Kontrola logu Vyřešeno

[mlha]

ComboFix 13-09-14.01 - Pocitac 15.09.2013 13:27:29.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.639 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pocitac\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\Mplayer.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-15 do 2013-09-15 )))))))))))))))))))))))))))))))
.
.
2013-09-15 10:55 . 2013-09-15 10:55 -------- d-----w- c:\documents and settings\Pocitac\Data aplikací\Apple Computer
2013-09-14 22:08 . 2013-09-14 22:08 -------- d-sh--w- c:\documents and settings\Pocitac\IECompatCache
2013-09-14 21:29 . 2013-09-14 21:29 -------- d-----w- c:\windows\ERUNT
2013-09-14 18:37 . 2013-09-14 18:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-09-14 18:12 . 2013-09-14 18:12 -------- d-----w- c:\program files\trend micro
2013-09-12 15:09 . 2013-09-12 19:11 -------- d-----w- c:\windows\system32\MpEngineStore
2013-09-03 13:53 . 2013-09-03 13:53 187248 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2013-09-02 19:20 . 2013-09-02 19:21 -------- d-----w- c:\program files\stinger
2013-09-02 19:18 . 2013-09-02 19:39 -------- d-----w- c:\program files\Common Files\McAfee
2013-08-16 20:12 . 2013-08-16 20:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Ad-Aware Antivirus
2013-08-16 20:00 . 2013-08-16 20:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Lavasoft
2013-08-16 20:00 . 2013-08-16 20:16 -------- d-----w- c:\program files\Ad-Aware Antivirus
2013-08-16 19:59 . 2013-08-16 19:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Downloaded Installations
2013-08-16 19:59 . 2013-08-16 19:59 -------- d-----w- c:\documents and settings\Pocitac\Local Settings\Data aplikací\adawarebp
2013-08-16 19:59 . 2013-08-16 19:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Ad-Aware Browsing Protection
2013-08-16 19:59 . 2013-08-16 19:59 -------- d-----w- c:\program files\Toolbar Cleaner
2013-08-16 19:57 . 2013-08-16 19:57 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-08-16 19:57 . 2013-08-16 19:57 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-13 15:12 . 2012-03-29 19:23 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-13 15:12 . 2011-06-12 18:53 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-30 07:48 . 2013-03-02 18:48 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2012-08-21 19:15 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2012-08-21 19:15 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2013-03-02 18:48 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2012-08-21 19:15 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-08-30 07:48 . 2012-08-21 19:15 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2013-03-02 18:48 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:48 . 2012-08-21 19:15 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:47 . 2012-08-21 19:15 41664 ----a-w- c:\windows\avastSS.scr
2013-08-30 07:47 . 2012-08-21 19:15 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-09 01:56 . 2006-03-02 12:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:09 . 2006-03-02 12:00 1877760 ------w- c:\windows\system32\win32k.sys
2013-08-08 06:05 . 2006-03-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2006-03-02 12:00 18944 ------w- c:\windows\system32\corpol.dll
2013-08-08 00:02 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec
2013-08-05 13:30 . 2006-03-02 12:00 1289216 ----a-w- c:\windows\system32\ole32.dll
2013-08-02 23:48 . 2006-10-18 20:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-14 20:32 . 2013-07-14 20:33 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-14 20:32 . 2007-09-16 16:49 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-07-14 20:32 . 2012-06-18 17:38 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-07-14 20:32 . 2011-12-04 10:41 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-10 10:37 . 2006-03-02 12:00 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 07:34 . 2006-03-02 12:00 2151936 ------w- c:\windows\system32\ntoskrnl.exe
2013-07-04 07:33 . 2004-08-17 15:45 2030592 ------w- c:\windows\system32\ntkrnlpa.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="c:\program files\Clock Tray Skins\ClockTraySkins.exe" [2006-01-05 1268736]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-10-07 488728]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-13 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-13 166912]
"CHotkey"="mHotkey.exe" [2004-12-08 550912]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2008-02-21 453936]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-13 135680]
"RTHDCPL"="RTHDCPL.EXE" [2011-05-12 20053608]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Data aplikací\Ad-Aware Browsing Protection\adawarebp.exe" [2013-07-15 554384]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-18 44544]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Pocitac^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk]
path=c:\documents and settings\Pocitac\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2013-09-03 13:54 40312 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 03:22 110592 ------w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2008-12-04 12:24 665424 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX110 Series]
2008-09-26 23:00 199680 -c----w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIFBE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-03-23 12:20 227328 -c--a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 01:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2011-05-12 12:10 20053608 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
2008-04-14 03:22 143872 ------w- c:\windows\system32\mobsync.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Vietcong\\vietcong.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Java\\jre7\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\Pocitac\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"23318:TCP"= 23318:TCP:*:Disabled:BitComet 23318 TCP
"23318:UDP"= 23318:UDP:*:Disabled:BitComet 23318 UDP
"8258:TCP"= 8258:TCP:*:Disabled:BitComet 8258 TCP
"8258:UDP"= 8258:UDP:*:Disabled:BitComet 8258 UDP
"11090:TCP"= 11090:TCP:BitComet 11090 TCP
"11090:UDP"= 11090:UDP:*:Disabled:BitComet 11090 UDP
"25860:TCP"= 25860:TCP:*:Disabled:BitComet 25860 TCP
"25860:UDP"= 25860:UDP:*:Disabled:BitComet 25860 UDP
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [3.11.2007 20:50 158720]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [3.11.2007 20:50 5248]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2.3.2013 20:48 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2.3.2013 20:48 177864]
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [6.4.2010 19:32 20104]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [16.8.2013 21:57 13560]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.3.2007 15:11 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [21.8.2012 21:15 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21.8.2012 21:15 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.8.2012 21:15 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2.3.2013 20:48 66336]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\drivers\Pcouffin.sys [3.11.2006 22:17 47360]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [19.4.2013 15:14 161384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [24.5.2011 20:54 1691480]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys --> c:\windows\system32\DRIVERS\lgandbus.sys [?]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys --> c:\windows\system32\DRIVERS\lganddiag.sys [?]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys --> c:\windows\system32\DRIVERS\lgandgps.sys [?]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys --> c:\windows\system32\DRIVERS\lgandmodem.sys [?]
S3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys --> c:\windows\system32\DRIVERS\btcomport.sys [?]
S3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys --> c:\windows\system32\Drivers\btcombus.sys [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [6.4.2010 19:33 25864]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [6.4.2010 19:32 23048]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys --> c:\windows\system32\DRIVERS\lgbtport.sys [?]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys --> c:\windows\system32\DRIVERS\lgbtbus.sys [?]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys --> c:\windows\system32\DRIVERS\lgvmodem.sys [?]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [24.6.2004 04:54 23552]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [19.11.2009 20:00 223128]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - TrueSight
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 15:12]
.
2013-09-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2013-09-15 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-21 07:47]
.
2013-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 18:11]
.
2013-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 18:11]
.
2013-02-09 c:\windows\Tasks\stampShakeIcon.job
- c:\program files\NCH Software\Stamp\stamp.exe [2012-01-23 19:58]
.
2013-09-14 c:\windows\Tasks\User_Feed_Synchronization-{6A24AD4E-E9AD-4B78-8C61-388FF0F8114C}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
2012-08-15 c:\windows\Tasks\wavepadDowngrade.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2012-01-23 21:08]
.
2012-08-15 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2012-01-23 21:08]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 188.120.212.4 194.12.32.193
DPF: {EC71A2BE-E211-41F9-BCAF-4EFF13426DFE} - hxxps://shop.rossmanncz.orwonet.de/shop ... upload.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-Facebook Update - c:\documents and settings\Pocitac\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe
AddRemove-SeznamInstall - c:\documents and settings\Pocitac\Data aplikací\Seznam.cz\szninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-15 13:35
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-583907252-2052111302-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-583907252-2052111302-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2013-09-15 13:38:20
ComboFix-quarantined-files.txt 2013-09-15 11:38
.
Před spuštěním: 4 251 652 096
Po spuštění: 4 222 971 904
.
- - End Of File - - 602E9B871FA9BFDFA6D588337991411E
413FC2A0C716421B3158746D63736515

