Kontrola logu HJT - samovolný restart, pomalejší stroj Vyřešeno

[jaro3]

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\drivers\ntfs.sys
c:\windows\system32\userinit.exe
c:\windows\system32\Drivers\atapi.sys.
c:\windows\system32\msgsvc.dll
c:\windows\system32\drivers\AGP440.sys
c:\windows\system32\drivers\asyncmac.sys
C:\Program Files\SpyShelter Personal Free\SpyShelter.sys

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

[Reklama]

[martin.efres]

https://www.virustotal.com/cs/file/e0e6 ... 404471117/
https://www.virustotal.com/cs/file/6e41 ... 404471197/
https://www.virustotal.com/cs/file/b4df ... 404471222/
https://www.virustotal.com/cs/file/6d0d ... 404471266/
https://www.virustotal.com/cs/file/a784 ... 404471303/
https://www.virustotal.com/cs/file/7e60 ... 404471329/
https://www.virustotal.com/cs/file/fb99 ... 404471351/

Jen spyshelter.sys má 1 detekci - ovšem to je antikeylogger a antiscreenlogger měl by být v pohodě.

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\documents and settings\MTT\Local Settings\Data aplikací\d3d9caps.tmp
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files\Google\Update

DirLook::
c:\documents and settings\All Users\Data aplikací\188F1432-103A-4ffb-80F1-36B633C5C9E1

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[martin.efres]

