Prosím o kontrolu logu - velmi pomalý start PC

ovecka · Příspěvekod **ovecka** » 02 led 2015 21:00

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:53:50, on 2.1.2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Olympus\ib\olycamdetect.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\TotalCmd\TOTALCMD.EXE
D:\StaĹľeno z Internetu\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [OV2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Viewer 2\FirstStart.exe" /OS
O4 - HKLM\..\Run: [Olympus ib] "C:\Program Files\Olympus\ib\olycamdetect.exe" /Startup
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [alcohol.exe Autorun] C:\Program Files\Alcohol Soft\Alcohol 52\alcohol.exe /startup
O4 - HKCU\..\Run: [PicPick Start] C:\Program Files\PicPick\picpick.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [OV2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe" -NoStart
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (file missing)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

--
End of file - 7735 bytes

Reklama

Příspěvekod **jaro3** » 03 led 2015 09:38

Odinstaluj:
Spybot - Search & Destroy 2

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

ovecka · Příspěvekod **ovecka** » 05 led 2015 21:42

Ahoj,
ATF - nebyly smazány žádné soubory,
TFC - smazáno 432 mb.

Log z AdwCleaner zde:

# AdwCleaner v4.106 - Report created 05/01/2015 at 21:26:27
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User1 - PC-HH
# Running from : C:\Documents and Settings\User1\Plocha\adwcleaner_4.106.exe
# Option : Scan

***** [ Services ] *****

Service Found : Skype C2C Service

***** [ Files / Folders ] *****

Folder Found : C:\Documents and Settings\User1\Data aplikací\pdfforge

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\pdfforge
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Found : HKCU\Software\pdfforge
Key Found : HKCU\Software\Search Settings
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Key Found : HKLM\SOFTWARE\pdfforge
Key Found : HKLM\SOFTWARE\Search Settings
Key Found : HKLM\SOFTWARE\Trymedia Systems

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v34.0.5 (x86 cs)

[2v8c0fru.default] - Line Found : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
[2v8c0fru.default] - Line Found : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

*************************

AdwCleaner[R0].txt - [2973 octets] - [05/01/2015 21:26:27]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3033 octets] ##########

MBAM nejde instalovat, při instalaci mi to hlásí chybu:
Interní chyba: Expression error 'Runtime Error (at 85:109): External exception E06D7363.'

Když to odklikám tak přijde další: Runtime Error (at 75:252) External exception E06D7363.

Zase jsem to odklikla a ukázala se další chyba: Interní chyba: External error 'Runtime error (at 53:89) External exception E06D7363.

Instalace sice byla dokončena, ale MBAM nefuguje.

Příspěvekod **jaro3** » 06 led 2015 10:07

Tak ho zase odinstaluj.

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

ovecka · Příspěvekod **ovecka** » 06 led 2015 18:50

Ahoj,

Níže logy z AdwCleaner, JRT a RogueKiller:

# AdwCleaner v4.106 - Report created 06/01/2015 at 18:16:24
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User1 - PC-HH
# Running from : C:\Documents and Settings\User1\Plocha\adwcleaner_4.106.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : Skype C2C Service

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\User1\Data aplikací\pdfforge

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\pdfforge
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\pdfforge
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\pdfforge
Key Deleted : HKLM\SOFTWARE\Search Settings
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v34.0.5 (x86 cs)

[2v8c0fru.default\prefs.js] - Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
[2v8c0fru.default\prefs.js] - Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

*************************

AdwCleaner[R0].txt - [3113 octets] - [05/01/2015 21:26:27]
AdwCleaner[R1].txt - [3173 octets] - [06/01/2015 18:12:42]
AdwCleaner[S0].txt - [3160 octets] - [06/01/2015 18:16:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3220 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Microsoft Windows XP x86
Ran by User1 on Łt 06.01.2015 at 18:28:53,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5366673-E8CA-11D3-9CD9-0090271D075B}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{A5366673-E8CA-11D3-9CD9-0090271D075B}

~~~ Files

Successfully deleted: [File] "C:\WINDOWS\wininit.ini"