[Reklama]

[mlha]

ComboFix 13-09-14.01 - Pocitac 15.09.2013 13:27:29.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.639 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pocitac\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\Mplayer.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-15 do 2013-09-15 )))))))))))))))))))))))))))))))
.
.
2013-09-15 10:55 . 2013-09-15 10:55 -------- d-----w- c:\documents and settings\Pocitac\Data aplikací\Apple Computer
2013-09-14 22:08 . 2013-09-14 22:08 -------- d-sh--w- c:\documents and settings\Pocitac\IECompatCache
2013-09-14 21:29 . 2013-09-14 21:29 -------- d-----w- c:\windows\ERUNT
2013-09-14 18:37 . 2013-09-14 18:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-09-14 18:12 . 2013-09-14 18:12 -------- d-----w- c:\program files\trend micro
2013-09-12 15:09 . 2013-09-12 19:11 -------- d-----w- c:\windows\system32\MpEngineStore
2013-09-03 13:53 . 2013-09-03 13:53 187248 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2013-09-02 19:20 . 2013-09-02 19:21 -------- d-----w- c:\program files\stinger
2013-09-02 19:18 . 2013-09-02 19:39 -------- d-----w- c:\program files\Common Files\McAfee
2013-08-16 20:12 . 2013-08-16 20:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Ad-Aware Antivirus
2013-08-16 20:00 . 2013-08-16 20:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Lavasoft
2013-08-16 20:00 . 2013-08-16 20:16 -------- d-----w- c:\program files\Ad-Aware Antivirus
2013-08-16 19:59 . 2013-08-16 19:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Downloaded Installations
2013-08-16 19:59 . 2013-08-16 19:59 -------- d-----w- c:\documents and settings\Pocitac\Local Settings\Data aplikací\adawarebp
2013-08-16 19:59 . 2013-08-16 19:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Ad-Aware Browsing Protection
2013-08-16 19:59 . 2013-08-16 19:59 -------- d-----w- c:\program files\Toolbar Cleaner
2013-08-16 19:57 . 2013-08-16 19:57 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-08-16 19:57 . 2013-08-16 19:57 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-13 15:12 . 2012-03-29 19:23 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-13 15:12 . 2011-06-12 18:53 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-30 07:48 . 2013-03-02 18:48 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2012-08-21 19:15 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2012-08-21 19:15 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2013-03-02 18:48 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2012-08-21 19:15 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-08-30 07:48 . 2012-08-21 19:15 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2013-03-02 18:48 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:48 . 2012-08-21 19:15 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:47 . 2012-08-21 19:15 41664 ----a-w- c:\windows\avastSS.scr
2013-08-30 07:47 . 2012-08-21 19:15 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-09 01:56 . 2006-03-02 12:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:09 . 2006-03-02 12:00 1877760 ------w- c:\windows\system32\win32k.sys
2013-08-08 06:05 . 2006-03-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2006-03-02 12:00 18944 ------w- c:\windows\system32\corpol.dll
2013-08-08 00:02 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec
2013-08-05 13:30 . 2006-03-02 12:00 1289216 ----a-w- c:\windows\system32\ole32.dll
2013-08-02 23:48 . 2006-10-18 20:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-14 20:32 . 2013-07-14 20:33 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-14 20:32 . 2007-09-16 16:49 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-07-14 20:32 . 2012-06-18 17:38 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-07-14 20:32 . 2011-12-04 10:41 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-10 10:37 . 2006-03-02 12:00 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 07:34 . 2006-03-02 12:00 2151936 ------w- c:\windows\system32\ntoskrnl.exe
2013-07-04 07:33 . 2004-08-17 15:45 2030592 ------w- c:\windows\system32\ntkrnlpa.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="c:\program files\Clock Tray Skins\ClockTraySkins.exe" [2006-01-05 1268736]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-10-07 488728]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-13 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-13 166912]
"CHotkey"="mHotkey.exe" [2004-12-08 550912]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2008-02-21 453936]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-13 135680]
"RTHDCPL"="RTHDCPL.EXE" [2011-05-12 20053608]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Data aplikací\Ad-Aware Browsing Protection\adawarebp.exe" [2013-07-15 554384]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-18 44544]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Pocitac^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk]
path=c:\documents and settings\Pocitac\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2013-09-03 13:54 40312 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 03:22 110592 ------w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2008-12-04 12:24 665424 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX110 Series]
2008-09-26 23:00 199680 -c----w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIFBE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-03-23 12:20 227328 -c--a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 01:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2011-05-12 12:10 20053608 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
2008-04-14 03:22 143872 ------w- c:\windows\system32\mobsync.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Vietcong\\vietcong.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Java\\jre7\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\Pocitac\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"23318:TCP"= 23318:TCP:*:Disabled:BitComet 23318 TCP
"23318:UDP"= 23318:UDP:*:Disabled:BitComet 23318 UDP
"8258:TCP"= 8258:TCP:*:Disabled:BitComet 8258 TCP
"8258:UDP"= 8258:UDP:*:Disabled:BitComet 8258 UDP
"11090:TCP"= 11090:TCP:BitComet 11090 TCP
"11090:UDP"= 11090:UDP:*:Disabled:BitComet 11090 UDP
"25860:TCP"= 25860:TCP:*:Disabled:BitComet 25860 TCP
"25860:UDP"= 25860:UDP:*:Disabled:BitComet 25860 UDP
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [3.11.2007 20:50 158720]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [3.11.2007 20:50 5248]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2.3.2013 20:48 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2.3.2013 20:48 177864]
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [6.4.2010 19:32 20104]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [16.8.2013 21:57 13560]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.3.2007 15:11 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [21.8.2012 21:15 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21.8.2012 21:15 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.8.2012 21:15 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2.3.2013 20:48 66336]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\drivers\Pcouffin.sys [3.11.2006 22:17 47360]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [19.4.2013 15:14 161384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [24.5.2011 20:54 1691480]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys --> c:\windows\system32\DRIVERS\lgandbus.sys [?]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys --> c:\windows\system32\DRIVERS\lganddiag.sys [?]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys --> c:\windows\system32\DRIVERS\lgandgps.sys [?]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys --> c:\windows\system32\DRIVERS\lgandmodem.sys [?]
S3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys --> c:\windows\system32\DRIVERS\btcomport.sys [?]
S3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys --> c:\windows\system32\Drivers\btcombus.sys [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [6.4.2010 19:33 25864]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [6.4.2010 19:32 23048]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys --> c:\windows\system32\DRIVERS\lgbtport.sys [?]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys --> c:\windows\system32\DRIVERS\lgbtbus.sys [?]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys --> c:\windows\system32\DRIVERS\lgvmodem.sys [?]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [24.6.2004 04:54 23552]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [19.11.2009 20:00 223128]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - TrueSight
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 15:12]
.
2013-09-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2013-09-15 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-21 07:47]
.
2013-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 18:11]
.
2013-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 18:11]
.
2013-02-09 c:\windows\Tasks\stampShakeIcon.job
- c:\program files\NCH Software\Stamp\stamp.exe [2012-01-23 19:58]
.
2013-09-14 c:\windows\Tasks\User_Feed_Synchronization-{6A24AD4E-E9AD-4B78-8C61-388FF0F8114C}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
2012-08-15 c:\windows\Tasks\wavepadDowngrade.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2012-01-23 21:08]
.
2012-08-15 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2012-01-23 21:08]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 188.120.212.4 194.12.32.193
DPF: {EC71A2BE-E211-41F9-BCAF-4EFF13426DFE} - hxxps://shop.rossmanncz.orwonet.de/shop ... upload.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-Facebook Update - c:\documents and settings\Pocitac\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe
AddRemove-SeznamInstall - c:\documents and settings\Pocitac\Data aplikací\Seznam.cz\szninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-15 13:35
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-583907252-2052111302-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-583907252-2052111302-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2013-09-15 13:38:20
ComboFix-quarantined-files.txt 2013-09-15 11:38
.
Před spuštěním: 4 251 652 096
Po spuštění: 4 222 971 904
.
- - End Of File - - 602E9B871FA9BFDFA6D588337991411E
413FC2A0C716421B3158746D63736515

