Prosím o preventivní kontrolu logu Vyřešeno

[memphisto]

Ten Rogue je bez smazaných položek. Smaž a dodej log.

[Reklama]

[Adam15]

já ale jinčí log nemám a kdaž to dám znovu tak tam žádné soubory nejsou na smazíní

[jaro3]

Ještě jednou:

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.

Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "

- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje "Smazání skončeno "
- Klikni na "Zprávy " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[Adam15]

RogueKiller V8.6.5 [Aug 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Adam [Práva správce]
Mód : Odebrat -- Datum : 08/18/2013 10:16:51
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Address] IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([Address] sfsync02.sys @ 0xB8338D60)

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD403LJ +++++
--- User ---
[MBR] 762a103dc176ffd376e9d2386f70a0a6
[BSP] d7ba74b7f09f179dbeb2d59a0783b7ff : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 40962 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 83891430 | Size: 340581 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_D_08182013_101651.txt >>
RKreport[0]_S_08182013_101639.txt

[jaro3]

Log OK , ještě Combofix , měl si tam nákazy , trojany , takže musíme pokračovat. Preventivní kontrola to není.

[Adam15]

ComboFix 13-08-16.03 - Adam 18.08.2013 10:26:19.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1489 [GMT 2:00]
Spuštěný z: c:\documents and settings\Adam\Plocha\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0405.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\1f62f39e4236b401.fb
c:\windows\system32\Cache\2106aadfa4e0bf4b.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d214f0eef0d7aa16.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d55c9aeacff49a0f.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\frapsvid.dll
c:\windows\system32\SET5A7.tmp
c:\windows\system32\SET5AB.tmp
c:\windows\system32\SET5B3.tmp
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-07-18 do 2013-08-18 )))))))))))))))))))))))))))))))
.
.
2013-08-17 12:31 . 2013-08-17 12:31 -------- d-----w- c:\windows\ERUNT
2013-08-17 11:17 . 2013-08-17 11:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-17 11:17 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-04 17:31 . 2013-08-04 17:31 22560 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS
2013-08-04 17:30 . 2013-08-04 17:30 -------- d-----w- c:\program files\HWiNFO32
2013-08-04 16:36 . 2013-08-04 16:37 -------- d-----w- c:\program files\CrystalDiskInfo
2013-07-30 18:04 . 2013-07-30 18:04 -------- d-----w- c:\documents and settings\UpdatusUser\Local Settings\Data aplikací\NVIDIA
2013-07-30 18:02 . 2013-07-30 18:02 -------- d-----w- c:\documents and settings\UpdatusUser\Local Settings\Data aplikací\Google
2013-07-30 18:01 . 2013-07-30 18:01 -------- d-----w- C:\NvidiaLogging
2013-07-19 20:11 . 2013-07-19 20:11 -------- d-----w- c:\documents and settings\Adam\Local Settings\Data aplikací\WMTools Downloaded Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-14 16:28 . 2013-03-31 12:59 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-07-29 19:07 . 2013-02-25 12:15 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-29 19:07 . 2013-02-25 12:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-26 02:49 . 2004-08-18 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:48 . 2004-08-18 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-07-26 02:48 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:52 . 2004-08-18 12:00 385024 ------w- c:\windows\system32\html.iec
2013-07-19 23:51 . 2013-02-08 02:37 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-07-19 23:50 . 2013-03-29 00:53 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-19 23:50 . 2013-02-08 02:37 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-07-19 23:50 . 2013-02-08 02:37 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-07-10 10:37 . 2004-08-18 12:00 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-09 23:32 . 2013-02-08 02:37 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-07-07 15:07 . 2013-07-07 15:07 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-07 15:07 . 2013-07-07 15:07 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-07-07 15:07 . 2013-02-25 12:18 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-07 15:07 . 2013-02-25 12:18 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-04 07:34 . 2004-08-17 15:45 2072320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-04 07:34 . 2004-08-18 12:00 2195712 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-30 23:45 . 2013-02-08 02:37 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-06-21 12:02 . 2013-07-03 14:21 893728 ----a-w- c:\windows\system32\nvdispgenco3232049.dll
2013-06-21 12:02 . 2013-07-03 14:21 1024288 ----a-w- c:\windows\system32\nvdispco3232049.dll
