Dobrý den,
kolegyně včera otevřela zavirovanou přílohu v e-mailu(která se tvářila jako dokument MS-Word), kde byla informována o odeslání dokumentů omylem.
Některé ikony na ploše byly změněny. ADW Cleaner nefunguje, hlásí chybu, taktéž MBAM(ve Win XP mohu použít pouze starou verzi - 690dní), pomocí Avastu ho nemohu dostat pryč. Prosím o pomoc.
Níže posílám logy RSIT a FRST:
Logfile of random's system information tool 1.10 (written by random/random)
Run by kancelar at 2015-02-25 09:41:28
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 345 GB (75%) free of 461 GB
Total RAM: 3327 MB (70% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:41:37, on 25.2.2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Vema\V4S\1.21.03\NV3ServerSrv.exe
c:\Program Files\Vema\V3S\11.21.02\NV3ServerSrv.exe
c:\Program Files\Vema\NV3PxS\1.24.01\NV3ProxyServer.exe
c:\Program Files\Vema\CentrS\3.21.02\NV3ServerSrv.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\kancelar\Plocha\RSIT.exe
C:\Program Files\trend micro\kancelar.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.seznam.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmdt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmdt
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [MFNetworkScanUtility] C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT.EXE
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://ginaplpo.kraj-lbc.cz
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - https://www.mojedatovaschranka.cz/stati ... ctivex.cab
O16 - DPF: {A37D61CF-622A-4775-955E-492A0616D75F} (Gordic AX2) - http://ginaplpo.kraj-lbc.cz/Gordic/Gini ... ax/ax2.cab
O16 - DPF: {BC9B791F-CE75-4DD2-81FD-58CD28FECCAF} (Gordic.ActiveX.Security.ActiveXObject) - http://ginaplpo.kraj-lbc.cz/Gordic/Gini ... curity.cab
O16 - DPF: {C12B6761-AD05-4DA8-9F44-589635C31867} - http://ginaplpo.kraj-lbc.cz/Gordic/Gini ... nstall.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skola.int
O17 - HKLM\Software\..\Telephony: DomainName = skola.int
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = skola.int
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Vema V4 Manažer služeb (VemaV4ServiceManager) - Vema, a. s. Okružní 871/3a, 638 00 Brno, CZ - c:\Program Files\Vema\V4S\1.21.03\NV3ServerSrv.exe
--
End of file - 8953 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\avast! Emergency Update.job - C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe -c
C:\WINDOWS\tasks\User_Feed_Synchronization-{B3C35B80-514F-4B41-B660-9DED5E7A7EC3}.job - C:\WINDOWS\system32\msfeedssync.exe sync
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 4171480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre7\bin\ssv.dll [2014-08-27 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2014-11-21 586968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-08-27 171944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-05-01 13750272]
"PDF Complete"=C:\Program Files\PDF Complete\pdfsty.exe [2008-04-07 318488]
"SetRefresh"=C:\Program Files\Compaq\SetRefresh\SetRefresh.exe [2003-11-21 525824]
"Recguard"=C:\WINDOWS\Sminst\Recguard.exe [2006-05-12 1138688]
"Scheduler"=C:\WINDOWS\SMINST\Scheduler.exe [2006-07-10 872448]
"MFNetworkScanUtility"=C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT.EXE [2012-09-27 472728]
"AvastUI.exe"=C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2015-01-27 5227112]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-05-08 959904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2013-04-04 532040]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-06-01 94208]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2015-02-19 5503768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2011-12-20 87424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 4171480]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDesktopCleanupWizard"=1
"NoAutoUpdate"=1
"NoWelcomeScreen"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe"="C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent"
"C:\WINDOWS\SMINST\Scheduler.exe"="C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler "
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Program Files\HP\csiInstaller\5C069542-CA13-4f1b-B90C-28C6430F4992\Installer\hpbcsiInstaller.exe"="C:\Program Files\HP\csiInstaller\5C069542-CA13-4f1b-B90C-28C6430F4992\Installer\hpbcsiInstaller.exe:*:Enabled:HP Networked Printer Installer"
"L:\winbox.exe"="L:\winbox.exe:*:Enabled:winbox"
"C:\Program Files\Google\Chrome\Application\chrome.exe"="C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======List of files/folders created in the last 1 month======
2015-02-25 09:41:28 ----D---- C:\rsit
2015-02-25 09:28:22 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2015-02-25 09:28:22 ----A---- C:\WINDOWS\system32\drivers\mbamchameleon.sys
2015-02-24 20:14:18 ----D---- C:\Documents and Settings\kancelar\Data aplikací\Malwarebytes
2015-02-24 20:14:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2015-02-24 20:14:06 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2015-02-24 19:49:09 ----D---- C:\AdwCleaner
2015-02-24 19:18:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2015-02-24 10:01:36 ----D---- C:\Documents and Settings\kancelar\Data aplikací\MsDtc
======List of files/folders modified in the last 1 month======
2015-02-25 09:41:36 ----D---- C:\WINDOWS\Prefetch
2015-02-25 09:41:33 ----D---- C:\Program Files\trend micro
2015-02-25 09:34:31 ----D---- C:\WINDOWS\Temp
2015-02-25 09:34:06 ----D---- C:\WINDOWS\system32\drivers
2015-02-25 09:28:22 ----D---- C:\Program Files
2015-02-25 09:20:16 ----D---- C:\WINDOWS
2015-02-25 09:18:37 ----D---- C:\WINDOWS\SMINST
2015-02-25 09:13:13 ----D---- C:\WINDOWS\system32
2015-02-25 07:56:49 ----D---- C:\WINDOWS\security
2015-02-25 07:56:44 ----N---- C:\WINDOWS\SchedLgU.Txt
2015-02-24 21:48:14 ----A---- C:\WINDOWS\WINCMD.INI
2015-02-24 19:28:38 ----D---- C:\WINDOWS\Debug
2015-02-24 19:26:56 ----D---- C:\Program Files\Google
2015-02-24 19:26:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2015-02-24 19:26:55 ----SHD---- C:\WINDOWS\Installer
2015-02-24 19:26:01 ----D---- C:\Program Files\CCleaner
2015-02-20 11:09:40 ----D---- C:\Program Files\Vema
2015-02-20 11:05:47 ----D---- C:\Vemainst
2015-02-13 06:51:00 ----D---- C:\WINDOWS\Microsoft.NET
2015-02-13 06:50:32 ----RSD---- C:\WINDOWS\assembly
2015-02-12 06:45:52 ----D---- C:\WINDOWS\system32\MRT
2015-02-12 06:40:37 ----A---- C:\WINDOWS\system32\MRT.exe
2015-02-12 06:40:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2015-02-12 06:40:30 ----A---- C:\WINDOWS\win.ini
2015-02-05 08:52:20 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-04 23:06:04 ----SD---- C:\WINDOWS\Tasks
2015-02-03 13:57:59 ----D---- C:\WINDOWS\system32\CatRoot2
2015-02-03 07:46:32 ----HD---- C:\WINDOWS\inf
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2014-11-21 49944]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2014-11-21 206248]
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\System32\DRIVERS\iaStor.sys [2008-08-14 325144]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2014-11-21 55240]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2014-11-24 787800]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2014-11-21 423784]
R1 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2014-11-21 57928]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2008-07-14 207688]
R1 mfetdik;McAfee Inc. mfetdik; C:\WINDOWS\system32\drivers\mfetdik.sys [2008-07-14 55176]
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2014-11-21 24184]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2014-11-21 70384]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 regi;regi; C:\WINDOWS\system32\drivers\regi.sys [2007-04-17 11032]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-14 206976]
R3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
R3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-09-25 4818432]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2005-09-21 10368]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-08-11 10144]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-05-01 8060192]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2013-10-28 415832]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 P3;Ovladač procesoru Intel PentiumIII; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-14 46592]
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-10-24 117760]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver; C:\WINDOWS\system32\DRIVERS\e1y5132.sys [2008-06-14 243856]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2008-04-14 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2008-04-14 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2008-04-14 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2008-04-14 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2008-04-14 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2008-04-14 19455]
S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2008-04-14 11807]
S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2008-04-14 11295]
S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2008-04-14 11871]
S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2008-04-14 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2008-04-14 19551]
S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2008-04-14 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2008-04-14 23615]
S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2008-04-14 25471]
S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2008-04-14 22271]
S3 MfeAVFK;McAfee Inc. MfeAVFK; C:\WINDOWS\system32\drivers\MfeAVFK.sys [2008-07-14 79240]
S3 MfeBOPK;McAfee Inc. MfeBOPK; C:\WINDOWS\system32\drivers\MfeBOPK.sys [2008-07-14 35240]
S3 MfeRKDK;McAfee Inc. MfeRKDK; C:\WINDOWS\system32\drivers\MfeRKDK.sys [2008-07-14 34152]
S3 MOSUMAC;USB-Ethernet Driver; C:\WINDOWS\system32\DRIVERS\MOSUMAC.SYS [2009-08-03 40960]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 RTL8167;Realtek 8167 NT Driver; C:\WINDOWS\system32\DRIVERS\Rt86win7.sys [2013-10-28 680664]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 adpu320;adpu320; C:\WINDOWS\system32\DRIVERS\adpu320.sys [2002-05-09 105472]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