ComboFix 14-07-03.01 - MTT 04.07.2014 20:38:05.4.2 - x86
Spuštěný z: c:\documents and settings\MTT\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\MTT\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\documents and settings\MTT\Local Settings\Data aplikací\d3d9caps.tmp"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Update
c:\program files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.24.15\GoogleUpdate.exe
c:\program files\Google\Update\1.3.24.15\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.24.15\GoogleUpdateComRegisterShell64.exe
c:\program files\Google\Update\1.3.24.15\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.24.15\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.24.15\goopdate.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_am.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_ar.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_bg.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_bn.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_ca.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_cs.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_da.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_de.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_el.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_en.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_es.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_et.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_fa.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_fi.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_fil.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_fr.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_gu.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_hi.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_hr.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_hu.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_id.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_is.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_it.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_iw.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_ja.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_kn.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_ko.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_lt.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_lv.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_ml.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_mr.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_ms.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_nl.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_no.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_pl.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_ro.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_ru.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_sk.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_sl.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_sr.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_sv.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_sw.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_ta.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_te.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_th.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_tr.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_uk.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_ur.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_vi.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.24.15\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.24.15\psmachine.dll
c:\program files\Google\Update\1.3.24.15\psmachine_64.dll
c:\program files\Google\Update\1.3.24.15\psuser.dll
c:\program files\Google\Update\1.3.24.15\psuser_64.dll
c:\program files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\35.0.1916.153\35.0.1916.153_chrome_installer.exe
c:\program files\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\7.1.2.2041\GoogleEarth-Win-Bundle-7.1.2.2041.1.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-06-04 do 2014-07-04 )))))))))))))))))))))))))))))))
.
.
2014-07-02 21:17 . 2014-07-02 21:17 -------- d-----w- C:\AC_SWM
2014-07-02 08:16 . 2014-07-02 08:16 -------- d-----w- c:\windows\ERUNT
2014-07-01 20:49 . 2014-07-02 08:41 35152 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-07-01 20:49 . 2014-07-01 20:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RogueKiller
2014-07-01 20:33 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-01 20:31 . 2014-07-02 08:10 -------- d-----w- C:\AdwCleaner
2014-06-30 08:13 . 2014-06-30 08:13 -------- d-----w- c:\documents and settings\All Users\Data aplikací\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-06-25 21:52 . 2014-07-04 06:29 -------- d-----w- c:\windows\system32\wbem\Logs
2014-06-25 21:46 . 2012-08-21 11:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-06-25 21:45 . 2014-06-25 21:45 -------- d-----w- c:\program files\iPod
2014-06-25 21:45 . 2014-06-25 21:46 -------- d-----w- c:\program files\iTunes
2014-06-25 21:44 . 2014-06-25 21:44 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Apple Computer
2014-06-25 21:44 . 2013-03-18 14:51 6112864 ----a-w- c:\windows\system32\usbaaplrc.dll
2014-06-25 21:44 . 2013-03-18 14:51 45056 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2014-06-25 21:43 . 2014-06-25 21:43 -------- d-----w- c:\program files\Bonjour
2014-06-25 21:34 . 2014-06-25 21:34 -------- d-----w- C:\Media
2014-06-23 09:49 . 2014-06-23 09:49 -------- d-----w- c:\program files\Yamicsoft