2013-06-21 12:02 . 2013-06-25 20:00 20197376 ----a-w- c:\windows\system32\nvoglnt.dll
2013-06-21 12:02 . 2013-02-25 11:15 57344 ----a-w- c:\windows\system32\OpenCL.dll
2013-06-21 12:02 . 2013-02-25 11:15 6320128 ----a-w- c:\windows\system32\nvopencl.dll
2013-06-21 12:02 . 2013-02-25 11:15 2783008 ----a-w- c:\windows\system32\nvcuvid.dll
2013-06-21 12:02 . 2013-02-25 11:15 2002720 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-06-21 12:02 . 2013-02-25 11:15 7663616 ----a-w- c:\windows\system32\nvcuda.dll
2013-06-21 12:02 . 2013-02-25 11:15 4014592 ----a-w- c:\windows\system32\nv4_disp.dll
2013-06-21 12:02 . 2013-02-25 11:15 2548736 ----a-w- c:\windows\system32\nvapi.dll
2013-06-21 12:02 . 2013-02-25 11:15 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2013-06-21 12:02 . 2013-02-25 11:15 10973504 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2013-06-21 09:56 . 2013-06-25 20:05 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2013-06-21 09:56 . 2013-06-25 20:05 126976 ----a-w- c:\windows\system32\nvrszht.dll
2013-06-21 09:56 . 2013-06-25 20:05 258048 ----a-w- c:\windows\system32\nvrstr.dll
2013-06-21 09:56 . 2013-06-25 20:05 253952 ----a-w- c:\windows\system32\nvrsth.dll
2013-06-21 09:56 . 2013-06-25 20:05 258048 ----a-w- c:\windows\system32\nvrssl.dll
2013-06-21 09:56 . 2013-06-25 20:05 258048 ----a-w- c:\windows\system32\nvrssk.dll
2013-06-21 09:56 . 2013-06-25 20:05 253952 ----a-w- c:\windows\system32\nvrssv.dll
2013-06-21 09:56 . 2013-06-25 20:05 274432 ----a-w- c:\windows\system32\nvrspt.dll
2013-06-21 09:56 . 2013-06-25 20:05 270336 ----a-w- c:\windows\system32\nvrsru.dll
2013-06-21 09:56 . 2013-06-25 20:05 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2013-06-21 09:56 . 2013-06-25 20:05 282624 ----a-w- c:\windows\system32\nvrsit.dll
2013-06-21 09:56 . 2013-06-25 20:05 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2013-06-21 09:56 . 2013-06-25 20:05 274432 ----a-w- c:\windows\system32\nvrsja.dll
2013-06-21 09:56 . 2013-06-25 20:05 266240 ----a-w- c:\windows\system32\nvrsko.dll
2013-06-21 09:56 . 2013-06-25 20:05 262144 ----a-w- c:\windows\system32\nvrshu.dll
2013-06-21 09:56 . 2013-06-25 20:05 258048 ----a-w- c:\windows\system32\nvrspl.dll
2013-06-21 09:56 . 2013-06-25 20:05 253952 ----a-w- c:\windows\system32\nvrsno.dll
2013-06-21 09:56 . 2013-06-25 20:05 335872 ----a-w- c:\windows\system32\nvrshe.dll
2013-06-21 09:56 . 2013-06-25 20:05 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2013-06-21 09:56 . 2013-06-25 20:05 282624 ----a-w- c:\windows\system32\nvrses.dll
2013-06-21 09:56 . 2013-06-25 20:05 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2013-06-21 09:56 . 2013-06-25 20:05 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2013-06-21 09:56 . 2013-06-25 20:05 282624 ----a-w- c:\windows\system32\nvrsel.dll
2013-06-21 09:56 . 2013-06-25 20:05 278528 ----a-w- c:\windows\system32\nvrsde.dll
2013-06-21 09:56 . 2013-06-25 20:05 249856 ----a-w- c:\windows\system32\nvrseng.dll
2013-06-21 09:56 . 2013-06-25 20:05 335872 ----a-w- c:\windows\system32\nvrsar.dll
2013-06-21 09:56 . 2013-06-25 20:05 253952 ----a-w- c:\windows\system32\nvrsda.dll
2013-06-21 09:56 . 2013-06-25 20:05 249856 ----a-w- c:\windows\system32\nvrscs.dll
2013-06-21 09:54 . 2013-02-25 11:15 54272 ----a-w- c:\windows\system32\nvwddi.dll
2013-06-21 09:54 . 2013-02-25 11:15 156960 ----a-w- c:\windows\system32\nvsvc32.exe
2013-06-21 09:54 . 2013-02-25 11:15 15677728 ----a-w- c:\windows\system32\nvcpl.dll
2013-06-21 09:54 . 2013-02-25 11:15 144160 ----a-w- c:\windows\system32\nvcolor.exe
2013-06-21 09:54 . 2013-02-25 11:15 223008 ----a-w- c:\windows\system32\nvmctray.dll
2013-06-12 11:05 . 2013-06-12 11:05 9089416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-06-05 16:55 . 2013-05-14 15:15 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2013-06-05 09:08 . 2004-08-18 12:00 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 07:23 . 2004-08-18 12:00 563712 ----a-w- c:\windows\system32\qedit.dll
2013-05-28 13:05 . 2013-06-18 16:50 163328 ----a-w- c:\windows\system32\FlashPlayerUpdateService.exe
2013-05-28 01:59 . 2004-08-18 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2013-05-28 01:05 . 2008-05-05 06:25 6656 ----a-w- c:\windows\system32\xpsp4res.dll
2013-05-27 11:44 . 2013-05-27 11:44 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"uTorrent"="c:\documents and settings\Adam\Data aplikací\uTorrent\uTorrent.exe" [2013-04-15 802136]
"Facebook Update"="c:\documents and settings\Adam\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" [2013-04-29 138096]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"Steam"="d:\program files (programy)\Steam\steam.exe" [2013-07-26 1807272]
"Fraps"="c:\fraps\FRAPS.EXE" [2011-07-31 2523312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"SkyTel"="SkyTel.EXE" [2007-06-15 1826816]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Printsrv"="c:\windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs" [2013-05-01 543]