S4 Symmpi;Symmpi; C:\WINDOWS\system32\DRIVERS\symmpi.sys [2002-04-04 28416]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2014-11-21 50344]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2008-04-07 576024]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 VemaV4ServiceManager;Vema V4 Manažer služeb; c:\Program Files\Vema\V4S\1.21.03\NV3ServerSrv.exe [2015-02-02 1896448]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20 116648]
S2 HP LaserJet Service;HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [2010-04-12 142336]
S2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe [2011-12-20 374152]
S2 PCA;PC Angel; C:\WINDOWS\SMINST\PCAngel.exe [2006-06-13 364544]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05 267440]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20 116648]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-05-01 168004]
-----------------EOF-----------------
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-02-2015
Ran by kancelar (administrator) on KANCELAR00 on 25-02-2015 09:43:30
Running from C:\Documents and Settings\kancelar\Plocha
Loaded Profiles: kancelar (Available profiles: Administrator & kancelar & pergerova & oper & babcova & skolnik & holubova)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Software602 a.s.) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Vema, a. s. Okružní 871/3a, 638 00 Brno, CZ) C:\Program Files\Vema\V4S\1.21.03\NV3ServerSrv.exe
(Vema, a. s. Okružní 871/3a, 638 00 Brno, CZ) C:\Program Files\Vema\V3S\11.21.02\NV3ServerSrv.exe
(Vema, a. s. Okružní 871/3a, 638 00 Brno, CZ) C:\Program Files\Vema\NV3PxS\1.24.01\NV3ProxyServer.exe
(Vema, a. s. Okružní 871/3a, 638 00 Brno, CZ) C:\Program Files\Vema\CentrS\3.21.02\NV3ServerSrv.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(forum.viry.cz) C:\Documents and Settings\kancelar\Plocha\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [nwiz] => nwiz.exe /installquiet /keeploaded /nodetect
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [318488 2008-04-07] (PDF Complete Inc)
HKLM\...\Run: [SetRefresh] => C:\Program Files\Compaq\SetRefresh\SetRefresh.exe [525824 2003-11-21] (Hewlett-Packard Company)
HKLM\...\Run: [Recguard] => C:\WINDOWS\Sminst\Recguard.exe [1138688 2006-05-12] ()
HKLM\...\Run: [Scheduler] => C:\WINDOWS\SMINST\Scheduler.exe [872448 2006-07-10] ()
HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT.EXE [472728 2012-09-27] (CANON INC.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] => C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
HKU\S-1-5-21-898712048-2085054343-697575874-1028\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [94208 2006-06-01] (Nero AG)
HKU\S-1-5-21-898712048-2085054343-697575874-1028\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5503768 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-898712048-2085054343-697575874-1028\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-898712048-2085054343-697575874-1028\...\Policies\Explorer: [NoAutoUpdate] 1
HKU\S-1-5-21-898712048-2085054343-697575874-1028\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-898712048-2085054343-697575874-1028\...\MountPoints2: {6b0c2770-bfa1-11de-bdaa-002481856a41} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AutoSync.bat
HKU\S-1-5-21-898712048-2085054343-697575874-1028\...\MountPoints2: {91d37b54-3719-11df-be1e-002481856a41} - L:\flash.exe F:\
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmdt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmdt
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
HKU\S-1-5-21-898712048-2085054343-697575874-1028\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-898712048-2085054343-697575874-1028\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKU\S-1-5-21-898712048-2085054343-697575874-1028\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.seznam.cz
SearchScopes: HKU\S-1-5-21-898712048-2085054343-697575874-1028 -> {0755538D-7885-4E77-9D86-71B92E4D3603} URL = http://websearch.ask.com/redirect?clien ... 07BA9ECCC0
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-898712048-2085054343-697575874-1028 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKU\S-1-5-21-898712048-2085054343-697575874-1028 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} https://www.mojedatovaschranka.cz/stati ... ctivex.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {A37D61CF-622A-4775-955E-492A0616D75F} http://ginaplpo.kraj-lbc.cz/Gordic/Gini ... ax/ax2.cab
DPF: {BC9B791F-CE75-4DD2-81FD-58CD28FECCAF} http://ginaplpo.kraj-lbc.cz/Gordic/Gini ... curity.cab
DPF: {C12B6761-AD05-4DA8-9F44-589635C31867} http://ginaplpo.kraj-lbc.cz/Gordic/Gini ... nstall.cab
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.77.11 192.168.77.12
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.4 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @software602.cz/602XML Filler -> C:\Program Files\Software602\602XML\Filler\npfiller.dll (Software602 a.s.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-898712048-2085054343-697575874-1028: @kb-ext.cz/PKIComponent -> C:\Documents and Settings\kancelar\Data aplikací\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll (Komerční banka, a.s.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-04]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-06-09]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Documents and Settings\kancelar\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\kancelar\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-20]
CHR Extension: (Google Drive) - C:\Documents and Settings\kancelar\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-20]
CHR Extension: (YouTube) - C:\Documents and Settings\kancelar\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-20]
CHR Extension: (Google Search) - C:\Documents and Settings\kancelar\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-20]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\kancelar\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-20]
CHR Extension: (Google Wallet) - C:\Documents and Settings\kancelar\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-20]
CHR Extension: (Gmail) - C:\Documents and Settings\kancelar\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-20]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-21]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 602XML Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-11-21] (AVAST Software)
S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [142336 2010-04-12] (HP) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-01-18] (Hewlett-Packard) [File not signed]
S4 nvsvc; C:\WINDOWS\system32\nvsvc32.exe [168004 2009-05-01] (NVIDIA Corporation) [File not signed]
S2 PCA; C:\WINDOWS\SMINST\PCAngel.exe [364544 2006-06-13] (SoftThinks) [File not signed]
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [576024 2008-04-07] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-01-18] (Hewlett-Packard) [File not signed]
R2 VemaV4ServiceManager; c:\Program Files\Vema\V4S\1.21.03\NV3ServerSrv.exe [1896448 2015-02-02] (Vema, a. s. Okružní 871/3a, 638 00 Brno, CZ) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-18] (Intel Corporation)
S4 adpu320; C:\WINDOWS\system32\DRIVERS\adpu320.sys [105472 2002-05-09] (Adaptec, Inc.) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-21] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-21] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-21] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-21] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-24] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-11-21] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-21] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-21] ()
S3 e1yexpress; C:\WINDOWS\System32\DRIVERS\e1y5132.sys [243856 2008-06-14] (Intel Corporation)
S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [161020 2008-04-14] (Intel(R) Corporation)
S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12415 2008-04-14] (Intel(R) Corporation)
S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12127 2008-04-14] (Intel(R) Corporation)
S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11775 2008-04-14] (Intel(R) Corporation)
S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [12063 2008-04-14] (Intel(R) Corporation)
S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19455 2008-04-14] (Intel(R) Corporation)
S3 iAimFP5; C:\WINDOWS\System32\DRIVERS\wADV07nt.sys [11807 2008-04-14] (Intel(R) Corporation)
S3 iAimFP6; C:\WINDOWS\System32\DRIVERS\wADV08nt.sys [11295 2008-04-14] (Intel(R) Corporation)
S3 iAimFP7; C:\WINDOWS\System32\DRIVERS\wADV09nt.sys [11871 2008-04-14] (Intel(R) Corporation)
S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29311 2008-04-14] (Intel(R) Corporation)
S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19551 2008-04-14] (Intel(R) Corporation)
S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33599 2008-04-14] (Intel(R) Corporation)
S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23615 2008-04-14] (Intel(R) Corporation)
S3 iAimTV5; C:\WINDOWS\System32\DRIVERS\wATV10nt.sys [25471 2008-04-14] (Intel(R) Corporation)
S3 iAimTV6; C:\WINDOWS\System32\DRIVERS\wATV06nt.sys [22271 2008-04-14] (Intel(R) Corporation)
R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [10368 2005-09-21] (InterVideo, Inc.) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MfeAVFK; C:\WINDOWS\System32\drivers\MfeAVFK.sys [79240 2008-07-14] (McAfee, Inc.)
S3 MfeBOPK; C:\WINDOWS\System32\drivers\MfeBOPK.sys [35240 2008-07-14] (McAfee, Inc.)
R1 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [207688 2008-07-14] (McAfee, Inc.)
S3 MfeRKDK; C:\WINDOWS\System32\drivers\MfeRKDK.sys [34152 2008-07-14] (McAfee, Inc.)
R1 mfetdik; C:\WINDOWS\System32\drivers\mfetdik.sys [55176 2008-07-14] (McAfee, Inc.)
