prosím o kontrolu - pomalý firefox

Ghostwriter · Příspěvekod **Ghostwriter** » 02 říj 2016 00:19

RogueKiller budeme muset vynechat - zkoušel jsem dvě verze programu (jedna nová, druhá se starým interfacem) a u obou když po hodině dojede sken, program zamrzne - nejde mazat nebo dále cokoliv dělat. Zároveň se po dokončení skenu v prohlížeči v obou případech otevřela tato stránka:
http://www.adlice.com/remove-pum/

Reklama

Ghostwriter · Příspěvekod **Ghostwriter** » 02 říj 2016 00:20

Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by ets on so 01.10.2016 at 23:52:51,39.
Systém Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: c:\downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

1.10.2016 23:55:16 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\Program Files\3wk0nteh deleted successfully
C:\Program Files\5eyfj29m deleted successfully
C:\Program Files\thkh506m deleted successfully
C:\Program Files\xm9aydxp deleted successfully
C:\DOCUME~1\ALLUSE~1\DATAAP~1\regid.1986-12.com.adobe deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WPFFontCache_v0400 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WPFFontCache_v0400 deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SafeZoneStable\shell\open\command]
@="C:\\Program Files\\AVAST Software\\SZBrowser\\Launcher.exe"

==== Deleting Files \ Folders ======================

C:\Program Files\3wk0nteh not found
C:\Program Files\5eyfj29m not found
C:\Program Files\thkh506m not found
C:\Program Files\xm9aydxp not found
C:\Program Files\ComPlus Applications deleted
C:\Program Files\WindowsUpdate deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\Package Cache deleted
C:\WINDOWS\system32\GroupPolicy\Adm deleted
C:\WINDOWS\system32\GroupPolicy\Machine deleted
C:\WINDOWS\system32\GroupPolicy\User deleted
C:\WINDOWS\system32\GroupPolicy\gpt.ini deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [21.08.2016 00:55]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avira SystrayStartTrigger deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\ets\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=15 folders=13 11513151 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\ets\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\ets\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on ne 02.10.2016 at 0:15:32,21 ======================

Ghostwriter · Příspěvekod **Ghostwriter** » 02 říj 2016 00:21

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:20:53, on 2.10.2016
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

FIREFOX: 49.0.1 (x86 cs)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\downloads\GeeTeeDeePortable-0.2.642\GeeTeeDeePortable.exe
C:\DOCUME~1\ets\LOCALS~1\Temp\RtkBtMnt.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
c:\downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GeeTeeDee] C:\downloads\GeeTeeDeePortable-0.2.642\GeeTeeDeePortable.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [KB976002-v5] rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: RailNotification - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 7322 bytes

Ghostwriter · Příspěvekod **Ghostwriter** » 02 říj 2016 00:23

Jinak celkové chování je lepší, akorát se obávám že ještě zbyly nějaké PUM/PUP záležitosti které nesmazal mbam a které našel (a nesmazal - kvůli zamrzání) RogueKiller

Příspěvekod **jerabina** » 02 říj 2016 01:24

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Ghostwriter · Příspěvekod **Ghostwriter** » 02 říj 2016 06:52