2014-06-23 09:26 . 2014-06-23 09:26 777488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-06-23 09:26 . 2014-06-23 09:26 411680 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-06-23 09:26 . 2014-06-23 09:26 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-06-23 09:26 . 2014-06-23 09:26 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-06-23 09:26 . 2014-06-23 09:26 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-06-23 09:26 . 2014-06-23 09:26 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2014-06-23 09:26 . 2014-06-23 09:26 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-06-23 09:26 . 2014-06-23 09:26 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-06-23 09:26 . 2014-06-23 09:26 43152 ----a-w- c:\windows\avastSS.scr
2014-06-23 09:24 . 2014-06-23 09:24 -------- d-----w- c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-23 09:26 . 2014-06-23 09:26 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1403515600671
2014-06-23 09:26 . 2014-06-23 09:26 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys.1403515600671
2014-06-23 09:26 . 2012-03-25 14:43 271264 ----a-w- c:\windows\system32\aswBoot.exe
2014-05-23 18:54 . 2014-05-23 13:59 664 ----a-w- c:\documents and settings\MTT\Local Settings\Data aplikací\d3d9caps.tmp
2014-05-14 05:44 . 2012-05-16 12:23 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-14 05:44 . 2012-03-25 16:08 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-14 18:14 . 2014-05-28 09:42 880040 ----a-w- c:\windows\system32\npdeployJava1.dll
2014-04-14 18:14 . 2014-05-28 09:42 802728 ----a-w- c:\windows\system32\deployJava1.dll
2014-04-14 18:13 . 2014-05-28 09:37 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-04-14 17:47 . 2013-04-18 18:53 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-07-11 08:54 . 2013-07-11 08:54 728858 ----a-w- c:\program files\Common Files\unins000.exe
2012-07-03 14:40 . 2012-04-14 08:39 265120 ----a-w- c:\program files\Common Files\WireHelpSvc.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Data aplikací\188F1432-103A-4ffb-80F1-36B633C5C9E1 ----
.
2014-06-30 08:13 . 2014-06-30 08:13 3982 ----a-w- c:\documents and settings\All Users\Data aplikací\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DIFxInstallLog.txt
2012-08-21 11:01 . 2012-08-21 11:01 1977816 ----a-w- c:\documents and settings\All Users\Data aplikací\188F1432-103A-4ffb-80F1-36B633C5C9E1\GEARDIFx.exe
2012-08-21 11:01 . 2012-08-21 11:01 323464 ----a-w- c:\documents and settings\All Users\Data aplikací\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DIFxAPI.dll
2012-08-21 11:01 . 2012-08-21 11:01 115672 ----a-w- c:\documents and settings\All Users\Data aplikací\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DifXInst32.exe
2012-08-21 11:01 . 2012-08-21 11:01 106928 ----a-w- c:\documents and settings\All Users\Data aplikací\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\GEARAspi.dll
2012-08-21 11:01 . 2012-08-21 11:01 2704 ----a-w- c:\documents and settings\All Users\Data aplikací\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\GEARAspiWDM.inf
2012-08-21 11:01 . 2012-08-21 11:01 7587 ----a-w- c:\documents and settings\All Users\Data aplikací\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\gearaspiwdmx86.cat
2012-08-21 11:01 . 2012-08-21 11:01 26840 ----a-w- c:\documents and settings\All Users\Data aplikací\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\x86\GEARAspiWDM.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-06-23 09:26 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\documents and settings\MTT\Data aplikací\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\documents and settings\MTT\Data aplikací\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\documents and settings\MTT\Data aplikací\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\documents and settings\MTT\Data aplikací\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Everything"="c:\program files\Everything\Everything.exe" [2009-03-13 602624]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-04 3890208]
.
c:\documents and settings\MTT\Nabídka Start\Programy\Po spuštění\
7 Sticky Notes.lnk - d:\sw downloaded\7 Sticky Notes\7StickyNotes.exe [2013-4-20 10661888]
.
c:\documents and settings\MTT\Nabídka Start\Programy\Po spuštění\AutorunsDisabled\
KeyScrambler.lnk - c:\program files\KeyScrambler\KeyScrambler.exe [2012-9-15 431760]
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\AutorunsDisabled\
O&O Defrag Tray.lnk - c:\windows\Installer\{0C6CDC1E-F247-45FD-BEC7-47014D2698C1}\DefragIcon.exe [2013-8-22 292878]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^MTT^Nabídka Start^Programy^Po spuštění^7 Sticky Notes.lnk]
path=c:\documents and settings\MTT\Nabídka Start\Programy\Po spuštění\7 Sticky Notes.lnk
backup=c:\windows\pss\7 Sticky Notes.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^MTT^Nabídka Start^Programy^Po spuštění^Dropbox.lnk]
path=c:\documents and settings\MTT\Nabídka Start\Programy\Po spuštění\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^MTT^Nabídka Start^Programy^Po spuštění^Launchy.lnk]
path=c:\documents and settings\MTT\Nabídka Start\Programy\Po spuštění\Launchy.lnk
backup=c:\windows\pss\Launchy.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvastUI.exe]
2014-07-04 10:46 3890208 ----a-w- c:\program files\AVAST Software\Avast\avastui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-03-14 08:23 3672640 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dexpot]
2012-03-20 20:35 1310720 ----a-w- c:\program files\Dexpot\dexpot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 15:50 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-05-26 17:12 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeyScrambler]
2012-09-15 12:56 431760 ----a-w- c:\program files\KeyScrambler\KeyScrambler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\neoSearch]
2013-01-02 06:04 945399 ----a-w- c:\documents and settings\MTT\Data aplikací\KoshyJohn.com\neoSearch\neoSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2012-11-01 09:44 5029744 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 12:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
