kontrola logu - pomalý stroj Vyřešeno

[martin.efres]

Dobrý den,

mohu poprosit o kontrolu logu, stroj šlape pomalu. Mockrát vám děkuji !)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:56:13, on 24.12.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
CHROME: 26.0.1410.64
FIREFOX: 33.1.1 (x86 cs)
Boot mode: Normal

Running processes:
C:\WINDOWS\Explorer.EXE
C:\Program Files\Everything\Everything.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MTT\Plocha\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://duckduckgo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-527237240-1450960922-1417001333-1003\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User '?')
O4 - HKUS\S-1-5-21-527237240-1450960922-1417001333-1003\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun (User '?')
O4 - HKUS\S-1-5-21-527237240-1450960922-1417001333-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - S-1-5-21-527237240-1450960922-1417001333-1003 Startup: AutorunsDisabled (User '?')
O4 - Startup: AutorunsDisabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sticky Password - res://C:\Program Files\Sticky Password\spIEBho.dll/616
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: WinToFlash Suggestor - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: WinToFlash Suggestor options - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 9054932546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9054922984
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 5848 bytes

[Reklama]

[jaro3]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[martin.efres]

# AdwCleaner v4.106 - Report created 24/12/2014 at 20:10:29
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : MTT - HMMTA-E64DDD394
# Running from : C:\Documents and Settings\MTT\Plocha\adwcleaner_4.106.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\MTT\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\hxxp_en.softonic.com_0.localstorage-journal
Folder Found : C:\Documents and Settings\MTT 2\Data aplikací\Mozilla\Firefox\Profiles\z1nmlr9b.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
Folder Found : C:\Documents and Settings\MTT 2\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\acaoakiamfeidcmgooclgeleejkbaecf
Folder Found : C:\Documents and Settings\MTT 2\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Folder Found : C:\Documents and Settings\MTT 2\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd
Folder Found : C:\Documents and Settings\MTT\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Folder Found : C:\Documents and Settings\MTT\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\kpdjmbiefanbdgnkcikhllpmjnnllbbc

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Key Found : HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{43769158-3B03-4932-8D8A-8F0F344BF024}
Key Found : HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Key Found : HKLM\SOFTWARE\Classes\SMBarBroker.SMBarDealer
Key Found : HKLM\SOFTWARE\Classes\SMBarBroker.SMBarDealer.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\acaoakiamfeidcmgooclgeleejkbaecf
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WinToFlash Suggestor

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v33.1.1 (x86 cs)


-\\ Google Chrome v35.0.1916.153

[C:\Documents and Settings\MTT\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://isearch.avg.com/search?cid={ABB79A44-DE01-49E9-BB1D-348B803376FD}&mid=a51e1dcc1d2c47d08c29d1a914bdefb0-4561073abbf100968b00df5a3e487161ffeac764&lang=cs&ds=tc011&pr=sa&d=&v=&sap=dsp&q={searchTerms}
[C:\Documents and Settings\MTT\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Documents and Settings\MTT\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.vidohe.com/video-search-results.php?q={searchTerms}&cx=005536796155304041479%3Ahbixpuuu7l8&cof=FORID%3A11&from=os-family
[C:\Documents and Settings\MTT\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences] - Found [Extension] : eofcbnmajmjmplflapaojjnihcjkigck
[C:\Documents and Settings\MTT\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences] - Found [Extension] : kpdjmbiefanbdgnkcikhllpmjnnllbbc
[C:\Documents and Settings\MTT 2\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences] - Found [Extension] : fplhdcjmbpfkejbhngmlngaecbjmoimd

-\\ Comodo Dragon v25.2.0.0

[C:\Documents and Settings\MTT\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\preferences] - Found [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
[C:\Documents and Settings\MTT\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\preferences] - Found [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
[C:\Documents and Settings\MTT\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\preferences] - Found [Extension] : hphibigbodkkohoglgfkddblldpfohjl
[C:\Documents and Settings\MTT\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\preferences] - Found [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
[C:\Documents and Settings\MTT\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\preferences] - Found [Extension] : kincjchfokkeneeofpeefomkikfkiedl
[C:\Documents and Settings\MTT\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\preferences] - Found [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
[C:\Documents and Settings\MTT\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\preferences] - Found [Extension] : geggofhlfbcmanadhknllmlajiafopoh

-\\ Opera v24.0.1558.64


*************************

AdwCleaner[R0].txt - [6321 octets] - [01/07/2014 21:32:00]
AdwCleaner[R1].txt - [6150 octets] - [02/07/2014 09:05:37]
AdwCleaner[R2].txt - [5260 octets] - [07/08/2014 19:40:15]
AdwCleaner[R3].txt - [5152 octets] - [24/12/2014 20:10:29]
AdwCleaner[S0].txt - [6590 octets] - [02/07/2014 09:10:17]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [5272 octets] ##########



RogueKiller V10.1.1.0 [Dec 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno : Normální režim
Uživatel : MTT [Práva správce]
Mód : Prohledat -- Datum : 12/24/2014 20:24:04

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 12 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{43769158-3B03-4932-8D8A-8F0F344BF024} -> Nalezeno
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\DOCUME~1\MTT\LOCALS~1\Temp\catchme.sys) -> Nalezeno
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\DOCUME~1\MTT\LOCALS~1\Temp\catchme.sys) -> Nalezeno
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nalezeno
[PUM.HomePage] HKEY_USERS\S-1-5-21-527237240-1450960922-1417001333-1003\Software\Microsoft\Internet Explorer\Main | Start Page : http://duckduckgo.com/ -> Nalezeno
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nalezeno
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.SearchPage] HKEY_USERS\S-1-5-21-527237240-1450960922-1417001333-1003\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.Desktop] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore | DisableSR : 1 -> Nalezeno
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-527237240-1450960922-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-527237240-1450960922-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 1 (Driver: Nahrán) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\0000007f : \Driver\Disk @ \Device\Harddisk0\DR0 (ViPrt.sys)

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] tolzpp26.default-1375183915734 : user_pref("browser.startup.homepage", "google.cz"); -> Nalezeno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 5ea71d35098e8d83e2a549fcb5957984
[BSP] 22c3899480e0d1b80f114681b5f43680 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 99998 MB
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 204796620 | Size: 52619 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] da521dd0b826d77185b05fb9bcc7ac0b
[BSP] 503420a9b6403db66506dd888e4960ea : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 95001 MB
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 194563215 | Size: 57615 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Nesprávná funkce. )


============================================
RKreport_DEL_07022014_110025.log - RKreport_SCN_07012014_225301.log - RKreport_SCN_07022014_105014.log

[jaro3]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

Vypni antivir
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

[martin.efres]

PS: u adwcleaneru, chrome doplňky jsem odškrtl, pač ze zkušenosti vím, že bych je musel instalovat znovu.

# AdwCleaner v4.106 - Report created 25/12/2014 at 12:56:27
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : MTT - HMMTA-E64DDD394
# Running from : C:\Documents and Settings\MTT\Plocha\adwcleaner_4.106.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\MTT 2\Data aplikací\Mozilla\Firefox\Profiles\z1nmlr9b.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[!] Folder Deleted : C:\Documents and Settings\MTT 2\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\acaoakiamfeidcmgooclgeleejkbaecf
[!] Folder Deleted : C:\Documents and Settings\MTT\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
[!] Folder Deleted : C:\Documents and Settings\MTT 2\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
[!] Folder Deleted : C:\Documents and Settings\MTT\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\kpdjmbiefanbdgnkcikhllpmjnnllbbc
[!] Folder Deleted : C:\Documents and Settings\MTT 2\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd
File Deleted : C:\Documents and Settings\MTT\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\hxxp_en.softonic.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

[x] Not Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\acaoakiamfeidcmgooclgeleejkbaecf
[x] Not Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
[x] Not Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd
Key Deleted : HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
Key Deleted : HKLM\SOFTWARE\Classes\SMBarBroker.SMBarDealer
Key Deleted : HKLM\SOFTWARE\Classes\SMBarBroker.SMBarDealer.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{43769158-3B03-4932-8D8A-8F0F344BF024}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WinToFlash Suggestor

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v33.1.1 (x86 cs)