ComboFix 16-09-28.01 - ets 02.10.2016 6:23.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.226 [GMT 2:00]
Spuštěný z: c:\documents and settings\ets\Plocha\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {7591db91-41f0-48a3-b128-1a293fd8233d}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\ntuser.pol
c:\windows\IsUn0405.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\DEBUG.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-09-02 do 2016-10-02 )))))))))))))))))))))))))))))))
.
.
2016-10-01 22:13 . 2016-10-01 21:52 24064 ----a-w- c:\windows\zoek-delete.exe
2016-10-01 21:52 . 2016-10-01 22:08 -------- d-----w- C:\zoek_backup
2016-09-30 21:03 . 2016-10-01 20:31 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-09-30 21:02 . 2016-09-30 21:02 -------- d-----w- c:\program files\RogueKiller
2016-09-30 21:02 . 2016-10-01 21:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RogueKiller
2016-09-30 19:41 . 2016-09-30 19:41 -------- d-----w- c:\documents and settings\ets\Data aplikací\Malwarebytes
2016-09-30 19:41 . 2016-09-30 19:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2016-09-29 10:00 . 2016-09-29 10:00 -------- d-----w- c:\program files\Mozilla Maintenance Service
2016-09-29 08:39 . 2016-09-29 08:39 -------- d-----w- c:\documents and settings\ets\Local Settings\Data aplikací\Firefox
2016-09-29 08:37 . 2016-09-29 08:37 -------- d-----w- c:\documents and settings\ets\Data aplikací\Firefox
2016-09-22 13:58 . 2016-09-22 13:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Temp
2016-09-22 07:00 . 2016-09-22 07:01 -------- d-----w- c:\documents and settings\ets\.mp3splt-gtk
2016-09-22 06:59 . 2016-09-22 06:59 -------- d-----w- c:\program files\mp3splt-gtk
2016-09-09 06:55 . 2016-09-09 06:55 -------- d-----w- c:\documents and settings\ets\Data aplikací\eCyber
2016-09-07 01:00 . 2016-09-07 01:00 -------- d-----w- c:\program files\DVDVideoMedia
2016-09-07 00:50 . 2016-09-07 00:50 -------- d-----w- c:\documents and settings\ets\Data aplikací\Jfuse
2016-09-05 22:00 . 2016-09-07 00:55 -------- d-----w- c:\program files\3GP Cutter
2016-09-05 20:21 . 2016-09-05 20:21 -------- d-----w- c:\program files\ABC 3GP Converter
2016-09-04 11:02 . 2016-09-29 03:23 -------- d-----w- C:\ppp
2016-09-03 18:29 . 2016-09-03 19:37 -------- d-----w- c:\documents and settings\ets\Data aplikací\BSplayer
2016-09-03 18:29 . 2016-09-03 18:29 -------- d-----w- c:\documents and settings\ets\Data aplikací\BSplayer Pro
2016-09-03 18:29 . 2016-09-03 18:29 -------- d-----w- c:\program files\Webteh
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-09-22 13:28 . 2016-08-20 22:56 433768 ----a-w- c:\windows\system32\drivers\aswsp.sys
2016-09-13 19:00 . 2016-08-20 22:56 735488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2016-08-23 22:18 . 2016-08-23 22:18 39280 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2016-08-20 23:11 . 2016-08-20 23:11 35096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-08-20 22:55 . 2016-08-20 22:56 66688 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2016-08-20 22:55 . 2016-08-20 22:56 184592 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2016-08-20 22:55 . 2016-08-20 22:56 224616 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2016-08-20 22:55 . 2016-08-20 22:56 60424 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-08-20 22:55 . 2016-08-20 22:56 92256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-08-20 22:55 . 2016-08-20 22:56 34008 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-08-20 22:55 . 2016-08-20 22:56 64272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2016-08-20 22:55 . 2016-08-20 22:56 319760 ----a-w- c:\windows\system32\aswBoot.exe
2016-08-20 22:55 . 2016-08-20 22:55 53208 ----a-w- c:\windows\avastSS.scr
2016-08-04 00:44 . 2016-08-04 00:44 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-08-04 00:44 . 2016-08-04 00:44 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-07-29 18:52 . 2016-07-29 18:52 40504 ----a-w- c:\windows\system32\drivers\dtliteusbbus.sys
2016-07-29 18:51 . 2016-07-29 18:51 26168 ----a-w- c:\windows\system32\drivers\dtlitescsibus.sys
2016-07-28 13:47 . 2016-07-27 18:01 128000 ----a-w- c:\windows\system32\javacpl.cpl
2016-07-28 13:47 . 2016-07-27 18:01 544656 ----a-w- c:\windows\system32\deployJava1.dll
2016-07-27 18:54 . 2016-07-27 18:54 921280 ----a-w- c:\windows\ucrtbase.dll
2016-07-27 18:41 . 2016-07-27 18:41 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2016-07-27 16:27 . 2016-07-27 16:27 707 ----a-w- c:\windows\_default.pif
2016-07-27 16:27 . 2016-07-27 16:27 338944 ----a-w- c:\windows\system32\zipfldr.dll
2016-07-27 16:27 . 2016-07-27 17:42 575488 ----a-w- c:\windows\system32\xpsshhdr.dll
2016-07-27 16:27 . 2016-07-27 17:42 1676288 ----a-w- c:\windows\system32\xpssvcs.dll
2016-07-27 16:26 . 2016-07-27 17:41 11776 ----a-w- c:\windows\system32\xolehlp.dll
2016-07-27 16:26 . 2016-07-27 16:26 50176 ----a-w- c:\windows\system32\xmlprovi.dll
2016-07-27 16:26 . 2016-07-27 16:26 129024 ----a-w- c:\windows\system32\xmlprov.dll