~~~ Folders

~~~ FireFox

Successfully deleted: [Folder] "C:\Program Files\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com"
Emptied folder: C:\Documents and Settings\User1\Data aplikacˇ\mozilla\firefox\profiles\2v8c0fru.default\minidumps [5 files]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 06.01.2015 at 18:35:02,59
End of JRT log

RogueKiller V10.1.2.0 [Jan 6 2015] by Adlice Software
mail :
Feedback :
Webová stránka :
Blog :

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno : Normální režim
Uživatel : User1 [Práva správce]
Mód : Prohledat -- Datum : 01/06/2015 18:47:58

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nenahrán [0xc000026c]) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤

============================================
RKreport_SCN_01062015_184739.log

Příspěvekod **jaro3** » 07 led 2015 09:20

Vypni antivir
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

ovecka · Příspěvekod **ovecka** » 10 led 2015 18:07

Ahoj,

Níže logy.

Zoek.exe v5.0.0.0 Updated 31-12-2014
Tool run by User1 on st 07.01.2015 at 18:44:59,46.
Systém Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: D:\Staženo z Internetu\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

7.1.2015 18:47:47 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\Common Files\XCPCSync.OEM deleted successfully
C:\DOCUME~1\ALLUSE~1\NABDKA~1\Programy\Archiving deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1547161642-706699826-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{5F02F667-23B4-45A6-88BA-F84301AB919E} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\Program Files\GUTF.tmp deleted
C:\Program Files\GUME.tmp deleted
"C:\WINDOWS\Installer\4a93a6.msi" deleted
"C:\WINDOWS\Installer\24e56.msi" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\Alwil Software\Avast5\WebRep\FF" [15.11.2014 09:24]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx[15.11.2014 09:23]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.cz/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.cz/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\65F8E9A2B13CBBD4FB2EF0E48C913255 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\23D4C2B5DC7A0B446891A4BD3E102B3D deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5B2C4D32-A7CD-44B0-8619-4ADBE301B2D3} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\65F8E9A2B13CBBD4FB2EF0E48C913255 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\23D4C2B5DC7A0B446891A4BD3E102B3D deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\User1\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=70 folders=1 10435150 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\User1\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\DOCUME~1\User1\NABDKA~1\Programy\Po spuçtŘnˇ" not found

==== EOF on st 07.01.2015 at 19:57:54,25 ======================

ComboFix 15-01-08.01 - User1 10.01.2015 17:21:23.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.228 [GMT 1:00]
Spuštěný z: d:\sta×eno z internetu\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\EventSystem.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\out.txt
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-12-10 do 2015-01-10 )))))))))))))))))))))))))))))))
.
.
2015-01-10 15:51 . 2015-01-10 15:51 62576 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{DA01269B-E5F3-47FD-9F21-921922E6FD8A}\offreg.dll
2015-01-10 15:35 . 2014-12-02 11:01 9054624 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{DA01269B-E5F3-47FD-9F21-921922E6FD8A}\mpengine.dll
2015-01-07 18:20 . 2015-01-07 17:44 24064 ----a-w- c:\windows\zoek-delete.exe
2015-01-07 17:44 . 2015-01-07 18:13 -------- d-----w- C:\zoek_backup
2015-01-06 17:46 . 2015-01-06 17:46 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-01-06 17:46 . 2015-01-06 17:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RogueKiller
2015-01-06 17:28 . 2015-01-06 17:28 -------- d-----w- c:\windows\ERUNT
2015-01-05 20:26 . 2015-01-06 17:16 -------- d-----w- C:\AdwCleaner
2015-01-02 19:42 . 2015-01-02 19:42 -------- d-----w- c:\program files\VS Revo Group
2015-01-02 16:40 . 2015-01-02 16:41 244264 ----a-w- c:\program files\Mozilla Firefox\Firefox Setup Stub 34.0.5.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-06 03:36 . 2010-05-06 19:20 249488 ------w- c:\windows\system32\MpSigStub.exe
2014-12-18 14:40 . 2012-04-04 20:14 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-18 14:40 . 2011-09-24 20:44 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-02 11:01 . 2010-05-06 19:20 9054624 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-11-26 15:28 . 2011-08-05 21:38 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-26 15:27 . 2010-05-06 18:36 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-11-15 08:24 . 2014-04-26 20:55 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-15 08:24 . 2013-03-03 21:55 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-15 08:24 . 2013-03-03 21:55 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-15 08:24 . 2013-03-03 21:55 70384 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-11-15 08:24 . 2010-05-06 18:36 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-11-15 08:24 . 2010-05-06 18:36 55240 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2014-11-15 08:24 . 2014-11-15 08:24 291352 ----a-w- c:\windows\system32\aswBoot.exe
