prosím o kontrolu logu

[pitpit]

totálně zpomalené PC

Scan saved at 11:07:16, on 26.8.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
C:\WINDOWS\system32\WTClient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
D:\hijackthis.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O2 - BHO: GdfrDUEn - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files\Stylish Profile\enlbrdr.dll
O2 - BHO: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E5E7330-EBEC-4193-B7D1-E1FA95FA5AD9}: NameServer = 8.8.8.8,194.228.41.65,194.228.41.113
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
O20 - AppInit_DLLs: C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE

--
End of file - 10690 bytes

[Reklama]

[Žbeky]

Odinstaluj:
Mediabar

Fixni:

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll
O3 - Toolbar: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O20 - AppInit_DLLs: C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.

[pitpit]

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Verze databáze: v2012.08.26.04

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
Eva Plachá :: EVA [administrátor]

26.8.2012 16:04:24
mbam-log-2012-08-26 (16-16-56).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 184754
Uplynulý čas: 10 minut, 30 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 6
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Špatný: (http://search13.net/) Dobrý: (http://www.Google.com/) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Špatný: (http://search13.net/) Dobrý: (http://www.Google.com/) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Špatný: (http://search13.net/) Dobrý: (http://www.Google.com) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (Hijack.StartPage) -> Špatný: (http://search13.net/) Dobrý: (http://www.Google.com) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (Hijack.SearchPage) -> Špatný: (http://search13.net/) Dobrý: (http://www.Google.com/) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|CustomizeSearch (Hijack.SearchPage) -> Špatný: (http://search13.net/) Dobrý: (http://www.Google.com/) -> Žádná instrukce nebyla provedena.

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

[Žbeky]

Znovu spusť MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

[pitpit]

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Verze databáze: v2012.08.26.04

Windows XP Service Pack 3 x86
Internet Explorer 8.0.6001.18702
Eva Plachá :: EVA [administrátor]

