Tak jsem tu, no po delší době :/ ale udělal jsem všechny kontroly, o kterých se tu psalo 
TFC Nešel bohužel. Spustil se dal, ale když jsem dal start, tak se PC sekl a musel jsem restart PC "natvrdo", zkusil jsem to 2x, ale ani čekání cca 15 minut nezabralo 
ATF Cleaner :To pouze smazalo něco z prohlížečů a log/y z toho není/nejsou
MalwareBytes Anti-Malware :Uplně stejné jako minule:
Zde jsou logy z těch ostatních prográmků :HJT
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:03:49, on 29.11.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\DiVapton\updateDiVapton.exe
C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Program Files\DiVapton\bin\utilDiVapton.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Mobogenie\DaemonProcess.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Garena Plus\GarenaMessenger.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Documents and Settings\Robik\Local Settings\Data aplikací\VNT\vntldr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Garena Plus\ggdllhost.exe
C:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\TEMP\SELFUPDATE\update.exe
C:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\TEMP\SELFUPDATE\updrgui.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\drwtsn32.exe
D:\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: DiVapton - {3bf42771-1b8a-4910-b3dc-eb330e40020a} - C:\Program Files\DiVapton\DiVaptonbho.dll
O2 - BHO: Avira SearchFree Toolbar BHO - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" (file missing)
O2 - BHO: Ask Toolbar BHO - {5054562D-5247-006A-76A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\PTV-RG\Passport.dll" (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: ArcPluginIEBHO - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - D:\Perfect World\Plugins\ArcPluginIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Seznam.cz - {EA837F48-5AD1-443e-AE34-FFE03CBF3099} - (no file)
O3 - Toolbar: Ask Toolbar - {5054562D-5247-006A-76A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\PTV-RG\Passport.dll" (file missing)
O3 - Toolbar: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" (file missing)
O3 - Toolbar: (no name) - {1EA00BE1-6E54-4E2A-8099-680300BF23E1} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [VNT] C:\Program Files\VNT\vntldr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [Google Japanese Input Prelauncher] "C:\Program Files\Google\Google Japanese Input\GoogleIMEJaBroker32.exe" --mode=prelaunch_processes
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GarenaPlus] "D:\Garena Plus\GarenaMessenger.exe" -autolaunch
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Documents and Settings\Robik\Data aplikací\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Documents and Settings\Robik\Data aplikací\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu -
res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu -
res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} -
res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\WINDOWS\system32\AppleChargerSrv.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: Google Japanese Input Cache Service (GoogleIMEJaCacheService) - Google Inc. - C:\Program Files\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files\Tunngle\TnglCtrl.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Update DiVapton - Unknown owner - C:\Program Files\DiVapton\updateDiVapton.exe
O23 - Service: Util DiVapton - Unknown owner - C:\Program Files\DiVapton\bin\utilDiVapton.exe
--
End of file - 12775 bytes
ADW Cleaner
# AdwCleaner v3.013 - Report created 29/11/2013 at 04:20:29
# Updated 24/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Robik - DANA-HOME
# Running from : D:\Stažené\adwcleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\Conduit
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v25.0.1 (cs)
[ File : C:\Documents and Settings\Dana\Data aplikací\Mozilla\Firefox\Profiles\kj3tim7j.default-1371998953421\prefs.js ]
[ File : C:\Documents and Settings\Robik\Data aplikací\Mozilla\Firefox\Profiles\kj3tim7j.default-1371998953421\prefs.js ]
Line Found : user_pref("extensions.AVIRA-V7.apn.tldcache", "{\"date\":1385425171925,\"domainList\":[\"ac\",\"com.ac\",\"edu.ac\",\"gov.ac\",\"net.ac\",\"mil.ac\",\"org.ac\",\"ad\",\"nom.ad\",\"ae\",\"co.ae\",\"net[...]
