Dobrý den, moc prosím o kontrolu logu, kompík je dost pomalý, jinak snad bez problémů. Předem moc dík.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-06-2014 01
Ran by Kaja (administrator) on PC754113399205 on 21-06-2014 16:17:08
Running from C:\Documents and Settings\Kaja\Plocha
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Broadcom Corporation) C:\WINDOWS\system32\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\WINDOWS\vsnpstd.exe
(Broadcom Corporation) C:\WINDOWS\system32\WLTRAY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [729178 2005-06-20] (Synaptics, Inc.)
HKLM\...\Run: [snpstd] => C:\WINDOWS\vsnpstd.exe [286720 2004-06-10] ()
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [1236992 2000-01-01] (Broadcom Corporation)
HKLM\...\Run: [NSU_agent] => C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe [190768 2012-02-28] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-08] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\.DEFAULT\...\Run: [Google Update] => C:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [116648 2014-02-09] (Google Inc.)
HKU\.DEFAULT\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-18] (Microsoft Corporation)
HKU\S-1-5-21-2814338486-3903940005-3468928848-1006\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2007-01-05] (Microsoft Corporation)
HKU\S-1-5-21-2814338486-3903940005-3468928848-1006\...\Run: [KSS] => C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTer ... DF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Prev Search Page = http://google.icq.com
HKCU\Software\Microsoft\Internet Explorer\Main,Prev Search Bar = http://google.icq.com/search/search_frame.php
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.ph ... &ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=61005
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
SearchScopes: HKLM - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTer ... DF&PC=AV01
SearchScopes: HKLM - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTer ... DF&PC=AV01
SearchScopes: HKCU - DefaultScope {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/sli ... 0winampie7
SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatche ... tbid=61005
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL =
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKCU - {8E0E5B77-AC38-4A46-865E-ECD75D66274E} URL = http://search.seznam.cz/?q={searchTerms ... chmodule_2
SearchScopes: HKCU - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/sli ... 0winampie7
BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_04\bin\ssv.dll No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.5.0_04\bin\jp2ssv.dll No File
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
Toolbar: HKCU - No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
Toolbar: HKCU - No Name - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 0831195375
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 0207872437
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\cuo9hlh3.default-1388326035328
FF DefaultSearchEngine: Seznam
FF SearchEngineOrder.1: Microsoft (Bing)
FF SelectedSearchEngine: Seznam
FF Homepage: hxxp://www.google.cz/firefox?client=firefox-a& ... s:official
FF Keyword.URL: hxxp://www.bing.com/search
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Documents and Settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\cuo9hlh3.default-1388326035328\searchplugins\bing-avast.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-19]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-19]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-28]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-03]
Chrome:
=======
CHR HomePage: hxxp://www.msn.com/?pc=AV01
CHR StartupUrls: "https://www.google.cz/"
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Kaja\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-03]
CHR Extension: (Disk Google) - C:\Documents and Settings\Kaja\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-03]
CHR Extension: (YouTube) - C:\Documents and Settings\Kaja\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-03]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\Kaja\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-03]
CHR Extension: (avast! Online Security) - C:\Documents and Settings\Kaja\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-03]
CHR Extension: (Peněženka Google) - C:\Documents and Settings\Kaja\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-03]
CHR Extension: (Gmail) - C:\Documents and Settings\Kaja\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-03]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-28]
========================== Services (Whitelisted) =================
S4 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [132424 2008-11-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-28] (AVAST Software)
S3 hpqwmi; C:\Program Files\HPQ\Shared\hpqwmi.exe [94208 2005-10-06] (Hewlett-Packard Development Company, L.P.) [File not signed]
R2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [98304 2005-11-28] (Hewlett-Packard Development Company, L.P.) [File not signed]
R2 KSS; C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3273088 2013-09-16] (Skype Technologies S.A.)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1093632 2000-01-01] (Broadcom Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [42496 2005-03-09] (Advanced Micro Devices)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-04-28] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-04-28] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-05-19] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-04-28] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [777488 2014-05-19] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [411680 2014-05-19] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-04-28] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180632 2014-04-28] ()
R3 ATSWPDRV; C:\WINDOWS\System32\Drivers\ATSwpDrv.sys [117010 2005-07-12] (AuthenTec, Inc.)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [424320 2000-01-01] (Broadcom Corporation)
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [556200 2000-01-01] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37160 2000-01-01] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [932136 2000-01-01] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [118440 2000-01-01] (Broadcom Corporation.)
R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [51752 2000-01-01] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 cdrbsdrv; C:\WINDOWS\system32\Drivers\cdrbsdrv.sys [13567 2004-03-08] (B.H.A Corporation) [File not signed]
R1 eabfiltr; C:\WINDOWS\system32\drivers\EABFiltr.sys [7936 2005-05-05] (Hewlett-Packard Development Company, L.P.)
S3 eabusb; C:\WINDOWS\system32\drivers\eabusb.sys [5760 2005-05-05] (Hewlett-Packard Development Company, L.P.)