2014-11-15 08:24 . 2014-11-15 08:24 43152 ----a-w- c:\windows\avastSS.scr
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-15 08:23 723976 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2009-11-15 33120]
"alcohol.exe Autorun"="c:\program files\Alcohol Soft\Alcohol 52\alcohol.exe" [2010-02-20 1750880]
"PicPick Start"="c:\program files\PicPick\picpick.exe" [2010-04-23 3720704]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
"OV2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe" [2013-01-10 231784]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-12-12 5489944]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-10-01 22067296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-07-26 77824]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"OV2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Viewer 2\FirstStart.exe" [2013-01-10 55656]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2012-02-02 96128]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2011-08-30 223104]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-12-18 5227112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-5-6 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\PopCap Games\\Zuma Deluxe\\Zuma.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [3.3.2013 22:55 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [3.3.2013 22:55 206248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.5.2010 20:36 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [5.8.2011 22:38 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [6.5.2010 19:36 423784]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [26.4.2014 21:55 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [3.3.2013 22:55 70384]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 17:19 13592]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [8.5.2013 7:25 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [8.5.2013 7:25 8576]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [12.9.2013 22:17 21648]
S3 rimvndis;BlackBerry Virtual Private Network;c:\windows\system32\drivers\rimvndis.sys [7.5.2014 11:41 12800]
.
Obsah adresáře 'Naplánované úlohy'
.
2015-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 14:42]
.
2015-01-10 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-11-15 08:23]
.
2015-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 17:23]
.
2015-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 17:23]
.
2015-01-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]
.
2015-01-10 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-04-26 23:28]
.
2015-01-10 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-04-26 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\User1\Data aplikací\Mozilla\Firefox\Profiles\2v8c0fru.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =302398&p=
FF - ExtSQL: !HIDDEN! 2010-05-07 15:43; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-01-10 17:57
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2015-01-10 18:02:41
ComboFix-quarantined-files.txt 2015-01-10 17:02
.
Před spuštěním: 4 129 996 800
Po spuštění: 4 084 060 160
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 12502D6FEA6B561E73BFA3CE000D030B
413FC2A0C716421B3158746D63736515

Příspěvekod **Orcus** » 11 led 2015 12:35

CF jsi nespustil z Plochy, jak je potřeba.

Spuštěný z: d:\sta×eno z internetu\ComboFix.exe

ovecka · Příspěvekod **ovecka** » 11 led 2015 22:34

Ahoj, omlouvám se za zdržení kvůli mé chybě.

Nyní nově log CF (puštěno z plochy).

ComboFix 15-01-08.01 - User1 11.01.2015 22:17:45.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.247 [GMT 1:00]
Spuštěný z: c:\documents and settings\User1\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-12-11 do 2015-01-11 )))))))))))))))))))))))))))))))
.
.
2015-01-10 15:51 . 2015-01-10 15:51 62576 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{DA01269B-E5F3-47FD-9F21-921922E6FD8A}\offreg.dll
2015-01-10 15:35 . 2014-12-02 11:01 9054624 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{DA01269B-E5F3-47FD-9F21-921922E6FD8A}\mpengine.dll
2015-01-07 18:20 . 2015-01-07 17:44 24064 ----a-w- c:\windows\zoek-delete.exe
2015-01-07 17:44 . 2015-01-07 18:13 -------- d-----w- C:\zoek_backup
2015-01-06 17:46 . 2015-01-06 17:46 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-01-06 17:46 . 2015-01-06 17:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RogueKiller