2016-07-27 16:26 . 2016-07-27 17:42 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2016-07-27 16:26 . 2016-07-27 17:42 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2016-07-27 16:26 . 2016-07-27 17:42 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2016-07-27 16:26 . 2016-07-27 16:26 30720 ----a-w- c:\windows\system32\xcopy.exe
2016-07-27 16:26 . 2016-07-27 16:26 175224 ----a-w- c:\windows\system32\xenroll.dll
2016-07-27 16:26 . 2016-07-27 17:42 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2016-07-27 16:26 . 2016-07-27 17:42 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2016-07-27 16:26 . 2016-07-27 17:42 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2016-07-27 16:26 . 2016-07-27 17:42 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2016-07-27 16:26 . 2016-07-27 17:42 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2016-07-27 16:26 . 2016-07-27 17:42 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2016-07-27 16:26 . 2016-07-27 17:42 507400 ----a-w- c:\windows\system32\XAudio2_1.dll
2016-07-27 16:26 . 2016-07-27 17:42 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2016-07-27 16:26 . 2016-07-27 17:42 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2016-07-27 16:26 . 2016-07-27 17:42 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2016-07-27 16:26 . 2016-07-27 17:42 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2016-07-27 16:26 . 2016-07-27 17:42 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2016-07-27 16:26 . 2016-07-27 17:42 65032 ----a-w- c:\windows\system32\XAPOFX1_0.dll
2016-07-27 16:26 . 2016-07-27 17:42 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2016-07-27 16:26 . 2016-07-27 16:26 91648 ----a-w- c:\windows\system32\xactsrv.dll
2016-07-27 16:26 . 2016-07-27 16:26 383488 ----a-w- c:\windows\system32\wzcdlg.dll
2016-07-27 16:26 . 2016-07-27 17:42 1302600 ----a-w- c:\windows\system32\WUDFUpdate_01007.dll
2016-07-27 16:26 . 2016-07-27 17:42 53248 ----a-w- c:\windows\system32\drivers\UMDF\wudfusbcciddriver.dll
2016-07-27 16:26 . 2016-07-27 16:26 82944 ----a-w- c:\windows\system32\drivers\wudfrd.sys
2016-07-27 16:26 . 2016-07-27 16:26 77568 ----a-w- c:\windows\system32\drivers\wudfpf.sys
2016-07-27 16:26 . 2016-07-27 16:26 55808 ----a-w- c:\windows\system32\wudfsvc.dll
2016-07-27 16:26 . 2016-07-27 16:26 32256 ----a-w- c:\windows\system32\wupdmgr.exe
2016-07-27 16:26 . 2016-07-27 16:26 316416 ----a-w- c:\windows\system32\wudfx.dll
2016-07-27 16:26 . 2016-07-27 16:26 146432 ----a-w- c:\windows\system32\wudfhost.exe
2016-07-27 16:26 . 2016-07-27 16:17 95344 ----a-w- c:\windows\system32\wudfcoinstaller.dll
2016-07-27 16:26 . 2016-07-27 16:17 165376 ----a-w- c:\windows\system32\wudfplatform.dll
2016-07-27 16:26 . 2016-07-27 17:58 22520 ----a-w- c:\windows\system32\wuauserv.dll
2016-07-27 16:26 . 2016-07-27 17:58 183296 ----a-w- c:\windows\system32\wuaueng1.dll
2016-07-27 16:26 . 2016-07-27 17:58 166912 ----a-w- c:\windows\system32\wuauclt1.exe
2016-07-27 16:26 . 2016-07-27 17:41 14848 ----a-w- c:\windows\system32\wsmprovhost.exe
2016-07-27 16:26 . 2016-07-27 17:41 12288 ----a-w- c:\windows\system32\wsmplpxy.dll
2016-07-27 16:26 . 2016-07-27 17:41 363520 ----a-w- c:\windows\system32\WsmRes.dll
2016-07-27 16:26 . 2016-07-27 17:41 209408 ----a-w- c:\windows\system32\WsmWmiPl.dll
2016-07-27 16:26 . 2016-07-27 17:41 139776 ----a-w- c:\windows\system32\WsmAuto.dll
2016-07-27 16:26 . 2016-07-27 17:41 1107456 ----a-w- c:\windows\system32\WsmSvc.dll
2016-07-27 16:26 . 2016-07-27 16:26 50688 ----a-w- c:\windows\system32\wstdecod.dll
2016-07-27 16:26 . 2016-07-27 16:26 41984 ----a-w- c:\windows\system32\wsnmp32.dll
2016-07-27 16:26 . 2016-07-27 16:26 24576 ----a-w- c:\windows\system32\wsock32.dll
2016-07-27 16:26 . 2016-07-27 16:26 18432 ----a-w- c:\windows\system32\wtsapi32.dll
2016-07-27 16:26 . 2016-07-27 16:26 164352 ----a-w- c:\windows\system32\wstpager.ax
2016-07-27 16:26 . 2016-07-27 16:17 239616 ----a-w- c:\windows\system32\wstrenderer.ax
2016-07-27 16:26 . 2016-07-27 17:41 225280 ----a-w- c:\windows\system32\wsmanhttpconfig.exe
2016-07-27 16:26 . 2016-07-27 16:26 9216 ----a-w- c:\windows\system32\wshatm.dll
2016-07-27 16:26 . 2016-07-27 16:26 90112 ----a-w- c:\windows\system32\wshext.dll
2016-07-27 16:26 . 2016-07-27 16:26 7168 ----a-w- c:\windows\system32\wshnetbs.dll
2016-07-27 16:26 . 2016-07-27 16:26 608256 ----a-w- c:\windows\system32\wsecedit.dll
2016-07-27 16:26 . 2016-07-27 16:26 57392 ----a-w- c:\windows\system32\wshcs.dll
2016-07-27 16:26 . 2016-07-27 16:26 36864 ----a-w- c:\windows\system32\wshcon.dll
2016-07-27 16:26 . 2016-07-27 16:26 19456 ----a-w- c:\windows\system32\wshtcpip.dll
2016-07-27 16:26 . 2016-07-27 16:26 14336 ----a-w- c:\windows\system32\wship6.dll
2016-07-27 16:26 . 2016-07-27 16:26 135168 ----a-w- c:\windows\system32\wshom.ocx
2016-07-27 16:26 . 2016-07-27 16:26 11776 ----a-w- c:\windows\system32\wshisn.dll
2016-07-27 16:26 . 2016-07-27 16:26 11264 ----a-w- c:\windows\system32\WshRm.dll
2016-07-27 16:26 . 2016-07-27 16:26 108032 ----a-w- c:\windows\system32\wshbth.dll
2016-07-27 16:26 . 2016-07-27 17:41 5632 ----a-w- c:\windows\system32\write.exe
2016-07-27 16:26 . 2016-07-27 16:26 82432 ----a-w- c:\windows\system32\ws2_32.dll