2013-05-16 13:25 1062472 ----a-w- c:\program files\Seznam.cz\distribution\szninstall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shortcutor]
2010-12-15 11:18 3975680 ----a-w- c:\program files\Coode Software\Shortcutor\Shortcutor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyShelter]
2013-07-08 14:32 4047160 ----a-w- c:\program files\SpyShelter Personal Free\SpyShelter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartupDelayer]
2013-03-07 22:02 1081856 ----a-w- c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 08:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"odserv"=3 (0x3)
"ose"=3 (0x3)
"idsvc"=3 (0x3)
"Steam Client Service"=3 (0x3)
"SkypeUpdate"=2 (0x2)
"MBAMService"=2 (0x2)
"!SASCORE"=2 (0x2)
"OMSI download service"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"WireHelpSvc"=2 (0x2)
"SbieSvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"DragonUpdater"=2 (0x2)
"MozillaMaintenance"=3 (0x3)
"O&O Defrag"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"avast! Antivirus"=2 (0x2)
"WebCakeUpdater"=2 (0x2)
"OODefragAgent"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Softland\\Backup4all Lite 4\\Backup4all.exe"=
"c:\\Program Files\\Softland\\Backup4all Lite 4\\b4aCmd.exe"=
"c:\\Program Files\\RoboTask\\RoboTask.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Maple 15\\jre\\bin\\maple.exe"=
"c:\\Program Files\\Maple 15\\jre\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\MTT\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Half-Life\\hl.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Documents and Settings\\MTT\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-08-21 84248]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2013-04-18 20032]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 sp_prot;System Protect Filter Driver;c:\windows\system32\drivers\sp_prot.sys [2014-03-09 12288]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-08-21 182680]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [2013-08-21 182680]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-12-16 116608]
R4 ADExchange;ArcSoft Exchange Service;c:\program files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2012-03-19 43072]
R4 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog32.sys [2012-07-23 80184]
R4 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [2013-03-12 2074768]
R4 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [2012-01-24 24504]
R4 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R4 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R4 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2012-11-01 2021744]
R4 SP_Service;System Protect Deletion Prevention Service;c:\program files\System Protect\SysProtect_srv.exe [2014-03-09 598528]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 ViBus;ViBus;c:\windows\system32\DRIVERS\ViBus.sys [2007-10-18 16896]
S0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\DRIVERS\ViPrt.sys [2007-10-18 52224]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-06-23 777488]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-06-23 411680]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2005-03-16 13696]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-06-02 242240]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 Spyshelter;Spyshelter;c:\program files\SpyShelter Personal Free\SpyShelter.sys [2013-07-08 354104]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-06-23 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-06-23 67824]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2011-10-17 100368]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-12-15 173880]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-23 20:56 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 05:44]
.
2014-07-04 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-23 09:26]
.
2014-07-04 c:\windows\Tasks\Opera scheduled Autoupdate 1392141651.job
- c:\program files\Opera\launcher.exe [2014-02-11 08:24]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://duckduckgo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Sticky Password - c:\program files\Sticky Password\spIEBho.dll/616
TCP: Interfaces\{72AD739C-F350-41F5-A32F-1731A76CE472}: NameServer = 176.12.112.2,176.12.112.1
FF - ProfilePath - c:\documents and settings\MTT\Data aplikací\Mozilla\Firefox\Profiles\tolzpp26.default-1375183915734\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-04 22:46
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-527237240-1450960922-1417001333-1003_Classes\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}\{A730F6F3-255C-417C-8986-2C578500547E}*Hidden]
"{6D31FCD2-64F7-4E43-8E18-5A2BBA7D13C9}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAdJuAkgZTt0yEnESWA4DzUAAAAAACAAAAAAADZgAAqAAAABAAAACGM4OC7IABANUgSRqtyhYcAAAAAASAAACgAAAAEAAAAOZWsgS6juEGec3J8g+QaDkIAAAAx61WcVZjbYsUAAAA5By8pLgoht6ze1rYeR5+7lho1xs="