2015-01-06 17:28 . 2015-01-06 17:28 -------- d-----w- c:\windows\ERUNT
2015-01-05 20:26 . 2015-01-06 17:16 -------- d-----w- C:\AdwCleaner
2015-01-02 19:42 . 2015-01-02 19:42 -------- d-----w- c:\program files\VS Revo Group
2015-01-02 16:40 . 2015-01-02 16:41 244264 ----a-w- c:\program files\Mozilla Firefox\Firefox Setup Stub 34.0.5.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-11 19:16 . 2010-06-26 19:25 60416 ----a-w- c:\windows\ALCFDRTM.VER
2015-01-06 03:36 . 2010-05-06 19:20 249488 ------w- c:\windows\system32\MpSigStub.exe
2014-12-18 14:40 . 2012-04-04 20:14 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-18 14:40 . 2011-09-24 20:44 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-02 11:01 . 2010-05-06 19:20 9054624 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-11-26 15:28 . 2011-08-05 21:38 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-26 15:27 . 2010-05-06 18:36 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-11-15 08:24 . 2014-04-26 20:55 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-15 08:24 . 2013-03-03 21:55 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-15 08:24 . 2013-03-03 21:55 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-15 08:24 . 2013-03-03 21:55 70384 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-11-15 08:24 . 2010-05-06 18:36 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-11-15 08:24 . 2010-05-06 18:36 55240 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2014-11-15 08:24 . 2014-11-15 08:24 291352 ----a-w- c:\windows\system32\aswBoot.exe
2014-11-15 08:24 . 2014-11-15 08:24 43152 ----a-w- c:\windows\avastSS.scr
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-15 08:23 723976 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2009-11-15 33120]
"alcohol.exe Autorun"="c:\program files\Alcohol Soft\Alcohol 52\alcohol.exe" [2010-02-20 1750880]
"PicPick Start"="c:\program files\PicPick\picpick.exe" [2010-04-23 3720704]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
"OV2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe" [2013-01-10 231784]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-12-12 5489944]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-10-01 22067296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-07-26 77824]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"OV2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Viewer 2\FirstStart.exe" [2013-01-10 55656]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2012-02-02 96128]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2011-08-30 223104]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-12-18 5227112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-5-6 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\PopCap Games\\Zuma Deluxe\\Zuma.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [3.3.2013 22:55 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [3.3.2013 22:55 206248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.5.2010 20:36 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [5.8.2011 22:38 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [6.5.2010 19:36 423784]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [26.4.2014 21:55 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [3.3.2013 22:55 70384]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 17:19 13592]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [8.5.2013 7:25 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [8.5.2013 7:25 8576]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [12.9.2013 22:17 21648]
S3 rimvndis;BlackBerry Virtual Private Network;c:\windows\system32\drivers\rimvndis.sys [7.5.2014 11:41 12800]
.
Obsah adresáře 'Naplánované úlohy'
.
2015-01-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 14:42]
.
2015-01-11 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-11-15 08:23]
.
2015-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 17:23]
.
2015-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 17:23]
.
2015-01-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]
.
2015-01-10 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-04-26 23:28]
.
2015-01-10 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-04-26 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\User1\Data aplikací\Mozilla\Firefox\Profiles\2v8c0fru.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =302398&p=
FF - ExtSQL: !HIDDEN! 2010-05-07 15:43; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-01-11 22:27
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2015-01-11 22:30:49
ComboFix-quarantined-files.txt 2015-01-11 21:30
ComboFix2.txt 2015-01-10 17:02
.
Před spuštěním: 3 940 487 168
Po spuštění: 3 927 416 832
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - E2D273841D029069DD194837B497B5DC
413FC2A0C716421B3158746D63736515

Příspěvekod **jaro3** » 12 led 2015 09:43

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files\Google\Update