[mlha]

Ahoj tady je log z kombo fixu. Můžete dát vědět co s tím dál. Dík

[memphisto]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

Folder::
c:\program files\Common Files\McAfee
c:\documents and settings\All Users\Data aplikací\Ad-Aware Antivirus
c:\documents and settings\All Users\Data aplikací\Lavasoft
c:\program files\Ad-Aware Antivirus
c:\documents and settings\Pocitac\Local Settings\Data aplikací\adawarebp
c:\documents and settings\All Users\Data aplikací\Ad-Aware Browsing Protection
c:\program files\Toolbar Cleaner
c:\program files\Seznam.cz
c:\program files\Skype\Updater
c:\program files\Enigma Software Group\SpyHunter
c:\program files\SweetIM

File::
c:\windows\system32\sbbd.exe
c:\windows\system32\drivers\gfibto.sys
c:\windows\system32\DRIVERS\lgandbus.sys
c:\windows\system32\DRIVERS\lganddiag.sys
c:\windows\system32\DRIVERS\lgandgps.sys
c:\windows\system32\DRIVERS\lgandmodem.sys
c:\windows\system32\DRIVERS\btcomport.sys
c:\windows\system32\Drivers\btcombus.sys
c:\windows\system32\DRIVERS\lgbtport.sys
c:\windows\system32\DRIVERS\lgbtbus.sys
c:\windows\system32\DRIVERS\lgvmodem.sys
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job


Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"=-
"5000:UDP"=-
"23318:TCP"=-
"23318:UDP"=-
"8258:TCP"=-
"8258:UDP"=-
"11090:TCP"=-
"11090:UDP"=-
"25860:TCP"=-
"25860:UDP"=-

Driver::
gfibto
SkypeUpdate
Andbus
AndDiag
AndGps
ANDModem
BTCOM
BTCOMBUS
esgiguard
LgBttPort
lgbusenum
LGVMODEM

DDS::
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html

RegLock::
[HKEY_USERS\S-1-5-21-583907252-2052111302-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upus.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[mlha]