2016-07-27 16:26 . 2016-07-27 16:26 80896 ----a-w- c:\windows\system32\wscsvc.dll
2016-07-27 16:26 . 2016-07-27 16:26 629760 ----a-w- c:\windows\system32\wpd_ci.dll
2016-07-27 16:26 . 2016-07-27 16:26 38528 ----a-w- c:\windows\system32\drivers\wpdusb.sys
2016-07-27 16:26 . 2016-07-27 16:26 19968 ----a-w- c:\windows\system32\ws2help.dll
2016-07-27 16:26 . 2016-07-27 16:26 155648 ----a-w- c:\windows\system32\wscript.exe
2016-07-27 16:26 . 2016-07-27 16:26 148480 ----a-w- c:\windows\system32\wscui.cpl
2016-07-27 16:26 . 2016-07-27 16:26 13824 ----a-w- c:\windows\system32\wscntfy.exe
2016-07-27 16:26 . 2016-07-27 16:26 12032 ----a-w- c:\windows\system32\drivers\ws2ifsl.sys
2016-07-27 16:26 . 2016-07-27 16:26 11776 ----a-w- c:\windows\system32\wpnpinst.exe
2016-07-27 16:26 . 2016-07-27 16:26 63488 ----a-w- c:\windows\system32\wpdmtpus.dll
2016-07-27 16:26 . 2016-07-27 16:26 356352 ----a-w- c:\windows\system32\wpdsp.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2016-07-27 . 8F41FD1CC693054347C6FB7B0E618B07 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-08-20 22:55 832488 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GeeTeeDee"="c:\downloads\GeeTeeDeePortable-0.2.642\GeeTeeDeePortable.exe" [2013-11-27 1169920]
"DAEMON Tools Lite Automount"="c:\program files\DAEMON Tools Lite\DTAgent.exe" [2016-03-03 3281600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWPersistentQueuedReporting"="c:\program files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE" [2006-10-26 434528]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-06 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-06 94208]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 569413]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-09-12 9107616]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2016-07-27 15360]
"KB976002-v5"="advpack.dll" [2016-07-27 128512]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2016-07-27 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-23 18:43 926896 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-05-04 11:59 252136 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\ets\\Data aplikací\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Java\\jre7\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [21.8.2016 00:56 60424]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [21.8.2016 00:56 224616]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [21.8.2016 01:11 35096]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [21.8.2016 00:56 735488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [21.8.2016 00:56 433768]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [21.8.2016 00:56 92256]
R3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [21.8.2016 00:56 184592]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [3.3.2016 15:04 1082560]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\drivers\dtlitescsibus.sys [29.7.2016 20:51 26168]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\drivers\dtliteusbbus.sys [29.7.2016 20:52 40504]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29.7.2016 21:58 22856]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [27.7.2016 18:18 9472]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [29.7.2016 21:58 1136608]
S3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [21.8.2016 00:56 34008]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [24.8.2016 00:18 39280]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
.
Obsah adresáře 'Naplánované úlohy'
.
2016-10-02 c:\windows\Tasks\AdobeAAMUpdater-1.0-VASICZEE-7DF074-ets.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2016-09-30 04:09]
.
2016-10-01 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-20 22:55]
.
2016-10-01 c:\windows\Tasks\SafeZone scheduled Autoupdate 1471734788.job
- c:\program files\AVAST Software\SZBrowser\launcher.exe [2016-08-20 08:42]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
mStart Page =
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\ets\Data aplikací\Mozilla\Firefox\Profiles\6hdvf7qt.default\
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search?bcutc=sp-006
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.mylucky123.com/?type=hp&ts=1 ... MHEGK2MHEX
FF - prefs.js: keyword.URL - hxxps://www.google.com/search?bcutc=sp-006
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-WinampAgent - c:\program files\Winamp\Winampa.exe
Notify-RailNotification - (no file)
AddRemove-Microsoft .NET Framework 3.5 SP1 - c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
AddRemove-Microsoft .NET Framework 4 Client Profile - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe
AddRemove-Microsoft .NET Framework 4 Extended - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\documents and settings\All Users\Data aplikací\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-10-02 06:33
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\igfxdev.dll
.
Celkový čas: 2016-10-02 06:37:33
ComboFix-quarantined-files.txt 2016-10-02 04:37
.
Před spuštěním: 1 001 377 792
Po spuštění: 984 821 760
.
- - End Of File - - 0B014BECF22CEE6986D5BFD074A7362E
413FC2A0C716421B3158746D63736515