[ File : C:\Documents and Settings\Robik\Data aplikací\Mozilla\Firefox\Profiles\wee2z21p.default\prefs.js ]
-\\ Google Chrome v31.0.1650.57
[ File : C:\Documents and Settings\Dana\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]
[ File : C:\Documents and Settings\Robik\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [2832 octets] - [13/11/2013 12:16:29]
AdwCleaner[R1].txt - [5178 octets] - [26/11/2013 01:08:54]
AdwCleaner[R2].txt - [1617 octets] - [29/11/2013 04:20:29]
AdwCleaner[S0].txt - [5271 octets] - [26/11/2013 01:16:35]
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1737 octets] ##########
Junkware
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by Robik on p 29.11.2013 at 4:32:27,60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DF56E39A-7428-4261-A9A8-3F53273F0F12}
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Documents and Settings\Robik\Data aplikacˇ\mozilla\firefox\profiles\kj3tim7j.default-1371998953421\extensions\toolbar_avira-v7@apn.ask.com.xpi
Successfully deleted the following from C:\Documents and Settings\Robik\Data aplikacˇ\mozilla\firefox\profiles\kj3tim7j.default-1371998953421\prefs.js
user_pref("extensions.AVIRA-V7.com.avira.dnt.rules", "\"{\\\"Version\\\":39,\\\"Companies\\\":[{\\\"company\\\":\\\"Google Inc\\\",\\\"rules\\\":[{\\\"name\\\":\\\"Google Anal
user_pref("extensions.AVIRA-V7.domain", "\"avira.search.ask.com\"");
~~~ Chrome
Successfully deleted: [Folder] C:\Documents and Settings\Robik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpcknfcdcgpffjddjeceioobdelceffo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on p 29.11.2013 at 4:53:48,32
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rogue Killer
RogueKiller V8.7.9 [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora :
http://www.adlice.com/forum/Webové stránky :
http://www.adlice.com/softwares/roguekiller/ :
http://tigzyrk.blogspot.com/Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Robik [Práva správce]
Mód : Kontrola -- Datum : 11/29/2013 05:00:56
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 4 ¤¤¤
[SUSP PATH] vntldr.exe -- C:\Documents and Settings\Robik\Local Settings\Data aplikací\VNT\vntldr.exe [7] -> SMAZÁNO [TermProc]
[SUSP PATH] szndesktop.exe -- C:\Documents and Settings\Robik\Data aplikací\Seznam.cz\bin\szndesktop.exe [7] -> SMAZÁNO [TermProc]
[SUSP PATH] update.exe -- C:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\TEMP\SELFUPDATE\update.exe [7] -> ERROR [6]
[SUSP PATH] updrgui.exe -- C:\Documents and Settings\All Users\Data aplikací\Avira\AntiVir Desktop\TEMP\SELFUPDATE\updrgui.exe [7] -> ERROR [6]
¤¤¤ ¤¤¤ Záznamy Registrů: : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : cz.seznam.software.autoupdate ("C:\Documents and Settings\Robik\Data aplikací\Seznam.cz\szninstall.exe" -c [7]) -> NALEZENO
[RUN][SUSP PATH] HKCU\[...]\Run : cz.seznam.software.szndesktop ("C:\Documents and Settings\Robik\Data aplikací\Seznam.cz\bin\wszndesktop.exe" -q [7]) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-790525478-1659004503-1801674531-1016\[...]\Run : cz.seznam.software.autoupdate ("C:\Documents and Settings\Robik\Data aplikací\Seznam.cz\szninstall.exe" -c [7]) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-790525478-1659004503-1801674531-1016\[...]\Run : cz.seznam.software.szndesktop ("C:\Documents and Settings\Robik\Data aplikací\Seznam.cz\bin\wszndesktop.exe" -q [7]) -> NALEZENO