Posílám log z combo fixu.
ComboFix 13-09-16.01 - Pocitac 16.09.2013 20:37:54.7.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.517 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pocitac\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pocitac\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\system32\Drivers\btcombus.sys"
"c:\windows\system32\DRIVERS\btcomport.sys"
"c:\windows\system32\drivers\gfibto.sys"
"c:\windows\system32\DRIVERS\lgandbus.sys"
"c:\windows\system32\DRIVERS\lganddiag.sys"
"c:\windows\system32\DRIVERS\lgandgps.sys"
"c:\windows\system32\DRIVERS\lgandmodem.sys"
"c:\windows\system32\DRIVERS\lgbtbus.sys"
"c:\windows\system32\DRIVERS\lgbtport.sys"
"c:\windows\system32\DRIVERS\lgvmodem.sys"
"c:\windows\system32\sbbd.exe"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ad-Aware Antivirus
c:\program files\Ad-Aware Antivirus\Definitions\acertdefs0.std
c:\program files\Ad-Aware Antivirus\Definitions\adsrules.dat
c:\program files\Ad-Aware Antivirus\Definitions\AdviceTx.vdx
c:\program files\Ad-Aware Antivirus\Definitions\api0.std
c:\program files\Ad-Aware Antivirus\Definitions\apincl.dat
c:\program files\Ad-Aware Antivirus\Definitions\apprules.dat
c:\program files\Ad-Aware Antivirus\Definitions\bhmem.vtd
c:\program files\Ad-Aware Antivirus\Definitions\bhsl.vtd
c:\program files\Ad-Aware Antivirus\Definitions\bmem.vtd
c:\program files\Ad-Aware Antivirus\Definitions\CatDesc.vdx
c:\program files\Ad-Aware Antivirus\Definitions\CatID.vdx
c:\program files\Ad-Aware Antivirus\Definitions\cblk.vtd
c:\program files\Ad-Aware Antivirus\Definitions\cmem.vtd
c:\program files\Ad-Aware Antivirus\Definitions\cname.wtd
c:\program files\Ad-Aware Antivirus\Definitions\comp0.std
c:\program files\Ad-Aware Antivirus\Definitions\Cookies.vdx
c:\program files\Ad-Aware Antivirus\Definitions\CoreVer.txt
c:\program files\Ad-Aware Antivirus\Definitions\ctid.vtd
c:\program files\Ad-Aware Antivirus\Definitions\defs0.std
c:\program files\Ad-Aware Antivirus\Definitions\DefVer.txt
c:\program files\Ad-Aware Antivirus\Definitions\dex_hash.dat
c:\program files\Ad-Aware Antivirus\Definitions\dexmem.vtd
c:\program files\Ad-Aware Antivirus\Definitions\dnrl.vdx
c:\program files\Ad-Aware Antivirus\Definitions\elf_hash.dat
c:\program files\Ad-Aware Antivirus\Definitions\EPSigs.vdx
c:\program files\Ad-Aware Antivirus\Definitions\FastSigs.vdx
c:\program files\Ad-Aware Antivirus\Definitions\FileDT.vdx
c:\program files\Ad-Aware Antivirus\Definitions\FolderDT.vdx
c:\program files\Ad-Aware Antivirus\Definitions\fsigs.vdx
c:\program files\Ad-Aware Antivirus\Definitions\gfiark.dll
c:\program files\Ad-Aware Antivirus\Definitions\gfiark32.sys
c:\program files\Ad-Aware Antivirus\Definitions\gfiark64.sys
c:\program files\Ad-Aware Antivirus\Definitions\gfiarkup.dll
c:\program files\Ad-Aware Antivirus\Definitions\gfiutil.dll
c:\program files\Ad-Aware Antivirus\Definitions\gfiutl32.sys
c:\program files\Ad-Aware Antivirus\Definitions\gfiutl64.sys
c:\program files\Ad-Aware Antivirus\Definitions\hcol.wtd
c:\program files\Ad-Aware Antivirus\Definitions\heur0.std
c:\program files\Ad-Aware Antivirus\Definitions\HistoryCleaner.xml
c:\program files\Ad-Aware Antivirus\Definitions\hstn.vtd
c:\program files\Ad-Aware Antivirus\Definitions\idsrules.dat
c:\program files\Ad-Aware Antivirus\Definitions\ih.vdx
c:\program files\Ad-Aware Antivirus\Definitions\IncompatiblePrograms.dll
c:\program files\Ad-Aware Antivirus\Definitions\incompats.dat
c:\program files\Ad-Aware Antivirus\Definitions\ip.vtd
c:\program files\Ad-Aware Antivirus\Definitions\JSSigs.vdx
c:\program files\Ad-Aware Antivirus\Definitions\kbu.dat
c:\program files\Ad-Aware Antivirus\Definitions\kbu.dll
c:\program files\Ad-Aware Antivirus\Definitions\lgpl.dll
c:\program files\Ad-Aware Antivirus\Definitions\lib7zip.dll
c:\program files\Ad-Aware Antivirus\Definitions\libBase64.dll
c:\program files\Ad-Aware Antivirus\Definitions\libEmail.dll
c:\program files\Ad-Aware Antivirus\Definitions\libCHM.dll
c:\program files\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
c:\program files\Ad-Aware Antivirus\Definitions\libMsCab.dll
c:\program files\Ad-Aware Antivirus\Definitions\libMsi.dll
c:\program files\Ad-Aware Antivirus\Definitions\libNSIS.dll
c:\program files\Ad-Aware Antivirus\Definitions\libOleA.dll
c:\program files\Ad-Aware Antivirus\Definitions\libRar.dll
c:\program files\Ad-Aware Antivirus\Definitions\libRTF.dll
c:\program files\Ad-Aware Antivirus\Definitions\libtd.dll
c:\program files\Ad-Aware Antivirus\Definitions\libVvs.dll
c:\program files\Ad-Aware Antivirus\Definitions\libZip.dll