S3 GTIPCI21; C:\WINDOWS\System32\DRIVERS\gtipci21.sys [87936 2005-05-31] (Texas Instruments)
R3 HSFHWATI; C:\WINDOWS\System32\DRIVERS\HSFHWATI.sys [200576 2005-04-18] (Conexant Systems, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2010-05-04] (VSO Software) [File not signed]
S3 SMCIRDA; C:\WINDOWS\System32\DRIVERS\smcirda.sys [35913 2001-10-24] (SMC)
S3 snpstd; C:\WINDOWS\System32\DRIVERS\snpstd.sys [390784 2005-04-26] () [File not signed]
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH)
S3 USB_RNDIS; C:\WINDOWS\System32\DRIVERS\usb8023.sys [12928 2013-02-12] (Microsoft Corporation)
S2 BTSLBCSP; \??\C:\WINDOWS\system32\drivers\btslbcsp.sys [X]
S3 catchme; \??\C:\DOCUME~1\Kaja\LOCALS~1\Temp\catchme.sys [X]
S1 ClntMgmt.sys; \SystemRoot\System32\Drivers\ClntMgmt.sys [X]
S0 gldwuhl; No ImagePath
S4 InCDFs; system32\drivers\InCDFs.sys [X]
S1 InCDPass; system32\drivers\InCDPass.sys [X]
S1 InCDRm; system32\drivers\InCDRm.sys [X]
S3 Rasirda; system32\DRIVERS\rasirda.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-21 16:17 - 2014-06-21 16:18 - 00018227 _____ () C:\Documents and Settings\Kaja\Plocha\FRST.txt
2014-06-21 16:16 - 2014-06-21 16:17 - 00000000 ____D () C:\FRST
2014-06-21 16:15 - 2014-06-21 16:15 - 01070592 _____ (Farbar) C:\Documents and Settings\Kaja\Plocha\FRST.exe
2014-06-21 16:13 - 2014-06-21 16:13 - 00000777 _____ () C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
2014-06-21 16:13 - 2014-06-21 16:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-21 16:13 - 2014-06-21 16:13 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes Anti-Malware
2014-06-21 16:13 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-21 16:13 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-06-21 15:27 - 2014-06-21 15:27 - 00000814 _____ () C:\Documents and Settings\Kaja\Plocha\Kaspersky Security Scan.lnk
2014-06-21 15:27 - 2014-06-21 15:27 - 00000000 ____D () C:\Documents and Settings\Kaja\Nabídka Start\Programy\Kaspersky Security Scan
2014-06-21 15:26 - 2014-06-21 15:26 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2014-06-21 15:26 - 2014-06-21 15:26 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
2014-06-19 23:00 - 2014-06-19 23:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-02 19:30 - 2014-06-02 19:30 - 00000000 ____D () C:\Documents and Settings\Kaja\Dokumenty\Klíč
2014-06-02 19:27 - 2014-06-02 21:16 - 00000000 ____D () C:\Documents and Settings\Kaja\Dokumenty\Jedlová,okolí
2014-06-02 19:26 - 2014-06-02 20:29 - 00000000 ____D () C:\Documents and Settings\Kaja\Dokumenty\2007.07.12.Jabkenice,okolí
2014-05-27 16:07 - 2014-05-27 16:07 - 00000000 ____D () C:\Documents and Settings\Kaja\Dokumenty\Stažené soubory
==================== One Month Modified Files and Folders =======
2014-06-21 16:18 - 2014-06-21 16:17 - 00018227 _____ () C:\Documents and Settings\Kaja\Plocha\FRST.txt
2014-06-21 16:18 - 2009-09-18 15:58 - 00000000 ____D () C:\Documents and Settings\Kaja\Local Settings\temp
2014-06-21 16:17 - 2014-06-21 16:16 - 00000000 ____D () C:\FRST
2014-06-21 16:17 - 2006-03-31 15:45 - 00000000 ____D () C:\Documents and Settings\Kaja\Plocha
2014-06-21 16:15 - 2014-06-21 16:15 - 01070592 _____ (Farbar) C:\Documents and Settings\Kaja\Plocha\FRST.exe
2014-06-21 16:13 - 2014-06-21 16:13 - 00000777 _____ () C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
2014-06-21 16:13 - 2014-06-21 16:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-21 16:13 - 2014-06-21 16:13 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes Anti-Malware
2014-06-21 16:13 - 2009-12-26 11:55 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-06-21 16:13 - 2006-03-31 23:36 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-06-21 16:13 - 2006-03-31 23:36 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-06-21 16:12 - 2004-09-08 12:27 - 01304141 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-21 16:06 - 2014-04-03 20:20 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-06-21 16:06 - 2004-09-08 14:05 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-06-21 16:06 - 2004-09-08 14:05 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-06-21 16:06 - 2004-09-08 12:26 - 00012598 _____ () C:\WINDOWS\system32\wpa.dbl
2014-06-21 16:05 - 2013-05-29 17:03 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-21 16:05 - 2006-05-19 20:20 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-06-21 16:05 - 2004-09-08 12:27 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-21 16:04 - 2008-05-12 12:59 - 00032588 _____ () C:\WINDOWS\SchedLgU.Txt
2014-06-21 16:03 - 2006-04-04 20:41 - 00000012 _____ () C:\WINDOWS\bthservsdp.dat