Driver::
MBAMSwissArmy

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

ovecka · Příspěvekod **ovecka** » 13 led 2015 23:11

Ahoj,

ComboFix 15-01-08.01 - User1 13.01.2015 22:11:42.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.262 [GMT 1:00]
Spuštěný z: c:\documents and settings\User1\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\User1\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Update
c:\program files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.25.11\GoogleUpdate.exe
c:\program files\Google\Update\1.3.25.11\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.25.11\GoogleUpdateComRegisterShell64.exe
c:\program files\Google\Update\1.3.25.11\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.25.11\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.25.11\goopdate.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_am.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_ar.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_bg.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_bn.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_ca.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_cs.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_da.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_de.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_el.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_en.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_es.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_et.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_fa.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_fi.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_fil.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_fr.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_gu.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_hi.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_hr.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_hu.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_id.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_is.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_it.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_iw.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_ja.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_kn.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_ko.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_lt.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_lv.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_ml.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_mr.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_ms.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_nl.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_no.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_pl.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_ro.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_ru.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_sk.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_sl.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_sr.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_sv.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_sw.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_ta.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_te.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_th.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_tr.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_uk.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_ur.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_vi.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.25.11\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.25.11\psmachine.dll
c:\program files\Google\Update\1.3.25.11\psmachine_64.dll
c:\program files\Google\Update\1.3.25.11\psuser.dll
c:\program files\Google\Update\1.3.25.11\psuser_64.dll
c:\program files\Google\Update\Download\{08DC72F2-3840-4972-B85E-4345CFB02EAD}\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.25.11\GoogleUpdateSetup.exe
c:\program files\Google\Update\GoogleUpdate.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MBAMSWISSARMY
-------\Service_MBAMSwissArmy
-------\Legacy_gupdate
-------\Legacy_gupdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-12-13 do 2015-01-13 )))))))))))))))))))))))))))))))
.
.
2015-01-13 21:34 . 2014-12-02 11:01 9054624 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{3BFAF0D5-73B1-4641-8F97-9990551CC6F6}\mpengine.dll
2015-01-10 15:51 . 2015-01-10 15:51 62576 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{DA01269B-E5F3-47FD-9F21-921922E6FD8A}\offreg.dll
2015-01-10 15:35 . 2014-12-02 11:01 9054624 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{DA01269B-E5F3-47FD-9F21-921922E6FD8A}\mpengine.dll
2015-01-07 18:20 . 2015-01-07 17:44 24064 ----a-w- c:\windows\zoek-delete.exe