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="63C2C8521A4010679F47F48D7FD65D9B492D844A66A079F7CF44BC2923050883BF11944470437680BB6461A970F5689901520E343BEB3BD87F65E928F9499D6E7F2F80A218FBAB4ED7A3825B04042290B549C4357601A532722EC520589C911A77BC4E46ACBED96EBA50148F940F0143BF2AFBEED3CA950E30A65E087A69C8F082CCE59A0C1192D2302B76C4415B5BC6FA032E95D4694BC5C7C764E963C98E357DE6D09ED72A46420466AE12EEDDEF88C6557673BD316C8AC6002E635610127B4A844064F6794F558CABFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D14079DB7CE019D40AA5CC038D530D6EB34521DBB22F6B393A81710B5BDFD28D5CB1114762DE960421FC2B0800786C0D43ABC23D3458849405DA63058757B3B0C2A1E181FF48B4871E35B8B763D1ADA224CB6B5C8C89E6043886E5AC9FADD335214477DFBA26F0843CA769E7F880E74FD80DF84AE0A41FDA823211596CBCBBF3BF46E422EF7F7176C504183EE872470E502D2E0B02AAC8ED1AB650BDB2B1EF32D3BE70BE7F4BAD3F8F3DD76AF9F4E9328021C408D8ED2DEF1A2568BCE9D6347E1597B9F7362047CC7B8DFD9BEF835066A3540BC17E0D520138E8309B66F5A95E64764EBACCBD0B58AA6D1B02DFDB3D7A2533294B20D11EB1279EF1CECAD7B9E9CFD537F8280D4894A492E2420E059781D1A5E29DBC58E3A9F7013FCE2A96F04BB7C6B8EF91274E2DE306803D1146ABDF84AA180A0FD90EA4004D58C9AF9934F4BC646F02CD7CC1279EE653B8E51DCE0ABA74EC423F08A3F4C4B194C2CFAF86AAAE1EEA245EDABCC9B9DFBE3B7145E007B7A2B431A9A26DD7160B0E3C247E4A589D866440534122B9B57FB36C21C4C9B0590F0EFCFBCBD51315FE09E1DC35133F0BA9E18BECB38A7263D250E396D3C99B73B4FDD21DBE4885D6BE66B0F95EC2C38998186DB9D08A53870AB6BB7D0F34457CCE54981425DD5A1A9F0DBFE26198A0E8CEA1DD953A067251A3AF4EFD26F477B20CC0EF67C226E7AC2A22868A4E8AEF32FA909C55DD39614666DF227C2DE3411910EAF1CDA5D6DB6E4922BDB8228DB409E0321C6EDA73E0004D452B635A5825680A5D29EF3F0D27CC2CB637B77D3B89CFD2FDB94FC58CF3627F6248C825A09DF5187C2C19F71FDC491CD737E7B9DD085F358537AC5529FDB874C9C28464A87956E196CDA7C27B75C8989A231CEE914CD2BA0CA5946BA656560C29521DFF29C3244B46254E90EA9E26AE9DB7171D4D59B539AA425C2653E1F70B90B9E750950C74228D82D8ED7614F74462EB3ABA84D681DCF6867C15E2A277D071EDE6E740B37DD35AB7753E6D2E7ED6FCB7E86691602403B423A0FE38DEFCD7514B3F5CF9A3A8F9258D76457D3CA"
"OOSAFEERASE04.00.00.01MSWINDOWS"="B1E8A9EA342D0C87BD085B25BB25F93B2C14565B0F0810CBD58A98409C742C712205D236D1DDC0715B4C41D5169F926F4BF24DF50D2846BEB085045D342A3956FBC85967C9E733435D89BA4E86065CB8AE77FA7C23750F2718177BEC33E6F46B9940BBA04E526C01D72BA41D858FCC553C0EB6832F78F09C674DF330FC250EBF6E3B2C6BE5AA6A536FE10FB3DE794F26EF678E06E1405F588CF99647C562A9877CC99235EBFE1D875C213AE6B20541B2D6FAC0E1BEDD47B90DB2423C98245E1A5CC608CB8EE26910ECA221EF7375FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407A6A0AC4980AC7933BA7FD869164D6794562388ADDBE8666FAA1EA35BE929BB929892CDF14B5E401A5A14109D2A6F0183F3A2B395A82E62A8622AD5E2F499CA97960A48C92DAFB978C02FBF2F94CF9206EEC156991630501079DADA419C5AF616BB54EFAE33C3DD6B269E81E5FCEDCB6F19AE81A9769658510C77F5450FFC2A6A9271DE6F08B67F9FA23CE434AA0C02DDB43FD77850ECF31CABED028331F8A673990A44A20D074246BF078C509ED261F47A69937D5E2674A45ECD6A541A25FE19C1E660A0D6169F167EA1303587CCE4D9174BFE748E95F9229C4DB25494419B41F1758B07ADABE3C7CFD31A20CBE961B8A8237B5B83747CCF53C4EE63A0EB38D903C62FB60E7130999B872A93057DF9BE4655FDF593DCC66D63B0482573AD63D2C413C9D5A9F478CC3C4C5556803EA820F4E98D4BC950F73FA1B27C02F0ED022278B26DCC632A06A702D41FEFC0C83D13B28C47A6E4B3820DD68FDC26B7FACBBE54244048D366F5722FF8A632F99C58516E0D5A1657CF2CA1C1AFCE021684CC2681097D394964397D7BB199AC171BEE9A0D5F0CEE464F90CD91A1CAC8902264D81F27725741C21417109E3A37B30ECBB0E49B34460E451F646B935EF35D4CC55CBD69819774839E170E0461E9231F0CDA45FDBF793DA21A3CE95D2B3E68E07AB865DB20BB478DC75788C679246ADEA2636A66AE251443183398F4E6A9D021DBF98EB15B41D8AACDB304F3828942BFD3990BD714AD8BE083A6F8F95A79EBB19BB1A7414EEE7889468FFDB88E7D191AB9504EF999BACC9D1DFB80ABE1B43F1CBC7313032DCDAABC1B5064E7C6AB1029445C4F1BFAB6377DF41A976EEFA9084E96D8A616BD2BA93B88DE1BF9E4027D8BB1999F2809515D68F26C1B4D8966B39AD6FD2C3B5A97DFDD1EA87888B83369C59AE6C2B7287D842BD1E2DCF348406734FA84E2D971E86FE4422047D22434923EE7273000CFF1A8F521F020B2D84F7AB6D790FAF984372B702D3BC73CA13F69C05640D35C8CA9765D428EA17F7D6F771D94C91BCB2AE01D896BF2AACAB9D415FCF89D0FCE"
"OODEFRAG16.00.00.01PROFESSIONAL"="12B86390B10EC6C3FA1E9AF3C220C8F1348C5341D547547A8689E4C97DAD39089DFD49FD3DBC5239A66610A5EC7B793773D2D9DEA43391A2BEBB67F845E69C56FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407A2D97226D213B555A6A0AC4980AC79339DB7CE019D40AA5C491DE25B179751CA24459800CB3183B07BAC951EB9FD97D57652D8AB272CEDD412D75A3F4BB4540ED1469CE4C5569F5C1637C9C43E595126E8C2DF12FA2B4DB8F2BD71D79A46A27672CDF60556E95FCD4646A5D5D0A3F58E065C66877A2739FBAF254DDC04F6DD44E165ABF1E2DB14B3A2B631E15F31A847BE7193B73CF74406B173D139E5C3292E9F2B847533EF9131E37BB3ACBD2B8D83246BD0043E4C833482A6AD0A85012B5CD2CE8A89753E31DA6919BB30200DCF626E434D835E2691D3D34FCDA289D411EAC396915EBC31CEBAB22C989822A99C7D7889FAFE605B8FABF790650A01BA88EB5EDBAAD67B894CCF686260454324A45E40610FF26B151DF168A26C7ADA00C664B40C308A8D5B8D8B527CED4C63F51F85E90183910BD0E354C0D21EE06BC9834D7A273DC62E0EFAD3DF52DBF4CAEBC364BA3619412EE08BF14002F863EB0C799489C4310901DD018322CE0C3C232652621F5D4E9A296B455E4A21BFD4F893E799DE0C3205895991E74F6D24D37B990BDA256B6C6CB26942A2E7BC7BC1117D93B19ABA27A2B265A04241438C1EC590349D00E7FBB5672AB839456E74681A3F442602233CFDC939A7C9757474B4582697EB076D4A2E44CCE59431E63D3A5D9CC435FEA862E6FE61A0A88E3EC9E36DCA02FE342A6BBFAE4A059621EAA6DF84B3E50E9CC64CDEE83D8FFB516BC32D244545FEA663B585ED69DA182BD2C7B1A1EFFA568C89739F0000F6572960DB44FD2DB78D227041D22C4A2E658B8AFC3F2A9559A7A412141322B2603FA312CE12E1EE333D8CB9EDAD7A5C493D239265CBF43BDF8E5C162D5990AFD7AD710D1C321A4B149371C15C4DCBE7F9D5757EE24C3E4CEC8BD15E0347F0A7ED11E8EC0CF55558BD0D001B74A175051355A9771E6CA7866495C5491F624C1DB8CB85E62561A57C1518096BDE4B36226C580C3A808A357DAC939CC6CC67916ACEB3E23D362E82770398866F0B1F2B0160EF0E153BB84F18B3E2DD5D9BC48FB84F92C4CDCE4744D7F4649176AAA758B74C9EC16E3F3D4190E6D539A5E01FFD0A58278F0644CD2A83DDC66963B3A1A5AF94DCDEBDC513BCF43BAFFDCCB34E74301022CE66329758B2B30070AD60005D261E17C20E4969D52AA7ABA114F0DBF1D29EABAF87732B53F26E402EDF2EE5AF2DD42D6C8108A184652874BCD03989D57031DA8313A8C505248DB2CD99E0AE302BA6F200CB86D326313DAC0CEDEE4AE7D5F740"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(952)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(7888)
c:\documents and settings\MTT\Data aplikací\Dropbox\bin\DropboxExt.19.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Celkový čas: 2014-07-04 22:50:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-07-04 20:50
ComboFix2.txt 2014-07-03 19:07
ComboFix3.txt 2014-07-03 08:03
ComboFix4.txt 2013-07-24 22:32
.
Před spuštěním: Volných bajtů: 61 317 632 000
Po spuštění: Volných bajtů: 61 290 442 752
.
- - End Of File - - 8D524239CB7286F57EDF4C1D97FEC113
413FC2A0C716421B3158746D63736515