S3 MOSUMAC; C:\WINDOWS\System32\DRIVERS\MOSUMAC.SYS [40960 2009-08-03] (--)
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [46592 2008-04-14] (Microsoft Corporation)
S4 Symmpi; C:\WINDOWS\system32\DRIVERS\symmpi.sys [28416 2002-04-04] (LSI Logic) [File not signed]
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
S4 LMIRfsClientNP; No ImagePath
U1 WS2IFSL; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-25 09:43 - 2015-02-25 09:43 - 00018181 _____ () C:\Documents and Settings\kancelar\Plocha\FRST.txt
2015-02-25 09:42 - 2015-02-25 09:43 - 00000000 ____D () C:\FRST
2015-02-25 09:41 - 2015-02-25 09:41 - 00000000 ____D () C:\rsit
2015-02-25 09:40 - 2015-02-25 09:40 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\kancelar\Plocha\FRSTLauncher.exe
2015-02-25 09:39 - 2015-02-25 09:39 - 01126912 _____ (Farbar) C:\Documents and Settings\kancelar\Plocha\FRST.exe
2015-02-25 09:38 - 2015-02-25 09:38 - 01107968 _____ () C:\Documents and Settings\kancelar\Plocha\RSIT.exe
2015-02-25 09:29 - 2015-02-25 09:29 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
2015-02-25 09:28 - 2015-02-25 09:28 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-25 09:28 - 2015-02-25 09:28 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes Anti-Malware
2015-02-25 09:28 - 2014-11-21 06:14 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-24 20:14 - 2015-02-25 09:29 - 00000784 _____ () C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
2015-02-24 20:14 - 2015-02-25 09:29 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-02-24 20:14 - 2015-02-24 20:14 - 00000000 ____D () C:\Documents and Settings\kancelar\Data aplikací\Malwarebytes
2015-02-24 20:14 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-24 20:12 - 2015-02-24 20:12 - 10284816 _____ (Malwarebytes Corporation ) C:\Documents and Settings\kancelar\Plocha\mbam-setup-1.75.0.1300.exe
2015-02-24 19:49 - 2015-02-25 09:23 - 00000000 ____D () C:\AdwCleaner
2015-02-24 19:48 - 2015-02-24 19:48 - 02126848 _____ () C:\Documents and Settings\kancelar\Plocha\adwcleaner_4.111.exe
2015-02-24 19:18 - 2015-02-24 20:14 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2015-02-24 10:01 - 2015-02-24 14:07 - 00000000 ____D () C:\Documents and Settings\kancelar\Data aplikací\MsDtc
2015-02-24 07:20 - 2015-02-24 07:20 - 00035328 _____ () C:\Documents and Settings\kancelar\Plocha\Přihláška na 5.3.2015.xls
2015-02-19 10:25 - 2015-02-19 10:25 - 00012523 _____ () C:\Documents and Settings\kancelar\Plocha\faktura 10.xlsx
2015-02-19 10:24 - 2015-02-19 10:24 - 00012007 _____ () C:\Documents and Settings\kancelar\Plocha\faktura 11.xlsx
2015-02-13 14:56 - 2015-02-13 14:57 - 00077353 _____ () C:\Documents and Settings\kancelar\Plocha\Kopie - Tiskopis na cestovní náhrady.xlsx
2015-02-13 08:24 - 2015-02-13 08:24 - 00061174 _____ () C:\Documents and Settings\kancelar\Plocha\ONZ_v60_publikovano_5112014.zip
2015-01-27 15:15 - 2015-01-27 15:15 - 00003703 _____ () C:\Documents and Settings\kancelar\Plocha\tmp000001.xml
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-25 09:43 - 2009-10-15 13:44 - 00000000 ____D () C:\Documents and Settings\kancelar\Plocha
2015-02-25 09:43 - 2009-10-15 13:44 - 00000000 ____D () C:\Documents and Settings\kancelar\Local Settings\Temp
2015-02-25 09:42 - 2009-10-15 13:44 - 00000000 ___HD () C:\Documents and Settings\kancelar\Local Settings\Data aplikací
2015-02-25 09:41 - 2014-09-24 18:27 - 00000000 ____D () C:\Program Files\trend micro
2015-02-25 09:33 - 2009-10-15 12:12 - 00000112 _____ () C:\WINDOWS\system32\config\netlogon.ftl
2015-02-25 09:29 - 2009-10-15 20:41 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-02-25 09:29 - 2009-10-15 20:41 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2015-02-25 09:23 - 2012-04-06 12:10 - 00000472 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{B3C35B80-514F-4B41-B660-9DED5E7A7EC3}.job
2015-02-25 09:20 - 2009-10-15 13:44 - 00000000 ____D () C:\Documents and Settings\kancelar
2015-02-25 09:18 - 2014-10-20 06:49 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-25 09:18 - 2014-09-24 18:14 - 00000228 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2015-02-25 09:18 - 2012-07-09 06:52 - 00000366 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-02-25 09:18 - 2009-10-15 20:42 - 00000000 ____D () C:\WINDOWS\SMINST
2015-02-25 09:18 - 2009-05-01 13:48 - 00229986 _____ () C:\WINDOWS\system32\NvApps.xml
2015-02-25 09:18 - 2009-04-06 02:08 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-25 09:15 - 2009-04-06 02:13 - 01383354 ____N () C:\WINDOWS\WindowsUpdate.log
2015-02-25 09:13 - 2009-04-06 03:42 - 00000159 ____N () C:\WINDOWS\wiadebug.log
2015-02-25 09:13 - 2009-04-06 03:42 - 00000049 ____N () C:\WINDOWS\wiaservc.log
2015-02-25 09:12 - 2009-04-06 02:13 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-25 07:56 - 2014-11-18 13:29 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2015-02-25 07:56 - 2009-10-15 20:42 - 00000000 ____D () C:\WINDOWS\security
2015-02-25 07:56 - 2009-10-15 13:44 - 00000178 ___SH () C:\Documents and Settings\kancelar\ntuser.ini
2015-02-25 07:56 - 2009-04-06 02:13 - 00032492 ____N () C:\WINDOWS\SchedLgU.Txt
2015-02-25 07:52 - 2012-04-03 06:08 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-25 07:11 - 2014-10-20 06:49 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-24 21:48 - 2009-10-23 07:58 - 00004735 _____ () C:\WINDOWS\WINCMD.INI
2015-02-24 20:14 - 2009-10-15 13:44 - 00000000 __RHD () C:\Documents and Settings\kancelar\Data aplikací
2015-02-24 19:26 - 2014-09-26 08:10 - 00000682 _____ () C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
2015-02-24 19:26 - 2014-09-26 08:10 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-24 19:26 - 2010-09-23 10:02 - 00000000 ____D () C:\Documents and Settings\kancelar\Local Settings\Data aplikací\Google
2015-02-24 19:26 - 2010-09-23 10:01 - 00000000 ____D () C:\Program Files\Google
2015-02-24 19:26 - 2010-09-23 10:01 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Google
2015-02-24 19:18 - 2009-10-15 20:41 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2015-02-24 10:55 - 2009-10-26 10:25 - 00000000 ____D () C:\Documents and Settings\kancelar\Dokumenty\Hnidkova
2015-02-20 14:46 - 2009-10-26 10:25 - 00000000 ____D () C:\Documents and Settings\kancelar\Dokumenty\DOHNALOVÁ
2015-02-20 12:12 - 2014-10-20 06:50 - 00001813 _____ () C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
2015-02-20 11:09 - 2009-10-23 08:05 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Vema
2015-02-20 11:09 - 2009-10-23 08:04 - 00000000 ____D () C:\Program Files\Vema
2015-02-20 11:07 - 2012-04-19 07:56 - 00000684 _____ () C:\Documents and Settings\All Users\Plocha\Vema - Klient.lnk
2015-02-20 11:05 - 2009-10-23 08:13 - 00000000 ____D () C:\Vemainst
2015-02-16 07:15 - 2009-10-15 20:41 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2015-02-13 14:44 - 2009-10-15 13:44 - 00000000 ___RD () C:\Documents and Settings\kancelar\Dokumenty\Obrázky
2015-02-13 11:01 - 2009-10-15 13:44 - 00000000 ___RD () C:\Documents and Settings\kancelar\Dokumenty
2015-02-13 06:51 - 2009-10-15 20:42 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-02-12 06:45 - 2014-09-24 18:06 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-12 06:40 - 2009-12-07 07:24 - 113756392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-12 06:40 - 2009-10-15 20:41 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2015-02-12 06:40 - 2009-04-06 01:54 - 00000582 _____ () C:\WINDOWS\win.ini
2015-02-10 15:20 - 2014-12-12 08:55 - 00743936 _____ () C:\Documents and Settings\kancelar\Dokumenty\Kopie - FKSP příspěvky (3).xls
2015-02-05 08:52 - 2012-04-03 06:08 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-05 08:52 - 2011-06-20 07:58 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-28 12:47 - 2009-10-26 10:28 - 00000000 ____D () C:\Documents and Settings\kancelar\Dokumenty\Jídelna
==================== Files in the root of some directories =======
2011-03-07 07:27 - 2013-12-19 07:39 - 0009216 _____ () C:\Documents and Settings\kancelar\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some content of TEMP:
====================
C:\Documents and Settings\kancelar\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\kancelar\Local Settings\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:449.75 GB) (Free:337.17 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (HP_RECOVERY) (Fixed) (Total:16 GB) (Free:9.91 GB) NTFS
Drive k: () (Network) (Total:1862.96 GB) (Free:864.34 GB)
Drive y: () (Network) (Total:1862.96 GB) (Free:1253.24 GB)
Drive z: () (Network) (Total:1862.96 GB) (Free:864.34 GB)
Available physical RAM: 2296.76 MB
Total physical RAM: 3327.1 MB
Percentage of memory in use: 30%
==================== MBR and Partition Table ==================
Disk: 0 (Size: 465.8 GB) (Disk ID: 496F496E)
Partition 1: (Active) - (Size=449.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=16 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{B3C35B80-514F-4B41-B660-9DED5E7A7EC3}.job => C:\WINDOWS\system32\msfeedssync.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Documents and Settings\kancelar\Plocha" je 63 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"="C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\\Program Files\\totalcmd\\TOTALCMD.EXE"="C:\\Program Files\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"="C:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"="C:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\\Program Files\\HP\\csiInstaller\\5C069542-CA13-4f1b-B90C-28C6430F4992\\Installer\\hpbcsiInstaller.exe"="C:\\Program Files\\HP\\csiInstaller\\5C069542-CA13-4f1b-B90C-28C6430F4992\\Installer\\hpbcsiInstaller.exe:*:Enabled:HP Networked Printer Installer"
"L:\\winbox.exe"="L:\\winbox.exe:*:Enabled:winbox"
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"="C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe:*:Enabled:Google Chrome"
"C:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"
"C:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"C:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"="C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe:*:Enabled:Managed Services Agent"
"C:\\WINDOWS\\SMINST\\Scheduler.exe"="C:\\WINDOWS\\SMINST\\Scheduler.exe:*:Enabled:Scheduler "
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"="C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\\Program Files\\totalcmd\\TOTALCMD.EXE"="C:\\Program Files\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
"4147:TCP"="4147:TCP:*:Disabled:VemaV4DataPort"
"4111:TCP"="4111:TCP:*:Disabled:VemaV4AdmPort"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
==================== End Of Log ==============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Zavirovaný PC po otevření přílohy e-mailu(nové útoky - včera
Moderátor: Moderátoři
Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
-
Rudy
- Site Admin
- Příspěvky: 119490
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zavirovaný PC po otevření přílohy e-mailu(nové útoky - v
Zdravím!
Pokud to bude možné, spusťte ten ADW v nouz. režimu.