2014-06-21 16:03 - 2006-03-31 15:45 - 00000178 ___SH () C:\Documents and Settings\Kaja\ntuser.ini
2014-06-21 16:03 - 2006-03-31 15:45 - 00000000 ____D () C:\Documents and Settings\Kaja
2014-06-21 15:59 - 2006-05-19 20:20 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2014-06-21 15:56 - 2006-03-31 15:50 - 00000000 ____D () C:\Program Files\Google
2014-06-21 15:46 - 2013-04-28 20:43 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-21 15:42 - 2013-05-29 17:03 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-21 15:35 - 2014-02-09 09:30 - 00001046 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2014-06-21 15:27 - 2014-06-21 15:27 - 00000814 _____ () C:\Documents and Settings\Kaja\Plocha\Kaspersky Security Scan.lnk
2014-06-21 15:27 - 2014-06-21 15:27 - 00000000 ____D () C:\Documents and Settings\Kaja\Nabídka Start\Programy\Kaspersky Security Scan
2014-06-21 15:27 - 2006-03-31 15:45 - 00000000 ___RD () C:\Documents and Settings\Kaja\Nabídka Start\Programy
2014-06-21 15:26 - 2014-06-21 15:26 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2014-06-21 15:26 - 2014-06-21 15:26 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
2014-06-21 15:26 - 2006-03-31 23:36 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-06-21 15:21 - 2006-03-31 15:45 - 00000000 ___RD () C:\Documents and Settings\Kaja\Dokumenty
2014-06-21 13:42 - 2006-03-31 15:45 - 00000000 ___HD () C:\Documents and Settings\Kaja\Local Settings\Data aplikací
2014-06-21 13:34 - 2011-03-13 18:39 - 00000000 ____D () C:\Stažené soubory
2014-06-21 10:23 - 2014-01-13 22:07 - 00000000 ____D () C:\Program Files\rajce
2014-06-21 09:20 - 2009-07-21 10:33 - 00000000 ____D () C:\Documents and Settings\Kaja\Data aplikací\vlc
2014-06-21 08:49 - 2013-01-06 23:50 - 00007706 _____ () C:\WINDOWS\setupact.log
2014-06-21 08:35 - 2014-02-09 09:30 - 00000994 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2014-06-20 15:50 - 2012-05-02 20:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-19 23:00 - 2014-06-19 23:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-14 16:52 - 2013-11-22 17:57 - 00150351 _____ () C:\WINDOWS\setupapi.log
2014-06-13 18:06 - 2004-09-08 12:12 - 00000482 _____ () C:\WINDOWS\win.ini
2014-06-13 16:51 - 2013-07-18 18:37 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-06-13 16:44 - 2006-05-08 15:28 - 92708840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-06-11 22:08 - 2009-01-25 12:41 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-06-08 15:00 - 2014-03-18 22:48 - 00000214 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-06-02 21:16 - 2014-06-02 19:27 - 00000000 ____D () C:\Documents and Settings\Kaja\Dokumenty\Jedlová,okolí
2014-06-02 20:29 - 2014-06-02 19:26 - 00000000 ____D () C:\Documents and Settings\Kaja\Dokumenty\2007.07.12.Jabkenice,okolí
2014-06-02 19:30 - 2014-06-02 19:30 - 00000000 ____D () C:\Documents and Settings\Kaja\Dokumenty\Klíč
2014-05-29 20:05 - 2006-12-21 20:11 - 00000000 ____D () C:\Documents and Settings\Kaja\Data aplikací\Skype
2014-05-27 16:07 - 2014-05-27 16:07 - 00000000 ____D () C:\Documents and Settings\Kaja\Dokumenty\Stažené soubory
2014-05-27 15:27 - 2011-03-22 22:52 - 00000712 _____ () C:\Documents and Settings\All Users\Nabídka Start\Programy\Mozilla Firefox.lnk
Some content of TEMP:
====================
C:\Documents and Settings\Kaja\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9rwfpe.dll
C:\Documents and Settings\Kaja\Local Settings\temp\Nokia_PC_Suite_cze.exe
C:\Documents and Settings\Kaja\Local Settings\temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Preventivní kontrola
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Preventivní kontrola
Zdravím, smaž nepotřebné soubory
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
čištění registru je třeba několikrát zopakovat !
Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém
Stáhni a ulož na plochu AdwCleaner,
ukonči všechny programy včetně prohlížeče a dvojklikem spusť,
objeví se okno kde vlevo nahoře klikni na Scan.
Po té proběhne sken a po jeho skončení klikni na Report a to co na Tebe vypadne mi sem zkopíruj.
Pak použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
čištění registru je třeba několikrát zopakovat !
Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém
Stáhni a ulož na plochu AdwCleaner,
ukonči všechny programy včetně prohlížeče a dvojklikem spusť,
objeví se okno kde vlevo nahoře klikni na Scan.
Po té proběhne sken a po jeho skončení klikni na Report a to co na Tebe vypadne mi sem zkopíruj.
Pak použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !
Re: Preventivní kontrola
# AdwCleaner v3.212 - Report created 22/06/2014 at 12:10:25
# Updated 05/06/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Kaja - PC754113399205
# Running from : C:\Documents and Settings\Kaja\Dokumenty\Downloads\adwcleaner_3.212.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\Program Files\Mozilla Firefox\Components\AskHPRFF.js
Folder Found : C:\Documents and Settings\All Users\Data aplikací\ICQ\ICQToolbar
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\ICQToolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\Software\ICQ\ICQToolbar
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Prev Search Page] - hxxp://google.icq.com
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Prev Search Bar] - hxxp://google.icq.com/search/search_frame.php
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search] - hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [SearchAssistant] - hxxp://www.crawler.com/search/ie.aspx?tb_id=61005
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [CustomizeSearch] - hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=61005
-\\ Mozilla Firefox v30.0 (cs)
[ File : C:\Documents and Settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\cuo9hlh3.default-1388326035328\prefs.js ]
-\\ Google Chrome v35.0.1916.153
[ File : C:\Documents and Settings\Kaja\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [3941 octets] - [22/06/2014 12:10:25]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4001 octets] ##########
# Updated 05/06/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Kaja - PC754113399205
# Running from : C:\Documents and Settings\Kaja\Dokumenty\Downloads\adwcleaner_3.212.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\Program Files\Mozilla Firefox\Components\AskHPRFF.js
Folder Found : C:\Documents and Settings\All Users\Data aplikací\ICQ\ICQToolbar
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\ICQToolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\Software\ICQ\ICQToolbar
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Prev Search Page] - hxxp://google.icq.com
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Prev Search Bar] - hxxp://google.icq.com/search/search_frame.php
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search] - hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [SearchAssistant] - hxxp://www.crawler.com/search/ie.aspx?tb_id=61005
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [CustomizeSearch] - hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=61005
-\\ Mozilla Firefox v30.0 (cs)
[ File : C:\Documents and Settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\cuo9hlh3.default-1388326035328\prefs.js ]
-\\ Google Chrome v35.0.1916.153
[ File : C:\Documents and Settings\Kaja\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [3941 octets] - [22/06/2014 12:10:25]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4001 octets] ##########
Re: Preventivní kontrola
Znovu spusť AdwCleaner ale tentokrát klikni na Clean,
proběhne restart PC kdy dojde ke smazání nepořádku.
Po té mi sem zase zkopíruj Report.
Pak ještě ten Mbam
proběhne restart PC kdy dojde ke smazání nepořádku.
Po té mi sem zase zkopíruj Report.
Pak ještě ten Mbam
Re: Preventivní kontrola
Posílám ten Mban...
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Verze: v2014.06.22.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Kaja :: PC754113399205 [administrátor]
23.6.2014 17:28:54
MBAM-log-2014-06-23 (18-11-47).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 331742
Uplynulý čas: 40 minut, 5 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 1
C:\Documents and Settings\All Users\20100210 (Trojan.Agent) -> Nebyla provedena žádná instrukce.
Nalezené soubory: 1
C:\Documents and Settings\All Users\20100210\10022010039.jpg (Trojan.Agent) -> Nebyla provedena žádná instrukce.
(konec)
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Verze: v2014.06.22.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Kaja :: PC754113399205 [administrátor]
23.6.2014 17:28:54
MBAM-log-2014-06-23 (18-11-47).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 331742
Uplynulý čas: 40 minut, 5 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 1
C:\Documents and Settings\All Users\20100210 (Trojan.Agent) -> Nebyla provedena žádná instrukce.
Nalezené soubory: 1
C:\Documents and Settings\All Users\20100210\10022010039.jpg (Trojan.Agent) -> Nebyla provedena žádná instrukce.
(konec)
Re: Preventivní kontrola
# AdwCleaner v3.213 - Report created 23/06/2014 at 19:19:21
# Updated 23/06/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Kaja - PC754113399205
# Running from : C:\Documents and Settings\Kaja\Dokumenty\Downloads\adwcleaner_3.213.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\ICQ\ICQToolbar
File Deleted : C:\Program Files\Mozilla Firefox\Components\AskHPRFF.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Key Deleted : HKCU\Software\ICQToolbar
Key Deleted : HKLM\Software\ICQ\ICQToolbar
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Prev Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Prev Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [SearchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [CustomizeSearch]
-\\ Mozilla Firefox v30.0 (cs)
[ File : C:\Documents and Settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\cuo9hlh3.default-1388326035328\prefs.js ]
-\\ Google Chrome v35.0.1916.153
[ File : C:\Documents and Settings\Kaja\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [4081 octets] - [22/06/2014 12:10:25]
AdwCleaner[R1].txt - [4141 octets] - [23/06/2014 19:17:08]
AdwCleaner[S0].txt - [3872 octets] - [23/06/2014 19:19:21]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3932 octets] ##########
# Updated 23/06/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Kaja - PC754113399205
# Running from : C:\Documents and Settings\Kaja\Dokumenty\Downloads\adwcleaner_3.213.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\ICQ\ICQToolbar
File Deleted : C:\Program Files\Mozilla Firefox\Components\AskHPRFF.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Key Deleted : HKCU\Software\ICQToolbar
Key Deleted : HKLM\Software\ICQ\ICQToolbar
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Prev Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Prev Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [SearchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [CustomizeSearch]
-\\ Mozilla Firefox v30.0 (cs)
[ File : C:\Documents and Settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\cuo9hlh3.default-1388326035328\prefs.js ]
-\\ Google Chrome v35.0.1916.153
[ File : C:\Documents and Settings\Kaja\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [4081 octets] - [22/06/2014 12:10:25]
AdwCleaner[R1].txt - [4141 octets] - [23/06/2014 19:17:08]
AdwCleaner[S0].txt - [3872 octets] - [23/06/2014 19:19:21]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3932 octets] ##########
Re: Preventivní kontrola
Můžeš se do té složky podívat zda je to opravdu jen obrázek než to Mbam smázne ?pokerkan píše:Nalezené složky: 1
C:\Documents and Settings\All Users\20100210 (Trojan.Agent) -> Nebyla provedena žádná instrukce.