Příspěvekod **jaro3** » 02 říj 2016 09:55

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\windows\Tasks\AdobeAAMUpdater-1.0-VASICZEE-7DF074-ets.job

Firefox::
FF - ProfilePath - c:\documents and settings\ets\Data aplikací\Mozilla\Firefox\Profiles\6hdvf7qt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.mylucky123.com/?type=hp&ts=1 ... MHEGK2MHEX

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\_default.pif
c:\windows\system32\zipfldr.dll
c:\windows\system32\sfcfiles.dll

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

Ghostwriter · Příspěvekod **Ghostwriter** » 02 říj 2016 11:36

ComboFix 16-09-28.01 - ets 02.10.2016 10:19:51.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.499 [GMT 2:00]
Spuštěný z: c:\documents and settings\ets\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\ets\Plocha\CFScript.txt
AV: Avast Antivirus *Disabled/Updated* {7591db91-41f0-48a3-b128-1a293fd8233d}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
FILE ::
"c:\windows\Tasks\AdobeAAMUpdater-1.0-VASICZEE-7DF074-ets.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\DEBUG.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-09-02 do 2016-10-02 )))))))))))))))))))))))))))))))
.
.
2016-10-01 22:13 . 2016-10-01 21:52 24064 ----a-w- c:\windows\zoek-delete.exe
2016-10-01 21:52 . 2016-10-01 22:08 -------- d-----w- C:\zoek_backup
2016-09-30 21:03 . 2016-10-01 20:31 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-09-30 21:02 . 2016-09-30 21:02 -------- d-----w- c:\program files\RogueKiller
2016-09-30 21:02 . 2016-10-01 21:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RogueKiller
2016-09-30 19:41 . 2016-09-30 19:41 -------- d-----w- c:\documents and settings\ets\Data aplikací\Malwarebytes
2016-09-30 19:41 . 2016-09-30 19:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2016-09-29 10:00 . 2016-09-29 10:00 -------- d-----w- c:\program files\Mozilla Maintenance Service
2016-09-29 08:39 . 2016-09-29 08:39 -------- d-----w- c:\documents and settings\ets\Local Settings\Data aplikací\Firefox
2016-09-29 08:37 . 2016-09-29 08:37 -------- d-----w- c:\documents and settings\ets\Data aplikací\Firefox
2016-09-22 13:58 . 2016-09-22 13:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Temp
2016-09-22 07:00 . 2016-09-22 07:01 -------- d-----w- c:\documents and settings\ets\.mp3splt-gtk
2016-09-22 06:59 . 2016-09-22 06:59 -------- d-----w- c:\program files\mp3splt-gtk
2016-09-09 06:55 . 2016-09-09 06:55 -------- d-----w- c:\documents and settings\ets\Data aplikací\eCyber
2016-09-07 01:00 . 2016-09-07 01:00 -------- d-----w- c:\program files\DVDVideoMedia
2016-09-07 00:50 . 2016-09-07 00:50 -------- d-----w- c:\documents and settings\ets\Data aplikací\Jfuse
2016-09-05 22:00 . 2016-09-07 00:55 -------- d-----w- c:\program files\3GP Cutter
2016-09-05 20:21 . 2016-09-05 20:21 -------- d-----w- c:\program files\ABC 3GP Converter
2016-09-04 11:02 . 2016-09-29 03:23 -------- d-----w- C:\ppp
2016-09-03 18:29 . 2016-09-03 19:37 -------- d-----w- c:\documents and settings\ets\Data aplikací\BSplayer
2016-09-03 18:29 . 2016-09-03 18:29 -------- d-----w- c:\documents and settings\ets\Data aplikací\BSplayer Pro
2016-09-03 18:29 . 2016-09-03 18:29 -------- d-----w- c:\program files\Webteh
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-09-22 13:28 . 2016-08-20 22:56 433768 ----a-w- c:\windows\system32\drivers\aswsp.sys
2016-09-13 19:00 . 2016-08-20 22:56 735488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2016-08-23 22:18 . 2016-08-23 22:18 39280 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2016-08-20 23:11 . 2016-08-20 23:11 35096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-08-20 22:55 . 2016-08-20 22:56 66688 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2016-08-20 22:55 . 2016-08-20 22:56 184592 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2016-08-20 22:55 . 2016-08-20 22:56 224616 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2016-08-20 22:55 . 2016-08-20 22:56 60424 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-08-20 22:55 . 2016-08-20 22:56 92256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-08-20 22:55 . 2016-08-20 22:56 34008 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-08-20 22:55 . 2016-08-20 22:56 64272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2016-08-20 22:55 . 2016-08-20 22:56 319760 ----a-w- c:\windows\system32\aswBoot.exe
2016-08-20 22:55 . 2016-08-20 22:55 53208 ----a-w- c:\windows\avastSS.scr
2016-08-04 00:44 . 2016-08-04 00:44 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-08-04 00:44 . 2016-08-04 00:44 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-07-29 18:52 . 2016-07-29 18:52 40504 ----a-w- c:\windows\system32\drivers\dtliteusbbus.sys
2016-07-29 18:51 . 2016-07-29 18:51 26168 ----a-w- c:\windows\system32\drivers\dtlitescsibus.sys
2016-07-28 13:47 . 2016-07-27 18:01 128000 ----a-w- c:\windows\system32\javacpl.cpl
2016-07-28 13:47 . 2016-07-27 18:01 544656 ----a-w- c:\windows\system32\deployJava1.dll
2016-07-27 18:54 . 2016-07-27 18:54 921280 ----a-w- c:\windows\ucrtbase.dll
2016-07-27 18:41 . 2016-07-27 18:41 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2016-07-27 16:27 . 2016-07-27 16:27 707 ----a-w- c:\windows\_default.pif
2016-07-27 16:27 . 2016-07-27 16:27 338944 ----a-w- c:\windows\system32\zipfldr.dll
2016-07-27 16:27 . 2016-07-27 17:42 575488 ----a-w- c:\windows\system32\xpsshhdr.dll
2016-07-27 16:27 . 2016-07-27 17:42 1676288 ----a-w- c:\windows\system32\xpssvcs.dll
2016-07-27 16:26 . 2016-07-27 17:41 11776 ----a-w- c:\windows\system32\xolehlp.dll
2016-07-27 16:26 . 2016-07-27 16:26 50176 ----a-w- c:\windows\system32\xmlprovi.dll
2016-07-27 16:26 . 2016-07-27 16:26 129024 ----a-w- c:\windows\system32\xmlprov.dll
2016-07-27 16:26 . 2016-07-27 17:42 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2016-07-27 16:26 . 2016-07-27 17:42 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2016-07-27 16:26 . 2016-07-27 17:42 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2016-07-27 16:26 . 2016-07-27 16:26 30720 ----a-w- c:\windows\system32\xcopy.exe