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> NALEZENO
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
¤¤¤ naplánované úlohy : 0 ¤¤¤
¤¤¤ spuštění položky : 4 ¤¤¤
[LocalService][SUSP UNIC] install.exe : C:\Documents and Settings\LocalService\Nabídka Start\Programy\Po spuštění\install.exe [x] -> NALEZENO
[LocalService][SUSP UNIC] TDR2000.exe : C:\Documents and Settings\LocalService\Nabídka Start\Programy\Po spuštění\TDR2000.exe [x] -> NALEZENO
[NetworkService][SUSP UNIC] install.exe : C:\Documents and Settings\NetworkService\Nabídka Start\Programy\Po spuštění\install.exe [x] -> NALEZENO
[NetworkService][SUSP UNIC] TDR2000.exe : C:\Documents and Settings\NetworkService\Nabídka Start\Programy\Po spuštění\TDR2000.exe [x] -> NALEZENO
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Address] SSDT[25] : NtClose @ 0x805B1EA4 -> HOOKED (Unknown @ 0xBA743F14)
[Address] SSDT[41] : NtCreateKey @ 0x8061AF8C -> HOOKED (Unknown @ 0xBA743ECE)
[Address] SSDT[50] : NtCreateSection @ 0x805A092C -> HOOKED (Unknown @ 0xBA743F1E)
[Address] SSDT[53] : NtCreateThread @ 0x805C748E -> HOOKED (Unknown @ 0xBA743EC4)
[Address] SSDT[63] : NtDeleteKey @ 0x8061B428 -> HOOKED (Unknown @ 0xBA743ED3)
[Address] SSDT[65] : NtDeleteValueKey @ 0x8061B5F8 -> HOOKED (Unknown @ 0xBA743EDD)
[Address] SSDT[68] : NtDuplicateObject @ 0x805B3AB8 -> HOOKED (Unknown @ 0xBA743F0F)
[Address] SSDT[98] : NtLoadKey @ 0x8061D1B0 -> HOOKED (Unknown @ 0xBA743EE2)
[Address] SSDT[122] : NtOpenProcess @ 0x805C1512 -> HOOKED (Unknown @ 0xBA743EB0)
[Address] SSDT[128] : NtOpenThread @ 0x805C179E -> HOOKED (Unknown @ 0xBA743EB5)
[Address] SSDT[177] : NtQueryValueKey @ 0x806191B0 -> HOOKED (Unknown @ 0xBA743F37)
[Address] SSDT[193] : NtReplaceKey @ 0x8061D060 -> HOOKED (Unknown @ 0xBA743EEC)
[Address] SSDT[200] : NtRequestWaitReplyPort @ 0x805982D0 -> HOOKED (Unknown @ 0xBA743F28)
[Address] SSDT[204] : NtRestoreKey @ 0x8061C96C -> HOOKED (Unknown @ 0xBA743EE7)
[Address] SSDT[213] : NtSetContextThread @ 0x805C90E6 -> HOOKED (Unknown @ 0xBA743F23)
[Address] SSDT[237] : NtSetSecurityObject @ 0x805B622A -> HOOKED (Unknown @ 0xBA743F2D)
[Address] SSDT[247] : NtSetValueKey @ 0x806194FE -> HOOKED (Unknown @ 0xBA743ED8)
[Address] SSDT[255] : NtSystemDebugControl @ 0x8060EED6 -> HOOKED (Unknown @ 0xBA743F32)
[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xBA743F46)
[Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xBA743F4B)
¤¤¤ Externí včelstvo: ¤¤¤
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HD250HJ +++++
--- User ---
[MBR] 54e60d644349069c5067c68d70268306
[BSP] b0caa5a33c3c9147061d69621c107b7e : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 39997 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 81915435 | Size: 198467 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[0]_S_11292013_050056.txt >>
ComboFix
ComboFix 13-11-27.01 - Robik 29.11.2013 5:35.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2012.823 [GMT 1:00]
Spuštěný z: c:\documents and settings\Robik\Plocha\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
c:\windows\system32\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-28 do 2013-11-29 )))))))))))))))))))))))))))))))
.
.