c:\program files\Ad-Aware Antivirus\Definitions\macroptn.std
c:\program files\Ad-Aware Antivirus\Definitions\MFastSigs.vdx
c:\program files\Ad-Aware Antivirus\Definitions\mime0.std
c:\program files\Ad-Aware Antivirus\Definitions\networkrules.dat
c:\program files\Ad-Aware Antivirus\Definitions\pack0.std
c:\program files\Ad-Aware Antivirus\Definitions\patchw32.dll
c:\program files\Ad-Aware Antivirus\Definitions\qscnf.vdx
c:\program files\Ad-Aware Antivirus\Definitions\qscnr.vdx
c:\program files\Ad-Aware Antivirus\Definitions\RegDT.vdx
c:\program files\Ad-Aware Antivirus\Definitions\rem0.std
c:\program files\Ad-Aware Antivirus\Definitions\remediation.dll
c:\program files\Ad-Aware Antivirus\Definitions\RootCA.wtd
c:\program files\Ad-Aware Antivirus\Definitions\RTmem.vdx
c:\program files\Ad-Aware Antivirus\Definitions\SBTS.dat
c:\program files\Ad-Aware Antivirus\Definitions\script0.std
c:\program files\Ad-Aware Antivirus\Definitions\sdll0.std
c:\program files\Ad-Aware Antivirus\Definitions\sel.dat
c:\program files\Ad-Aware Antivirus\Definitions\smim0.std
c:\program files\Ad-Aware Antivirus\Definitions\ThreatCategoryGlossary.xml
c:\program files\Ad-Aware Antivirus\Definitions\ThreatCategoryGlossary.xsd
c:\program files\Ad-Aware Antivirus\Definitions\ThreatDT.vdx
c:\program files\Ad-Aware Antivirus\Definitions\ThreatID.vdx
c:\program files\Ad-Aware Antivirus\Definitions\TImem.vdx
c:\program files\Ad-Aware Antivirus\Definitions\unpck0.std
c:\program files\Ad-Aware Antivirus\Definitions\updater.dll
c:\program files\Ad-Aware Antivirus\Definitions\vcore.dll
c:\program files\Ad-Aware Antivirus\Definitions\VVSSigs.vdx
c:\program files\Ad-Aware Antivirus\Definitions\WebFilterExceptions.dat
c:\program files\Ad-Aware Antivirus\Definitions\white.wtd
c:\program files\Ad-Aware Antivirus\Definitions\white0.std
c:\program files\Ad-Aware Antivirus\Definitions\whsl.wtd
c:\program files\Common Files\McAfee
c:\program files\Enigma Software Group\SpyHunter
c:\program files\Enigma Software Group\SpyHunter\gil.dat
c:\program files\Enigma Software Group\SpyHunter\INSTALL.LOG
c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130302_205027.log
c:\program files\Enigma Software Group\SpyHunter\safeol.dat
c:\program files\Enigma Software Group\SpyHunter\scanlog.log
c:\program files\Enigma Software Group\SpyHunter\supportlog.txt
c:\program files\Enigma Software Group\SpyHunter\unkcache.dat
c:\program files\Seznam.cz
c:\program files\Seznam.cz\core.3.dll
c:\program files\Seznam.cz\distribution\install\cz.seznam.software.autoupdate-1.0.5-win32.zip
c:\program files\Seznam.cz\distribution\install\cz.seznam.software.chromelisticka-1.4.2.1-win32.zip
c:\program files\Seznam.cz\distribution\install\cz.seznam.software.szninstall-1.1.3-win32.zip
c:\program files\Seznam.cz\distribution\install\cz.seznam.software.sznsetup-1.1.1-win32.zip
c:\program files\Seznam.cz\distribution\install\packages.inf
c:\program files\Seznam.cz\distribution\install\szn-software-base-1.0.0-win32.zip
c:\program files\Seznam.cz\distribution\install\szn-software-core-4-4.1.2-win32.zip
c:\program files\Seznam.cz\distribution\install\szn-software-email-4-4.0.4-win32.zip
c:\program files\Seznam.cz\distribution\install\szn-software-fflisticka-2.5.4-win32.zip
c:\program files\Seznam.cz\distribution\install\szn-software-ielisticka-2.6.2-win32.zip
c:\program files\Seznam.cz\distribution\install\szn-software-listicka-2.6.2-win32.zip
c:\program files\Seznam.cz\distribution\install\szn-software-seznamdesktop-1.0.4-win32.zip
c:\program files\Seznam.cz\distribution\install\szn-software-srank-4.1.1-win32.zip
c:\program files\Seznam.cz\distribution\partner.conf
c:\program files\Seznam.cz\distribution\sources.inf
c:\program files\Seznam.cz\distribution\szninstall.exe
c:\program files\Seznam.cz\distribution\sznsetup.exe
c:\program files\Seznam.cz\email.3.dll
c:\program files\Seznam.cz\MiniBrowser.exe
c:\program files\Seznam.cz\pkg\szn-packager.sup
c:\program files\Seznam.cz\pkg\szn-packager.uninstall.bat
c:\program files\Seznam.cz\pkg\szn-software-core-3.sup
c:\program files\Seznam.cz\pkg\szn-software-core-3.uninstall.bat
c:\program files\Seznam.cz\pkg\szn-software-email-3.sup
c:\program files\Seznam.cz\pkg\szn-software-email-3.uninstall.bat
c:\program files\Seznam.cz\pkg\szn-software-minibrowser.sup
c:\program files\Seznam.cz\pkg\szn-software-minibrowser.uninstall.bat
c:\program files\Seznam.cz\pkg\szn-software-postak.fin
c:\program files\Seznam.cz\pkg\szn-software-postak.uninstall.bat
c:\program files\Seznam.cz\pkg\szn-software-srank.sup