"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-27 1028896]
"LogMeIn Hamachi Ui"="d:\program files (programy)\HAMACHI\hamachi-2-ui.exe" [2013-06-28 2255184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-06-21 15677728]
"NvMediaCenter"="NvMCTray.dll" [2013-06-21 223008]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-06-21 2586912]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-06-30 4411440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Adam\\Data aplikací\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Torrenty\\CRYSIS 2 CZ\\bin32\\Crysis2.exe"=
"c:\\Documents and Settings\\Adam\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"d:\\Program Files (Hry)\\Riot Games\\League of Legends\\League of Legends\\lol.launcher.exe"=
"d:\\Program Files (Hry)\\Ubisoft\\Assassins Creed\\AssassinsCreed_Dx9.exe"=
"d:\\Program Files (Hry)\\Ubisoft\\Assassins Creed\\AssassinsCreed_Dx10.exe"=
"d:\\Program Files (Hry)\\Ubisoft\\Assassins Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\alan wakes american nightmare\\alan_wakes_american_nightmare.exe"=
"d:\\Program Files (Programy)\\Steam\\Steam.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"d:\\Program Files (Programy)\\Steam\\SteamApps\\common\\Team Fortress 2\\hl2.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10:UDP"= 10:UDP:T-mobile
"2099:TCP"= 2099:TCP:lol
"443:TCP"= 443:TCP:HTTPS
"21:TCP"= 21:TCP:FTP
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [8.2.2013 4:37 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [8.2.2013 4:37 246072]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [8.2.2013 4:37 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [29.3.2013 2:53 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [1.3.2013 10:32 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [8.2.2013 4:37 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21.3.2013 3:08 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [31.3.2013 14:59 37664]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [27.5.2013 13:44 242240]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [4.8.2013 19:31 22560]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [4.7.2013 15:53 4939312]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [23.7.2013 19:09 283136]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\program files (programy)\HAMACHI\hamachi-2.exe [28.6.2013 14:02 1440080]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [21.6.2013 9:53 162408]
S2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys --> c:\windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys --> c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [?]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys --> c:\windows\system32\DRIVERS\ew_jucdcacm.sys [?]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\DRIVERS\ew_jucdcecm.sys --> c:\windows\system32\DRIVERS\ew_jucdcecm.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys --> c:\windows\system32\DRIVERS\ew_juextctrl.sys [?]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [31.3.2013 10:28 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [31.3.2013 10:28 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [31.3.2013 10:28 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [31.3.2013 10:28 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [31.3.2013 10:28 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [31.3.2013 10:28 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [31.3.2013 10:28 123504]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-01 17:46 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-29 19:07]
.
2013-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-25 11:22]
.
2013-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-25 11:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Adam\Data aplikací\Mozilla\Firefox\Profiles\zdel6b2l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: 2013-07-06 19:39; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Adobe Photoshop 7.0 CE - c:\windows\ISUN0405.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-18 10:32
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1454471165-688789844-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1454471165-688789844-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:cc,ba,2b,38,f1,9d,0b,96,ee,14,7b,78,54,58,bf,7a,a2,bf,6c,66,06,
b3,47,2d,ca,b7,8b,30,0d,0b,47,75,e2,1b,c7,c2,5a,ff,07,e7,63,57,c3,31,26,e3,\
"rkeysecu"=hex:10,b5,0c,23,b4,ef,23,c9,44,03,e4,d4,7f,7b,3c,c6
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2013-08-18 10:33:46
ComboFix-quarantined-files.txt 2013-08-18 08:33
.
Před spuštěním: 9 126 744 064
Po spuštění: 9 242 587 136
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 631223EC6E4EE2FB6ED6386676F13236
413FC2A0C716421B3158746D63736515