2013-11-29 03:27 . 2013-11-29 03:27 -------- d-----w- c:\windows\ERUNT
2013-11-28 02:34 . 2013-11-28 02:35 -------- d-----w- c:\documents and settings\Dana\.android
2013-11-28 02:33 . 2013-11-28 02:33 -------- d-----w- c:\documents and settings\Dana\Local Settings\Data aplikací\cache
2013-11-28 02:33 . 2013-11-28 02:33 -------- d-----w- C:\Users
2013-11-27 14:23 . 2013-11-27 15:20 -------- d-----w- C:\Downloads
2013-11-26 23:02 . 2013-11-28 02:33 -------- d-----w- c:\documents and settings\Dana\Local Settings\Data aplikací\MoboGenie
2013-11-26 22:46 . 2013-11-28 09:46 -------- d-----w- c:\documents and settings\Dana\Data aplikací\Seznam.cz
2013-11-25 22:29 . 2013-11-25 22:29 -------- d-----w- c:\documents and settings\Robik\.android
2013-11-25 22:29 . 2013-11-28 02:33 -------- d-----w- c:\documents and settings\Robik\Local Settings\Data aplikací\cache
2013-11-25 22:29 . 2013-11-28 02:37 -------- d-----w- c:\documents and settings\Robik\Local Settings\Data aplikací\Mobogenie
2013-11-25 22:27 . 2013-11-28 02:37 -------- d-----w- c:\program files\Mobogenie
2013-11-25 22:26 . 2013-11-25 22:26 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2013-11-25 22:23 . 2013-11-25 22:27 -------- d-----w- c:\documents and settings\Robik\Data aplikací\DVDVideoSoft
2013-11-24 05:11 . 2013-11-25 13:07 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2013-11-24 05:10 . 2013-11-24 05:10 -------- d-----w- c:\documents and settings\All Users\Uniblue
2013-11-24 05:07 . 2013-11-24 05:07 -------- d-----w- c:\program files\Microsoft Silverlight
2013-11-21 13:42 . 2013-11-21 13:42 -------- d-----w- c:\program files\True Burner
2013-11-21 13:20 . 2013-11-21 13:20 -------- d-----w- C:\finalburner
2013-11-21 13:20 . 2013-11-21 13:20 -------- d-----w- c:\documents and settings\Robik\Data aplikací\FinalBurner Video DVD
2013-11-21 13:19 . 2008-09-24 18:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2013-11-21 13:19 . 2007-09-21 00:52 118784 ----a-w- c:\windows\system32\ac3acm.acm
2013-11-21 13:19 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2013-11-21 13:19 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2013-11-21 13:19 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2013-11-21 13:19 . 2006-04-02 12:47 630784 ----a-w- c:\windows\system32\vp7vfw.dll
2013-11-21 13:19 . 2013-11-21 13:19 -------- d-----w- c:\program files\K-Lite Codec Pack
2013-11-21 13:15 . 2013-11-21 13:15 -------- d-----w- c:\program files\FinalBurner
2013-11-18 08:11 . 2013-11-18 08:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVS4YOU
2013-11-18 08:11 . 2013-11-18 08:11 -------- d-----w- c:\documents and settings\Robik\Data aplikací\AVS4YOU
2013-11-18 08:07 . 2013-11-18 08:10 -------- d-----w- c:\program files\Common Files\AVSMedia
2013-11-18 08:07 . 2011-06-23 12:26 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2013-11-18 08:07 . 2013-11-18 08:10 -------- d-----w- c:\program files\AVS4YOU
2013-11-18 07:57 . 2013-11-18 07:58 -------- d-----w- c:\documents and settings\Robik\Data aplikací\avidemux
2013-11-18 07:57 . 2013-11-18 07:57 -------- d-----w- c:\program files\Avidemux 2.6
2013-11-15 02:54 . 2013-11-15 10:58 -------- d-----w- c:\program files\DiVapton
2013-11-15 02:54 . 2013-11-15 02:54 -------- d-----w- c:\program files\PicoZipRT
2013-11-15 02:52 . 2013-11-15 02:52 -------- d-----w- c:\program files\Seznam.cz
2013-11-15 02:51 . 2013-11-29 03:37 -------- d-----w- c:\documents and settings\Robik\Data aplikací\Seznam.cz
2013-11-15 02:51 . 2013-11-15 02:51 -------- d-----w- c:\program files\RAR Password Cracker
2013-11-14 02:44 . 2013-11-14 02:45 -------- d-----w- c:\documents and settings\Robik\Local Settings\Data aplikací\Ahead
2013-11-14 02:27 . 2013-11-14 02:27 -------- d-----w- c:\documents and settings\Robik\Data aplikací\Ahead
2013-11-14 02:25 . 2013-11-25 13:31 -------- d-----w- c:\program files\Common Files\Ahead