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:52:54, on 4.7.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Everything\Everything.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://duckduckgo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-21-527237240-1450960922-1417001333-1003\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User '?')
O4 - S-1-5-21-527237240-1450960922-1417001333-1003 Startup: 7 Sticky Notes.lnk = D:\SW DOWNLOADED\7 Sticky Notes\7StickyNotes.exe (User '?')
O4 - S-1-5-21-527237240-1450960922-1417001333-1003 Startup: AutorunsDisabled (User '?')
O4 - Startup: 7 Sticky Notes.lnk = D:\SW DOWNLOADED\7 Sticky Notes\7StickyNotes.exe
O4 - Startup: AutorunsDisabled
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sticky Password - res://C:\Program Files\Sticky Password\spIEBho.dll/616
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 9054932546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9054922984
O17 - HKLM\System\CCS\Services\Tcpip\..\{72AD739C-F350-41F5-A32F-1731A76CE472}: NameServer = 176.12.112.2,176.12.112.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 6138 bytes

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - S-1-5-21-527237240-1450960922-1417001333-1003 Startup: AutorunsDisabled (User '?')
O4 - Startup: AutorunsDisabled
O4 - Global Startup: AutorunsDisabled
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O24 - Desktop Component 0: (no name) - (no file)

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\program files\Common Files\unins000.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

Co problémy?

[martin.efres]

Zatím se mi zdá OK, :) snad vydrží! díky zatím