[jaro3]

Odinstaluj:
AVG Secure Search


Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\documents and settings\Adam\Local Settings\Data aplikací\Facebook\Update
c:\program files\Skype\Updater
c:\program files\Common Files\AVG Secure Search

Driver::
SkypeUpdate
vToolbarUpdater15.5.0
ew_usbenumfilter
huawei_cdcacm;huawei_cdcacm
huawei_cdcecm;huawei_cdcecm
huawei_enumerator
huawei_ext_ctrl;huawei_ext_ctrl

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"=-

RegLock::
[HKEY_USERS\S-1-5-21-1454471165-688789844-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

"2099:TCP"= 2099:TCP:lol
"443:TCP"= 443:TCP:HTTPS
"21:TCP"= 21:TCP:FTP
Ty porty znáš?

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[Adam15]

ComboFix 13-08-16.03 - Adam 18.08.2013 11:08:39.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1372 [GMT 2:00]
Spuštěný z: c:\documents and settings\Adam\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Adam\Plocha\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SKYPEUPDATE
-------\Legacy_VTOOLBARUPDATER15.5.0
-------\Service_ew_usbenumfilter
-------\Service_huawei_enumerator
-------\Service_SkypeUpdate
-------\Service_vToolbarUpdater15.5.0
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-07-18 do 2013-08-18 )))))))))))))))))))))))))))))))
.
.
2013-08-17 12:31 . 2013-08-17 12:31 -------- d-----w- c:\windows\ERUNT
2013-08-17 11:17 . 2013-08-17 11:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-17 11:17 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-04 17:31 . 2013-08-04 17:31 22560 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS
2013-08-04 17:30 . 2013-08-04 17:30 -------- d-----w- c:\program files\HWiNFO32
2013-08-04 16:36 . 2013-08-04 16:37 -------- d-----w- c:\program files\CrystalDiskInfo
2013-07-30 18:04 . 2013-07-30 18:04 -------- d-----w- c:\documents and settings\UpdatusUser\Local Settings\Data aplikací\NVIDIA
2013-07-30 18:02 . 2013-07-30 18:02 -------- d-----w- c:\documents and settings\UpdatusUser\Local Settings\Data aplikací\Google
2013-07-30 18:01 . 2013-07-30 18:01 -------- d-----w- C:\NvidiaLogging
2013-07-19 20:11 . 2013-07-19 20:11 -------- d-----w- c:\documents and settings\Adam\Local Settings\Data aplikací\WMTools Downloaded Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-14 16:28 . 2013-03-31 12:59 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-07-29 19:07 . 2013-02-25 12:15 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-29 19:07 . 2013-02-25 12:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-26 02:49 . 2004-08-18 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:48 . 2004-08-18 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-07-26 02:48 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:52 . 2004-08-18 12:00 385024 ------w- c:\windows\system32\html.iec
2013-07-19 23:51 . 2013-02-08 02:37 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-07-19 23:50 . 2013-03-29 00:53 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-19 23:50 . 2013-02-08 02:37 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-07-19 23:50 . 2013-02-08 02:37 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-07-10 10:37 . 2004-08-18 12:00 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-09 23:32 . 2013-02-08 02:37 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-07-07 15:07 . 2013-07-07 15:07 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-07 15:07 . 2013-07-07 15:07 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-07-07 15:07 . 2013-02-25 12:18 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-07 15:07 . 2013-02-25 12:18 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-04 07:34 . 2004-08-17 15:45 2072320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-04 07:34 . 2004-08-18 12:00 2195712 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-30 23:45 . 2013-02-08 02:37 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-06-21 12:02 . 2013-07-03 14:21 893728 ----a-w- c:\windows\system32\nvdispgenco3232049.dll
2013-06-21 12:02 . 2013-07-03 14:21 1024288 ----a-w- c:\windows\system32\nvdispco3232049.dll
2013-06-21 12:02 . 2013-06-25 20:00 20197376 ----a-w- c:\windows\system32\nvoglnt.dll
2013-06-21 12:02 . 2013-02-25 11:15 57344 ----a-w- c:\windows\system32\OpenCL.dll
2013-06-21 12:02 . 2013-02-25 11:15 6320128 ----a-w- c:\windows\system32\nvopencl.dll
2013-06-21 12:02 . 2013-02-25 11:15 2783008 ----a-w- c:\windows\system32\nvcuvid.dll
2013-06-21 12:02 . 2013-02-25 11:15 2002720 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-06-21 12:02 . 2013-02-25 11:15 7663616 ----a-w- c:\windows\system32\nvcuda.dll