2013-11-14 02:25 . 2013-11-14 02:25 -------- d-----w- c:\program files\Nero
2013-11-13 11:47 . 2013-11-13 11:47 -------- d-----w- c:\documents and settings\Robik\Data aplikací\Malwarebytes
2013-11-13 11:46 . 2013-11-13 11:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-11-13 11:46 . 2013-11-13 11:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-13 11:46 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-13 11:00 . 2013-11-29 03:23 -------- d-----w- C:\AdwCleaner
2013-11-13 06:23 . 2013-11-13 06:23 388096 ----a-r- c:\documents and settings\Robik\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-11-13 04:53 . 2013-11-13 04:53 -------- d-----w- c:\program files\Common Files\Java
2013-11-13 04:53 . 2013-10-08 06:29 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-11-13 04:52 . 2013-10-08 06:50 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-11-10 01:08 . 2013-11-10 01:08 -------- d-----w- c:\documents and settings\Robik\Local Settings\Data aplikací\VNT
2013-11-09 20:15 . 2013-11-09 20:15 -------- d-----w- c:\documents and settings\Dana\Local Settings\Data aplikací\VNT
2013-11-09 20:15 . 2013-11-09 20:15 -------- d-----w- c:\program files\VNT
2013-11-09 08:27 . 2013-11-09 08:27 -------- d-----w- c:\program files\Common Files\SWF Studio
2013-11-08 03:50 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-11-08 03:50 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2013-11-08 03:50 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2013-11-08 03:50 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2013-11-08 03:50 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-11-08 03:39 . 2013-11-08 03:40 -------- d-----w- C:\ApolloMpegtoDVD
2013-11-08 03:35 . 2013-11-08 03:40 -------- d-----w- c:\program files\Apollo MPEG to DVD Burner
2013-11-07 03:14 . 2013-11-07 03:14 -------- d-----w- c:\program files\FreeTime
2013-11-07 02:47 . 2013-11-07 02:47 -------- d-----w- c:\documents and settings\Robik\Data aplikací\FreeMoviesToDVD
2013-11-07 02:47 . 2009-01-23 20:21 327680 ----a-w- c:\windows\system32\dvdauthor.ocx
2013-11-07 02:47 . 2009-01-23 20:20 233472 ----a-w- c:\windows\system32\viscomdvdimg.dll
2013-11-07 02:47 . 2009-01-23 20:08 15360 ----a-w- c:\windows\system32\inetfr.DLL
2013-11-07 02:47 . 2009-01-23 20:08 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2013-11-07 02:47 . 2009-01-23 20:08 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2013-11-07 02:47 . 2009-01-23 20:08 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2013-11-07 02:47 . 2009-01-23 20:08 115920 ----a-w- c:\windows\system32\msinet.OCX
2013-11-07 02:47 . 2009-01-23 20:08 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2013-11-07 02:47 . 2009-01-23 20:08 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2013-11-07 02:46 . 2013-11-07 02:47 -------- d-----w- c:\program files\Free Videos To DVD
2013-11-07 02:42 . 2010-03-02 23:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2013-11-07 02:42 . 2010-03-02 23:00 50688 ----a-w- c:\windows\system32\ff_acm.acm
2013-11-07 02:42 . 2013-11-07 02:42 -------- d-----w- c:\program files\ffdshow
2013-11-07 02:41 . 2013-11-07 02:41 33019 ----a-w- c:\windows\system32\CoreAAC-uninstall.exe
2013-11-07 02:41 . 2009-08-11 20:18 497664 ----a-w- c:\windows\system32\ac3filter.acm
2013-11-07 02:41 . 2013-11-07 02:41 -------- d-----w- c:\program files\AC3Filter
2013-11-07 02:41 . 2013-11-07 02:41 -------- d-----w- c:\program files\AviSynth 2.5
2013-11-07 02:40 . 2013-11-07 03:13 -------- d-----w- c:\program files\Avi2Dvd
2013-11-06 04:09 . 2013-11-06 06:42 87608 ----a-w- c:\documents and settings\Robik\Data aplikací\inst.exe
2013-11-06 04:09 . 2013-11-06 06:42 47360 ----a-w- c:\documents and settings\Robik\Data aplikací\pcouffin.sys
2013-11-06 04:09 . 2013-11-06 06:42 -------- d-----w- c:\documents and settings\Robik\Data aplikací\Vso
2013-11-06 04:08 . 2013-11-06 06:42 -------- d-----w- c:\program files\VSO