-\\ Google Chrome v35.0.1916.153


-\\ Comodo Dragon v25.2.0.0


-\\ Opera v24.0.1558.64


*************************

AdwCleaner[R0].txt - [6321 octets] - [01/07/2014 21:32:00]
AdwCleaner[R1].txt - [6150 octets] - [02/07/2014 09:05:37]
AdwCleaner[R2].txt - [5260 octets] - [07/08/2014 19:40:15]
AdwCleaner[R3].txt - [5352 octets] - [24/12/2014 20:10:29]
AdwCleaner[R4].txt - [4645 octets] - [25/12/2014 12:49:12]
AdwCleaner[S0].txt - [6590 octets] - [02/07/2014 09:10:17]
AdwCleaner[S1].txt - [3020 octets] - [25/12/2014 12:56:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3080 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Microsoft Windows XP x86
Ran by MTT on čt 25.12.2014 at 13:06:42,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-527237240-1450960922-1417001333-1003\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Documents and Settings\MTT\Data aplikací\mozilla\firefox\profiles\tolzpp26.default-1375183915734\extensions\staged
Emptied folder: C:\Documents and Settings\MTT\Data aplikací\mozilla\firefox\profiles\tolzpp26.default-1375183915734\minidumps [1 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on čt 25.12.2014 at 13:18:22,09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


RogueKiller V10.1.1.0 [Dec 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno : Normální režim
Uživatel : MTT [Práva správce]
Mód : Prohledat -- Datum : 12/25/2014 13:31:24

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\DOCUME~1\MTT\LOCALS~1\Temp\catchme.sys) -> Nalezeno
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\DOCUME~1\MTT\LOCALS~1\Temp\catchme.sys) -> Nalezeno
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.SearchPage] HKEY_USERS\S-1-5-21-527237240-1450960922-1417001333-1003\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.Desktop] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore | DisableSR : 1 -> Nalezeno
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-527237240-1450960922-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-527237240-1450960922-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 1 (Driver: Nahrán) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\0000007f : \Driver\Disk @ \Device\Harddisk0\DR0 (ViPrt.sys)

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] tolzpp26.default-1375183915734 : user_pref("browser.startup.homepage", "google.cz"); -> Nalezeno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 5ea71d35098e8d83e2a549fcb5957984
[BSP] 22c3899480e0d1b80f114681b5f43680 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 99998 MB
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 204796620 | Size: 52619 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] da521dd0b826d77185b05fb9bcc7ac0b
[BSP] 503420a9b6403db66506dd888e4960ea : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 95001 MB
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 194563215 | Size: 57615 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Nesprávná funkce. )


============================================
RKreport_DEL_07022014_110025.log - RKreport_SCN_07012014_225301.log - RKreport_SCN_07022014_105014.log - RKreport_SCN_12242014_202359.log

[jaro3]

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:


- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vlož nový log z HJT + info o problémech.

[martin.efres]

vše vypadá stejně.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:46:24, on 25.12.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
CHROME: 26.0.1410.64
FIREFOX: 33.1.1 (x86 cs)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Everything\Everything.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\MTT\Plocha\RogueKiller (1).exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MTT\Plocha\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-527237240-1450960922-1417001333-1003\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User '?')
O4 - HKUS\S-1-5-21-527237240-1450960922-1417001333-1003\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun (User '?')
O4 - HKUS\S-1-5-21-527237240-1450960922-1417001333-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - S-1-5-21-527237240-1450960922-1417001333-1003 Startup: AutorunsDisabled (User '?')
O4 - Startup: AutorunsDisabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sticky Password - res://C:\Program Files\Sticky Password\spIEBho.dll/616
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: WinToFlash Suggestor - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: WinToFlash Suggestor options - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 9054932546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9054922984
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 5941 bytes


RogueKiller V10.1.1.0 [Dec 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno : Normální režim
Uživatel : MTT [Práva správce]
Mód : Smazat -- Datum : 12/25/2014 18:43:35

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme -> Smazáno
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme -> Smazáno
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] HKEY_USERS\S-1-5-21-527237240-1450960922-1417001333-1003\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.Desktop] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore | DisableSR : 1 -> Smazáno
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-527237240-1450960922-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-527237240-1450960922-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 1 (Driver: Nahrán) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\0000007f : \Driver\Disk @ \Device\Harddisk0\DR0 (ViPrt.sys)

¤¤¤ Webové prohlížeče : 13 ¤¤¤
[FIREFX:Addon] tolzpp26.default-1375183915734 : LastPass Password Manager [support@lastpass.com] -> Smazáno
[FIREFX:Addon] tolzpp26.default-1375183915734 : Adblock Plus [{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}] -> Smazáno
[FIREFX:Addon] tolzpp26.default-1375183915734 : Save as PDF [save-as-pdf-ff@pdfcrowd.com] -> Smazáno
[FIREFX:Addon] tolzpp26.default-1375183915734 : avast! Online Security [wrc@avast.com] -> Smazáno
[FIREFX:Addon] tolzpp26.default-1375183915734 : Microsoft .NET Framework Assistant [{20a82645-c095-46ed-80e3-08825760534b}] -> Smazáno
[FIREFX:Addon] tolzpp26.default-1375183915734 : Turn Off the Lights [stefanvandamme@stefanvd.net] -> Smazáno
[FIREFX:Addon] tolzpp26.default-1375183915734 : Adblock Plus Pop-up Addon [adblockpopups@jessehakanen.net] -> Smazáno
[FIREFX:Addon] tolzpp26.default-1375183915734 : Blur (Formerly DoNotTrackMe) [donottrackplus@abine.com] -> Smazáno
[FIREFX:Addon] tolzpp26.default-1375183915734 : WOT - Bezpečné Surfování [{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}] -> Smazáno
[FIREFX:Addon] tolzpp26.default-1375183915734 : Download Flash and Video [{bee6eb20-01e0-ebd1-da83-080329fb9a3a}] -> Smazáno
[FIREFX:Addon] tolzpp26.default-1375183915734 : Mozilla Firefox hotfix [firefox-hotfix@mozilla.org] -> Smazáno
[FIREFX:Addon] tolzpp26.default-1375183915734 : WinToFlash Suggestor [{285ACFBB-8E53-4feb-90E6-F02A128927F3}] -> Smazáno
[PUM.HomePage][FIREFX:Config] tolzpp26.default-1375183915734 : user_pref("browser.startup.homepage", "google.cz"); -> Nahrazeno (about:home)

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 5ea71d35098e8d83e2a549fcb5957984
[BSP] 22c3899480e0d1b80f114681b5f43680 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 99998 MB
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 204796620 | Size: 52619 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] da521dd0b826d77185b05fb9bcc7ac0b
[BSP] 503420a9b6403db66506dd888e4960ea : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 95001 MB
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 194563215 | Size: 57615 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Nesprávná funkce. )


============================================
RKreport_DEL_07022014_110025.log - RKreport_SCN_07012014_225301.log - RKreport_SCN_07022014_105014.log - RKreport_SCN_12242014_202359.log
RKreport_SCN_12252014_133120.log - RKreport_SCN_12252014_183951.log

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[martin.efres]

Při běhu neástále vyskakovali nějaký chyby - Application corrupt x krát. Bylo třeba vždycky odkliknout "OK" , aby to jelo dál..jinak zde je výstup:

ComboFix 14-12-25.01 - MTT 26.12.2014 13:40:53.6.2 - x86 NETWORK
Spuštěný z: c:\documents and settings\MTT\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
.
c:\windows\system32\Drivers\atapi.sys . . . je infikován!! . . .Failed to restore. Attempting to replace on reboot
.
Nakažená kopie c:\windows\system32\vssvc.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\vssvc.exe
.
Nakažená kopie c:\windows\system32\drivers\asyncmac.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\erdnt\cache\asyncmac.sys
.
Nakažená kopie c:\windows\system32\Drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\erdnt\cache\atapi.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-11-26 do 2014-12-26 )))))))))))))))))))))))))))))))
.
.
2014-12-26 10:50 . 2014-12-26 10:50 -------- d-----w- c:\documents and settings\MTT\Data aplikací\DAEMON Tools Lite
2014-12-25 12:46 . 2014-12-25 12:46 -------- d-----w- C:\zoek
2014-12-13 20:42 . 2014-12-13 20:42 -------- d-----w- C:\Stardock
2014-11-28 19:10 . 2014-11-28 19:10 -------- d-----w- C:\found.002
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-25 17:36 . 2014-07-01 20:49 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-11-21 18:38 . 2014-10-25 20:29 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-21 18:38 . 2014-10-25 20:29 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-10-31 19:07 . 2014-10-25 20:29 70384 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-10-25 20:29 . 2014-10-25 20:29 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-10-25 20:29 . 2014-10-25 20:29 55240 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-10-25 20:29 . 2014-10-25 20:29 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-10-25 20:29 . 2014-10-25 20:29 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-10-25 20:29 . 2014-10-25 20:29 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-10-25 20:29 . 2014-10-25 20:29 291352 ----a-w- c:\windows\system32\aswBoot.exe
2014-10-25 20:29 . 2014-10-25 20:29 43152 ----a-w- c:\windows\avastSS.scr
2013-07-11 08:54 . 2013-07-11 08:54 728858 ----a-w- c:\program files\Common Files\unins000.exe
2012-07-03 14:40 . 2012-04-14 08:39 265120 ----a-w- c:\program files\Common Files\WireHelpSvc.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\documents and settings\MTT\Data aplikací\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\documents and settings\MTT\Data aplikací\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\documents and settings\MTT\Data aplikací\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\documents and settings\MTT\Data aplikací\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\documents and settings\MTT\Data aplikací\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\documents and settings\MTT\Data aplikací\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\documents and settings\MTT\Data aplikací\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\documents and settings\MTT\Data aplikací\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-10-25 20:29 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-10-01 22065760]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Everything"="c:\program files\Everything\Everything.exe" [2009-03-13 602624]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-10-31 5223016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^MTT^Nabídka Start^Programy^Po spuštění^7 Sticky Notes.lnk]
path=c:\documents and settings\MTT\Nabídka Start\Programy\Po spuštění\7 Sticky Notes.lnk
backup=c:\windows\pss\7 Sticky Notes.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^MTT^Nabídka Start^Programy^Po spuštění^Dropbox.lnk]
path=c:\documents and settings\MTT\Nabídka Start\Programy\Po spuštění\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^MTT^Nabídka Start^Programy^Po spuštění^Launchy.lnk]
path=c:\documents and settings\MTT\Nabídka Start\Programy\Po spuštění\Launchy.lnk
backup=c:\windows\pss\Launchy.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvastUI.exe]
2014-10-31 19:07 5223016 ----a-w- c:\program files\AVAST Software\Avast\avastui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-03-14 08:23 3672640 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dexpot]
2012-03-20 20:35 1310720 ----a-w- c:\program files\Dexpot\dexpot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 15:50 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-05-26 17:12 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeyScrambler]
2012-09-15 12:56 431760 ----a-w- c:\program files\KeyScrambler\KeyScrambler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\neoSearch]
2013-01-02 06:04 945399 ----a-w- c:\documents and settings\MTT\Data aplikací\KoshyJohn.com\neoSearch\neoSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2012-11-01 09:44 5029744 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 12:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
2013-05-16 13:25 1062472 ----a-w- c:\program files\Seznam.cz\distribution\szninstall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shortcutor]
2010-12-15 11:18 3975680 ----a-w- c:\program files\Coode Software\Shortcutor\Shortcutor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyShelter]
2013-07-08 14:32 4047160 ----a-w- c:\program files\SpyShelter Personal Free\SpyShelter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartupDelayer]
2013-03-07 22:02 1081856 ----a-w- c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-07-25 10:29 256896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"odserv"=3 (0x3)
"ose"=3 (0x3)
"idsvc"=3 (0x3)
"Steam Client Service"=3 (0x3)
"SkypeUpdate"=2 (0x2)
"MBAMService"=2 (0x2)
"!SASCORE"=2 (0x2)
"OMSI download service"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"WireHelpSvc"=2 (0x2)
"SbieSvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"DragonUpdater"=2 (0x2)
"MozillaMaintenance"=3 (0x3)
"O&O Defrag"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"avast! Antivirus"=2 (0x2)
"WebCakeUpdater"=2 (0x2)
"OODefragAgent"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"iPod Service"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Softland\\Backup4all Lite 4\\Backup4all.exe"=
"c:\\Program Files\\Softland\\Backup4all Lite 4\\b4aCmd.exe"=
"c:\\Program Files\\RoboTask\\RoboTask.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Maple 15\\jre\\bin\\maple.exe"=
"c:\\Program Files\\Maple 15\\jre\\bin\\java.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Documents and Settings\\MTT\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\bin\\steamwebhelper.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Half-Life\\hl.exe"=
"c:\\Documents and Settings\\MTT\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-08-21 84248]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2013-04-18 20032]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 sp_prot;System Protect Filter Driver;c:\windows\system32\drivers\sp_prot.sys [2014-03-09 12288]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-08-21 182680]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [2013-08-21 182680]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2014-09-25 142648]
R4 ADExchange;ArcSoft Exchange Service;c:\program files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2012-03-19 43072]
R4 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog32.sys [2012-07-23 80184]
R4 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [2013-03-12 2074768]
R4 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [2012-01-24 24504]
R4 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R4 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2012-11-01 2021744]
R4 SP_Service;System Protect Deletion Prevention Service;c:\program files\System Protect\SysProtect_srv.exe [2014-03-09 598528]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 ViBus;ViBus;c:\windows\system32\DRIVERS\ViBus.sys [2007-10-18 16896]