Nalezené soubory: 1
C:\Documents and Settings\All Users\20100210\10022010039.jpg (Trojan.Agent) -> Nebyla provedena žádná instrukce.
Ještě se totiž nestalo aby označil jpg za vir
Re: Preventivní kontrola
Obrázek jsem již smázl......
Re: Preventivní kontrola
To bych nechal na tobě jo jinak ten druhý trojan je složka která je prázdná...divné
Re: Preventivní kontrola
Protože si ten obrázek nebo co to bylo již smazal.pokerkan píše:........... jo jinak ten druhý trojan je složka která je prázdná...divné
Tak jdem na topokerkan píše:To bych nechal na tobě ..........
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
V případě nejasností je ZDE obrázkový návod.
Re: Preventivní kontrola
ComboFix 14-06-24.01 - Kaja 26.06.2014 17:26:33.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1151.423 [GMT 2:00]
Spuštěný z: c:\documents and settings\Kaja\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AVAST Software\Avast\setup\5e0f0c44-5eaf-40ef-93f5-4f2235772344.exe
c:\program files\Internet Explorer\SET89.tmp
c:\program files\Internet Explorer\SET8A.tmp
c:\program files\Internet Explorer\SET8C.tmp
c:\program files\Java\jre7\bin\jp2ssv.dll
c:\windows\system32\SET1126.tmp
c:\windows\system32\SET270.tmp
c:\windows\system32\SET275.tmp
c:\windows\system32\SET2DD.tmp
c:\windows\system32\SET38.tmp
c:\windows\system32\SET3C.tmp
c:\windows\system32\SET43.tmp
c:\windows\system32\SET96.tmp
c:\windows\system32\SET97.tmp
c:\windows\system32\SET99.tmp
c:\windows\system32\SET9A.tmp
c:\windows\system32\SET9B.tmp
c:\windows\system32\SET9C.tmp
c:\windows\system32\SET9D.tmp
c:\windows\system32\SET9F.tmp
c:\windows\system32\SETA1.tmp
c:\windows\system32\SETA2.tmp
c:\windows\system32\SETA3.tmp
c:\windows\system32\SETA6.tmp
c:\windows\system32\SETA7.tmp
c:\windows\system32\SETAA.tmp
c:\windows\system32\SETAB.tmp
c:\windows\system32\SETAD.tmp
c:\windows\system32\SETB0.tmp
c:\windows\system32\SETB1.tmp
c:\windows\system32\SETB2.tmp
c:\windows\system32\SETB3.tmp
c:\windows\system32\SETB4.tmp
c:\windows\system32\SETB5.tmp
c:\windows\system32\SETB9.tmp
c:\windows\system32\SETBA.tmp
c:\windows\system32\SETBB.tmp
c:\windows\system32\SETBC.tmp
c:\windows\system32\SETBD.tmp
c:\windows\system32\SETBE.tmp
c:\windows\system32\SETBF.tmp
c:\windows\system32\SETC0.tmp
c:\windows\system32\SETC1.tmp
c:\windows\system32\SETC2.tmp
c:\windows\system32\SETC3.tmp
c:\windows\system32\SETC5.tmp
c:\windows\system32\SETC6.tmp
c:\windows\system32\SETC7.tmp
c:\windows\system32\SETC8.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-05-26 do 2014-06-26 )))))))))))))))))))))))))))))))
.
.