Pokud to bude možné, spusťte ten ADW v nouz. režimu.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zavirovaný PC po otevření přílohy e-mailu(nové útoky - v
Tak tentokrát se podařilo. Zde je čerstvý log a ještě pod něj jsem vložil starší verzi(AdwCleaner[R2].txt ), kde bylo nalezeno něco v registrech, teď už je ale čisté(ještě znovu zkusím spustit ADWC) v normálním režimu:
# AdwCleaner v4.111 - Logfile created 25/02/2015 at 12:05:37
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Local]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Administrator - KANCELAR00
# Running from : C:\Documents and Settings\kancelar\Plocha\adwcleaner_4.111.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
*************************
AdwCleaner[R0].txt - [982 bytes] - [24/02/2015 19:49:12]
AdwCleaner[R1].txt - [1040 bytes] - [24/02/2015 20:05:45]
AdwCleaner[R2].txt - [1100 bytes] - [25/02/2015 09:21:20]
AdwCleaner[R3].txt - [913 bytes] - [25/02/2015 11:56:49]
AdwCleaner[S0].txt - [841 bytes] - [25/02/2015 12:05:37]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [899 bytes] ##########
# AdwCleaner v4.111 - Logfile created 25/02/2015 at 09:21:20
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : kancelar - KANCELAR00
# Running from : C:\Documents and Settings\kancelar\Plocha\adwcleaner_4.111.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0755538D-7885-4E77-9D86-71B92E4D3603}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
***** [ Web browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Google Chrome v40.0.2214.115
*************************
AdwCleaner[R0].txt - [982 bytes] - [24/02/2015 19:49:12]
AdwCleaner[R1].txt - [1040 bytes] - [24/02/2015 20:05:45]
AdwCleaner[R2].txt - [963 bytes] - [25/02/2015 09:21:20]
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1021 bytes] ##########
# AdwCleaner v4.111 - Logfile created 25/02/2015 at 12:05:37
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Local]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Administrator - KANCELAR00
# Running from : C:\Documents and Settings\kancelar\Plocha\adwcleaner_4.111.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
*************************
AdwCleaner[R0].txt - [982 bytes] - [24/02/2015 19:49:12]
AdwCleaner[R1].txt - [1040 bytes] - [24/02/2015 20:05:45]
AdwCleaner[R2].txt - [1100 bytes] - [25/02/2015 09:21:20]
AdwCleaner[R3].txt - [913 bytes] - [25/02/2015 11:56:49]
AdwCleaner[S0].txt - [841 bytes] - [25/02/2015 12:05:37]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [899 bytes] ##########
# AdwCleaner v4.111 - Logfile created 25/02/2015 at 09:21:20
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : kancelar - KANCELAR00
# Running from : C:\Documents and Settings\kancelar\Plocha\adwcleaner_4.111.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0755538D-7885-4E77-9D86-71B92E4D3603}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
***** [ Web browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Google Chrome v40.0.2214.115
*************************
AdwCleaner[R0].txt - [982 bytes] - [24/02/2015 19:49:12]
AdwCleaner[R1].txt - [1040 bytes] - [24/02/2015 20:05:45]
AdwCleaner[R2].txt - [963 bytes] - [25/02/2015 09:21:20]
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1021 bytes] ##########
-
Rudy
- Site Admin
- Příspěvky: 119490
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zavirovaný PC po otevření přílohy e-mailu(nové útoky - v
Nedokončeno, neklikl jste na >clean<. Postup zopakujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zavirovaný PC po otevření přílohy e-mailu(nové útoky - v
Ale ano klikl a počítač se restartoval(do normálního režimu). Log jsem našel v adresáři ADWCleaner. Ten jsem Vám zkopíroval. Je to ten horní(jsou v odpovědi dva pod sebou). Pod něho jsem vložil předchozí verzi, kde nefungoval Clean(v normálním režimu). Teď, když spustím ADW Cleaner v normálním režimu SCAN funguje, ale po stisknutí CLEAN to zase končí chybou:
Instrukce paměti na adrese 0x04489060 odkazovala na adresu v paměti 0x04489060. S pamětí nelze použít operaci: written.
Dále došlo k chybě:
MMBg Monitor.exe
Scheduler
ADWCleaner_4.111.exe
RDP_Clip monitor
Explorer.exe
V zájmu ochrany počítače Windows tento program ukončil.
V zájmu ochrany počítače Windows tento program ukončil(RDP Clip Monitor).
Zde je další log, kde se ale zase neprovedl CLEAN:
(Pokusím se znovu o SCAN a CLEAN v nouzovém režimu).
# AdwCleaner v4.111 - Logfile created 25/02/2015 at 12:16:27
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : kancelar - KANCELAR00
# Running from : C:\Documents and Settings\kancelar\Plocha\adwcleaner_4.111.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0755538D-7885-4E77-9D86-71B92E4D3603}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
***** [ Web browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Google Chrome v40.0.2214.115
*************************
AdwCleaner[R0].txt - [982 bytes] - [24/02/2015 19:49:12]
AdwCleaner[R1].txt - [1040 bytes] - [24/02/2015 20:05:45]
AdwCleaner[R2].txt - [1100 bytes] - [25/02/2015 09:21:20]
AdwCleaner[R3].txt - [913 bytes] - [25/02/2015 11:56:49]
AdwCleaner[R4].txt - [1080 bytes] - [25/02/2015 12:16:27]
AdwCleaner[S0].txt - [978 bytes] - [25/02/2015 12:05:37]
########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1197 bytes] ##########
Instrukce paměti na adrese 0x04489060 odkazovala na adresu v paměti 0x04489060. S pamětí nelze použít operaci: written.
Dále došlo k chybě:
MMBg Monitor.exe
Scheduler
ADWCleaner_4.111.exe
RDP_Clip monitor
Explorer.exe
V zájmu ochrany počítače Windows tento program ukončil.
V zájmu ochrany počítače Windows tento program ukončil(RDP Clip Monitor).
Zde je další log, kde se ale zase neprovedl CLEAN:
(Pokusím se znovu o SCAN a CLEAN v nouzovém režimu).
# AdwCleaner v4.111 - Logfile created 25/02/2015 at 12:16:27
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : kancelar - KANCELAR00
# Running from : C:\Documents and Settings\kancelar\Plocha\adwcleaner_4.111.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0755538D-7885-4E77-9D86-71B92E4D3603}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
***** [ Web browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Google Chrome v40.0.2214.115
*************************
AdwCleaner[R0].txt - [982 bytes] - [24/02/2015 19:49:12]
AdwCleaner[R1].txt - [1040 bytes] - [24/02/2015 20:05:45]
AdwCleaner[R2].txt - [1100 bytes] - [25/02/2015 09:21:20]
AdwCleaner[R3].txt - [913 bytes] - [25/02/2015 11:56:49]
AdwCleaner[R4].txt - [1080 bytes] - [25/02/2015 12:16:27]
AdwCleaner[S0].txt - [978 bytes] - [25/02/2015 12:05:37]
########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1197 bytes] ##########
-
Rudy
- Site Admin
- Příspěvky: 119490
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zavirovaný PC po otevření přílohy e-mailu(nové útoky - v
Toto:
se musí změnit na toto:Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Jinak to nebylo smazáno.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zavirovaný PC po otevření přílohy e-mailu(nové útoky - v
Jediný způsob, jak funguje CLEAN je spustit ADWC v nouzovém režimu. Log je níže. Pokud spustím v normálním, nalezne to něco v registrech, ale to zase skončí chybou při kliknutí na CLEAN. Takže jsem se pokoušel odstranit celý ten řádek pomocí editoru registru, ale on tam není!
LOG v nouzovém režimu:
# AdwCleaner v4.111 - Logfile created 25/02/2015 at 12:05:37
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Local]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Administrator - KANCELAR00
# Running from : C:\Documents and Settings\kancelar\Plocha\adwcleaner_4.111.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
*************************
AdwCleaner[R0].txt - [982 bytes] - [24/02/2015 19:49:12]
AdwCleaner[R1].txt - [1040 bytes] - [24/02/2015 20:05:45]
AdwCleaner[R2].txt - [1100 bytes] - [25/02/2015 09:21:20]
AdwCleaner[R3].txt - [913 bytes] - [25/02/2015 11:56:49]
AdwCleaner[S0].txt - [841 bytes] - [25/02/2015 12:05:37]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [899 bytes] ##########
LOG v nouzovém režimu:
# AdwCleaner v4.111 - Logfile created 25/02/2015 at 12:05:37
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Local]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Administrator - KANCELAR00
# Running from : C:\Documents and Settings\kancelar\Plocha\adwcleaner_4.111.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
*************************
AdwCleaner[R0].txt - [982 bytes] - [24/02/2015 19:49:12]
AdwCleaner[R1].txt - [1040 bytes] - [24/02/2015 20:05:45]
AdwCleaner[R2].txt - [1100 bytes] - [25/02/2015 09:21:20]
AdwCleaner[R3].txt - [913 bytes] - [25/02/2015 11:56:49]
AdwCleaner[S0].txt - [841 bytes] - [25/02/2015 12:05:37]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [899 bytes] ##########
- Přílohy
-
- registr.JPG (5.4 KiB) Zobrazeno 6747 x
Re: Zavirovaný PC po otevření přílohy e-mailu(nové útoky - v
Tak konečně se mně podařil udělat SCAN a následně CLEAN v normálním režimu.
Tady je log:
# AdwCleaner v4.111 - Logfile created 25/02/2015 at 15:17:10
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : oper - KANCELAR00
# Running from : C:\Documents and Settings\oper\Plocha\adwcleaner_4.111.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Google Chrome v40.0.2214.115
*************************
AdwCleaner[R0].txt - [982 bytes] - [24/02/2015 19:49:12]
AdwCleaner[R1].txt - [1040 bytes] - [24/02/2015 20:05:45]
AdwCleaner[R2].txt - [1100 bytes] - [25/02/2015 09:21:20]
AdwCleaner[R3].txt - [913 bytes] - [25/02/2015 11:56:49]
AdwCleaner[R4].txt - [1276 bytes] - [25/02/2015 12:16:27]
AdwCleaner[R5].txt - [1094 bytes] - [25/02/2015 13:05:22]
AdwCleaner[R6].txt - [1233 bytes] - [25/02/2015 13:29:36]
AdwCleaner[R7].txt - [1293 bytes] - [25/02/2015 15:14:04]
AdwCleaner[S0].txt - [978 bytes] - [25/02/2015 12:05:37]
AdwCleaner[S1].txt - [1161 bytes] - [25/02/2015 13:07:03]
AdwCleaner[S2].txt - [1220 bytes] - [25/02/2015 15:17:10]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1279 bytes] ##########
Tady je log:
# AdwCleaner v4.111 - Logfile created 25/02/2015 at 15:17:10
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : oper - KANCELAR00
# Running from : C:\Documents and Settings\oper\Plocha\adwcleaner_4.111.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Google Chrome v40.0.2214.115
*************************
AdwCleaner[R0].txt - [982 bytes] - [24/02/2015 19:49:12]
AdwCleaner[R1].txt - [1040 bytes] - [24/02/2015 20:05:45]
AdwCleaner[R2].txt - [1100 bytes] - [25/02/2015 09:21:20]
AdwCleaner[R3].txt - [913 bytes] - [25/02/2015 11:56:49]
AdwCleaner[R4].txt - [1276 bytes] - [25/02/2015 12:16:27]
AdwCleaner[R5].txt - [1094 bytes] - [25/02/2015 13:05:22]
AdwCleaner[R6].txt - [1233 bytes] - [25/02/2015 13:29:36]
AdwCleaner[R7].txt - [1293 bytes] - [25/02/2015 15:14:04]
AdwCleaner[S0].txt - [978 bytes] - [25/02/2015 12:05:37]
AdwCleaner[S1].txt - [1161 bytes] - [25/02/2015 13:07:03]
AdwCleaner[S2].txt - [1220 bytes] - [25/02/2015 15:17:10]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1279 bytes] ##########
-
Rudy
- Site Admin
- Příspěvky: 119490
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zavirovaný PC po otevření přílohy e-mailu(nové útoky - v
Log ADW je již OK. Dejte nový log FRST: http://forum.viry.cz/viewtopic.php?f=24&t=132509 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zavirovaný PC po otevření přílohy e-mailu(nové útoky - v
V System Volume Information pořád něco je. Avast vždy při kontrole najde Malware gen a přesune do truhly. Mám vypnout obnovení systému? Všechny body obnovy by se měly vymazat, že.
