Z hlediska bezpecnosti (exploity) je lepsi ji nemit.

Ulozte na plochu OTM - http://oldtimer.geekstogo.com/OTM.exe
ukoncete vsechny programy
kliknete pravym na ikonu OTM.exe a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
obsah bileho pole zkopirujte do leveho okna OTM a kliknete na MoveIt!
po restartu vlozte log, ktery bude v C:\_OTM\MovedFiles\mmddyyyy_hhmmss.log

Kód: Vybrat vše

:commands
[Purity]
[EmptyTemp]
[EmptyFlash]
[EmptyJava]

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"=-
"2869:TCP"=-
"139:TCP"=-
"445:TCP"=-
"137:UDP"=-
"138:UDP"=-

Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
znovu spustte FRST a kliknete na Fix

po restartu na Vas vyskoci fixlog (pripadne bude ulozen na Plose), jehoz obsah mi vlozte do pristi odpovedi

Kód: Vybrat vše

Start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2632247924-638629528-3096988594-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {7E853D72-626A-48EC-A868-BA8D5E23E045} -> No File

S2 hwdatacardq; \??\C:\WINDOWS\System32\DRIVERS\hwdatacardq.sys [X]
C:\WINDOWS\System32\DRIVERS\hwdatacardq.sys

2015-02-23 21:17 - 2015-02-23 21:17 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\anitka\Plocha\FRSTLauncher.exe
2015-02-23 19:15 - 2015-02-23 19:24 - 00000000 ____D () C:\AdwCleaner
2015-02-23 19:13 - 2015-02-23 19:14 - 02126848 _____ () C:\Documents and Settings\anitka\Plocha\adwcleaner_4.111.exe
2015-02-22 13:48 - 2015-02-22 13:52 - 00000000 ____D () C:\Program Files\trend micro
2015-02-22 13:48 - 2015-02-22 13:51 - 00000000 ____D () C:\rsit
2015-02-22 13:46 - 2015-02-22 13:47 - 01107968 _____ () C:\Documents and Settings\anitka\Plocha\RSIT.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
AlternateDataStreams: C:\WINDOWS\system32\Drivers\yejwpvad.sys:changelist
C:\WINDOWS\system32\Drivers\yejwpvad.sys
EmptyTemp:
End

Walky · #11 Příspěvek od **Walky** » 23 úno 2015 22:21

OTM log

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: anitka
->Temp folder emptied: 2171285 bytes
->Temporary Internet Files folder emptied: 219356183 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 422895491 bytes
->Flash cache emptied: 69706 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3713 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 615,00 mb

[EMPTYFLASH]

User: All Users

User: anitka
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

[EMPTYJAVA]

User: All Users

User: anitka
->Java cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0,00 mb

========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP10.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP134.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP168.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP218.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP235.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP24D.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP252E.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP25FE.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP260.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP270.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2BE.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2C.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2E.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2F.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2FF.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP30.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP307.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP32.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP342.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP38C.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3A0.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3AD.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3FD.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP401.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP460.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP46D.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP476.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP48D.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4E1.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4FE.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP529.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP52D.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP52E.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP55.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP55E.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP57.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP574.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5D.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP608.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP63.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP66.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP69.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6C.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP71.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP89.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP95.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9D.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9DE.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA.tmp folder moved successfully.
C:\WINDOWS\Installer\MSI1568.tmp moved successfully.
C:\WINDOWS\Installer\MSI1628.tmp moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP deleted successfully.

OTM by OldTimer - Version 3.1.21.0 log created on 02232015_220615

Files moved on Reboot...
File C:\Documents and Settings\anitka\Local Settings\Temp\Perflib_Perfdata_8b8.dat not found!

Registry entries deleted on Reboot...

Walky · #12 Příspěvek od **Walky** » 23 úno 2015 22:33

a fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-02-2015
Ran by anitka at 2015-02-23 22:24:47 Run:1
Running from C:\Documents and Settings\anitka\Plocha
Loaded Profiles: anitka (Available profiles: anitka)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2632247924-638629528-3096988594-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {7E853D72-626A-48EC-A868-BA8D5E23E045} -> No File

S2 hwdatacardq; \??\C:\WINDOWS\System32\DRIVERS\hwdatacardq.sys [X]
C:\WINDOWS\System32\DRIVERS\hwdatacardq.sys