2015-01-07 17:44 . 2015-01-07 18:13 -------- d-----w- C:\zoek_backup
2015-01-06 17:46 . 2015-01-06 17:46 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-01-06 17:46 . 2015-01-06 17:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RogueKiller
2015-01-06 17:28 . 2015-01-06 17:28 -------- d-----w- c:\windows\ERUNT
2015-01-05 20:26 . 2015-01-06 17:16 -------- d-----w- C:\AdwCleaner
2015-01-02 19:42 . 2015-01-02 19:42 -------- d-----w- c:\program files\VS Revo Group
2015-01-02 16:40 . 2015-01-02 16:41 244264 ----a-w- c:\program files\Mozilla Firefox\Firefox Setup Stub 34.0.5.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-13 20:37 . 2012-04-04 20:14 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-01-13 20:37 . 2011-09-24 20:44 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-11 19:16 . 2010-06-26 19:25 60416 ----a-w- c:\windows\ALCFDRTM.VER
2015-01-06 03:36 . 2010-05-06 19:20 249488 ------w- c:\windows\system32\MpSigStub.exe
2014-12-02 11:01 . 2010-05-06 19:20 9054624 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-11-26 15:28 . 2011-08-05 21:38 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-26 15:27 . 2010-05-06 18:36 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-11-15 08:24 . 2014-04-26 20:55 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-15 08:24 . 2013-03-03 21:55 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-15 08:24 . 2013-03-03 21:55 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-15 08:24 . 2013-03-03 21:55 70384 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-11-15 08:24 . 2010-05-06 18:36 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-11-15 08:24 . 2010-05-06 18:36 55240 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2014-11-15 08:24 . 2014-11-15 08:24 291352 ----a-w- c:\windows\system32\aswBoot.exe
2014-11-15 08:24 . 2014-11-15 08:24 43152 ----a-w- c:\windows\avastSS.scr
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-15 08:23 723976 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2009-11-15 33120]
"alcohol.exe Autorun"="c:\program files\Alcohol Soft\Alcohol 52\alcohol.exe" [2010-02-20 1750880]
"PicPick Start"="c:\program files\PicPick\picpick.exe" [2010-04-23 3720704]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
"OV2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe" [2013-01-10 231784]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-12-12 5489944]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-10-01 22067296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-07-26 77824]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"OV2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Viewer 2\FirstStart.exe" [2013-01-10 55656]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2012-02-02 96128]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2011-08-30 223104]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2015-01-10 5227112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-5-6 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\PopCap Games\\Zuma Deluxe\\Zuma.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [3.3.2013 22:55 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [3.3.2013 22:55 206248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.5.2010 20:36 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [5.8.2011 22:38 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [6.5.2010 19:36 423784]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [26.4.2014 21:55 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [3.3.2013 22:55 70384]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 17:19 13592]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [8.5.2013 7:25 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [8.5.2013 7:25 8576]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [12.9.2013 22:17 21648]
S3 rimvndis;BlackBerry Virtual Private Network;c:\windows\system32\drivers\rimvndis.sys [7.5.2014 11:41 12800]
.
Obsah adresáře 'Naplánované úlohy'
.
2015-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 20:37]
.
2015-01-13 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-11-15 08:23]
.
2015-01-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]
.
2015-01-10 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-04-26 23:28]
.
2015-01-13 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-04-26 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\User1\Data aplikací\Mozilla\Firefox\Profiles\2v8c0fru.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =302398&p=
FF - ExtSQL: !HIDDEN! 2010-05-07 15:43; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-01-13 22:31
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\windows\TEMP\_avast_\unp158988381.tmp 299179 bytes
c:\windows\TEMP\_avast_\unp6296997.tmp 828104 bytes executable
.
sken byl úspešně dokončen
skryté soubory: 2