Níže posílám log FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-02-2015 01
Ran by oper (administrator) on KANCELAR00 on 26-02-2015 07:16:51
Running from C:\Documents and Settings\oper\Plocha
Loaded Profiles: oper (Available profiles: Administrator & kancelar & pergerova & oper & babcova & skolnik & holubova)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Software602 a.s.) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Vema, a. s. Okružní 871/3a, 638 00 Brno, CZ) C:\Program Files\Vema\V4S\1.21.03\NV3ServerSrv.exe
(Vema, a. s. Okružní 871/3a, 638 00 Brno, CZ) C:\Program Files\Vema\V3S\11.21.02\NV3ServerSrv.exe
(Vema, a. s. Okružní 871/3a, 638 00 Brno, CZ) C:\Program Files\Vema\NV3PxS\1.24.01\NV3ProxyServer.exe
(Vema, a. s. Okružní 871/3a, 638 00 Brno, CZ) C:\Program Files\Vema\CentrS\3.21.02\NV3ServerSrv.exe
(Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
() C:\WINDOWS\SMINST\Scheduler.exe
(CANON INC.) C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT.EXE
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [nwiz] => nwiz.exe /installquiet /keeploaded /nodetect
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [318488 2008-04-07] (PDF Complete Inc)
HKLM\...\Run: [SetRefresh] => C:\Program Files\Compaq\SetRefresh\SetRefresh.exe [525824 2003-11-21] (Hewlett-Packard Company)
HKLM\...\Run: [Recguard] => C:\WINDOWS\Sminst\Recguard.exe [1138688 2006-05-12] ()
HKLM\...\Run: [Scheduler] => C:\WINDOWS\SMINST\Scheduler.exe [872448 2006-07-10] ()
HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT.EXE [472728 2012-09-27] (CANON INC.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
HKU\S-1-5-21-898712048-2085054343-697575874-1365\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmdt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmdt
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
HKU\S-1-5-21-898712048-2085054343-697575874-1365\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmdt
HKU\S-1-5-21-898712048-2085054343-697575874-1365\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-898712048-2085054343-697575874-1365\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmdt
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-898712048-2085054343-697575874-1365 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} https://www.mojedatovaschranka.cz/stati ... ctivex.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {A37D61CF-622A-4775-955E-492A0616D75F} http://ginaplpo.kraj-lbc.cz/Gordic/Gini ... ax/ax2.cab
DPF: {BC9B791F-CE75-4DD2-81FD-58CD28FECCAF} http://ginaplpo.kraj-lbc.cz/Gordic/Gini ... curity.cab
DPF: {C12B6761-AD05-4DA8-9F44-589635C31867} http://ginaplpo.kraj-lbc.cz/Gordic/Gini ... nstall.cab
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.77.11 192.168.77.12
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.4 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @software602.cz/602XML Filler -> C:\Program Files\Software602\602XML\Filler\npfiller.dll (Software602 a.s.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-04]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-06-09]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-21]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 602XML Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-11-21] (AVAST Software)
S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [142336 2010-04-12] (HP) [File not signed]
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-01-18] (Hewlett-Packard) [File not signed]
S4 nvsvc; C:\WINDOWS\system32\nvsvc32.exe [168004 2009-05-01] (NVIDIA Corporation) [File not signed]
S2 PCA; C:\WINDOWS\SMINST\PCAngel.exe [364544 2006-06-13] (SoftThinks) [File not signed]
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [576024 2008-04-07] (PDF Complete Inc)
S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-01-18] (Hewlett-Packard) [File not signed]
R2 VemaV4ServiceManager; c:\Program Files\Vema\V4S\1.21.03\NV3ServerSrv.exe [1896448 2015-02-02] (Vema, a. s. Okružní 871/3a, 638 00 Brno, CZ) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-18] (Intel Corporation)
S4 adpu320; C:\WINDOWS\system32\DRIVERS\adpu320.sys [105472 2002-05-09] (Adaptec, Inc.) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-21] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-21] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-21] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-21] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-24] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-11-21] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-21] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-21] ()
S3 e1yexpress; C:\WINDOWS\System32\DRIVERS\e1y5132.sys [243856 2008-06-14] (Intel Corporation)
S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [161020 2008-04-14] (Intel(R) Corporation)
S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12415 2008-04-14] (Intel(R) Corporation)
S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12127 2008-04-14] (Intel(R) Corporation)
S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11775 2008-04-14] (Intel(R) Corporation)
S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [12063 2008-04-14] (Intel(R) Corporation)
S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19455 2008-04-14] (Intel(R) Corporation)
S3 iAimFP5; C:\WINDOWS\System32\DRIVERS\wADV07nt.sys [11807 2008-04-14] (Intel(R) Corporation)
S3 iAimFP6; C:\WINDOWS\System32\DRIVERS\wADV08nt.sys [11295 2008-04-14] (Intel(R) Corporation)
S3 iAimFP7; C:\WINDOWS\System32\DRIVERS\wADV09nt.sys [11871 2008-04-14] (Intel(R) Corporation)
S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29311 2008-04-14] (Intel(R) Corporation)
S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19551 2008-04-14] (Intel(R) Corporation)
S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33599 2008-04-14] (Intel(R) Corporation)
S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23615 2008-04-14] (Intel(R) Corporation)
S3 iAimTV5; C:\WINDOWS\System32\DRIVERS\wATV10nt.sys [25471 2008-04-14] (Intel(R) Corporation)
S3 iAimTV6; C:\WINDOWS\System32\DRIVERS\wATV06nt.sys [22271 2008-04-14] (Intel(R) Corporation)
R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [10368 2005-09-21] (InterVideo, Inc.) [File not signed]
S3 MfeAVFK; C:\WINDOWS\System32\drivers\MfeAVFK.sys [79240 2008-07-14] (McAfee, Inc.)
S3 MfeBOPK; C:\WINDOWS\System32\drivers\MfeBOPK.sys [35240 2008-07-14] (McAfee, Inc.)
R1 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [207688 2008-07-14] (McAfee, Inc.)
S3 MfeRKDK; C:\WINDOWS\System32\drivers\MfeRKDK.sys [34152 2008-07-14] (McAfee, Inc.)
R1 mfetdik; C:\WINDOWS\System32\drivers\mfetdik.sys [55176 2008-07-14] (McAfee, Inc.)
S3 MOSUMAC; C:\WINDOWS\System32\DRIVERS\MOSUMAC.SYS [40960 2009-08-03] (--)
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [46592 2008-04-14] (Microsoft Corporation)
S4 Symmpi; C:\WINDOWS\system32\DRIVERS\symmpi.sys [28416 2002-04-04] (LSI Logic) [File not signed]
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
S4 LMIRfsClientNP; No ImagePath
U1 WS2IFSL; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-26 07:16 - 2015-02-26 07:17 - 00014715 _____ () C:\Documents and Settings\oper\Plocha\FRST.txt
2015-02-26 07:16 - 2015-02-26 07:16 - 00000000 ____D () C:\Documents and Settings\oper\Plocha\FRST-OlderVersion
2015-02-26 07:15 - 2015-02-25 09:38 - 01107968 _____ () C:\Documents and Settings\oper\Plocha\RSIT.exe
2015-02-26 07:13 - 2015-02-26 07:16 - 01127424 _____ (Farbar) C:\Documents and Settings\oper\Plocha\FRST.exe
2015-02-25 13:51 - 2015-02-25 13:51 - 00072096 _____ () C:\Documents and Settings\oper\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2015-02-25 13:39 - 2015-02-25 13:39 - 00000000 ____D () C:\Documents and Settings\oper\Local Settings\Data aplikací\Temp
2015-02-25 13:28 - 2015-02-25 15:13 - 02126848 _____ () C:\Documents and Settings\oper\Plocha\adwcleaner_4.111.exe
2015-02-25 13:27 - 2015-02-25 13:27 - 00000000 ____D () C:\Documents and Settings\oper\Local Settings\Data aplikací\Google
2015-02-25 13:27 - 2015-02-25 13:27 - 00000000 ____D () C:\Documents and Settings\oper\Data aplikací\AVAST Software
2015-02-25 13:05 - 2015-02-24 19:48 - 02126848 _____ () C:\Documents and Settings\Administrator\Plocha\adwcleaner_4.111.exe
2015-02-25 09:44 - 2015-02-25 09:44 - 00061543 _____ () C:\Documents and Settings\kancelar\Plocha\Addition.txt
2015-02-25 09:43 - 2015-02-25 09:44 - 00035395 _____ () C:\Documents and Settings\kancelar\Plocha\FRST.txt
2015-02-25 09:42 - 2015-02-26 07:16 - 00000000 ____D () C:\FRST
2015-02-25 09:41 - 2015-02-25 09:41 - 00000000 ____D () C:\rsit
2015-02-25 09:39 - 2015-02-25 09:39 - 01126912 _____ (Farbar) C:\Documents and Settings\kancelar\Plocha\FRST.exe
2015-02-25 09:38 - 2015-02-25 09:38 - 01107968 _____ () C:\Documents and Settings\kancelar\Plocha\RSIT.exe
2015-02-24 20:14 - 2015-02-25 10:26 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-02-24 20:14 - 2015-02-24 20:14 - 00000000 ____D () C:\Documents and Settings\kancelar\Data aplikací\Malwarebytes
2015-02-24 20:12 - 2015-02-24 20:12 - 10284816 _____ (Malwarebytes Corporation ) C:\Documents and Settings\kancelar\Plocha\mbam-setup-1.75.0.1300.exe
2015-02-24 19:49 - 2015-02-25 15:17 - 00000000 ____D () C:\AdwCleaner
2015-02-24 19:48 - 2015-02-24 19:48 - 02126848 _____ () C:\Documents and Settings\kancelar\Plocha\adwcleaner_4.111.exe
2015-02-24 19:18 - 2015-02-24 20:14 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2015-02-24 10:01 - 2015-02-24 14:07 - 00000000 ____D () C:\Documents and Settings\kancelar\Data aplikací\MsDtc