2013-06-21 12:02 . 2013-02-25 11:15 4014592 ----a-w- c:\windows\system32\nv4_disp.dll
2013-06-21 12:02 . 2013-02-25 11:15 2548736 ----a-w- c:\windows\system32\nvapi.dll
2013-06-21 12:02 . 2013-02-25 11:15 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2013-06-21 12:02 . 2013-02-25 11:15 10973504 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2013-06-21 09:56 . 2013-06-25 20:05 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2013-06-21 09:56 . 2013-06-25 20:05 126976 ----a-w- c:\windows\system32\nvrszht.dll
2013-06-21 09:56 . 2013-06-25 20:05 258048 ----a-w- c:\windows\system32\nvrstr.dll
2013-06-21 09:56 . 2013-06-25 20:05 253952 ----a-w- c:\windows\system32\nvrsth.dll
2013-06-21 09:56 . 2013-06-25 20:05 258048 ----a-w- c:\windows\system32\nvrssl.dll
2013-06-21 09:56 . 2013-06-25 20:05 258048 ----a-w- c:\windows\system32\nvrssk.dll
2013-06-21 09:56 . 2013-06-25 20:05 253952 ----a-w- c:\windows\system32\nvrssv.dll
2013-06-21 09:56 . 2013-06-25 20:05 274432 ----a-w- c:\windows\system32\nvrspt.dll
2013-06-21 09:56 . 2013-06-25 20:05 270336 ----a-w- c:\windows\system32\nvrsru.dll
2013-06-21 09:56 . 2013-06-25 20:05 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2013-06-21 09:56 . 2013-06-25 20:05 282624 ----a-w- c:\windows\system32\nvrsit.dll
2013-06-21 09:56 . 2013-06-25 20:05 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2013-06-21 09:56 . 2013-06-25 20:05 274432 ----a-w- c:\windows\system32\nvrsja.dll
2013-06-21 09:56 . 2013-06-25 20:05 266240 ----a-w- c:\windows\system32\nvrsko.dll
2013-06-21 09:56 . 2013-06-25 20:05 262144 ----a-w- c:\windows\system32\nvrshu.dll
2013-06-21 09:56 . 2013-06-25 20:05 258048 ----a-w- c:\windows\system32\nvrspl.dll
2013-06-21 09:56 . 2013-06-25 20:05 253952 ----a-w- c:\windows\system32\nvrsno.dll
2013-06-21 09:56 . 2013-06-25 20:05 335872 ----a-w- c:\windows\system32\nvrshe.dll
2013-06-21 09:56 . 2013-06-25 20:05 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2013-06-21 09:56 . 2013-06-25 20:05 282624 ----a-w- c:\windows\system32\nvrses.dll
2013-06-21 09:56 . 2013-06-25 20:05 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2013-06-21 09:56 . 2013-06-25 20:05 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2013-06-21 09:56 . 2013-06-25 20:05 282624 ----a-w- c:\windows\system32\nvrsel.dll
2013-06-21 09:56 . 2013-06-25 20:05 278528 ----a-w- c:\windows\system32\nvrsde.dll
2013-06-21 09:56 . 2013-06-25 20:05 249856 ----a-w- c:\windows\system32\nvrseng.dll
2013-06-21 09:56 . 2013-06-25 20:05 335872 ----a-w- c:\windows\system32\nvrsar.dll
2013-06-21 09:56 . 2013-06-25 20:05 253952 ----a-w- c:\windows\system32\nvrsda.dll
2013-06-21 09:56 . 2013-06-25 20:05 249856 ----a-w- c:\windows\system32\nvrscs.dll
2013-06-21 09:54 . 2013-02-25 11:15 54272 ----a-w- c:\windows\system32\nvwddi.dll
2013-06-21 09:54 . 2013-02-25 11:15 156960 ----a-w- c:\windows\system32\nvsvc32.exe
2013-06-21 09:54 . 2013-02-25 11:15 15677728 ----a-w- c:\windows\system32\nvcpl.dll
2013-06-21 09:54 . 2013-02-25 11:15 144160 ----a-w- c:\windows\system32\nvcolor.exe
2013-06-21 09:54 . 2013-02-25 11:15 223008 ----a-w- c:\windows\system32\nvmctray.dll
2013-06-12 11:05 . 2013-06-12 11:05 9089416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-06-05 16:55 . 2013-05-14 15:15 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2013-06-05 09:08 . 2004-08-18 12:00 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 07:23 . 2004-08-18 12:00 563712 ----a-w- c:\windows\system32\qedit.dll
2013-05-28 13:05 . 2013-06-18 16:50 163328 ----a-w- c:\windows\system32\FlashPlayerUpdateService.exe
2013-05-28 01:59 . 2004-08-18 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2013-05-28 01:05 . 2008-05-05 06:25 6656 ----a-w- c:\windows\system32\xpsp4res.dll
2013-05-27 11:44 . 2013-05-27 11:44 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"uTorrent"="c:\documents and settings\Adam\Data aplikací\uTorrent\uTorrent.exe" [2013-04-15 802136]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"Steam"="d:\program files (programy)\Steam\steam.exe" [2013-07-26 1807272]
"Fraps"="c:\fraps\FRAPS.EXE" [2011-07-31 2523312]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"SkyTel"="SkyTel.EXE" [2007-06-15 1826816]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Printsrv"="c:\windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs" [2013-05-01 543]
"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-27 1028896]