2014-06-22 11:40 . 2014-06-22 11:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-06-22 11:40 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-22 10:11 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-06-22 10:09 . 2014-06-23 17:19 -------- d-----w- C:\AdwCleaner
2014-06-22 09:30 . 2014-06-22 09:30 -------- d-----w- c:\program files\CCleaner
2014-06-21 14:41 . 2014-06-21 14:40 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-06-21 14:16 . 2014-06-21 14:26 -------- d-----w- C:\FRST
2014-06-21 13:26 . 2014-06-21 13:26 -------- d-----w- c:\program files\Kaspersky Lab
2014-06-21 13:26 . 2014-06-21 13:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Kaspersky Lab
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-21 14:40 . 2013-08-13 14:29 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-05-19 12:30 . 2014-04-03 18:16 777488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-19 12:30 . 2014-04-03 18:16 411680 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-05-19 12:30 . 2014-04-03 18:16 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2014-05-14 14:47 . 2012-07-08 11:42 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-14 14:47 . 2012-07-08 11:42 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-28 19:18 . 2014-04-03 18:17 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-04-28 19:18 . 2014-04-03 18:16 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-28 19:18 . 2014-04-03 18:16 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1400502652718
2014-04-28 19:18 . 2014-04-28 19:18 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-04-28 19:18 . 2014-04-03 18:16 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-28 19:18 . 2014-04-03 18:16 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-28 19:18 . 2014-04-03 18:16 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys.1400502652718
2014-04-28 19:18 . 2014-04-28 19:18 43152 ----a-w- c:\windows\avastSS.scr
2014-04-28 19:18 . 2014-04-03 18:16 271264 ----a-w- c:\windows\system32\aswBoot.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-28 19:18 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 204288]
"KSS"="c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-12-07 202328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 729178]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2000-01-01 1236992]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2012-02-28 190768]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-25 3890208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-18 44544]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BTTray.lnk]
backup=c:\windows\pss\BTTray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^DVD Check.lnk]
backup=c:\windows\pss\DVD Check.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2007-01-05 18:57 204288 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"TUWinStylerThemeSvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"sp_rssrv"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [3.4.2014 20:16 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [3.4.2014 20:16 180632]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [3.4.2014 20:16 777488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [3.4.2014 20:16 411680]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [28.4.2014 21:18 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [3.4.2014 20:16 67824]
R2 KSS;Kaspersky Security Scan Service;c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [7.12.2012 15:16 202328]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [16.9.2013 12:29 3273088]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [18.4.2005 3:00 200576]
S0 gldwuhl;gldwuhl; [x]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [23.10.2013 9:15 172192]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [27.12.2005 1:31 87936]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [6.1.2013 23:34 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [6.1.2013 23:34 8576]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [23.12.2008 20:24 47360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-14 13:36 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-08 14:47]
.
2014-06-26 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-28 19:18]
.
2014-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-29 15:02]
.
2014-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-29 15:02]
.
2014-06-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-18 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\cuo9hlh3.default-1388326035328\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/firefox?client=firefox-a& ... s:official
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-SlimDrivers - c:\program files\SlimDrivers\SlimDrivers.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-26 17:50
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(3512)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2014-06-26 18:03:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-06-26 16:03
.
Před spuštěním: 5 467 414 528
Po spuštění: 6 284 017 664
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 0A2099CD4872BC2DC66053CA19FB075C
671B81004FDD1588FA9ED1331C9CECA9
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1151.423 [GMT 2:00]
Spuštěný z: c:\documents and settings\Kaja\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AVAST Software\Avast\setup\5e0f0c44-5eaf-40ef-93f5-4f2235772344.exe
c:\program files\Internet Explorer\SET89.tmp
c:\program files\Internet Explorer\SET8A.tmp
c:\program files\Internet Explorer\SET8C.tmp
c:\program files\Java\jre7\bin\jp2ssv.dll
c:\windows\system32\SET1126.tmp
c:\windows\system32\SET270.tmp
c:\windows\system32\SET275.tmp
c:\windows\system32\SET2DD.tmp
c:\windows\system32\SET38.tmp
c:\windows\system32\SET3C.tmp
c:\windows\system32\SET43.tmp
c:\windows\system32\SET96.tmp
c:\windows\system32\SET97.tmp
c:\windows\system32\SET99.tmp
c:\windows\system32\SET9A.tmp
c:\windows\system32\SET9B.tmp
c:\windows\system32\SET9C.tmp
c:\windows\system32\SET9D.tmp
c:\windows\system32\SET9F.tmp
c:\windows\system32\SETA1.tmp
c:\windows\system32\SETA2.tmp
c:\windows\system32\SETA3.tmp
c:\windows\system32\SETA6.tmp
c:\windows\system32\SETA7.tmp
c:\windows\system32\SETAA.tmp
c:\windows\system32\SETAB.tmp
c:\windows\system32\SETAD.tmp
c:\windows\system32\SETB0.tmp
c:\windows\system32\SETB1.tmp
c:\windows\system32\SETB2.tmp
c:\windows\system32\SETB3.tmp
c:\windows\system32\SETB4.tmp
c:\windows\system32\SETB5.tmp
c:\windows\system32\SETB9.tmp
c:\windows\system32\SETBA.tmp
c:\windows\system32\SETBB.tmp
c:\windows\system32\SETBC.tmp
c:\windows\system32\SETBD.tmp
c:\windows\system32\SETBE.tmp
c:\windows\system32\SETBF.tmp
c:\windows\system32\SETC0.tmp
c:\windows\system32\SETC1.tmp
c:\windows\system32\SETC2.tmp
c:\windows\system32\SETC3.tmp
c:\windows\system32\SETC5.tmp
c:\windows\system32\SETC6.tmp
c:\windows\system32\SETC7.tmp
c:\windows\system32\SETC8.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-05-26 do 2014-06-26 )))))))))))))))))))))))))))))))
.
.