2013-11-06 04:08 . 2013-11-06 04:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\VSO
2013-10-30 14:17 . 2013-10-30 14:17 -------- d-----w- c:\program files\LittleFighter
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-13 04:43 . 2012-11-08 16:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-28 20:01 . 2013-10-28 20:01 1734680 ----a-w- c:\windows\system32\GIMEJa.ime
2013-10-15 01:59 . 2013-10-15 01:59 85750 ----a-w- c:\windows\Uninstal.exe
2013-10-13 11:42 . 2008-04-14 06:52 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:12 . 2008-04-14 06:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:12 . 2008-04-14 06:51 43520 ------w- c:\windows\system32\licmgr10.dll
2013-10-13 07:12 . 2008-04-14 06:51 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57 . 2008-04-14 05:50 385024 ------w- c:\windows\system32\html.iec
2013-10-12 19:29 . 2013-10-12 19:30 88840 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-10-12 19:29 . 2013-10-12 19:30 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-10-12 19:29 . 2013-10-12 19:30 136672 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{5054562D-5247-006A-76A7-7A786E7484D7}]
2013-11-08 06:00 12240 ----a-w- c:\program files\AskPartnerNetwork\Toolbar\PTV-RG\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5054562D-5247-006A-76A7-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\PTV-RG\Passport.dll" [2013-11-08 12240]
.
[HKEY_CLASSES_ROOT\clsid\{5054562d-5247-006a-76a7-7a786e7484d7}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5054562D-5247-006A-76A7-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\PTV-RG\Passport.dll" [2013-11-08 12240]
.
[HKEY_CLASSES_ROOT\clsid\{5054562d-5247-006a-76a7-7a786e7484d7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GarenaPlus"="d:\garena plus\GarenaMessenger.exe" [2013-11-21 9890608]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-10-02 5706480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-10-21 20549280]
"cz.seznam.software.autoupdate"="c:\documents and settings\Robik\Data aplikací\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\documents and settings\Robik\Data aplikací\Seznam.cz\bin\wszndesktop.exe" [2013-04-12 92664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-12-15 19967080]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 144920]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-10-12 347192]
"VNT"="c:\program files\VNT\vntldr.exe" [2013-11-08 202192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"Google Japanese Input Prelauncher"="c:\program files\Google\Google Japanese Input\GoogleIMEJaBroker32.exe" [2013-10-28 1452056]
"mobilegeni daemon"="c:\program files\Mobogenie\DaemonProcess.exe" [2013-10-30 746176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200411]
Ime File REG_SZ GIMEJA.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Japanese Input Prelauncher]
2013-10-28 20:01 1452056 ----a-w- c:\program files\Google\Google Japanese Input\GoogleIMEJaBroker32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2013-04-18 23:45 1090912 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Tunngle\\TnglCtrl.exe"=
"c:\\Program Files\\Tunngle\\Tunngle.exe"=
"c:\\3DO\\Heroes of Might and Magic IV\\heroes4c.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Garena Plus\\Room\\garena_room.exe"=
"d:\\Garena Plus\\ggdllhost.exe"=
"d:\\Garena Plus\\bbtalk\\BBTalk.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"d:\\Games\\Renegade\\Game.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20763:TCP"= 20763:TCP:BitComet 20763 TCP
"20763:UDP"= 20763:UDP:BitComet 20763 UDP
"59095:TCP"= 59095:TCP:Pando Media Booster
"59095:UDP"= 59095:UDP:Pando Media Booster
"14348:TCP"= 14348:TCP:BitComet 14348 TCP
"14348:UDP"= 14348:UDP:BitComet 14348 UDP
"2731:UDP"= 2731:UDP:Windows Media Format SDK (wmplayer.exe)
"2730:UDP"= 2730:UDP:Windows Media Format SDK (wmplayer.exe)