2015-02-24 07:20 - 2015-02-24 07:20 - 00035328 _____ () C:\Documents and Settings\kancelar\Plocha\Přihláška na 5.3.2015.xls
2015-02-19 10:25 - 2015-02-19 10:25 - 00012523 _____ () C:\Documents and Settings\kancelar\Plocha\faktura 10.xlsx
2015-02-19 10:24 - 2015-02-19 10:24 - 00012007 _____ () C:\Documents and Settings\kancelar\Plocha\faktura 11.xlsx
2015-02-13 14:56 - 2015-02-13 14:57 - 00077353 _____ () C:\Documents and Settings\kancelar\Plocha\Kopie - Tiskopis na cestovní náhrady.xlsx
2015-02-13 08:24 - 2015-02-13 08:24 - 00061174 _____ () C:\Documents and Settings\kancelar\Plocha\ONZ_v60_publikovano_5112014.zip
2015-01-27 15:15 - 2015-01-27 15:15 - 00003703 _____ () C:\Documents and Settings\kancelar\Plocha\tmp000001.xml
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-26 07:17 - 2009-10-15 12:15 - 00000000 ____D () C:\Documents and Settings\oper\Local Settings\Temp
2015-02-26 07:16 - 2009-10-15 12:15 - 00000000 ____D () C:\Documents and Settings\oper\Plocha
2015-02-26 07:12 - 2009-10-15 12:12 - 00000112 _____ () C:\WINDOWS\system32\config\netlogon.ftl
2015-02-26 07:12 - 2009-04-06 02:13 - 01413506 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-26 07:11 - 2014-10-20 06:49 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-25 23:52 - 2012-04-03 06:08 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-25 23:11 - 2014-10-20 06:49 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-25 17:02 - 2009-10-15 20:42 - 00000000 ____D () C:\WINDOWS\security
2015-02-25 15:22 - 2011-10-05 14:21 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-02-25 15:22 - 2009-10-15 20:42 - 00000000 ____D () C:\WINDOWS\SMINST
2015-02-25 15:21 - 2014-09-24 18:14 - 00000228 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2015-02-25 15:21 - 2012-07-09 06:52 - 00000366 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-02-25 15:21 - 2009-04-06 02:08 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-25 15:18 - 2009-04-06 03:42 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-02-25 15:17 - 2009-10-15 12:15 - 00000178 ___SH () C:\Documents and Settings\oper\ntuser.ini
2015-02-25 15:17 - 2009-10-15 12:15 - 00000000 ____D () C:\Documents and Settings\oper
2015-02-25 15:17 - 2009-04-06 03:42 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-02-25 15:17 - 2009-04-06 02:13 - 00032366 _____ () C:\WINDOWS\SchedLgU.Txt
2015-02-25 15:17 - 2009-04-06 02:13 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-25 13:51 - 2009-10-15 12:15 - 00000000 ___HD () C:\Documents and Settings\oper\Local Settings\Data aplikací
2015-02-25 13:49 - 2009-10-15 12:15 - 00000000 ___RD () C:\Documents and Settings\oper\Dokumenty\Obrázky
2015-02-25 13:28 - 2009-10-15 13:44 - 00000000 ____D () C:\Documents and Settings\kancelar\Plocha
2015-02-25 13:27 - 2009-10-15 13:44 - 00000178 ___SH () C:\Documents and Settings\kancelar\ntuser.ini
2015-02-25 13:27 - 2009-10-15 12:15 - 00000966 __RSH () C:\Documents and Settings\oper\ntuser.pol
2015-02-25 13:27 - 2009-10-15 12:15 - 00000000 __RHD () C:\Documents and Settings\oper\Data aplikací
2015-02-25 13:14 - 2009-10-15 13:44 - 00000000 ____D () C:\Documents and Settings\kancelar\Local Settings\Temp
2015-02-25 13:09 - 2009-04-06 02:13 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2015-02-25 13:05 - 2009-10-15 20:41 - 00000000 ____D () C:\Documents and Settings\Administrator\Plocha
2015-02-25 13:05 - 2009-10-15 20:41 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2015-02-25 13:01 - 2009-10-23 07:58 - 00004650 _____ () C:\WINDOWS\WINCMD.INI
2015-02-25 13:01 - 2009-10-15 13:44 - 00000000 ____D () C:\Documents and Settings\kancelar
2015-02-25 12:07 - 2009-05-01 13:48 - 00229986 _____ () C:\WINDOWS\system32\NvApps.xml
2015-02-25 11:13 - 2009-10-15 13:44 - 00003892 __RSH () C:\Documents and Settings\kancelar\ntuser.pol
2015-02-25 10:26 - 2009-10-15 20:41 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-02-25 10:26 - 2009-10-15 20:41 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2015-02-25 09:50 - 2009-10-15 13:44 - 00000000 ___HD () C:\Documents and Settings\kancelar\Local Settings\Data aplikací
2015-02-25 09:41 - 2014-09-24 18:27 - 00000000 ____D () C:\Program Files\trend micro
2015-02-25 09:23 - 2012-04-06 12:10 - 00000472 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{B3C35B80-514F-4B41-B660-9DED5E7A7EC3}.job
2015-02-25 07:56 - 2014-11-18 13:29 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2015-02-24 20:14 - 2009-10-15 13:44 - 00000000 __RHD () C:\Documents and Settings\kancelar\Data aplikací
2015-02-24 19:26 - 2014-09-26 08:10 - 00000682 _____ () C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
2015-02-24 19:26 - 2014-09-26 08:10 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-24 19:26 - 2010-09-23 10:02 - 00000000 ____D () C:\Documents and Settings\kancelar\Local Settings\Data aplikací\Google
2015-02-24 19:26 - 2010-09-23 10:01 - 00000000 ____D () C:\Program Files\Google
2015-02-24 19:26 - 2010-09-23 10:01 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Google
2015-02-24 19:18 - 2009-10-15 20:41 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2015-02-24 10:55 - 2009-10-26 10:25 - 00000000 ____D () C:\Documents and Settings\kancelar\Dokumenty\Hnidkova
2015-02-20 14:46 - 2009-10-26 10:25 - 00000000 ____D () C:\Documents and Settings\kancelar\Dokumenty\DOHNALOVÁ
2015-02-20 12:12 - 2014-10-20 06:50 - 00001813 _____ () C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
2015-02-20 11:09 - 2009-10-23 08:05 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Vema
2015-02-20 11:09 - 2009-10-23 08:04 - 00000000 ____D () C:\Program Files\Vema
2015-02-20 11:07 - 2012-04-19 07:56 - 00000684 _____ () C:\Documents and Settings\All Users\Plocha\Vema - Klient.lnk
2015-02-20 11:05 - 2009-10-23 08:13 - 00000000 ____D () C:\Vemainst
2015-02-16 07:15 - 2009-10-15 20:41 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2015-02-13 14:44 - 2009-10-15 13:44 - 00000000 ___RD () C:\Documents and Settings\kancelar\Dokumenty\Obrázky
2015-02-13 11:01 - 2009-10-15 13:44 - 00000000 ___RD () C:\Documents and Settings\kancelar\Dokumenty
2015-02-13 06:51 - 2009-10-15 20:42 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-02-12 06:45 - 2014-09-24 18:06 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-12 06:40 - 2009-12-07 07:24 - 113756392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-12 06:40 - 2009-10-15 20:41 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2015-02-12 06:40 - 2009-04-06 01:54 - 00000582 _____ () C:\WINDOWS\win.ini
2015-02-10 15:20 - 2014-12-12 08:55 - 00743936 _____ () C:\Documents and Settings\kancelar\Dokumenty\Kopie - FKSP příspěvky (3).xls
2015-02-05 08:52 - 2012-04-03 06:08 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-05 08:52 - 2011-06-20 07:58 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-28 12:47 - 2009-10-26 10:28 - 00000000 ____D () C:\Documents and Settings\kancelar\Dokumenty\Jídelna
Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\kancelar\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\kancelar\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\oper\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\oper\Local Settings\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Níže posílám log FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-02-2015 01
Ran by oper (administrator) on KANCELAR00 on 26-02-2015 07:16:51
Running from C:\Documents and Settings\oper\Plocha
Loaded Profiles: oper (Available profiles: Administrator & kancelar & pergerova & oper & babcova & skolnik & holubova)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Software602 a.s.) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Vema, a. s. Okružní 871/3a, 638 00 Brno, CZ) C:\Program Files\Vema\V4S\1.21.03\NV3ServerSrv.exe
(Vema, a. s. Okružní 871/3a, 638 00 Brno, CZ) C:\Program Files\Vema\V3S\11.21.02\NV3ServerSrv.exe
(Vema, a. s. Okružní 871/3a, 638 00 Brno, CZ) C:\Program Files\Vema\NV3PxS\1.24.01\NV3ProxyServer.exe
(Vema, a. s. Okružní 871/3a, 638 00 Brno, CZ) C:\Program Files\Vema\CentrS\3.21.02\NV3ServerSrv.exe
(Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
() C:\WINDOWS\SMINST\Scheduler.exe
(CANON INC.) C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT.EXE
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [nwiz] => nwiz.exe /installquiet /keeploaded /nodetect
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [318488 2008-04-07] (PDF Complete Inc)
HKLM\...\Run: [SetRefresh] => C:\Program Files\Compaq\SetRefresh\SetRefresh.exe [525824 2003-11-21] (Hewlett-Packard Company)
HKLM\...\Run: [Recguard] => C:\WINDOWS\Sminst\Recguard.exe [1138688 2006-05-12] ()
HKLM\...\Run: [Scheduler] => C:\WINDOWS\SMINST\Scheduler.exe [872448 2006-07-10] ()
HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT.EXE [472728 2012-09-27] (CANON INC.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
HKU\S-1-5-21-898712048-2085054343-697575874-1365\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmdt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmdt
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
HKU\S-1-5-21-898712048-2085054343-697575874-1365\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmdt
HKU\S-1-5-21-898712048-2085054343-697575874-1365\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-898712048-2085054343-697575874-1365\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmdt
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-898712048-2085054343-697575874-1365 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} https://www.mojedatovaschranka.cz/stati ... ctivex.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {A37D61CF-622A-4775-955E-492A0616D75F} http://ginaplpo.kraj-lbc.cz/Gordic/Gini ... ax/ax2.cab
DPF: {BC9B791F-CE75-4DD2-81FD-58CD28FECCAF} http://ginaplpo.kraj-lbc.cz/Gordic/Gini ... curity.cab
DPF: {C12B6761-AD05-4DA8-9F44-589635C31867} http://ginaplpo.kraj-lbc.cz/Gordic/Gini ... nstall.cab
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.77.11 192.168.77.12
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.4 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @software602.cz/602XML Filler -> C:\Program Files\Software602\602XML\Filler\npfiller.dll (Software602 a.s.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-04]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-06-09]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-21]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 602XML Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-11-21] (AVAST Software)
S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [142336 2010-04-12] (HP) [File not signed]
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-01-18] (Hewlett-Packard) [File not signed]
S4 nvsvc; C:\WINDOWS\system32\nvsvc32.exe [168004 2009-05-01] (NVIDIA Corporation) [File not signed]
S2 PCA; C:\WINDOWS\SMINST\PCAngel.exe [364544 2006-06-13] (SoftThinks) [File not signed]
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [576024 2008-04-07] (PDF Complete Inc)
S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-01-18] (Hewlett-Packard) [File not signed]
R2 VemaV4ServiceManager; c:\Program Files\Vema\V4S\1.21.03\NV3ServerSrv.exe [1896448 2015-02-02] (Vema, a. s. Okružní 871/3a, 638 00 Brno, CZ) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-18] (Intel Corporation)
S4 adpu320; C:\WINDOWS\system32\DRIVERS\adpu320.sys [105472 2002-05-09] (Adaptec, Inc.) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-21] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-21] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-21] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-21] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-24] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-11-21] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-21] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-21] ()
S3 e1yexpress; C:\WINDOWS\System32\DRIVERS\e1y5132.sys [243856 2008-06-14] (Intel Corporation)
S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [161020 2008-04-14] (Intel(R) Corporation)
S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12415 2008-04-14] (Intel(R) Corporation)
S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12127 2008-04-14] (Intel(R) Corporation)
S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11775 2008-04-14] (Intel(R) Corporation)
S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [12063 2008-04-14] (Intel(R) Corporation)
S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19455 2008-04-14] (Intel(R) Corporation)
S3 iAimFP5; C:\WINDOWS\System32\DRIVERS\wADV07nt.sys [11807 2008-04-14] (Intel(R) Corporation)
S3 iAimFP6; C:\WINDOWS\System32\DRIVERS\wADV08nt.sys [11295 2008-04-14] (Intel(R) Corporation)
S3 iAimFP7; C:\WINDOWS\System32\DRIVERS\wADV09nt.sys [11871 2008-04-14] (Intel(R) Corporation)
S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29311 2008-04-14] (Intel(R) Corporation)
S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19551 2008-04-14] (Intel(R) Corporation)
S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33599 2008-04-14] (Intel(R) Corporation)
S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23615 2008-04-14] (Intel(R) Corporation)
S3 iAimTV5; C:\WINDOWS\System32\DRIVERS\wATV10nt.sys [25471 2008-04-14] (Intel(R) Corporation)
S3 iAimTV6; C:\WINDOWS\System32\DRIVERS\wATV06nt.sys [22271 2008-04-14] (Intel(R) Corporation)
R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [10368 2005-09-21] (InterVideo, Inc.) [File not signed]
S3 MfeAVFK; C:\WINDOWS\System32\drivers\MfeAVFK.sys [79240 2008-07-14] (McAfee, Inc.)
S3 MfeBOPK; C:\WINDOWS\System32\drivers\MfeBOPK.sys [35240 2008-07-14] (McAfee, Inc.)
R1 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [207688 2008-07-14] (McAfee, Inc.)
S3 MfeRKDK; C:\WINDOWS\System32\drivers\MfeRKDK.sys [34152 2008-07-14] (McAfee, Inc.)
R1 mfetdik; C:\WINDOWS\System32\drivers\mfetdik.sys [55176 2008-07-14] (McAfee, Inc.)
S3 MOSUMAC; C:\WINDOWS\System32\DRIVERS\MOSUMAC.SYS [40960 2009-08-03] (--)
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [46592 2008-04-14] (Microsoft Corporation)
S4 Symmpi; C:\WINDOWS\system32\DRIVERS\symmpi.sys [28416 2002-04-04] (LSI Logic) [File not signed]
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
S4 LMIRfsClientNP; No ImagePath
U1 WS2IFSL; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-26 07:16 - 2015-02-26 07:17 - 00014715 _____ () C:\Documents and Settings\oper\Plocha\FRST.txt
2015-02-26 07:16 - 2015-02-26 07:16 - 00000000 ____D () C:\Documents and Settings\oper\Plocha\FRST-OlderVersion
2015-02-26 07:15 - 2015-02-25 09:38 - 01107968 _____ () C:\Documents and Settings\oper\Plocha\RSIT.exe
2015-02-26 07:13 - 2015-02-26 07:16 - 01127424 _____ (Farbar) C:\Documents and Settings\oper\Plocha\FRST.exe
2015-02-25 13:51 - 2015-02-25 13:51 - 00072096 _____ () C:\Documents and Settings\oper\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2015-02-25 13:39 - 2015-02-25 13:39 - 00000000 ____D () C:\Documents and Settings\oper\Local Settings\Data aplikací\Temp
2015-02-25 13:28 - 2015-02-25 15:13 - 02126848 _____ () C:\Documents and Settings\oper\Plocha\adwcleaner_4.111.exe
2015-02-25 13:27 - 2015-02-25 13:27 - 00000000 ____D () C:\Documents and Settings\oper\Local Settings\Data aplikací\Google
2015-02-25 13:27 - 2015-02-25 13:27 - 00000000 ____D () C:\Documents and Settings\oper\Data aplikací\AVAST Software
2015-02-25 13:05 - 2015-02-24 19:48 - 02126848 _____ () C:\Documents and Settings\Administrator\Plocha\adwcleaner_4.111.exe
2015-02-25 09:44 - 2015-02-25 09:44 - 00061543 _____ () C:\Documents and Settings\kancelar\Plocha\Addition.txt
2015-02-25 09:43 - 2015-02-25 09:44 - 00035395 _____ () C:\Documents and Settings\kancelar\Plocha\FRST.txt
2015-02-25 09:42 - 2015-02-26 07:16 - 00000000 ____D () C:\FRST
2015-02-25 09:41 - 2015-02-25 09:41 - 00000000 ____D () C:\rsit
2015-02-25 09:39 - 2015-02-25 09:39 - 01126912 _____ (Farbar) C:\Documents and Settings\kancelar\Plocha\FRST.exe
2015-02-25 09:38 - 2015-02-25 09:38 - 01107968 _____ () C:\Documents and Settings\kancelar\Plocha\RSIT.exe
2015-02-24 20:14 - 2015-02-25 10:26 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-02-24 20:14 - 2015-02-24 20:14 - 00000000 ____D () C:\Documents and Settings\kancelar\Data aplikací\Malwarebytes
2015-02-24 20:12 - 2015-02-24 20:12 - 10284816 _____ (Malwarebytes Corporation ) C:\Documents and Settings\kancelar\Plocha\mbam-setup-1.75.0.1300.exe
2015-02-24 19:49 - 2015-02-25 15:17 - 00000000 ____D () C:\AdwCleaner
2015-02-24 19:48 - 2015-02-24 19:48 - 02126848 _____ () C:\Documents and Settings\kancelar\Plocha\adwcleaner_4.111.exe
2015-02-24 19:18 - 2015-02-24 20:14 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2015-02-24 10:01 - 2015-02-24 14:07 - 00000000 ____D () C:\Documents and Settings\kancelar\Data aplikací\MsDtc
2015-02-24 07:20 - 2015-02-24 07:20 - 00035328 _____ () C:\Documents and Settings\kancelar\Plocha\Přihláška na 5.3.2015.xls
2015-02-19 10:25 - 2015-02-19 10:25 - 00012523 _____ () C:\Documents and Settings\kancelar\Plocha\faktura 10.xlsx
2015-02-19 10:24 - 2015-02-19 10:24 - 00012007 _____ () C:\Documents and Settings\kancelar\Plocha\faktura 11.xlsx
2015-02-13 14:56 - 2015-02-13 14:57 - 00077353 _____ () C:\Documents and Settings\kancelar\Plocha\Kopie - Tiskopis na cestovní náhrady.xlsx
2015-02-13 08:24 - 2015-02-13 08:24 - 00061174 _____ () C:\Documents and Settings\kancelar\Plocha\ONZ_v60_publikovano_5112014.zip
2015-01-27 15:15 - 2015-01-27 15:15 - 00003703 _____ () C:\Documents and Settings\kancelar\Plocha\tmp000001.xml
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-26 07:17 - 2009-10-15 12:15 - 00000000 ____D () C:\Documents and Settings\oper\Local Settings\Temp
2015-02-26 07:16 - 2009-10-15 12:15 - 00000000 ____D () C:\Documents and Settings\oper\Plocha
2015-02-26 07:12 - 2009-10-15 12:12 - 00000112 _____ () C:\WINDOWS\system32\config\netlogon.ftl
2015-02-26 07:12 - 2009-04-06 02:13 - 01413506 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-26 07:11 - 2014-10-20 06:49 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-25 23:52 - 2012-04-03 06:08 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-25 23:11 - 2014-10-20 06:49 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-25 17:02 - 2009-10-15 20:42 - 00000000 ____D () C:\WINDOWS\security
2015-02-25 15:22 - 2011-10-05 14:21 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-02-25 15:22 - 2009-10-15 20:42 - 00000000 ____D () C:\WINDOWS\SMINST
2015-02-25 15:21 - 2014-09-24 18:14 - 00000228 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2015-02-25 15:21 - 2012-07-09 06:52 - 00000366 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-02-25 15:21 - 2009-04-06 02:08 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-25 15:18 - 2009-04-06 03:42 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-02-25 15:17 - 2009-10-15 12:15 - 00000178 ___SH () C:\Documents and Settings\oper\ntuser.ini