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2884)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\windows\system32\wdfmgr.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2015-01-13 22:40:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-01-13 21:40
ComboFix2.txt 2015-01-11 21:30
ComboFix3.txt 2015-01-10 17:02
.
Před spuštěním: 3 654 909 952
Po spuštění: 3 530 956 800
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 703F116E34D071314A8EBD07DA87A300
413FC2A0C716421B3158746D63736515

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:46:52, on 13.1.2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Olympus\ib\olycamdetect.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\TotalCmd\TOTALCMD.EXE
D:\StaĹľeno z Internetu\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [OV2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Viewer 2\FirstStart.exe" /OS
O4 - HKLM\..\Run: [Olympus ib] "C:\Program Files\Olympus\ib\olycamdetect.exe" /Startup
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [alcohol.exe Autorun] C:\Program Files\Alcohol Soft\Alcohol 52\alcohol.exe /startup
O4 - HKCU\..\Run: [PicPick Start] C:\Program Files\PicPick\picpick.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [OV2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe" -NoStart
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (file missing)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

--
End of file - 6753 bytes

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-01-13 22:50:45
-----------------------------
22:50:45.671 OS Version: Windows 5.1.2600 Service Pack 3
22:50:45.671 Number of processors: 1 586 0x2C02
22:50:45.671 ComputerName: PC-HH UserName: User1
22:50:52.250 Initialize success
22:50:52.343 VM: initialized successfully
22:50:52.343 VM: Amd CPU virtualization not supported
22:51:13.156 AVAST engine defs: 15011302
22:51:44.671 Disk 0 \Device\Harddisk0\DR0 -> \Device\0000006b
22:51:44.671 Disk 0 Vendor: SAMSUNG_SP0411N TW100-11 Size: 38200MB BusType: 3
22:51:44.671 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\0000006f
22:51:44.671 Disk 1 Vendor: WDC_WD800JD-22LSA0 06.01D06 Size: 76319MB BusType: 3
22:51:44.812 Disk 1 MBR read successfully
22:51:44.812 Disk 1 MBR scan
22:51:44.812 Disk 1 Windows XP default MBR code
22:51:44.812 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 24003 MB offset 63
22:51:44.812 Disk 1 Boot: NTFS code=1
22:51:44.828 Disk 1 Partition - 00 0F Extended LBA 52313 MB offset 49158900
22:51:44.843 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 52313 MB offset 49158963
22:51:44.843 Disk 1 scanning sectors +156296385
22:51:44.906 Disk 1 scanning C:\WINDOWS\system32\drivers
22:51:54.140 Service scanning
22:52:04.687 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
22:52:07.906 Modules scanning
22:52:07.906 \Driver\nvatabus DriverInit @ 0x829dc298 suspicious
22:52:07.906 \Driver\af9phb67 MajorFunction[ IRP_MJ_CREATE ] @ 0x82547500 suspicious
22:52:07.906 \Driver\af9phb67 MajorFunction[ IRP_MJ_CLOSE ] @ 0x82547500 suspicious
22:52:07.906 \Driver\af9phb67 MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x82547500 suspicious
22:52:07.906 \Driver\af9phb67 MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x82547500 suspicious
22:52:07.906 \Driver\af9phb67 MajorFunction[ IRP_MJ_POWER ] @ 0x82547500 suspicious
22:52:07.906 \Driver\af9phb67 MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x82547500 suspicious
22:52:07.906 \Driver\atapi DriverInit @ 0x82971298 suspicious
22:52:07.906 \Driver\dmio MajorFunction[ IRP_MJ_CREATE ] @ 0x829dd1f8 suspicious
22:52:07.906 \Driver\dmio MajorFunction[ IRP_MJ_CLOSE ] @ 0x829dd1f8 suspicious
22:52:07.906 \Driver\dmio MajorFunction[ IRP_MJ_READ ] @ 0x829dd1f8 suspicious
22:52:07.921 \Driver\dmio MajorFunction[ IRP_MJ_WRITE ] @ 0x829dd1f8 suspicious
22:52:07.921 \Driver\dmio MajorFunction[ IRP_MJ_FLUSH_BUFFERS ] @ 0x829dd1f8 suspicious
22:52:07.921 \Driver\dmio MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x829dd1f8 suspicious
22:52:07.921 \Driver\dmio MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x829dd1f8 suspicious
22:52:07.921 \Driver\dmio MajorFunction[ IRP_MJ_SHUTDOWN ] @ 0x829dd1f8 suspicious
22:52:07.921 \Driver\dmio MajorFunction[ IRP_MJ_POWER ] @ 0x829dd1f8 suspicious
22:52:07.921 \Driver\dmio MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x829dd1f8 suspicious
22:52:07.921 \Driver\usbohci MajorFunction[ IRP_MJ_CREATE ] @ 0x8257b500 suspicious
22:52:07.921 \Driver\usbohci MajorFunction[ IRP_MJ_CLOSE ] @ 0x8257b500 suspicious
22:52:07.921 \Driver\usbohci MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8257b500 suspicious
22:52:07.921 \Driver\usbohci MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8257b500 suspicious
22:52:07.937 \Driver\usbohci MajorFunction[ IRP_MJ_POWER ] @ 0x8257b500 suspicious
22:52:07.937 \Driver\usbohci MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8257b500 suspicious