"LogMeIn Hamachi Ui"="d:\program files (programy)\HAMACHI\hamachi-2-ui.exe" [2013-06-28 2255184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-06-21 15677728]
"NvMediaCenter"="NvMCTray.dll" [2013-06-21 223008]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-06-21 2586912]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-06-30 4411440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Adam\\Data aplikací\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Torrenty\\CRYSIS 2 CZ\\bin32\\Crysis2.exe"=
"c:\\Documents and Settings\\Adam\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"d:\\Program Files (Hry)\\Riot Games\\League of Legends\\League of Legends\\lol.launcher.exe"=
"d:\\Program Files (Hry)\\Ubisoft\\Assassins Creed\\AssassinsCreed_Dx9.exe"=
"d:\\Program Files (Hry)\\Ubisoft\\Assassins Creed\\AssassinsCreed_Dx10.exe"=
"d:\\Program Files (Hry)\\Ubisoft\\Assassins Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\alan wakes american nightmare\\alan_wakes_american_nightmare.exe"=
"d:\\Program Files (Programy)\\Steam\\Steam.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"d:\\Program Files (Programy)\\Steam\\SteamApps\\common\\Team Fortress 2\\hl2.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10:UDP"= 10:UDP:T-mobile
"2099:TCP"= 2099:TCP:lol
"443:TCP"= 443:TCP:HTTPS
"21:TCP"= 21:TCP:FTP
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [8.2.2013 4:37 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [8.2.2013 4:37 246072]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [8.2.2013 4:37 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [29.3.2013 2:53 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [1.3.2013 10:32 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [8.2.2013 4:37 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21.3.2013 3:08 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [31.3.2013 14:59 37664]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [27.5.2013 13:44 242240]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [4.8.2013 19:31 22560]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [4.7.2013 15:53 4939312]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [23.7.2013 19:09 283136]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\program files (programy)\HAMACHI\hamachi-2.exe [28.6.2013 14:02 1440080]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys --> c:\windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys --> c:\windows\system32\DRIVERS\ew_jucdcacm.sys [?]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\DRIVERS\ew_jucdcecm.sys --> c:\windows\system32\DRIVERS\ew_jucdcecm.sys [?]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys --> c:\windows\system32\DRIVERS\ew_juextctrl.sys [?]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [31.3.2013 10:28 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [31.3.2013 10:28 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [31.3.2013 10:28 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [31.3.2013 10:28 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [31.3.2013 10:28 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [31.3.2013 10:28 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [31.3.2013 10:28 123504]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-01 17:46 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-29 19:07]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Adam\Data aplikací\Mozilla\Firefox\Profiles\zdel6b2l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: 2013-07-06 19:39; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-18 11:17
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1454471165-688789844-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1454471165-688789844-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:cc,ba,2b,38,f1,9d,0b,96,ee,14,7b,78,54,58,bf,7a,a2,bf,6c,66,06,
b3,47,2d,ca,b7,8b,30,0d,0b,47,75,e2,1b,c7,c2,5a,ff,07,e7,63,57,c3,31,26,e3,\
"rkeysecu"=hex:10,b5,0c,23,b4,ef,23,c9,44,03,e4,d4,7f,7b,3c,c6
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1324)
c:\program files\NVIDIA Corporation\nview\nview.dll
c:\program files\NVIDIA Corporation\nview\NVWRSCS.DLL
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\windows\system32\rundll32.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2013-08-18 11:18:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-08-18 09:18
ComboFix2.txt 2013-08-18 08:33
.
Před spuštěním: 9 234 305 024
Po spuštění: 9 141 346 304
.
- - End Of File - - 130C2C409A068C7D3200049A1C1D2EE5
413FC2A0C716421B3158746D63736515