S0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\DRIVERS\ViPrt.sys [2007-10-18 52224]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-11-21 787800]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-11-21 423784]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2005-03-16 13696]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-06-02 242240]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 Spyshelter;Spyshelter;c:\program files\SpyShelter Personal Free\SpyShelter.sys [2013-07-08 354104]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-10-25 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-10-31 70384]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2011-10-17 100368]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-12-15 173880]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-23 20:56 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 13:34]
.
2014-12-26 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-25 20:29]
.
2014-10-01 c:\windows\Tasks\Opera scheduled Autoupdate 1392141651.job
- c:\program files\Opera\launcher.exe [2014-02-11 08:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Sticky Password - c:\program files\Sticky Password\spIEBho.dll/616
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\MTT\Data aplikací\Mozilla\Firefox\Profiles\tolzpp26.default-1375183915734\
FF - prefs.js: browser.startup.homepage - about:homeabout:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
c:\documents and settings\MTT\Nabídka Start\Programy\Po spuštění\AutorunsDisabled\7 sticky notes.lnk - (no file)
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-12-26 14:56
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-527237240-1450960922-1417001333-1003_Classes\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}\{A730F6F3-255C-417C-8986-2C578500547E}*Hidden]
"{6D31FCD2-64F7-4E43-8E18-5A2BBA7D13C9}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAdJuAkgZTt0yEnESWA4DzUAAAAAACAAAAAAADZgAAqAAAABAAAACGM4OC7IABANUgSRqtyhYcAAAAAASAAACgAAAAEAAAAOZWsgS6juEGec3J8g+QaDkIAAAAx61WcVZjbYsUAAAA5By8pLgoht6ze1rYeR5+7lho1xs="
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="63C2C8521A4010679F47F48D7FD65D9B492D844A66A079F7CF44BC2923050883BF11944470437680BB6461A970F5689901520E343BEB3BD87F65E928F9499D6E7F2F80A218FBAB4ED7A3825B04042290B549C4357601A532722EC520589C911A77BC4E46ACBED96EBA50148F940F0143BF2AFBEED3CA950E30A65E087A69C8F082CCE59A0C1192D2302B76C4415B5BC6FA032E95D4694BC5C7C764E963C98E357DE6D09ED72A46420466AE12EEDDEF88C6557673BD316C8AC6002E635610127B4A844064F6794F558CABFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D14079DB7CE019D40AA5CC038D530D6EB34521DBB22F6B393A81710B5BDFD28D5CB1114762DE960421FC2B0800786C0D43ABC23D3458849405DA63058757B3B0C2A1E181FF48B4871E35B8B763D1ADA224CB6B5C8C89E6043886E5AC9FADD335214477DFBA26F0843CA769E7F880E74FD80DF84AE0A41FDA823211596CBCBBF3BF46E422EF7F7176C504183EE872470E502D2E0B02AAC8ED1AB650BDB2B1EF32D3BE70BE7F4BAD3F8F3DD76AF9F4E9328021C408D8ED2DEF1A2568BCE9D6347E1597B9F7362047CC7B8DFD9BEF835066A3540BC17E0D520138E8309B66F5A95E64764EBACCBD0B58AA6D1B02DFDB3D7A2533294B20D11EB1279EF1CECAD7B9E9CFD537F8280D4894A492E2420E059781D1A5E29DBC58E3A9F7013FCE2A96F04BB7C6B8EF91274E2DE306803D1146ABDF84AA180A0FD90EA4004D58C9AF9934F4BC646F02CD7CC1279EE653B8E51DCE0ABA74EC423F08A3F4C4B194C2CFAF86AAAE1EEA245EDABCC9B9DFBE3B7145E007B7A2B431A9A26DD7160B0E3C247E4A589D866440534122B9B57FB36C21C4C9B0590F0EFCFBCBD51315FE09E1DC35133F0BA9E18BECB38A7263D250E396D3C99B73B4FDD21DBE4885D6BE66B0F95EC2C38998186DB9D08A53870AB6BB7D0F34457CCE54981425DD5A1A9F0DBFE26198A0E8CEA1DD953A067251A3AF4EFD26F477B20CC0EF67C226E7AC2A22868A4E8AEF32FA909C55DD39614666DF227C2DE3411910EAF1CDA5D6DB6E4922BDB8228DB409E0321C6EDA73E0004D452B635A5825680A5D29EF3F0D27CC2CB637B77D3B89CFD2FDB94FC58CF3627F6248C825A09DF5187C2C19F71FDC491CD737E7B9DD085F358537AC5529FDB874C9C28464A87956E196CDA7C27B75C8989A231CEE914CD2BA0CA5946BA656560C29521DFF29C3244B46254E90EA9E26AE9DB7171D4D59B539AA425C2653E1F70B90B9E750950C74228D82D8ED7614F74462EB3ABA84D681DCF6867C15E2A277D071EDE6E740B37DD35AB7753E6D2E7ED6FCB7E86691602403B423A0FE38DEFCD7514B3F5CF9A3A8F9258D76457D3CA"
"OOSAFEERASE04.00.00.01MSWINDOWS"="B1E8A9EA342D0C87BD085B25BB25F93B2C14565B0F0810CBD58A98409C742C712205D236D1DDC0715B4C41D5169F926F4BF24DF50D2846BEB085045D342A3956FBC85967C9E733435D89BA4E86065CB8AE77FA7C23750F2718177BEC33E6F46B9940BBA04E526C01D72BA41D858FCC553C0EB6832F78F09C674DF330FC250EBF6E3B2C6BE5AA6A536FE10FB3DE794F26EF678E06E1405F588CF99647C562A9877CC99235EBFE1D875C213AE6B20541B2D6FAC0E1BEDD47B90DB2423C98245E1A5CC608CB8EE26910ECA221EF7375FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407A6A0AC4980AC7933BA7FD869164D6794562388ADDBE8666FAA1EA35BE929BB929892CDF14B5E401A5A14109D2A6F0183F3A2B395A82E62A8622AD5E2F499CA97960A48C92DAFB978C02FBF2F94CF9206EEC156991630501079DADA419C5AF616BB54EFAE33C3DD6B269E81E5FCEDCB6F19AE81A9769658510C77F5450FFC2A6A9271DE6F08B67F9FA23CE434AA0C02DDB43FD77850ECF31CABED028331F8A673990A44A20D074246BF078C509ED261F47A69937D5E2674A45ECD6A541A25FE19C1E660A0D6169F167EA1303587CCE4D9174BFE748E95F9229C4DB25494419B41F1758B07ADABE3C7CFD31A20CBE961B8A8237B5B83747CCF53C4EE63A0EB38D903C62FB60E7130999B872A93057DF9BE4655FDF593DCC66D63B0482573AD63D2C413C9D5A9F478CC3C4C5556803EA820F4E98D4BC950F73FA1B27C02F0ED022278B26DCC632A06A702D41FEFC0C83D13B28C47A6E4B3820DD68FDC26B7FACBBE54244048D366F5722FF8A632F99C58516E0D5A1657CF2CA1C1AFCE021684CC2681097D394964397D7BB199AC171BEE9A0D5F0CEE464F90CD91A1CAC8902264D81F27725741C21417109E3A37B30ECBB0E49B34460E451F646B935EF35D4CC55CBD69819774839E170E0461E9231F0CDA45FDBF793DA21A3CE95D2B3E68E07AB865DB20BB478DC75788C679246ADEA2636A66AE251443183398F4E6A9D021DBF98EB15B41D8AACDB304F3828942BFD3990BD714AD8BE083A6F8F95A79EBB19BB1A7414EEE7889468FFDB88E7D191AB9504EF999BACC9D1DFB80ABE1B43F1CBC7313032DCDAABC1B5064E7C6AB1029445C4F1BFAB6377DF41A976EEFA9084E96D8A616BD2BA93B88DE1BF9E4027D8BB1999F2809515D68F26C1B4D8966B39AD6FD2C3B5A97DFDD1EA87888B83369C59AE6C2B7287D842BD1E2DCF348406734FA84E2D971E86FE4422047D22434923EE7273000CFF1A8F521F020B2D84F7AB6D790FAF984372B702D3BC73CA13F69C05640D35C8CA9765D428EA17F7D6F771D94C91BCB2AE01D896BF2AACAB9D415FCF89D0FCE"
"OODEFRAG16.00.00.01PROFESSIONAL"="12B86390B10EC6C3FA1E9AF3C220C8F1348C5341D547547A8689E4C97DAD39089DFD49FD3DBC5239A66610A5EC7B793773D2D9DEA43391A2BEBB67F845E69C56FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407A2D97226D213B555A6A0AC4980AC79339DB7CE019D40AA5C491DE25B179751CA24459800CB3183B07BAC951EB9FD97D57652D8AB272CEDD412D75A3F4BB4540ED1469CE4C5569F5C1637C9C43E595126E8C2DF12FA2B4DB8F2BD71D79A46A27672CDF60556E95FCD4646A5D5D0A3F58E065C66877A2739FBAF254DDC04F6DD44E165ABF1E2DB14B3A2B631E15F31A847BE7193B73CF74406B173D139E5C3292E9F2B847533EF9131E37BB3ACBD2B8D83246BD0043E4C833482A6AD0A85012B5CD2CE8A89753E31DA6919BB30200DCF626E434D835E2691D3D34FCDA289D411EAC396915EBC31CEBAB22C989822A99C7D7889FAFE605B8FABF790650A01BA88EB5EDBAAD67B894CCF686260454324A45E40610FF26B151DF168A26C7ADA00C664B40C308A8D5B8D8B527CED4C63F51F85E90183910BD0E354C0D21EE06BC9834D7A273DC62E0EFAD3DF52DBF4CAEBC364BA3619412EE08BF14002F863EB0C799489C4310901DD018322CE0C3C232652621F5D4E9A296B455E4A21BFD4F893E799DE0C3205895991E74F6D24D37B990BDA256B6C6CB26942A2E7BC7BC1117D93B19ABA27A2B265A04241438C1EC590349D00E7FBB5672AB839456E74681A3F442602233CFDC939A7C9757474B4582697EB076D4A2E44CCE59431E63D3A5D9CC435FEA862E6FE61A0A88E3EC9E36DCA02FE342A6BBFAE4A059621EAA6DF84B3E50E9CC64CDEE83D8FFB516BC32D244545FEA663B585ED69DA182BD2C7B1A1EFFA568C89739F0000F6572960DB44FD2DB78D227041D22C4A2E658B8AFC3F2A9559A7A412141322B2603FA312CE12E1EE333D8CB9EDAD7A5C493D239265CBF43BDF8E5C162D5990AFD7AD710D1C321A4B149371C15C4DCBE7F9D5757EE24C3E4CEC8BD15E0347F0A7ED11E8EC0CF55558BD0D001B74A175051355A9771E6CA7866495C5491F624C1DB8CB85E62561A57C1518096BDE4B36226C580C3A808A357DAC939CC6CC67916ACEB3E23D362E82770398866F0B1F2B0160EF0E153BB84F18B3E2DD5D9BC48FB84F92C4CDCE4744D7F4649176AAA758B74C9EC16E3F3D4190E6D539A5E01FFD0A58278F0644CD2A83DDC66963B3A1A5AF94DCDEBDC513BCF43BAFFDCCB34E74301022CE66329758B2B30070AD60005D261E17C20E4969D52AA7ABA114F0DBF1D29EABAF87732B53F26E402EDF2EE5AF2DD42D6C8108A184652874BCD03989D57031DA8313A8C505248DB2CD99E0AE302BA6F200CB86D326313DAC0CEDEE4AE7D5F740"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(7620)
c:\documents and settings\MTT\Data aplikací\Dropbox\bin\DropboxExt.24.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Celkový čas: 2014-12-26 15:02:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-12-26 14:02
ComboFix2.txt 2014-11-28 18:49
.
Před spuštěním: Volných bajtů: 57 799 725 056
Po spuštění: Volných bajtů: 57 853 849 600
.
- - End Of File - - 11F75264C3362CB2D0C2358AA496C212
413FC2A0C716421B3158746D63736515