c:\program files\Seznam.cz\pkg\szn-software-srank.uninstall.bat
c:\program files\Seznam.cz\postak-uninstall.exe
c:\program files\Seznam.cz\postak.exe
c:\program files\Seznam.cz\sznpkg.exe
c:\program files\Seznam.cz\toolbar\toolbar.dll
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
c:\program files\Toolbar Cleaner
c:\program files\Toolbar Cleaner\guid.dat
c:\program files\Toolbar Cleaner\install.ico
c:\program files\Toolbar Cleaner\ToolbarCleaner.exe
c:\program files\Toolbar Cleaner\toolbarcleaner.ini
c:\program files\Toolbar Cleaner\uninstall.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ESGIGUARD
-------\Legacy_GFIBTO
-------\Legacy_SKYPEUPDATE
-------\Service_Andbus
-------\Service_AndDiag
-------\Service_AndGps
-------\Service_ANDModem
-------\Service_BTCOM
-------\Service_BTCOMBUS
-------\Service_esgiguard
-------\Service_gfibto
-------\Service_LgBttPort
-------\Service_lgbusenum
-------\Service_LGVMODEM
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-16 do 2013-09-16 )))))))))))))))))))))))))))))))
.
.
2013-09-15 10:55 . 2013-09-15 10:55 -------- d-----w- c:\documents and settings\Pocitac\Data aplikací\Apple Computer
2013-09-14 22:08 . 2013-09-14 22:08 -------- d-sh--w- c:\documents and settings\Pocitac\IECompatCache
2013-09-14 21:29 . 2013-09-14 21:29 -------- d-----w- c:\windows\ERUNT
2013-09-14 18:37 . 2013-09-14 18:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-09-14 18:12 . 2013-09-14 18:12 -------- d-----w- c:\program files\trend micro
2013-09-12 15:09 . 2013-09-12 19:11 -------- d-----w- c:\windows\system32\MpEngineStore
2013-09-03 13:53 . 2013-09-03 13:53 187248 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2013-09-02 19:20 . 2013-09-02 19:21 -------- d-----w- c:\program files\stinger
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-13 15:12 . 2012-03-29 19:23 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-13 15:12 . 2011-06-12 18:53 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-30 07:48 . 2013-03-02 18:48 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2012-08-21 19:15 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2012-08-21 19:15 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2013-03-02 18:48 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2012-08-21 19:15 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-08-30 07:48 . 2012-08-21 19:15 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2013-03-02 18:48 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:48 . 2012-08-21 19:15 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:47 . 2012-08-21 19:15 41664 ----a-w- c:\windows\avastSS.scr
2013-08-30 07:47 . 2012-08-21 19:15 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-16 19:57 . 2013-08-16 19:57 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-08-16 19:57 . 2013-08-16 19:57 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-08-09 01:56 . 2006-03-02 12:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:09 . 2006-03-02 12:00 1877760 ------w- c:\windows\system32\win32k.sys
2013-08-08 06:05 . 2006-03-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2006-03-02 12:00 18944 ------w- c:\windows\system32\corpol.dll
2013-08-08 00:02 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec
2013-08-05 13:30 . 2006-03-02 12:00 1289216 ----a-w- c:\windows\system32\ole32.dll
2013-08-02 23:48 . 2006-10-18 20:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-14 20:32 . 2013-07-14 20:33 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-14 20:32 . 2007-09-16 16:49 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-07-14 20:32 . 2012-06-18 17:38 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-07-14 20:32 . 2011-12-04 10:41 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-10 10:37 . 2006-03-02 12:00 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 07:34 . 2006-03-02 12:00 2151936 ------w- c:\windows\system32\ntoskrnl.exe
2013-07-04 07:33 . 2004-08-17 15:45 2030592 ------w- c:\windows\system32\ntkrnlpa.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="c:\program files\Clock Tray Skins\ClockTraySkins.exe" [2006-01-05 1268736]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-13 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-13 166912]
"CHotkey"="mHotkey.exe" [2004-12-08 550912]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2008-02-21 453936]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-13 135680]