26.8.2012 16:33:53
mbam-log-2012-08-26 (16-33-53).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 184810
Uplynulý čas: 8 minut, 25 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)
16:56:43.0328 1624 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
16:56:45.0343 1624 ============================================================
16:56:45.0343 1624 Current date / time: 2012/08/26 16:56:45.0343
16:56:45.0343 1624 SystemInfo:
16:56:45.0343 1624
16:56:45.0343 1624 OS Version: 5.1.2600 ServicePack: 3.0
16:56:45.0343 1624 Product type: Workstation
16:56:45.0343 1624 ComputerName: EVA
16:56:45.0515 1624 UserName: Eva Plachá
16:56:45.0546 1624 Windows directory: C:\WINDOWS
16:56:45.0546 1624 System windows directory: C:\WINDOWS
16:56:45.0625 1624 Processor architecture: Intel x86
16:56:45.0625 1624 Number of processors: 2
16:56:45.0625 1624 Page size: 0x1000
16:56:45.0625 1624 Boot type: Normal boot
16:56:45.0625 1624 ============================================================
16:56:56.0187 1624 BG loaded
16:56:59.0234 1624 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:56:59.0640 1624 Drive \Device\Harddisk1\DR2 - Size: 0x3AE800000 (14.73 Gb), SectorSize: 0x200, Cylinders: 0x782, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:56:59.0640 1624 ============================================================
16:56:59.0656 1624 \Device\Harddisk0\DR0:
16:57:00.0359 1624 MBR partitions:
16:57:00.0359 1624 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
16:57:00.0375 1624 \Device\Harddisk1\DR2:
16:57:00.0375 1624 MBR partitions:
16:57:00.0375 1624 ============================================================
16:57:11.0765 1624 C: <-> \Device\Harddisk0\DR0\Partition1
16:57:13.0593 1624 ============================================================
16:57:13.0593 1624 Initialize success
16:57:13.0593 1624 ============================================================
16:58:16.0453 0576 Deinitialize success
ComboFix 12-08-25.04 - Eva Plachá 26.08.2012 17:14:56.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.459 [GMT 2:00]
Spuštěný z: D:\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\system32\avgfwdx.dll
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\SET102.tmp
c:\windows\system32\SET106.tmp
c:\windows\system32\SET107.tmp
c:\windows\system32\SET10E.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-26 do 2012-08-26 )))))))))))))))))))))))))))))))
.
.
2012-08-26 15:08 . 2012-08-26 15:08 -------- d--h--w- c:\documents and settings\Eva Plachá\Šablony
2012-08-26 14:53 . 2012-08-26 14:53 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-26 14:02 . 2012-08-26 14:02 -------- d-----w- c:\documents and settings\Eva Plachá\Data aplikací\Malwarebytes
2012-08-26 14:01 . 2012-08-26 14:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-08-26 14:01 . 2012-08-26 14:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-26 14:01 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-23 18:14 . 2012-08-23 18:14 -------- d-----w- c:\windows\system32\cache
2012-08-22 22:01 . 2012-08-22 22:01 -------- d-----w- c:\documents and settings\Eva Plachá\Local Settings\Data aplikací\Mozilla
2012-08-22 20:05 . 2012-08-22 20:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HP Product Assistant
2012-08-22 20:04 . 2012-08-22 20:04 -------- d-----w- c:\program files\Hewlett-Packard
2012-08-22 20:03 . 2012-08-22 20:03 -------- d-----w- c:\program files\Common Files\HP
2012-08-22 20:01 . 2007-10-30 02:11 303104 ----a-r- c:\windows\system32\hpovst15.dll
2012-08-22 20:01 . 2007-10-30 02:11 729088 ----a-r- c:\windows\system32\hpowiax7.dll
2012-08-22 20:01 . 2007-10-30 02:11 581632 ----a-r- c:\windows\system32\hpotscl6.dll
2012-08-22 17:33 . 2012-08-22 17:33 -------- d-----w- c:\documents and settings\Eva Plachá\Data aplikací\AVG2012
2012-08-22 17:32 . 2012-08-22 17:32 -------- d-----w- c:\documents and settings\Eva Plachá\Local Settings\Data aplikací\AVG Secure Search
2012-08-22 17:32 . 2012-08-22 17:32 -------- d-----w- c:\documents and settings\Eva Plachá\Data aplikací\AVG Secure Search
2012-08-22 17:31 . 2012-08-25 20:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG Secure Search
2012-08-22 17:31 . 2012-08-22 17:31 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-08-22 17:31 . 2012-08-23 18:15 -------- d-----w- c:\program files\AVG Secure Search
2012-08-22 17:28 . 2012-08-26 09:09 -------- d-----w- c:\windows\system32\drivers\AVG
2012-08-22 17:28 . 2012-08-22 17:28 -------- d-----w- C:\$AVG
2012-08-22 16:49 . 2012-08-22 17:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG2012
2012-08-22 16:45 . 2012-08-22 16:45 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2012-08-22 16:26 . 2012-08-26 09:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2012-08-22 16:12 . 2012-08-22 16:12 -------- d-----w- c:\documents and settings\Eva Plachá\Data aplikací\AVG8
2012-08-22 15:34 . 2012-08-22 17:00 -------- d-----w- c:\program files\AVG
2012-08-22 15:34 . 2012-08-22 15:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\avg8
2012-08-22 10:35 . 2007-10-30 02:25 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2012-08-22 10:35 . 2007-10-30 02:25 309760 ----a-r- c:\windows\system32\difxapi.dll
2012-08-01 07:04 . 2012-08-01 07:04 -------- d-----w- c:\documents and settings\Eva Plachá\Local Settings\Data aplikací\Sun
2012-07-31 17:07 . 2012-08-22 19:24 -------- d-----w- c:\documents and settings\Eva Plachá\Local Settings\Data aplikací\AskToolbar
2012-07-31 16:57 . 2012-07-31 16:57 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Ask
2012-07-31 16:57 . 2012-07-31 16:57 -------- d-----w- c:\program files\Common Files\Java
2012-07-31 16:55 . 2012-07-31 16:55 -------- d-----w- c:\program files\Oracle
2012-07-31 16:54 . 2012-07-31 16:54 -------- d-----w- c:\documents and settings\Eva Plachá\Data aplikací\Oracle