[Orcus]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený červeně:

ClearJavaCache::
KillAll::

Restore::
c:\windows\system32\Drivers\atapi.sys

DirLook:
C:\found.002

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\neoSearch]
2013-01-02 06:04 945399 ----a-w- c:\documents and settings\MTT\Data aplikací\KoshyJohn.com\neoSearch\neoSearch.exe
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

File::
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\avast! Emergency Update.job
c:\windows\Tasks\Opera scheduled Autoupdate 1392141651.job

RegLock::
.
[HKEY_USERS\S-1-5-21-527237240-1450960922-1417001333-1003_Classes\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}\{A730F6F3-255C-417C-8986-2C578500547E}*Hidden]
"{6D31FCD2-64F7-4E43-8E18-5A2BBA7D13C9}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAdJuAkgZTt0yEnESWA4DzUAAAAAACAAAAAAADZgAAqAAAABAAAACGM4OC7IABANUgSRqtyhYcAAAAAASAAACgAAAAEAAAAOZWsgS6juEGec3J8g+QaDkIAAAAx61WcVZjbYsUAAAA5By8pLgoht6ze1rYeR5+7lho1xs="
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="63C2C8521A4010679F47F48D7FD65D9B492D844A66A079F7CF44BC2923050883BF11944470437680BB6461A970F5689901520E343BEB3BD87F65E928F9499D6E7F2F80A218FBAB4ED7A3825B04042290B549C4357601A532722EC520589C911A77BC4E46ACBED96EBA50148F940F0143BF2AFBEED3CA950E30A65E087A69C8F082CCE59A0C1192D2302B76C4415B5BC6FA032E95D4694BC5C7C764E963C98E357DE6D09ED72A46420466AE12EEDDEF88C6557673BD316C8AC6002E635610127B4A844064F6794F558CABFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D14079DB7CE019D40AA5CC038D530D6EB34521DBB22F6B393A81710B5BDFD28D5CB1114762DE960421FC2B0800786C0D43ABC23D3458849405DA63058757B3B0C2A1E181FF48B4871E35B8B763D1ADA224CB6B5C8C89E6043886E5AC9FADD335214477DFBA26F0843CA769E7F880E74FD80DF84AE0A41FDA823211596CBCBBF3BF46E422EF7F7176C504183EE872470E502D2E0B02AAC8ED1AB650BDB2B1EF32D3BE70BE7F4BAD3F8F3DD76AF9F4E9328021C408D8ED2DEF1A2568BCE9D6347E1597B9F7362047CC7B8DFD9BEF835066A3540BC17E0D520138E8309B66F5A95E64764EBACCBD0B58AA6D1B02DFDB3D7A2533294B20D11EB1279EF1CECAD7B9E9CFD537F8280D4894A492E2420E059781D1A5E29DBC58E3A9F7013FCE2A96F04BB7C6B8EF91274E2DE306803D1146ABDF84AA180A0FD90EA4004D58C9AF9934F4BC646F02CD7CC1279EE653B8E51DCE0ABA74EC423F08A3F4C4B194C2CFAF86AAAE1EEA245EDABCC9B9DFBE3B7145E007B7A2B431A9A26DD7160B0E3C247E4A589D866440534122B9B57FB36C21C4C9B0590F0EFCFBCBD51315FE09E1DC35133F0BA9E18BECB38A7263D250E396D3C99B73B4FDD21DBE4885D6BE66B0F95EC2C38998186DB9D08A53870AB6BB7D0F34457CCE54981425DD5A1A9F0DBFE26198A0E8CEA1DD953A067251A3AF4EFD26F477B20CC0EF67C226E7AC2A22868A4E8AEF32FA909C55DD39614666DF227C2DE3411910EAF1CDA5D6DB6E4922BDB8228DB409E0321C6EDA73E0004D452B635A5825680A5D29EF3F0D27CC2CB637B77D3B89CFD2FDB94FC58CF3627F6248C825A09DF5187C2C19F71FDC491CD737E7B9DD085F358537AC5529FDB874C9C28464A87956E196CDA7C27B75C8989A231CEE914CD2BA0CA5946BA656560C29521DFF29C3244B46254E90EA9E26AE9DB7171D4D59B539AA425C2653E1F70B90B9E750950C74228D82D8ED7614F74462EB3ABA84D681DCF6867C15E2A277D071EDE6E740B37DD35AB7753E6D2E7ED6FCB7E86691602403B423A0FE38DEFCD7514B3F5CF9A3A8F9258D76457D3CA"
"OOSAFEERASE04.00.00.01MSWINDOWS"="B1E8A9EA342D0C87BD085B25BB25F93B2C14565B0F0810CBD58A98409C742C712205D236D1DDC0715B4C41D5169F926F4BF24DF50D2846BEB085045D342A3956FBC85967C9E733435D89BA4E86065CB8AE77FA7C23750F2718177BEC33E6F46B9940BBA04E526C01D72BA41D858FCC553C0EB6832F78F09C674DF330FC250EBF6E3B2C6BE5AA6A536FE10FB3DE794F26EF678E06E1405F588CF99647C562A9877CC99235EBFE1D875C213AE6B20541B2D6FAC0E1BEDD47B90DB2423C98245E1A5CC608CB8EE26910ECA221EF7375FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407A6A0AC4980AC7933BA7FD869164D6794562388ADDBE8666FAA1EA35BE929BB929892CDF14B5E401A5A14109D2A6F0183F3A2B395A82E62A8622AD5E2F499CA97960A48C92DAFB978C02FBF2F94CF9206EEC156991630501079DADA419C5AF616BB54EFAE33C3DD6B269E81E5FCEDCB6F19AE81A9769658510C77F5450FFC2A6A9271DE6F08B67F9FA23CE434AA0C02DDB43FD77850ECF31CABED028331F8A673990A44A20D074246BF078C509ED261F47A69937D5E2674A45ECD6A541A25FE19C1E660A0D6169F167EA1303587CCE4D9174BFE748E95F9229C4DB25494419B41F1758B07ADABE3C7CFD31A20CBE961B8A8237B5B83747CCF53C4EE63A0EB38D903C62FB60E7130999B872A93057DF9BE4655FDF593DCC66D63B0482573AD63D2C413C9D5A9F478CC3C4C5556803EA820F4E98D4BC950F73FA1B27C02F0ED022278B26DCC632A06A702D41FEFC0C83D13B28C47A6E4B3820DD68FDC26B7FACBBE54244048D366F5722FF8A632F99C58516E0D5A1657CF2CA1C1AFCE021684CC2681097D394964397D7BB199AC171BEE9A0D5F0CEE464F90CD91A1CAC8902264D81F27725741C21417109E3A37B30ECBB0E49B34460E451F646B935EF35D4CC55CBD69819774839E170E0461E9231F0CDA45FDBF793DA21A3CE95D2B3E68E07AB865DB20BB478DC75788C679246ADEA2636A66AE251443183398F4E6A9D021DBF98EB15B41D8AACDB304F3828942BFD3990BD714AD8BE083A6F8F95A79EBB19BB1A7414EEE7889468FFDB88E7D191AB9504EF999BACC9D1DFB80ABE1B43F1CBC7313032DCDAABC1B5064E7C6AB1029445C4F1BFAB6377DF41A976EEFA9084E96D8A616BD2BA93B88DE1BF9E4027D8BB1999F2809515D68F26C1B4D8966B39AD6FD2C3B5A97DFDD1EA87888B83369C59AE6C2B7287D842BD1E2DCF348406734FA84E2D971E86FE4422047D22434923EE7273000CFF1A8F521F020B2D84F7AB6D790FAF984372B702D3BC73CA13F69C05640D35C8CA9765D428EA17F7D6F771D94C91BCB2AE01D896BF2AACAB9D415FCF89D0FCE"
"OODEFRAG16.00.00.01PROFESSIONAL"="12B86390B10EC6C3FA1E9AF3C220C8F1348C5341D547547A8689E4C97DAD39089DFD49FD3DBC5239A66610A5EC7B793773D2D9DEA43391A2BEBB67F845E69C56FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407A2D97226D213B555A6A0AC4980AC79339DB7CE019D40AA5C491DE25B179751CA24459800CB3183B07BAC951EB9FD97D57652D8AB272CEDD412D75A3F4BB4540ED1469CE4C5569F5C1637C9C43E595126E8C2DF12FA2B4DB8F2BD71D79A46A27672CDF60556E95FCD4646A5D5D0A3F58E065C66877A2739FBAF254DDC04F6DD44E165ABF1E2DB14B3A2B631E15F31A847BE7193B73CF74406B173D139E5C3292E9F2B847533EF9131E37BB3ACBD2B8D83246BD0043E4C833482A6AD0A85012B5CD2CE8A89753E31DA6919BB30200DCF626E434D835E2691D3D34FCDA289D411EAC396915EBC31CEBAB22C989822A99C7D7889FAFE605B8FABF790650A01BA88EB5EDBAAD67B894CCF686260454324A45E40610FF26B151DF168A26C7ADA00C664B40C308A8D5B8D8B527CED4C63F51F85E90183910BD0E354C0D21EE06BC9834D7A273DC62E0EFAD3DF52DBF4CAEBC364BA3619412EE08BF14002F863EB0C799489C4310901DD018322CE0C3C232652621F5D4E9A296B455E4A21BFD4F893E799DE0C3205895991E74F6D24D37B990BDA256B6C6CB26942A2E7BC7BC1117D93B19ABA27A2B265A04241438C1EC590349D00E7FBB5672AB839456E74681A3F442602233CFDC939A7C9757474B4582697EB076D4A2E44CCE59431E63D3A5D9CC435FEA862E6FE61A0A88E3EC9E36DCA02FE342A6BBFAE4A059621EAA6DF84B3E50E9CC64CDEE83D8FFB516BC32D244545FEA663B585ED69DA182BD2C7B1A1EFFA568C89739F0000F6572960DB44FD2DB78D227041D22C4A2E658B8AFC3F2A9559A7A412141322B2603FA312CE12E1EE333D8CB9EDAD7A5C493D239265CBF43BDF8E5C162D5990AFD7AD710D1C321A4B149371C15C4DCBE7F9D5757EE24C3E4CEC8BD15E0347F0A7ED11E8EC0CF55558BD0D001B74A175051355A9771E6CA7866495C5491F624C1DB8CB85E62561A57C1518096BDE4B36226C580C3A808A357DAC939CC6CC67916ACEB3E23D362E82770398866F0B1F2B0160EF0E153BB84F18B3E2DD5D9BC48FB84F92C4CDCE4744D7F4649176AAA758B74C9EC16E3F3D4190E6D539A5E01FFD0A58278F0644CD2A83DDC66963B3A1A5AF94DCDEBDC513BCF43BAFFDCCB34E74301022CE66329758B2B30070AD60005D261E17C20E4969D52AA7ABA114F0DBF1D29EABAF87732B53F26E402EDF2EE5AF2DD42D6C8108A184652874BCD03989D57031DA8313A8C505248DB2CD99E0AE302BA6F200CB86D326313DAC0CEDEE4AE7D5F740"
.