"2733:UDP"= 2733:UDP:Windows Media Format SDK (wmplayer.exe)
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [8.11.2012 17:10 18544]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [12.10.2013 20:30 37352]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [23.5.2013 21:11 119056]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12.10.2013 20:30 84024]
R2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [12.10.2013 20:30 815160]
R2 APNMCP;Ask Update Service;c:\program files\AskPartnerNetwork\Toolbar\apnmcp.exe [8.11.2013 7:00 166352]
R2 GoogleIMEJaCacheService;Google Japanese Input Cache Service;c:\program files\Google\Google Japanese Input\GoogleIMEJaCacheService.exe [28.10.2013 21:01 754712]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [13.11.2013 12:46 701512]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [7.10.2013 19:14 5087584]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [18.1.2012 7:44 450848]
R2 Update DiVapton;Update DiVapton;c:\program files\DiVapton\updateDiVapton.exe [7.11.2013 21:43 66328]
R2 Util DiVapton;Util DiVapton;c:\program files\DiVapton\bin\utilDiVapton.exe [15.11.2013 11:58 66328]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13.11.2013 12:46 22856]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [5.1.2012 16:42 75624]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [16.9.2013 11:29 3273088]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5.9.2013 10:34 171680]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8.11.2012 17:02 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\d:\garena plus\Room\safedrv.sys --> d:\garena plus\Room\safedrv.sys [?]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [31.5.2013 15:08 27136]
S3 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [31.5.2013 15:08 746392]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-14 21:52 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-11-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-08 04:43]
.
2013-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-17 09:53]
.
2013-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-17 09:53]
.
2013-11-29 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2012-11-17 21:18]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 80.250.1.155 80.250.1.161
FF - ProfilePath - c:\documents and settings\Robik\Data aplikací\Mozilla\Firefox\Profiles\kj3tim7j.default-1371998953421\
FF - ExtSQL: 2013-11-15 03:52; {ea614400-e918-4741-9a97-7a972ff7c30b}; c:\documents and settings\Robik\Data aplikacĂÂ\Mozilla\Firefox\Profiles\kj3tim7j.default-1371998953421\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
Toolbar-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
WebBrowser-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
AddRemove-PWEN - d:\perfect world\GarenaPerfectWorldEN\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2013-11-29 05:45
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
mobilegeni daemon = c:\program files\Mobogenie\DaemonProcess.exe?????????????????????????????????????????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(820)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Celkový čas: 2013-11-29 05:48:52
ComboFix-quarantined-files.txt 2013-11-29 04:48
.
Před spuštěním: 7 280 312 320
Po spuštění: 7 276 990 464
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 0D530F59F0BF14CBF911A0A2188BD877
413FC2A0C716421B3158746D63736515
Jinak jsem chtěl ještě projet PC Avirou antivirem a defragmentovat disk (což ještě umím
), ale to radši až později. Nevím, jestli je to vhodné teď po těch výsledcích , aby to něco neovlivnilo :)
No pokud si s tím někdo bude vědět rady, proč mě ten PC tak zlobí, tak si opravdu nebudu stěžovat
Edit: Jo a nejspíš to souvisí s tímto : http://www.pc-help.cz/viewtopic.php?f=19&t=121569 : to mi PC taky nedělal, doufám, že se to nějak spraví 