"RTHDCPL"="RTHDCPL.EXE" [2011-05-12 20053608]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Data aplikací\Ad-Aware Browsing Protection\adawarebp.exe" [2013-07-15 554384]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-18 44544]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Pocitac^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk]
path=c:\documents and settings\Pocitac\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2013-09-03 13:54 40312 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 03:22 110592 ------w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2008-12-04 12:24 665424 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX110 Series]
2008-09-26 23:00 199680 -c----w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIFBE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-03-23 12:20 227328 -c--a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 01:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2011-05-12 12:10 20053608 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
2008-04-14 03:22 143872 ------w- c:\windows\system32\mobsync.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Vietcong\\vietcong.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Java\\jre7\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\Pocitac\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [3.11.2007 20:50 158720]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [3.11.2007 20:50 5248]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2.3.2013 20:48 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2.3.2013 20:48 177864]
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [6.4.2010 19:32 20104]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.3.2007 15:11 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [21.8.2012 21:15 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21.8.2012 21:15 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.8.2012 21:15 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2.3.2013 20:48 66336]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\drivers\Pcouffin.sys [3.11.2006 22:17 47360]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [24.5.2011 20:54 1691480]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [6.4.2010 19:33 25864]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [6.4.2010 19:32 23048]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [24.6.2004 04:54 23552]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [19.11.2009 20:00 223128]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 15:12]
.
2013-09-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2013-09-16 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-21 07:47]
.
2013-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 18:11]
.
2013-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 18:11]
.
2013-02-09 c:\windows\Tasks\stampShakeIcon.job
- c:\program files\NCH Software\Stamp\stamp.exe [2012-01-23 19:58]
.
2013-09-16 c:\windows\Tasks\User_Feed_Synchronization-{6A24AD4E-E9AD-4B78-8C61-388FF0F8114C}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
2012-08-15 c:\windows\Tasks\wavepadDowngrade.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2012-01-23 21:08]
.
2012-08-15 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2012-01-23 21:08]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 188.120.212.4 194.12.32.193
DPF: {EC71A2BE-E211-41F9-BCAF-4EFF13426DFE} - hxxps://shop.rossmanncz.orwonet.de/shop ... upload.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-Seznam Postak - c:\program files\Seznam.cz\postak.exe
HKLM-Run-seznam-listicka-distribuce - c:\program files\Seznam.cz\distribution\szninstall.exe
AddRemove-szn-software-postak - c:\program files\Seznam.cz\postak-uninstall.exe
AddRemove-Toolbar Cleaner - c:\program files\Toolbar Cleaner\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-16 20:51
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-583907252-2052111302-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2588)
c:\documents and settings\All Users\Data aplikací\Ad-Aware Browsing Protection\adawarebp.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\program files\Clock Tray Skins\Clock.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\mHotkey.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\SearchFilterHost.exe
c:\windows\system32\SearchProtocolHost.exe
.
**************************************************************************
.
Celkový čas: 2013-09-16 20:56:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-09-16 18:56
ComboFix2.txt 2013-09-15 11:38
.
Před spuštěním: 3 523 497 984
Po spuštění: 3 334 475 776
.
- - End Of File - - 3E5B604284029E9D9FA6EE43E7079032
413FC2A0C716421B3158746D63736515