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu

Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

====================================================

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[martin.efres]

ComboFix 14-12-25.01 - MTT 26.12.2014 16:53:47.8.2 - x86 NETWORK
Spuštěný z: c:\documents and settings\MTT\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\MTT\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\avast! Emergency Update.job"
"c:\windows\Tasks\Opera scheduled Autoupdate 1392141651.job"
.
/wow section - STAGE 4
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Systém nemůže najít soubor tempAA.
Nelze najít c:\combofix\tempAA.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Nakažená kopie c:\windows\system32\comres.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\erdnt\cache\comres.dll
.
Nakažená kopie c:\windows\system32\Drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\erdnt\cache\atapi.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-11-26 do 2014-12-26 )))))))))))))))))))))))))))))))
.
.
2014-12-26 10:50 . 2014-12-26 10:50 -------- d-----w- c:\documents and settings\MTT\Data aplikací\DAEMON Tools Lite
2014-12-25 12:46 . 2014-12-25 12:46 -------- d-----w- C:\zoek
2014-12-13 20:42 . 2014-12-13 20:42 -------- d-----w- C:\Stardock
2014-11-28 19:10 . 2014-11-28 19:10 -------- d-----w- C:\found.002
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-25 17:36 . 2014-07-01 20:49 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-11-21 18:38 . 2014-10-25 20:29 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-21 18:38 . 2014-10-25 20:29 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-10-31 19:07 . 2014-10-25 20:29 70384 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-10-25 20:29 . 2014-10-25 20:29 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-10-25 20:29 . 2014-10-25 20:29 55240 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-10-25 20:29 . 2014-10-25 20:29 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-10-25 20:29 . 2014-10-25 20:29 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-10-25 20:29 . 2014-10-25 20:29 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-10-25 20:29 . 2014-10-25 20:29 291352 ----a-w- c:\windows\system32\aswBoot.exe
2014-10-25 20:29 . 2014-10-25 20:29 43152 ----a-w- c:\windows\avastSS.scr
2013-07-11 08:54 . 2013-07-11 08:54 728858 ----a-w- c:\program files\Common Files\unins000.exe
2012-07-03 14:40 . 2012-04-14 08:39 265120 ----a-w- c:\program files\Common Files\WireHelpSvc.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\found.002 ----
.
2014-07-21 19:33 . 2014-10-02 22:02 0 ----a-w- c:\found.002\file0000.chk
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\documents and settings\MTT\Data aplikací\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\documents and settings\MTT\Data aplikací\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\documents and settings\MTT\Data aplikací\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\documents and settings\MTT\Data aplikací\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\documents and settings\MTT\Data aplikací\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\documents and settings\MTT\Data aplikací\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\documents and settings\MTT\Data aplikací\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\documents and settings\MTT\Data aplikací\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-10-25 20:29 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-10-01 22065760]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Everything"="c:\program files\Everything\Everything.exe" [2009-03-13 602624]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-10-31 5223016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^MTT^Nabídka Start^Programy^Po spuštění^7 Sticky Notes.lnk]
path=c:\documents and settings\MTT\Nabídka Start\Programy\Po spuštění\7 Sticky Notes.lnk
backup=c:\windows\pss\7 Sticky Notes.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^MTT^Nabídka Start^Programy^Po spuštění^Dropbox.lnk]
path=c:\documents and settings\MTT\Nabídka Start\Programy\Po spuštění\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^MTT^Nabídka Start^Programy^Po spuštění^Launchy.lnk]
path=c:\documents and settings\MTT\Nabídka Start\Programy\Po spuštění\Launchy.lnk
backup=c:\windows\pss\Launchy.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvastUI.exe]
2014-10-31 19:07 5223016 ----a-w- c:\program files\AVAST Software\Avast\avastui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-03-14 08:23 3672640 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dexpot]
2012-03-20 20:35 1310720 ----a-w- c:\program files\Dexpot\dexpot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 15:50 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-05-26 17:12 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeyScrambler]
2012-09-15 12:56 431760 ----a-w- c:\program files\KeyScrambler\KeyScrambler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2012-11-01 09:44 5029744 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 12:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
2013-05-16 13:25 1062472 ----a-w- c:\program files\Seznam.cz\distribution\szninstall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shortcutor]
2010-12-15 11:18 3975680 ----a-w- c:\program files\Coode Software\Shortcutor\Shortcutor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyShelter]
2013-07-08 14:32 4047160 ----a-w- c:\program files\SpyShelter Personal Free\SpyShelter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartupDelayer]
2013-03-07 22:02 1081856 ----a-w- c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-07-25 10:29 256896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"odserv"=3 (0x3)
"ose"=3 (0x3)
"idsvc"=3 (0x3)
"Steam Client Service"=3 (0x3)
"SkypeUpdate"=2 (0x2)
"MBAMService"=2 (0x2)
"!SASCORE"=2 (0x2)
"OMSI download service"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"WireHelpSvc"=2 (0x2)
"SbieSvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"DragonUpdater"=2 (0x2)
"MozillaMaintenance"=3 (0x3)
"O&O Defrag"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"avast! Antivirus"=2 (0x2)
"WebCakeUpdater"=2 (0x2)
"OODefragAgent"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"iPod Service"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Softland\\Backup4all Lite 4\\Backup4all.exe"=
"c:\\Program Files\\Softland\\Backup4all Lite 4\\b4aCmd.exe"=
"c:\\Program Files\\RoboTask\\RoboTask.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Maple 15\\jre\\bin\\maple.exe"=
"c:\\Program Files\\Maple 15\\jre\\bin\\java.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Documents and Settings\\MTT\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\bin\\steamwebhelper.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Half-Life\\hl.exe"=
"c:\\Documents and Settings\\MTT\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-08-21 84248]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2013-04-18 20032]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 sp_prot;System Protect Filter Driver;c:\windows\system32\drivers\sp_prot.sys [2014-03-09 12288]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-08-21 182680]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [2013-08-21 182680]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2014-09-25 142648]
R4 ADExchange;ArcSoft Exchange Service;c:\program files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2012-03-19 43072]
R4 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog32.sys [2012-07-23 80184]
R4 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [2013-03-12 2074768]
R4 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [2012-01-24 24504]
R4 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R4 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2012-11-01 2021744]
R4 SP_Service;System Protect Deletion Prevention Service;c:\program files\System Protect\SysProtect_srv.exe [2014-03-09 598528]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 ViBus;ViBus;c:\windows\system32\DRIVERS\ViBus.sys [2007-10-18 16896]