2014-06-22 11:40 . 2014-06-22 11:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-06-22 11:40 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-22 10:11 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-06-22 10:09 . 2014-06-23 17:19 -------- d-----w- C:\AdwCleaner
2014-06-22 09:30 . 2014-06-22 09:30 -------- d-----w- c:\program files\CCleaner
2014-06-21 14:41 . 2014-06-21 14:40 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-06-21 14:16 . 2014-06-21 14:26 -------- d-----w- C:\FRST
2014-06-21 13:26 . 2014-06-21 13:26 -------- d-----w- c:\program files\Kaspersky Lab
2014-06-21 13:26 . 2014-06-21 13:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Kaspersky Lab
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-21 14:40 . 2013-08-13 14:29 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-05-19 12:30 . 2014-04-03 18:16 777488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-19 12:30 . 2014-04-03 18:16 411680 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-05-19 12:30 . 2014-04-03 18:16 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2014-05-14 14:47 . 2012-07-08 11:42 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-14 14:47 . 2012-07-08 11:42 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-28 19:18 . 2014-04-03 18:17 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-04-28 19:18 . 2014-04-03 18:16 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-28 19:18 . 2014-04-03 18:16 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1400502652718
2014-04-28 19:18 . 2014-04-28 19:18 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-04-28 19:18 . 2014-04-03 18:16 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-28 19:18 . 2014-04-03 18:16 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-28 19:18 . 2014-04-03 18:16 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys.1400502652718
2014-04-28 19:18 . 2014-04-28 19:18 43152 ----a-w- c:\windows\avastSS.scr
2014-04-28 19:18 . 2014-04-03 18:16 271264 ----a-w- c:\windows\system32\aswBoot.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-28 19:18 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 204288]
"KSS"="c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-12-07 202328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 729178]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2000-01-01 1236992]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2012-02-28 190768]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-25 3890208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-18 44544]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BTTray.lnk]
backup=c:\windows\pss\BTTray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^DVD Check.lnk]
backup=c:\windows\pss\DVD Check.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2007-01-05 18:57 204288 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"TUWinStylerThemeSvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"sp_rssrv"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [3.4.2014 20:16 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [3.4.2014 20:16 180632]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [3.4.2014 20:16 777488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [3.4.2014 20:16 411680]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [28.4.2014 21:18 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [3.4.2014 20:16 67824]
R2 KSS;Kaspersky Security Scan Service;c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [7.12.2012 15:16 202328]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [16.9.2013 12:29 3273088]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [18.4.2005 3:00 200576]
S0 gldwuhl;gldwuhl; [x]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [23.10.2013 9:15 172192]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [27.12.2005 1:31 87936]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [6.1.2013 23:34 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [6.1.2013 23:34 8576]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [23.12.2008 20:24 47360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-14 13:36 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-08 14:47]
.
2014-06-26 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-28 19:18]
.
2014-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-29 15:02]
.
2014-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-29 15:02]
.
2014-06-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-18 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\cuo9hlh3.default-1388326035328\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/firefox?client=firefox-a& ... s:official
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-SlimDrivers - c:\program files\SlimDrivers\SlimDrivers.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-26 17:50
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(3512)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2014-06-26 18:03:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-06-26 16:03
.
Před spuštěním: 5 467 414 528
Po spuštění: 6 284 017 664
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 0A2099CD4872BC2DC66053CA19FB075C
671B81004FDD1588FA9ED1331C9CECA9
Re: Preventivní kontrola
Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :
Služba Google Update (gupdate)
Služba Google Update (gupdatem)
dvojklikem se otevře karta kde nejprve službu zastav tlačítkem Zastavit u položky Typ spouštění vyber Zakázáno a klik na OK.
V Naplánovaných úlohách smaž :
GoogleUpdate - bude to tam vícekrát
Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP
Pokud jsi tak ještě neučinil, přesuň Combofix na plochu
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
Služba Google Update (gupdate)
Služba Google Update (gupdatem)
dvojklikem se otevře karta kde nejprve službu zastav tlačítkem Zastavit u položky Typ spouštění vyber Zakázáno a klik na OK.
V Naplánovaných úlohách smaž :
GoogleUpdate - bude to tam vícekrát
Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP
Pokud jsi tak ještě neučinil, přesuň Combofix na plochu
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
Kód: Vybrat vše
FireFox::
FF - ProfilePath - c:\documents and settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\cuo9hlh3.default-1388326035328\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
Re: Preventivní kontrola
ComboFix 14-06-30.01 - Kaja 30.06.2014 17:15:11.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1151.737 [GMT 2:00]
Spuštěný z: c:\documents and settings\Kaja\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Kaja\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-05-28 do 2014-06-30 )))))))))))))))))))))))))))))))
.
.