2015-02-25 15:17 - 2009-10-15 12:15 - 00000000 ____D () C:\Documents and Settings\oper
2015-02-25 15:17 - 2009-04-06 03:42 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-02-25 15:17 - 2009-04-06 02:13 - 00032366 _____ () C:\WINDOWS\SchedLgU.Txt
2015-02-25 15:17 - 2009-04-06 02:13 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-25 13:51 - 2009-10-15 12:15 - 00000000 ___HD () C:\Documents and Settings\oper\Local Settings\Data aplikací
2015-02-25 13:49 - 2009-10-15 12:15 - 00000000 ___RD () C:\Documents and Settings\oper\Dokumenty\Obrázky
2015-02-25 13:28 - 2009-10-15 13:44 - 00000000 ____D () C:\Documents and Settings\kancelar\Plocha
2015-02-25 13:27 - 2009-10-15 13:44 - 00000178 ___SH () C:\Documents and Settings\kancelar\ntuser.ini
2015-02-25 13:27 - 2009-10-15 12:15 - 00000966 __RSH () C:\Documents and Settings\oper\ntuser.pol
2015-02-25 13:27 - 2009-10-15 12:15 - 00000000 __RHD () C:\Documents and Settings\oper\Data aplikací
2015-02-25 13:14 - 2009-10-15 13:44 - 00000000 ____D () C:\Documents and Settings\kancelar\Local Settings\Temp
2015-02-25 13:09 - 2009-04-06 02:13 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2015-02-25 13:05 - 2009-10-15 20:41 - 00000000 ____D () C:\Documents and Settings\Administrator\Plocha
2015-02-25 13:05 - 2009-10-15 20:41 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2015-02-25 13:01 - 2009-10-23 07:58 - 00004650 _____ () C:\WINDOWS\WINCMD.INI
2015-02-25 13:01 - 2009-10-15 13:44 - 00000000 ____D () C:\Documents and Settings\kancelar
2015-02-25 12:07 - 2009-05-01 13:48 - 00229986 _____ () C:\WINDOWS\system32\NvApps.xml
2015-02-25 11:13 - 2009-10-15 13:44 - 00003892 __RSH () C:\Documents and Settings\kancelar\ntuser.pol
2015-02-25 10:26 - 2009-10-15 20:41 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-02-25 10:26 - 2009-10-15 20:41 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2015-02-25 09:50 - 2009-10-15 13:44 - 00000000 ___HD () C:\Documents and Settings\kancelar\Local Settings\Data aplikací
2015-02-25 09:41 - 2014-09-24 18:27 - 00000000 ____D () C:\Program Files\trend micro
2015-02-25 09:23 - 2012-04-06 12:10 - 00000472 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{B3C35B80-514F-4B41-B660-9DED5E7A7EC3}.job
2015-02-25 07:56 - 2014-11-18 13:29 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2015-02-24 20:14 - 2009-10-15 13:44 - 00000000 __RHD () C:\Documents and Settings\kancelar\Data aplikací
2015-02-24 19:26 - 2014-09-26 08:10 - 00000682 _____ () C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
2015-02-24 19:26 - 2014-09-26 08:10 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-24 19:26 - 2010-09-23 10:02 - 00000000 ____D () C:\Documents and Settings\kancelar\Local Settings\Data aplikací\Google
2015-02-24 19:26 - 2010-09-23 10:01 - 00000000 ____D () C:\Program Files\Google
2015-02-24 19:26 - 2010-09-23 10:01 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Google
2015-02-24 19:18 - 2009-10-15 20:41 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2015-02-24 10:55 - 2009-10-26 10:25 - 00000000 ____D () C:\Documents and Settings\kancelar\Dokumenty\Hnidkova
2015-02-20 14:46 - 2009-10-26 10:25 - 00000000 ____D () C:\Documents and Settings\kancelar\Dokumenty\DOHNALOVÁ
2015-02-20 12:12 - 2014-10-20 06:50 - 00001813 _____ () C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
2015-02-20 11:09 - 2009-10-23 08:05 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Vema
2015-02-20 11:09 - 2009-10-23 08:04 - 00000000 ____D () C:\Program Files\Vema
2015-02-20 11:07 - 2012-04-19 07:56 - 00000684 _____ () C:\Documents and Settings\All Users\Plocha\Vema - Klient.lnk
2015-02-20 11:05 - 2009-10-23 08:13 - 00000000 ____D () C:\Vemainst
2015-02-16 07:15 - 2009-10-15 20:41 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2015-02-13 14:44 - 2009-10-15 13:44 - 00000000 ___RD () C:\Documents and Settings\kancelar\Dokumenty\Obrázky
2015-02-13 11:01 - 2009-10-15 13:44 - 00000000 ___RD () C:\Documents and Settings\kancelar\Dokumenty
2015-02-13 06:51 - 2009-10-15 20:42 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-02-12 06:45 - 2014-09-24 18:06 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-12 06:40 - 2009-12-07 07:24 - 113756392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-12 06:40 - 2009-10-15 20:41 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2015-02-12 06:40 - 2009-04-06 01:54 - 00000582 _____ () C:\WINDOWS\win.ini
2015-02-10 15:20 - 2014-12-12 08:55 - 00743936 _____ () C:\Documents and Settings\kancelar\Dokumenty\Kopie - FKSP příspěvky (3).xls
2015-02-05 08:52 - 2012-04-03 06:08 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-05 08:52 - 2011-06-20 07:58 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-28 12:47 - 2009-10-26 10:28 - 00000000 ____D () C:\Documents and Settings\kancelar\Dokumenty\Jídelna
Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\kancelar\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\kancelar\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\oper\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\oper\Local Settings\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
- Přílohy
-
- Malware-gen_1.JPG (18.65 KiB) Zobrazeno 6710 x
-
Rudy
- Site Admin
- Příspěvky: 119490
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zavirovaný PC po otevření přílohy e-mailu(nové útoky - v
Otevřte poznámkový blok a zkopírujte do něj:
Hrozba byla detekována v záloze systému. Přesuňte do karantény a pak smažte.
Uložte na plochu jako fixlist.txt. Pak znovu spusťte FRST a klikněte na >Fix<. Zkopírujte sem pak log, který se na závěr vytvoří.Start
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S4 LMIRfsClientNP; No ImagePath
U1 WS2IFSL; No ImagePath
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\User_Feed_Synchronization-{B3C35B80-514F-4B41-B660-9DED5E7A7EC3}.job
C:\Documents and Settings\Administrator\Local Settings\Temp
End
Hrozba byla detekována v záloze systému. Přesuňte do karantény a pak smažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zavirovaný PC po otevření přílohy e-mailu(nové útoky - v
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-02-2015 01
Ran by oper at 2015-02-26 12:50:29 Run:2
Running from C:\Documents and Settings\oper\Plocha
Loaded Profiles: oper (Available profiles: Administrator & kancelar & pergerova & oper & babcova & skolnik & holubova)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S4 LMIRfsClientNP; No ImagePath
U1 WS2IFSL; No ImagePath
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\User_Feed_Synchronization-{B3C35B80-514F-4B41-B660-9DED5E7A7EC3}.job
C:\Documents and Settings\Administrator\Local Settings\Temp
End
*****************
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
LMIRfsClientNP => Service deleted successfully.
WS2IFSL => Service deleted successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\User_Feed_Synchronization-{B3C35B80-514F-4B41-B660-9DED5E7A7EC3}.job => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp => Moved successfully.
==== End of Fixlog 12:50:30 ====
Ran by oper at 2015-02-26 12:50:29 Run:2
Running from C:\Documents and Settings\oper\Plocha
Loaded Profiles: oper (Available profiles: Administrator & kancelar & pergerova & oper & babcova & skolnik & holubova)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S4 LMIRfsClientNP; No ImagePath
U1 WS2IFSL; No ImagePath
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\User_Feed_Synchronization-{B3C35B80-514F-4B41-B660-9DED5E7A7EC3}.job
C:\Documents and Settings\Administrator\Local Settings\Temp
End
*****************
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
LMIRfsClientNP => Service deleted successfully.
WS2IFSL => Service deleted successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\User_Feed_Synchronization-{B3C35B80-514F-4B41-B660-9DED5E7A7EC3}.job => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp => Moved successfully.
==== End of Fixlog 12:50:30 ====
-
Rudy
- Site Admin
- Příspěvky: 119490
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zavirovaný PC po otevření přílohy e-mailu(nové útoky - v
Vše smazáno, PC by již měl být čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zavirovaný PC po otevření přílohy e-mailu(nové útoky - v
Neměl bych ještě odstranit tohle? McAfee tu nainstalovaný není.
S3 MfeAVFK; C:\WINDOWS\System32\drivers\MfeAVFK.sys [79240 2008-07-14] (McAfee, Inc.)
S3 MfeBOPK; C:\WINDOWS\System32\drivers\MfeBOPK.sys [35240 2008-07-14] (McAfee, Inc.)
R1 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [207688 2008-07-14] (McAfee, Inc.)
S3 MfeRKDK; C:\WINDOWS\System32\drivers\MfeRKDK.sys [34152 2008-07-14] (McAfee, Inc.)
R1 mfetdik; C:\WINDOWS\System32\drivers\mfetdik.sys [55176 2008-07-14] (McAfee, Inc.)
Ještě jsem pro jistotu spustil kompletní test Avast.
S3 MfeAVFK; C:\WINDOWS\System32\drivers\MfeAVFK.sys [79240 2008-07-14] (McAfee, Inc.)
S3 MfeBOPK; C:\WINDOWS\System32\drivers\MfeBOPK.sys [35240 2008-07-14] (McAfee, Inc.)
R1 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [207688 2008-07-14] (McAfee, Inc.)
S3 MfeRKDK; C:\WINDOWS\System32\drivers\MfeRKDK.sys [34152 2008-07-14] (McAfee, Inc.)
R1 mfetdik; C:\WINDOWS\System32\drivers\mfetdik.sys [55176 2008-07-14] (McAfee, Inc.)
Ještě jsem pro jistotu spustil kompletní test Avast.
-
Rudy
- Site Admin
- Příspěvky: 119490
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zavirovaný PC po otevření přílohy e-mailu(nové útoky - v
Měl jsem za to, že ano. Pak je tam samozřejmě dokopírujte a smažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?