2016-07-27 16:26 . 2016-07-27 16:26 175224 ----a-w- c:\windows\system32\xenroll.dll
2016-07-27 16:26 . 2016-07-27 17:42 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2016-07-27 16:26 . 2016-07-27 17:42 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2016-07-27 16:26 . 2016-07-27 17:42 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2016-07-27 16:26 . 2016-07-27 17:42 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2016-07-27 16:26 . 2016-07-27 17:42 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2016-07-27 16:26 . 2016-07-27 17:42 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2016-07-27 16:26 . 2016-07-27 17:42 507400 ----a-w- c:\windows\system32\XAudio2_1.dll
2016-07-27 16:26 . 2016-07-27 17:42 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2016-07-27 16:26 . 2016-07-27 17:42 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2016-07-27 16:26 . 2016-07-27 17:42 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2016-07-27 16:26 . 2016-07-27 17:42 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2016-07-27 16:26 . 2016-07-27 17:42 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2016-07-27 16:26 . 2016-07-27 17:42 65032 ----a-w- c:\windows\system32\XAPOFX1_0.dll
2016-07-27 16:26 . 2016-07-27 17:42 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2016-07-27 16:26 . 2016-07-27 16:26 91648 ----a-w- c:\windows\system32\xactsrv.dll
2016-07-27 16:26 . 2016-07-27 16:26 383488 ----a-w- c:\windows\system32\wzcdlg.dll
2016-07-27 16:26 . 2016-07-27 17:42 1302600 ----a-w- c:\windows\system32\WUDFUpdate_01007.dll
2016-07-27 16:26 . 2016-07-27 17:42 53248 ----a-w- c:\windows\system32\drivers\UMDF\wudfusbcciddriver.dll
2016-07-27 16:26 . 2016-07-27 16:26 82944 ----a-w- c:\windows\system32\drivers\wudfrd.sys
2016-07-27 16:26 . 2016-07-27 16:26 77568 ----a-w- c:\windows\system32\drivers\wudfpf.sys
2016-07-27 16:26 . 2016-07-27 16:26 55808 ----a-w- c:\windows\system32\wudfsvc.dll
2016-07-27 16:26 . 2016-07-27 16:26 32256 ----a-w- c:\windows\system32\wupdmgr.exe
2016-07-27 16:26 . 2016-07-27 16:26 316416 ----a-w- c:\windows\system32\wudfx.dll
2016-07-27 16:26 . 2016-07-27 16:26 146432 ----a-w- c:\windows\system32\wudfhost.exe
2016-07-27 16:26 . 2016-07-27 16:17 95344 ----a-w- c:\windows\system32\wudfcoinstaller.dll
2016-07-27 16:26 . 2016-07-27 16:17 165376 ----a-w- c:\windows\system32\wudfplatform.dll
2016-07-27 16:26 . 2016-07-27 17:58 22520 ----a-w- c:\windows\system32\wuauserv.dll
2016-07-27 16:26 . 2016-07-27 17:58 183296 ----a-w- c:\windows\system32\wuaueng1.dll
2016-07-27 16:26 . 2016-07-27 17:58 166912 ----a-w- c:\windows\system32\wuauclt1.exe
2016-07-27 16:26 . 2016-07-27 17:41 14848 ----a-w- c:\windows\system32\wsmprovhost.exe
2016-07-27 16:26 . 2016-07-27 17:41 12288 ----a-w- c:\windows\system32\wsmplpxy.dll
2016-07-27 16:26 . 2016-07-27 17:41 363520 ----a-w- c:\windows\system32\WsmRes.dll
2016-07-27 16:26 . 2016-07-27 17:41 209408 ----a-w- c:\windows\system32\WsmWmiPl.dll
2016-07-27 16:26 . 2016-07-27 17:41 139776 ----a-w- c:\windows\system32\WsmAuto.dll
2016-07-27 16:26 . 2016-07-27 17:41 1107456 ----a-w- c:\windows\system32\WsmSvc.dll
2016-07-27 16:26 . 2016-07-27 16:26 50688 ----a-w- c:\windows\system32\wstdecod.dll
2016-07-27 16:26 . 2016-07-27 16:26 41984 ----a-w- c:\windows\system32\wsnmp32.dll
2016-07-27 16:26 . 2016-07-27 16:26 24576 ----a-w- c:\windows\system32\wsock32.dll
2016-07-27 16:26 . 2016-07-27 16:26 18432 ----a-w- c:\windows\system32\wtsapi32.dll
2016-07-27 16:26 . 2016-07-27 16:26 164352 ----a-w- c:\windows\system32\wstpager.ax
2016-07-27 16:26 . 2016-07-27 16:17 239616 ----a-w- c:\windows\system32\wstrenderer.ax
2016-07-27 16:26 . 2016-07-27 17:41 225280 ----a-w- c:\windows\system32\wsmanhttpconfig.exe
2016-07-27 16:26 . 2016-07-27 16:26 9216 ----a-w- c:\windows\system32\wshatm.dll
2016-07-27 16:26 . 2016-07-27 16:26 90112 ----a-w- c:\windows\system32\wshext.dll
2016-07-27 16:26 . 2016-07-27 16:26 7168 ----a-w- c:\windows\system32\wshnetbs.dll
2016-07-27 16:26 . 2016-07-27 16:26 608256 ----a-w- c:\windows\system32\wsecedit.dll
2016-07-27 16:26 . 2016-07-27 16:26 57392 ----a-w- c:\windows\system32\wshcs.dll
2016-07-27 16:26 . 2016-07-27 16:26 36864 ----a-w- c:\windows\system32\wshcon.dll
2016-07-27 16:26 . 2016-07-27 16:26 19456 ----a-w- c:\windows\system32\wshtcpip.dll
2016-07-27 16:26 . 2016-07-27 16:26 14336 ----a-w- c:\windows\system32\wship6.dll
2016-07-27 16:26 . 2016-07-27 16:26 135168 ----a-w- c:\windows\system32\wshom.ocx
2016-07-27 16:26 . 2016-07-27 16:26 11776 ----a-w- c:\windows\system32\wshisn.dll
2016-07-27 16:26 . 2016-07-27 16:26 11264 ----a-w- c:\windows\system32\WshRm.dll
2016-07-27 16:26 . 2016-07-27 16:26 108032 ----a-w- c:\windows\system32\wshbth.dll
2016-07-27 16:26 . 2016-07-27 17:41 5632 ----a-w- c:\windows\system32\write.exe
2016-07-27 16:26 . 2016-07-27 16:26 82432 ----a-w- c:\windows\system32\ws2_32.dll
2016-07-27 16:26 . 2016-07-27 16:26 80896 ----a-w- c:\windows\system32\wscsvc.dll
2016-07-27 16:26 . 2016-07-27 16:26 629760 ----a-w- c:\windows\system32\wpd_ci.dll
2016-07-27 16:26 . 2016-07-27 16:26 38528 ----a-w- c:\windows\system32\drivers\wpdusb.sys
2016-07-27 16:26 . 2016-07-27 16:26 19968 ----a-w- c:\windows\system32\ws2help.dll
2016-07-27 16:26 . 2016-07-27 16:26 155648 ----a-w- c:\windows\system32\wscript.exe
2016-07-27 16:26 . 2016-07-27 16:26 148480 ----a-w- c:\windows\system32\wscui.cpl
2016-07-27 16:26 . 2016-07-27 16:26 13824 ----a-w- c:\windows\system32\wscntfy.exe
2016-07-27 16:26 . 2016-07-27 16:26 12032 ----a-w- c:\windows\system32\drivers\ws2ifsl.sys
2016-07-27 16:26 . 2016-07-27 16:26 11776 ----a-w- c:\windows\system32\wpnpinst.exe
2016-07-27 16:26 . 2016-07-27 16:26 63488 ----a-w- c:\windows\system32\wpdmtpus.dll