2015-02-23 21:17 - 2015-02-23 21:17 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\anitka\Plocha\FRSTLauncher.exe
2015-02-23 19:15 - 2015-02-23 19:24 - 00000000 ____D () C:\AdwCleaner
2015-02-23 19:13 - 2015-02-23 19:14 - 02126848 _____ () C:\Documents and Settings\anitka\Plocha\adwcleaner_4.111.exe
2015-02-22 13:48 - 2015-02-22 13:52 - 00000000 ____D () C:\Program Files\trend micro
2015-02-22 13:48 - 2015-02-22 13:51 - 00000000 ____D () C:\rsit
2015-02-22 13:46 - 2015-02-22 13:47 - 01107968 _____ () C:\Documents and Settings\anitka\Plocha\RSIT.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
AlternateDataStreams: C:\WINDOWS\system32\Drivers\yejwpvad.sys:changelist
C:\WINDOWS\system32\Drivers\yejwpvad.sys
EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2632247924-638629528-3096988594-1006\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}" => Key deleted successfully.
HKCR\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045} => Key not found.
hwdatacardq => Service deleted successfully.
"C:\WINDOWS\System32\DRIVERS\hwdatacardq.sys" => File/Directory not found.
C:\Documents and Settings\anitka\Plocha\FRSTLauncher.exe => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Documents and Settings\anitka\Plocha\adwcleaner_4.111.exe => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\rsit => Moved successfully.
C:\Documents and Settings\anitka\Plocha\RSIT.exe => Moved successfully.
C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => Moved successfully.
C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => Moved successfully.
C:\WINDOWS\system32\Drivers\yejwpvad.sys => ":changelist" ADS removed successfully.
C:\WINDOWS\system32\Drivers\yejwpvad.sys => Moved successfully.
EmptyTemp: => Removed 18.6 MB temporary data.

The system needed a reboot.

==== End of Fixlog 22:25:24 ====

#13 Příspěvek od **altrok** » 23 úno 2015 22:35

Prejmenujte ComboFix na Uninstall a spustte jako spravce
ComboFix se odinstaluje.

Dejte mi jeste log z rkillu (ktery jste vytvoril pred prvnim spustenim ComboFixu).
2015-02-22 17:25 - 2015-02-22 17:27 - 00004328 _____ () C:\Documents and Settings\anitka\Plocha\Rkill.txt

Problem pretrvava?

Ulozte na plochu MBAR - http://www.bleepingcomputer.com/downloa ... i-rootkit/

Spuste dvojklikem a extrahujte na plochu
kliknete na Next
Aktualizujte virovou databazi klikem na Update a pokracujte na Next
Vsechny 3 moznosti nechte zaskrtnute a zvolte Scan (potrva cca 15 minut)
zatrhnete vsechny nalezy a take zkontrolujte zatrzitko u Create Restore Point
kliknete na Cleanup a souhlaste s restartem - Yes
obsah logu ulozene na plose v mbar\mbar-log-2015-mm-dd (hh-mm-ss).txt vlozte do pristi odpovedi

Walky · #14 Příspěvek od **Walky** » 23 úno 2015 23:01

Este stale samo pise na klavesnici na login obrayovke kym nieco nestlacim. Idem spravit MBAR

log

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/22/2015 05:25:38 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Modified HKCU\...\Winlogon: [Shell] => ,explorer.exe,C:\Documents and Settings\anitka\Data aplikací\nsvb.exe

* System Restore Disabled

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = dword:00000001

Checking Windows Service Integrity:

* Služba obnovení systému (srservice) is not Running.
Startup Type set to: Automatic

* Ovladač filtru Obnovy systému (sr) is not Running.
Startup Type set to: Disabled

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com

20 out of 15196 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 02/22/2015 05:27:28 PM
Execution time: 0 hours(s), 1 minute(s), and 49 seconds(s)

Walky · #15 Příspěvek od **Walky** » 24 úno 2015 00:02

Mbar nic nenasiel

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
main: v2015.02.23.08
rootkit: v2015.02.22.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
anitka :: MINILAPTOP [administrator]

23. 2. 2015 23:16:11
mbar-log-2015-02-23 (23-16-11).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 306788
Time elapsed: 45 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

VIRY.CZ

Klavesnica sama pise ;

Klavesnica sama pise ;

Re: Klavesnica sama pise ;

Re: Klavesnica sama pise ;

Re: Klavesnica sama pise ;

Re: Klavesnica sama pise ;

Re: Klavesnica sama pise ;

Re: Klavesnica sama pise ;

Re: Klavesnica sama pise ;

Re: Klavesnica sama pise ;

Re: Klavesnica sama pise ;

Re: Klavesnica sama pise ;

Re: Klavesnica sama pise ;

Re: Klavesnica sama pise ;

Re: Klavesnica sama pise ;

Re: Klavesnica sama pise ;