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-26 14:54 . 2006-03-02 12:00 188288 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-08-22 11:02 . 2012-04-16 18:23 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-22 11:02 . 2011-06-10 06:51 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-05 20:07 . 2012-05-06 13:20 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-05 20:06 . 2010-06-14 08:57 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-04 14:05 . 2010-01-22 23:48 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2006-03-02 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:38 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:38 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:38 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-06-05 15:49 . 2010-01-23 00:34 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2006-03-02 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2009-08-06 18:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2009-08-06 18:24 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2010-01-22 23:50 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2010-01-22 23:50 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2010-01-22 23:50 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2010-01-22 23:50 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2010-01-22 23:50 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2009-08-06 18:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2009-08-06 18:24 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-08-06 18:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2006-03-02 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2010-01-22 23:50 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2010-01-22 23:50 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2010-01-24 11:49 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2010-01-24 11:49 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2010-01-24 11:49 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2006-03-02 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-07-14 00:15 . 2012-08-22 22:09 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2010-10-13 16:07 585096 ----a-w- c:\progra~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-23 18:14 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-10-19 07:47 185856 ----a-w- c:\program files\Stylish Profile\enlbrdr.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]
2009-11-20 17:34 87472 ----a-w- c:\progra~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\progra~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll" [2009-11-20 87472]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-08-23 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"WTClient"="WTClient.exe" [2009-10-30 32768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-08-23 1107552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Eva Plachá\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-9-16 384512]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 19:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:45 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Pro Dispatcher v3]
2006-08-24 14:07 503808 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19.4.2012 4:50 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31.1.2012 4:46 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [22.2.2012 5:25 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [19.3.2012 5:17 301248]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [13.6.2012 3:48 2321560]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4.7.2012 17:25 5160568]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14.2.2012 4:53 193288]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [23.8.2012 20:14 935008]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12.1.2012 19:52 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23.12.2011 13:32 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23.12.2011 13:32 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23.12.2011 13:32 17232]
S1 MpKsl230d32af;MpKsl230d32af;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{6E9702A7-DA7F-45A1-B646-A53AAE55F162}\MpKsl230d32af.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{6E9702A7-DA7F-45A1-B646-A53AAE55F162}\MpKsl230d32af.sys [?]
S1 MpKsl24fb8254;MpKsl24fb8254;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{208C9749-595A-45F1-858D-21E9087F3A04}\MpKsl24fb8254.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{208C9749-595A-45F1-858D-21E9087F3A04}\MpKsl24fb8254.sys [?]
S1 MpKsl32ca220f;MpKsl32ca220f;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E48FBDB6-B4E9-4B7A-A2DE-15258A842B2C}\MpKsl32ca220f.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E48FBDB6-B4E9-4B7A-A2DE-15258A842B2C}\MpKsl32ca220f.sys [?]
S1 MpKsl488a554e;MpKsl488a554e;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{D5ACC1B5-9F8D-49F7-84F7-74C33A5E0B46}\MpKsl488a554e.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{D5ACC1B5-9F8D-49F7-84F7-74C33A5E0B46}\MpKsl488a554e.sys [?]
S1 MpKslce9f1507;MpKslce9f1507;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{923288A3-9264-4AD1-9789-02CF9966CE77}\MpKslce9f1507.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{923288A3-9264-4AD1-9789-02CF9966CE77}\MpKslce9f1507.sys [?]
S1 MpKsldc981f59;MpKsldc981f59;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{68088DE9-71D2-480C-8953-CD6C6D6C34EB}\MpKsldc981f59.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{68088DE9-71D2-480C-8953-CD6C6D6C34EB}\MpKsldc981f59.sys [?]
S2 5016;5016;\??\c:\docume~1\EVAPLA~1\LOCALS~1\Temp\5016.sys --> c:\docume~1\EVAPLA~1\LOCALS~1\Temp\5016.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [16.4.2012 20:23 250568]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12.1.2012 19:52 30944]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [23.8.2012 0:09 113120]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 11:02]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.Google.com
uSearchAssistant = hxxp://www.Google.com/
uCustomizeSearch = hxxp://www.Google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: Interfaces\{5E5E7330-EBEC-4193-B7D1-E1FA95FA5AD9}: NameServer = 8.8.8.8,194.228.41.65,194.228.41.113
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Eva Plachá\Data aplikací\Mozilla\Firefox\Profiles\old\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.10);user_pref(general.useragent.extra.zencast,
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
SafeBoot-08076646.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-CreationCentre 20051.3.0.27 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-26 17:35
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1748)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\System32\Drivers\WTSRV.EXE
c:\program files\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\progra~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
c:\windows\system32\WTClient.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Celkový čas: 2012-08-26 17:42:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-26 15:42
.
Před spuštěním: Volných bajtů: 11 236 249 600
Po spuštění: Volných bajtů: 11 416 317 952
.
- - End Of File - - 2E822213957BAB930F9B4EC9F7D61438

[jaro3]

AVG8
Microsoft Security Essentials
AVG2012

musíš mít jen jeden antivir!! ostatní odinstaluj!

Pak:
Stáhni si Security Check by screen317 z některého odkazu
http://screen317.spywareinfoforum.org/SecurityCheck.exe
http://screen317.changelog.fr/SecurityCheck.exe

ulož si ho na plochu, poklepej na něj a postupuj podle instrukcí v černém okně. Potom se automaticky otevře pozn. Blok, bude mít název checkup.txt. Jeho obsah sem prosím zkopíruj.