2016-07-27 16:26 . 2016-07-27 16:26 356352 ----a-w- c:\windows\system32\wpdsp.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2016-07-27 . 8F41FD1CC693054347C6FB7B0E618B07 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-08-20 22:55 832488 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GeeTeeDee"="c:\downloads\GeeTeeDeePortable-0.2.642\GeeTeeDeePortable.exe" [2013-11-27 1169920]
"DAEMON Tools Lite Automount"="c:\program files\DAEMON Tools Lite\DTAgent.exe" [2016-03-03 3281600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWPersistentQueuedReporting"="c:\program files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE" [2006-10-26 434528]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-06 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-06 94208]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 569413]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-09-12 9107616]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2016-07-27 15360]
"KB976002-v5"="advpack.dll" [2016-07-27 128512]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2016-07-27 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-23 18:43 926896 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-05-04 11:59 252136 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\ets\\Data aplikací\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Java\\jre7\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [21.8.2016 00:56 60424]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [21.8.2016 00:56 224616]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [21.8.2016 01:11 35096]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [21.8.2016 00:56 735488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [21.8.2016 00:56 433768]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [21.8.2016 00:56 92256]
R3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [21.8.2016 00:56 184592]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [3.3.2016 15:04 1082560]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\drivers\dtlitescsibus.sys [29.7.2016 20:51 26168]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\drivers\dtliteusbbus.sys [29.7.2016 20:52 40504]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29.7.2016 21:58 22856]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [27.7.2016 18:18 9472]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [29.7.2016 21:58 1136608]
S3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [21.8.2016 00:56 34008]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [24.8.2016 00:18 39280]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
.
Obsah adresáře 'Naplánované úlohy'
.
2016-10-02 c:\windows\Tasks\AdobeAAMUpdater-1.0-VASICZEE-7DF074-ets.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2016-09-30 04:09]
.
2016-10-02 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-20 22:55]
.
2016-10-02 c:\windows\Tasks\SafeZone scheduled Autoupdate 1471734788.job
- c:\program files\AVAST Software\SZBrowser\launcher.exe [2016-08-20 08:42]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
mStart Page =
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\ets\Data aplikací\Mozilla\Firefox\Profiles\6hdvf7qt.default\
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search?bcutc=sp-006
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxps://www.google.com/search?bcutc=sp-006
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-10-02 10:36
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3960)
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\MSVCP140.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\VCRUNTIME140.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\ucrtbase.DLL
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-core-string-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-core-errorhandling-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-core-file-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-core-namedpipe-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-core-handle-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-core-file-l2-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-core-heap-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-core-libraryloader-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-core-synch-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-core-processthreads-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-core-processenvironment-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-core-datetime-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-core-localization-l1-2-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-core-sysinfo-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-core-synch-l1-2-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-core-console-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-core-debug-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-core-file-l1-2-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-core-profile-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-core-memory-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-core-util-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-core-rtlsupport-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-core-interlocked-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-crt-string-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-crt-math-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-crt-time-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.24210.0_x-ww_0869468e\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\RTHDCPL.EXE
c:\docume~1\ets\LOCALS~1\Temp\RtkBtMnt.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Celkový čas: 2016-10-02 10:41:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-10-02 08:41
ComboFix2.txt 2016-10-02 04:37
.
Před spuštěním: 977 858 560
Po spuštění: 964 321 280
.
- - End Of File - - 4AAF7FB0D4CB2D99B616B7E48DE75637
413FC2A0C716421B3158746D63736515