22:52:07.937 \Driver\Ftdisk MajorFunction[ IRP_MJ_CREATE ] @ 0x829721f8 suspicious
22:52:07.937 \Driver\Ftdisk MajorFunction[ IRP_MJ_READ ] @ 0x829721f8 suspicious
22:52:07.937 \Driver\Ftdisk MajorFunction[ IRP_MJ_WRITE ] @ 0x829721f8 suspicious
22:52:07.937 \Driver\Ftdisk MajorFunction[ IRP_MJ_FLUSH_BUFFERS ] @ 0x829721f8 suspicious
22:52:07.937 \Driver\Ftdisk MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x829721f8 suspicious
22:52:07.937 \Driver\Ftdisk MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x829721f8 suspicious
22:52:07.937 \Driver\Ftdisk MajorFunction[ IRP_MJ_SHUTDOWN ] @ 0x829721f8 suspicious
22:52:07.937 \Driver\Ftdisk MajorFunction[ IRP_MJ_CLEANUP ] @ 0x829721f8 suspicious
22:52:07.937 \Driver\Ftdisk MajorFunction[ IRP_MJ_POWER ] @ 0x829721f8 suspicious
22:52:07.953 \Driver\Ftdisk MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x829721f8 suspicious
22:52:07.953 \Driver\NetBT MajorFunction[ IRP_MJ_CREATE ] @ 0x81d391f8 suspicious
22:52:07.953 \Driver\NetBT MajorFunction[ IRP_MJ_CLOSE ] @ 0x81d391f8 suspicious
22:52:07.953 \Driver\NetBT MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x81d391f8 suspicious
22:52:07.953 \Driver\NetBT MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x81d391f8 suspicious
22:52:07.953 \Driver\NetBT MajorFunction[ IRP_MJ_CLEANUP ] @ 0x81d391f8 suspicious
22:52:07.953 \Driver\Cdrom MajorFunction[ IRP_MJ_CREATE ] @ 0x82548500 suspicious
22:52:07.953 \Driver\Cdrom MajorFunction[ IRP_MJ_CLOSE ] @ 0x82548500 suspicious
22:52:07.953 \Driver\Cdrom MajorFunction[ IRP_MJ_READ ] @ 0x82548500 suspicious
22:52:07.953 \Driver\Cdrom MajorFunction[ IRP_MJ_WRITE ] @ 0x82548500 suspicious
22:52:07.968 \Driver\Cdrom MajorFunction[ IRP_MJ_FLUSH_BUFFERS ] @ 0x82548500 suspicious
22:52:07.968 \Driver\Cdrom MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x82548500 suspicious
22:52:07.968 \Driver\Cdrom MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x82548500 suspicious
22:52:07.968 \Driver\Cdrom MajorFunction[ IRP_MJ_SHUTDOWN ] @ 0x82548500 suspicious
22:52:07.968 \Driver\Cdrom MajorFunction[ IRP_MJ_POWER ] @ 0x82548500 suspicious
22:52:07.968 \Driver\Cdrom MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x82548500 suspicious
22:52:07.968 \Driver\usbehci MajorFunction[ IRP_MJ_CREATE ] @ 0x8258c500 suspicious
22:52:07.968 \Driver\usbehci MajorFunction[ IRP_MJ_CLOSE ] @ 0x8258c500 suspicious
22:52:07.968 \Driver\usbehci MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8258c500 suspicious
22:52:07.968 \Driver\usbehci MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8258c500 suspicious
22:52:07.984 \Driver\usbehci MajorFunction[ IRP_MJ_POWER ] @ 0x8258c500 suspicious
22:52:07.984 \Driver\usbehci MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8258c500 suspicious
22:52:07.984 Disk 1 trace - called modules:
22:52:08.000 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvatabus.sys spqj.sys >>UNKNOWN [0x82991938]<<
22:52:08.000 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x82916030]
22:52:08.000 3 CLASSPNP.SYS[f84e5fd7] -> nt!IofCallDriver -> \Device\00000070[0x829d5a68]
22:52:08.000 5 ACPI.sys[f8271620] -> nt!IofCallDriver -> \Device\0000006f[0x829d26e8]
22:52:08.125 AVAST engine scan C:\WINDOWS
22:52:13.609 AVAST engine scan C:\WINDOWS\system32
22:54:43.281 AVAST engine scan C:\WINDOWS\system32\drivers
22:54:58.781 AVAST engine scan C:\Documents and Settings\User1
23:05:09.250 AVAST engine scan C:\Documents and Settings\All Users
23:08:42.734 Disk 1 statistics 1666413/0/0 @ 1,15 MB/s
23:08:42.734 Scan finished successfully
23:09:02.828 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\User1\Plocha\MBR.dat"
23:09:02.843 The log file has been saved successfully to "C:\Documents and Settings\User1\Plocha\aswMBR.txt"

Příspěvekod **jaro3** » 14 led 2015 11:09

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

neudělal si..

Odinstaluj:
Windows Defender

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\windows\Tasks\MP Scheduled Scan.job
c:\windows\TEMP\_avast_\unp158988381.tmp 299179 bytes
c:\windows\TEMP\_avast_\unp6296997.tmp

Folder::
c:\program files\Windows Defender

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Prosím o kontrolu logu - velmi pomalý start PC

Prosím o kontrolu logu - velmi pomalý start PC

Re: Prosím o kontrolu logu - velmi pomalý start PC

Re: Prosím o kontrolu logu - velmi pomalý start PC

Re: Prosím o kontrolu logu - velmi pomalý start PC

Re: Prosím o kontrolu logu - velmi pomalý start PC

Re: Prosím o kontrolu logu - velmi pomalý start PC

Re: Prosím o kontrolu logu - velmi pomalý start PC

Re: Prosím o kontrolu logu - velmi pomalý start PC

Re: Prosím o kontrolu logu - velmi pomalý start PC

Re: Prosím o kontrolu logu - velmi pomalý start PC

Re: Prosím o kontrolu logu - velmi pomalý start PC

Re: Prosím o kontrolu logu - velmi pomalý start PC

Kdo je online