2014-06-22 11:40 . 2014-06-22 11:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-06-22 11:40 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-22 10:11 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-06-22 10:09 . 2014-06-23 17:19 -------- d-----w- C:\AdwCleaner
2014-06-22 09:30 . 2014-06-22 09:30 -------- d-----w- c:\program files\CCleaner
2014-06-21 14:41 . 2014-06-21 14:40 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-06-21 14:16 . 2014-06-21 14:26 -------- d-----w- C:\FRST
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-21 14:40 . 2013-08-13 14:29 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-05-19 12:30 . 2014-04-03 18:16 777488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-19 12:30 . 2014-04-03 18:16 411680 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-05-19 12:30 . 2014-04-03 18:16 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2014-05-14 14:47 . 2012-07-08 11:42 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-14 14:47 . 2012-07-08 11:42 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-28 19:18 . 2014-04-03 18:17 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-04-28 19:18 . 2014-04-03 18:16 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-28 19:18 . 2014-04-03 18:16 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1400502652718
2014-04-28 19:18 . 2014-04-28 19:18 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-04-28 19:18 . 2014-04-03 18:16 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-28 19:18 . 2014-04-03 18:16 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-28 19:18 . 2014-04-03 18:16 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys.1400502652718
2014-04-28 19:18 . 2014-04-28 19:18 43152 ----a-w- c:\windows\avastSS.scr
2014-04-28 19:18 . 2014-04-03 18:16 271264 ----a-w- c:\windows\system32\aswBoot.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-28 19:18 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 729178]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2000-01-01 1236992]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2012-02-28 190768]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-25 3890208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-18 44544]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BTTray.lnk]
backup=c:\windows\pss\BTTray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^DVD Check.lnk]
backup=c:\windows\pss\DVD Check.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2007-01-05 18:57 204288 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"TUWinStylerThemeSvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"sp_rssrv"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [3.4.2014 20:16 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [3.4.2014 20:16 180632]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [3.4.2014 20:16 777488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [3.4.2014 20:16 411680]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [28.4.2014 21:18 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [3.4.2014 20:16 67824]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [18.4.2005 3:00 200576]
S0 gldwuhl;gldwuhl; [x]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [16.9.2013 12:29 3273088]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [23.10.2013 9:15 172192]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [27.12.2005 1:31 87936]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [6.1.2013 23:34 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [6.1.2013 23:34 8576]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [23.12.2008 20:24 47360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-14 13:36 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-08 14:47]
.
2014-06-30 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-28 19:18]
.
2014-06-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-18 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\cuo9hlh3.default-1388326035328\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/firefox?client=firefox-a& ... s:official
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-30 17:32
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(1044)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2014-06-30 17:36:36
ComboFix-quarantined-files.txt 2014-06-30 15:36
ComboFix2.txt 2014-06-26 16:03
.
Před spuštěním: 6 094 077 952
Po spuštění: 6 084 939 776
.
- - End Of File - - C7AC677AEB0AD3D37AF8376B1AEEB584
671B81004FDD1588FA9ED1331C9CECA9
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1151.737 [GMT 2:00]
Spuštěný z: c:\documents and settings\Kaja\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Kaja\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-05-28 do 2014-06-30 )))))))))))))))))))))))))))))))
.
.
2014-06-22 11:40 . 2014-06-22 11:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-06-22 11:40 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-22 10:11 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-06-22 10:09 . 2014-06-23 17:19 -------- d-----w- C:\AdwCleaner
2014-06-22 09:30 . 2014-06-22 09:30 -------- d-----w- c:\program files\CCleaner
2014-06-21 14:41 . 2014-06-21 14:40 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-06-21 14:16 . 2014-06-21 14:26 -------- d-----w- C:\FRST
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-21 14:40 . 2013-08-13 14:29 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-05-19 12:30 . 2014-04-03 18:16 777488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-19 12:30 . 2014-04-03 18:16 411680 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-05-19 12:30 . 2014-04-03 18:16 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2014-05-14 14:47 . 2012-07-08 11:42 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-14 14:47 . 2012-07-08 11:42 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-28 19:18 . 2014-04-03 18:17 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-04-28 19:18 . 2014-04-03 18:16 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-28 19:18 . 2014-04-03 18:16 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1400502652718
2014-04-28 19:18 . 2014-04-28 19:18 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-04-28 19:18 . 2014-04-03 18:16 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-28 19:18 . 2014-04-03 18:16 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-28 19:18 . 2014-04-03 18:16 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys.1400502652718
2014-04-28 19:18 . 2014-04-28 19:18 43152 ----a-w- c:\windows\avastSS.scr
2014-04-28 19:18 . 2014-04-03 18:16 271264 ----a-w- c:\windows\system32\aswBoot.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-28 19:18 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 729178]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2000-01-01 1236992]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2012-02-28 190768]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-25 3890208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-18 44544]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BTTray.lnk]
backup=c:\windows\pss\BTTray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^DVD Check.lnk]
backup=c:\windows\pss\DVD Check.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2007-01-05 18:57 204288 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"TUWinStylerThemeSvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"sp_rssrv"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [3.4.2014 20:16 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [3.4.2014 20:16 180632]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [3.4.2014 20:16 777488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [3.4.2014 20:16 411680]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [28.4.2014 21:18 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [3.4.2014 20:16 67824]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [18.4.2005 3:00 200576]
S0 gldwuhl;gldwuhl; [x]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [16.9.2013 12:29 3273088]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [23.10.2013 9:15 172192]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [27.12.2005 1:31 87936]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [6.1.2013 23:34 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [6.1.2013 23:34 8576]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [23.12.2008 20:24 47360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-14 13:36 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-08 14:47]
.
2014-06-30 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-28 19:18]
.
2014-06-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-18 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\cuo9hlh3.default-1388326035328\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/firefox?client=firefox-a& ... s:official
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-30 17:32
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(1044)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2014-06-30 17:36:36
ComboFix-quarantined-files.txt 2014-06-30 15:36
ComboFix2.txt 2014-06-26 16:03
.
Před spuštěním: 6 094 077 952
Po spuštění: 6 084 939 776
.
- - End Of File - - C7AC677AEB0AD3D37AF8376B1AEEB584
671B81004FDD1588FA9ED1331C9CECA9
Re: Preventivní kontrola
Přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Pak dej vědět jaký je stav PC.
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Pak dej vědět jaký je stav PC.
Přispějete na provoz fóra?