Ghostwriter · Příspěvekod **Ghostwriter** » 02 říj 2016 11:37

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-10-02 10:42:17
-----------------------------
10:42:17.328 OS Version: Windows 5.1.2600 Service Pack 3
10:42:17.328 Number of processors: 2 586 0xF02
10:42:17.328 ComputerName: VASICZEE-7DF074 UserName: ets
10:42:17.828 Initialize success
10:42:17.828 VM: initialized successfully
10:42:17.828 VM: Intel CPU BiosDisabled
10:42:26.703 AVAST engine defs: 16100104
10:42:41.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:42:41.343 Disk 0 Vendor: Hitachi_HTS541612J9SA00 SBDOC70P Size: 114473MB BusType: 3
10:42:41.578 Disk 0 MBR read successfully
10:42:41.578 Disk 0 MBR scan
10:42:41.750 Disk 0 Windows XP default MBR code
10:42:41.765 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 57223 MB offset 16128
10:42:41.796 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 57231 MB offset 117226305
10:42:41.812 Disk 0 Boot: NTFS code=1
10:42:41.921 Disk 0 scanning sectors +234436545
10:42:42.171 Disk 0 scanning C:\WINDOWS\system32\drivers
10:43:50.375 Service scanning
10:44:19.359 Modules scanning
10:44:19.406 Disk 0 trace - called modules:
10:44:19.437 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
10:44:19.453 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8654fab8]
10:44:19.453 3 CLASSPNP.SYS[f75fefd7] -> nt!IofCallDriver -> \Device\00000082[0x865639e8]
10:44:19.453 5 ACPI.sys[f7495620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8657a940]
10:44:21.968 AVAST engine scan C:\WINDOWS
10:44:27.703 AVAST engine scan C:\WINDOWS\system32
10:51:29.546 AVAST engine scan C:\WINDOWS\system32\drivers
10:51:56.453 AVAST engine scan C:\Documents and Settings\ets
11:30:38.921 AVAST engine scan C:\Documents and Settings\All Users
11:35:04.203 Disk 0 statistics 2124175/0/0 @ 0,43 MB/s
11:35:04.218 Scan finished successfully
11:36:14.031 Disk 0 MBR has been saved successfully to "C:\downloads\MBR.dat"
11:36:14.062 The log file has been saved successfully to "C:\downloads\2_aswMBR.txt"

Ghostwriter · Příspěvekod **Ghostwriter** » 02 říj 2016 11:37

https://www.virustotal.com/cs/file/75ca ... 475397971/
https://www.virustotal.com/cs/file/a7fa ... 475398036/
https://www.virustotal.com/cs/file/f2b9 ... 475398086/

Příspěvekod **jaro3** » 02 říj 2016 14:32

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Aktualizuj javu:
http://www.oracle.com/technetwork/java/ ... 33155.html
Java SE Runtime Environment 8

Klikni na Accept License Agreement
Vyber si OS (Windows nebo Windows x64, Offline Installation)
jre-8-windows-i586-p.exe nebo
jre-8-windows-x64.exe
Stáhni ( download) a nainstaluj.
Ostatní javy odeber v přidat/odebrat programy.

Vlož nový log z HJT + informuj o problémech

Ghostwriter · Příspěvekod **Ghostwriter** » 03 říj 2016 21:08

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:04:02, on 3.10.2016
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

FIREFOX: 49.0.1 (x86 cs)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\downloads\GeeTeeDeePortable-0.2.642\GeeTeeDeePortable.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\ets\LOCALS~1\Temp\RtkBtMnt.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
c:\downloads\HijackThis.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\taskmgr.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -

C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program

Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -

C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\Program Files\Common Files\Microsoft

Shared\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf

Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft

Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe"

/nogui
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common

Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common

Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common

Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java

Update\jusched.exe
O4 - HKCU\..\Run: [GeeTeeDee]

C:\downloads\GeeTeeDeePortable-0.2.642\GeeTeeDeePortable.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools

Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [KB976002-v5] rundll32.exe advpack.dll,LaunchINFSection

OPMWXPUP.inf,BrowserChoiceGoo (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default

user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel -

res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program

Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote -

{2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -

C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} -

C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí -

{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program

Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools

Lite\DiscSoftBusService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation -

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation -

C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes

Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation -

C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation -

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation -

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common

Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 7390 bytes

prosím o kontrolu - pomalý firefox Vyřešeno

Re: prosím o kontrolu - pomalý firefox

Re: prosím o kontrolu - pomalý firefox

Re: prosím o kontrolu - pomalý firefox

Re: prosím o kontrolu - pomalý firefox

Re: prosím o kontrolu - pomalý firefox

Re: prosím o kontrolu - pomalý firefox

Re: prosím o kontrolu - pomalý firefox

Re: prosím o kontrolu - pomalý firefox

Re: prosím o kontrolu - pomalý firefox

Re: prosím o kontrolu - pomalý firefox

Re: prosím o kontrolu - pomalý firefox

Re: prosím o kontrolu - pomalý firefox

Kdo je online