S0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\DRIVERS\ViPrt.sys [2007-10-18 52224]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-11-21 787800]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-11-21 423784]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2005-03-16 13696]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-06-02 242240]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 Spyshelter;Spyshelter;c:\program files\SpyShelter Personal Free\SpyShelter.sys [2013-07-08 354104]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-10-25 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-10-31 70384]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2011-10-17 100368]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-12-15 173880]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-23 20:56 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 13:34]
.
2014-12-26 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-25 20:29]
.
2014-10-01 c:\windows\Tasks\Opera scheduled Autoupdate 1392141651.job
- c:\program files\Opera\launcher.exe [2014-02-11 08:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Sticky Password - c:\program files\Sticky Password\spIEBho.dll/616
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\MTT\Data aplikací\Mozilla\Firefox\Profiles\tolzpp26.default-1375183915734\
FF - prefs.js: browser.startup.homepage - about:homeabout:home
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-12-26 17:32
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-527237240-1450960922-1417001333-1003_Classes\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}\{A730F6F3-255C-417C-8986-2C578500547E}*Hidden]
"{6D31FCD2-64F7-4E43-8E18-5A2BBA7D13C9}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAdJuAkgZTt0yEnESWA4DzUAAAAAACAAAAAAADZgAAqAAAABAAAACGM4OC7IABANUgSRqtyhYcAAAAAASAAACgAAAAEAAAAOZWsgS6juEGec3J8g+QaDkIAAAAx61WcVZjbYsUAAAA5By8pLgoht6ze1rYeR5+7lho1xs="
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="63C2C8521A4010679F47F48D7FD65D9B492D844A66A079F7CF44BC2923050883BF11944470437680BB6461A970F5689901520E343BEB3BD87F65E928F9499D6E7F2F80A218FBAB4ED7A3825B04042290B549C4357601A532722EC520589C911A77BC4E46ACBED96EBA50148F940F0143BF2AFBEED3CA950E30A65E087A69C8F082CCE59A0C1192D2302B76C4415B5BC6FA032E95D4694BC5C7C764E963C98E357DE6D09ED72A46420466AE12EEDDEF88C6557673BD316C8AC6002E635610127B4A844064F6794F558CABFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D14079DB7CE019D40AA5CC038D530D6EB34521DBB22F6B393A81710B5BDFD28D5CB1114762DE960421FC2B0800786C0D43ABC23D3458849405DA63058757B3B0C2A1E181FF48B4871E35B8B763D1ADA224CB6B5C8C89E6043886E5AC9FADD335214477DFBA26F0843CA769E7F880E74FD80DF84AE0A41FDA823211596CBCBBF3BF46E422EF7F7176C504183EE872470E502D2E0B02AAC8ED1AB650BDB2B1EF32D3BE70BE7F4BAD3F8F3DD76AF9F4E9328021C408D8ED2DEF1A2568BCE9D6347E1597B9F7362047CC7B8DFD9BEF835066A3540BC17E0D520138E8309B66F5A95E64764EBACCBD0B58AA6D1B02DFDB3D7A2533294B20D11EB1279EF1CECAD7B9E9CFD537F8280D4894A492E2420E059781D1A5E29DBC58E3A9F7013FCE2A96F04BB7C6B8EF91274E2DE306803D1146ABDF84AA180A0FD90EA4004D58C9AF9934F4BC646F02CD7CC1279EE653B8E51DCE0ABA74EC423F08A3F4C4B194C2CFAF86AAAE1EEA245EDABCC9B9DFBE3B7145E007B7A2B431A9A26DD7160B0E3C247E4A589D866440534122B9B57FB36C21C4C9B0590F0EFCFBCBD51315FE09E1DC35133F0BA9E18BECB38A7263D250E396D3C99B73B4FDD21DBE4885D6BE66B0F95EC2C38998186DB9D08A53870AB6BB7D0F34457CCE54981425DD5A1A9F0DBFE26198A0E8CEA1DD953A067251A3AF4EFD26F477B20CC0EF67C226E7AC2A22868A4E8AEF32FA909C55DD39614666DF227C2DE3411910EAF1CDA5D6DB6E4922BDB8228DB409E0321C6EDA73E0004D452B635A5825680A5D29EF3F0D27CC2CB637B77D3B89CFD2FDB94FC58CF3627F6248C825A09DF5187C2C19F71FDC491CD737E7B9DD085F358537AC5529FDB874C9C28464A87956E196CDA7C27B75C8989A231CEE914CD2BA0CA5946BA656560C29521DFF29C3244B46254E90EA9E26AE9DB7171D4D59B539AA425C2653E1F70B90B9E750950C74228D82D8ED7614F74462EB3ABA84D681DCF6867C15E2A277D071EDE6E740B37DD35AB7753E6D2E7ED6FCB7E86691602403B423A0FE38DEFCD7514B3F5CF9A3A8F9258D76457D3CA"
"OOSAFEERASE04.00.00.01MSWINDOWS"="B1E8A9EA342D0C87BD085B25BB25F93B2C14565B0F0810CBD58A98409C742C712205D236D1DDC0715B4C41D5169F926F4BF24DF50D2846BEB085045D342A3956FBC85967C9E733435D89BA4E86065CB8AE77FA7C23750F2718177BEC33E6F46B9940BBA04E526C01D72BA41D858FCC553C0EB6832F78F09C674DF330FC250EBF6E3B2C6BE5AA6A536FE10FB3DE794F26EF678E06E1405F588CF99647C562A9877CC99235EBFE1D875C213AE6B20541B2D6FAC0E1BEDD47B90DB2423C98245E1A5CC608CB8EE26910ECA221EF7375FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407A6A0AC4980AC7933BA7FD869164D6794562388ADDBE8666FAA1EA35BE929BB929892CDF14B5E401A5A14109D2A6F0183F3A2B395A82E62A8622AD5E2F499CA97960A48C92DAFB978C02FBF2F94CF9206EEC156991630501079DADA419C5AF616BB54EFAE33C3DD6B269E81E5FCEDCB6F19AE81A9769658510C77F5450FFC2A6A9271DE6F08B67F9FA23CE434AA0C02DDB43FD77850ECF31CABED028331F8A673990A44A20D074246BF078C509ED261F47A69937D5E2674A45ECD6A541A25FE19C1E660A0D6169F167EA1303587CCE4D9174BFE748E95F9229C4DB25494419B41F1758B07ADABE3C7CFD31A20CBE961B8A8237B5B83747CCF53C4EE63A0EB38D903C62FB60E7130999B872A93057DF9BE4655FDF593DCC66D63B0482573AD63D2C413C9D5A9F478CC3C4C5556803EA820F4E98D4BC950F73FA1B27C02F0ED022278B26DCC632A06A702D41FEFC0C83D13B28C47A6E4B3820DD68FDC26B7FACBBE54244048D366F5722FF8A632F99C58516E0D5A1657CF2CA1C1AFCE021684CC2681097D394964397D7BB199AC171BEE9A0D5F0CEE464F90CD91A1CAC8902264D81F27725741C21417109E3A37B30ECBB0E49B34460E451F646B935EF35D4CC55CBD69819774839E170E0461E9231F0CDA45FDBF793DA21A3CE95D2B3E68E07AB865DB20BB478DC75788C679246ADEA2636A66AE251443183398F4E6A9D021DBF98EB15B41D8AACDB304F3828942BFD3990BD714AD8BE083A6F8F95A79EBB19BB1A7414EEE7889468FFDB88E7D191AB9504EF999BACC9D1DFB80ABE1B43F1CBC7313032DCDAABC1B5064E7C6AB1029445C4F1BFAB6377DF41A976EEFA9084E96D8A616BD2BA93B88DE1BF9E4027D8BB1999F2809515D68F26C1B4D8966B39AD6FD2C3B5A97DFDD1EA87888B83369C59AE6C2B7287D842BD1E2DCF348406734FA84E2D971E86FE4422047D22434923EE7273000CFF1A8F521F020B2D84F7AB6D790FAF984372B702D3BC73CA13F69C05640D35C8CA9765D428EA17F7D6F771D94C91BCB2AE01D896BF2AACAB9D415FCF89D0FCE"
"OODEFRAG16.00.00.01PROFESSIONAL"="12B86390B10EC6C3FA1E9AF3C220C8F1348C5341D547547A8689E4C97DAD39089DFD49FD3DBC5239A66610A5EC7B793773D2D9DEA43391A2BEBB67F845E69C56FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407A2D97226D213B555A6A0AC4980AC79339DB7CE019D40AA5C491DE25B179751CA24459800CB3183B07BAC951EB9FD97D57652D8AB272CEDD412D75A3F4BB4540ED1469CE4C5569F5C1637C9C43E595126E8C2DF12FA2B4DB8F2BD71D79A46A27672CDF60556E95FCD4646A5D5D0A3F58E065C66877A2739FBAF254DDC04F6DD44E165ABF1E2DB14B3A2B631E15F31A847BE7193B73CF74406B173D139E5C3292E9F2B847533EF9131E37BB3ACBD2B8D83246BD0043E4C833482A6AD0A85012B5CD2CE8A89753E31DA6919BB30200DCF626E434D835E2691D3D34FCDA289D411EAC396915EBC31CEBAB22C989822A99C7D7889FAFE605B8FABF790650A01BA88EB5EDBAAD67B894CCF686260454324A45E40610FF26B151DF168A26C7ADA00C664B40C308A8D5B8D8B527CED4C63F51F85E90183910BD0E354C0D21EE06BC9834D7A273DC62E0EFAD3DF52DBF4CAEBC364BA3619412EE08BF14002F863EB0C799489C4310901DD018322CE0C3C232652621F5D4E9A296B455E4A21BFD4F893E799DE0C3205895991E74F6D24D37B990BDA256B6C6CB26942A2E7BC7BC1117D93B19ABA27A2B265A04241438C1EC590349D00E7FBB5672AB839456E74681A3F442602233CFDC939A7C9757474B4582697EB076D4A2E44CCE59431E63D3A5D9CC435FEA862E6FE61A0A88E3EC9E36DCA02FE342A6BBFAE4A059621EAA6DF84B3E50E9CC64CDEE83D8FFB516BC32D244545FEA663B585ED69DA182BD2C7B1A1EFFA568C89739F0000F6572960DB44FD2DB78D227041D22C4A2E658B8AFC3F2A9559A7A412141322B2603FA312CE12E1EE333D8CB9EDAD7A5C493D239265CBF43BDF8E5C162D5990AFD7AD710D1C321A4B149371C15C4DCBE7F9D5757EE24C3E4CEC8BD15E0347F0A7ED11E8EC0CF55558BD0D001B74A175051355A9771E6CA7866495C5491F624C1DB8CB85E62561A57C1518096BDE4B36226C580C3A808A357DAC939CC6CC67916ACEB3E23D362E82770398866F0B1F2B0160EF0E153BB84F18B3E2DD5D9BC48FB84F92C4CDCE4744D7F4649176AAA758B74C9EC16E3F3D4190E6D539A5E01FFD0A58278F0644CD2A83DDC66963B3A1A5AF94DCDEBDC513BCF43BAFFDCCB34E74301022CE66329758B2B30070AD60005D261E17C20E4969D52AA7ABA114F0DBF1D29EABAF87732B53F26E402EDF2EE5AF2DD42D6C8108A184652874BCD03989D57031DA8313A8C505248DB2CD99E0AE302BA6F200CB86D326313DAC0CEDEE4AE7D5F740"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(916)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(6972)
c:\documents and settings\MTT\Data aplikací\Dropbox\bin\DropboxExt.24.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Celkový čas: 2014-12-26 17:37:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-12-26 16:37
ComboFix2.txt 2014-12-26 14:03
ComboFix3.txt 2014-11-28 18:49
.
Před spuštěním: Volných bajtů: 57 873 850 368
Po spuštění: Volných bajtů: 57 838 804 992
.
- - End Of File - - B51693B5801AF4EBFF9540FBD798EAC1
413FC2A0C716421B3158746D63736515


aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2014-12-27 17:37:58
-----------------------------
17:37:58.921 OS Version: Windows 5.1.2600 Service Pack 3
17:37:58.921 Number of processors: 2 586 0x303
17:37:58.921 ComputerName: HMMTA-E64DDD394 UserName: MTT
17:37:59.390 Initialize success
17:37:59.437 VM: initialized successfully
17:37:59.437 VM: Intel CPU virtualization not supported
17:38:03.125 AVAST engine defs: 14122700
17:38:23.625 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5
17:38:23.625 Disk 0 Vendor: ST3160023A 3.06 Size: 152626MB BusType: 3
17:38:23.625 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000080
17:38:23.625 Disk 1 Vendor: 200826AS_____________________________ 3____ Size: 190782MB BusType: 3
17:38:23.625 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\00000082
17:38:23.625 Disk 2 Vendor: _WD1600AAJS-00YZCA0__________________ 03B01 Size: 152627MB BusType: 3
17:38:23.781 Disk 2 MBR read successfully
17:38:23.781 Disk 2 MBR scan
17:38:24.093 Disk 2 Windows XP default MBR code
17:38:24.093 Disk 2 Partition 1 80 (A) 07 HPFS/NTFS NTFS 95001 MB offset 63
17:38:24.109 Disk 2 Boot: NTFS code=1
17:38:24.156 Disk 2 Partition - 00 0F Extended LBA 57615 MB offset 194563215
17:38:24.171 Disk 2 Partition 2 00 07 HPFS/NTFS NTFS 57615 MB offset 194563278
17:38:24.187 Disk 2 scanning sectors +312560640
17:38:24.359 Disk 2 scanning C:\WINDOWS\system32\drivers
17:38:38.453 Service scanning
17:39:04.656 Modules scanning
17:39:04.656 Disk 2 trace - called modules:
17:39:04.671
17:39:04.984 AVAST engine scan C:\WINDOWS
17:39:09.984 AVAST engine scan C:\WINDOWS\system32
17:42:02.390 AVAST engine scan C:\WINDOWS\system32\drivers
17:42:21.515 AVAST engine scan C:\Documents and Settings\MTT
17:57:52.156 AVAST engine scan C:\Documents and Settings\All Users
17:59:36.828 Disk 2 statistics 2311828/0/0 @ 1,06 MB/s
17:59:36.843 Scan finished successfully
18:01:20.234 Disk 2 MBR has been saved successfully to "C:\Documents and Settings\MTT\Plocha\MBR.dat"
18:01:20.250 The log file has been saved successfully to "C:\Documents and Settings\MTT\Plocha\aswMBR.txt"

[jaro3]

Odinstaluj:
SpyShelter Personal Free


Stáhni Kaspersky VRT
na svojí plochu.
Spusť program Kaspersky VRT, .Program se nainstaluje.
Potvrď licenci a klikni na „Start“ . Pokud program nabídne aktualizaci , klikni dole na na „Download Now“.
- Klikni na ozubené kolečko v pravém horním rohu. V okně vyber kromě již zatržených , svojí jednotku disku , pokud jich máš víc , můžeš zatrhnout všechny.
- zvol „Automatic Scan“ nahoře vlevo. a stiskni tlačítko „Start Scanning“
- Program začne skenovat zatržené jednotky

Zaškrtnuté :
Hidden startup objects
System Memory
Disk boot sectors
Počítač
Místní disk C

Nezašrkrtnuté:
Dokumenty
My email
Místní disk D
Jednotka DVD-Rom (E)
Jednotka BD-ROM (G)
Disketová jednotka
A jiné , např. Flash disky , které máš připojeny.

- povol programu Virus Removal Tool odstranit všechny nalezené infekce
- jakmile sken skončí ,zvol záložku „Report“ , vpravo nahoře (vedle ozubeného kolečka)
- klikni na „Detected Threads“ a klikni na obrázek diskety („Save“)
- ulož do počítače zprávu a vložit ji sem do příspěvku