[Adam15]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:29:15, on 18.8.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
D:\Program Files (Programy)\HAMACHI\hamachi-2-ui.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Adam\Data aplikací\uTorrent\uTorrent.exe
D:\Program Files (Programy)\Steam\steam.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
D:\Program Files (Programy)\HAMACHI\hamachi-2.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Adam\Plocha\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Printsrv] c:\Windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs
O4 - HKLM\..\Run: [Nvtmru] "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "D:\Program Files (Programy)\HAMACHI\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\Adam\Data aplikací\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "D:\Program Files (Programy)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-21-1454471165-688789844-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1796303750
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - D:\Program Files (Programy)\HAMACHI\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8307 bytes

[Adam15]

AVG Secure searhc sem nikde nenašel abych ho mohl odistalovat jen svůj antivirák, ne ty porty neznám jsou nejak důležité ? nebo nečemu vadí ?

[Adam15]

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-08-18 12:28:47
-----------------------------
12:28:47.390 OS Version: Windows 5.1.2600 Service Pack 3
12:28:47.390 Number of processors: 1 586 0x5F03
12:28:47.390 ComputerName: ADAM-A11F605792 UserName: Adam
12:28:47.750 Initialize success
12:29:13.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10
12:29:13.968 Disk 0 Vendor: SAMSUNG_HD403LJ CT100-13 Size: 381553MB BusType: 3
12:29:14.015 Disk 0 MBR read successfully
12:29:14.015 Disk 0 MBR scan
12:29:14.015 Disk 0 Windows XP default MBR code
12:29:14.015 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 40962 MB offset 63
12:29:14.015 Disk 0 Partition - 00 0F Extended LBA 340581 MB offset 83891430
12:29:14.015 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 340581 MB offset 83891493
12:29:14.031 Disk 0 scanning sectors +781401600
12:29:14.062 Disk 0 scanning C:\WINDOWS\system32\drivers
12:29:17.968 Service scanning
12:29:23.765 Modules scanning
12:29:26.234 Disk 0 trace - called modules:
12:29:26.234 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys pciide.sys PCIIDEX.SYS
12:29:26.734 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6ffab8]
12:29:26.734 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000069[0x8a5d29e8]
12:29:26.734 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-10[0x8a657d98]
12:29:26.734 \Driver\atapi[0x8a6e5f38] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync02.sys[0xb8338d60]
12:29:26.734 Scan finished successfully
12:29:38.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Adam\Plocha\MBR.dat"
12:29:38.468 The log file has been saved successfully to "C:\Documents and Settings\Adam\Plocha\aswMBR.txt"

[Adam15]

už je hotovo ? o.O