[memphisto]

Máš málo místa na systémovém disku. 3,3 GB je fakt málo. Uvolni více jinak budou problémy s rychlostí a stabilitou PC...

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

+ Nový log z HJT

Jak se chová PC?

[mlha]

PCuž je v pohodě,udělal jsem ještě defragmentaci a vyčištění disku.Mockrát dík za všechno.

[jaro3]

Stáhni si program OTM (by OldTimer)
a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"=-
"Ad-Aware Browsing Protection"=-

:Files
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\System32\dllcache\*.tmp
C:\WINDOWS\system32\SET*.tmp
C:\WINDOWS\system32\DUMP*.tmp
c:\windows\Tasks\*.job /s
C:\*.tmp
C:\WINDOWS\System32\drivers\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\system32\sbbd.exe
c:\program files\Google\Update
c:\windows\system32\LVCOMSX.EXE
c:\documents and settings\All Users\Data aplikací\Ad-Aware Browsing Protection

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.
C:\_OTMoveIt\MovedFiles\********_******.log

[mlha]

Log z OTM.
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\LVCOMSX deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Ad-Aware Browsing Protection deleted successfully.
========== FILES ==========
File/Folder C:\WINDOWS\System32\*.tmp not found.
C:\WINDOWS\D8167CA8236B4334B77DF388F494EE18.TMP folder moved successfully.
C:\WINDOWS\msdownld.tmp folder moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET75.tmp moved successfully.
C:\WINDOWS\SET78.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\SET84.tmp moved successfully.
C:\WINDOWS\SETAF.tmp moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\System32\dllcache\*.tmp not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\system32\DUMP*.tmp not found.
c:\windows\Tasks\Adobe Flash Player Updater.job moved successfully.
c:\windows\Tasks\AppleSoftwareUpdate.job moved successfully.
c:\windows\Tasks\avast! Emergency Update.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
c:\windows\Tasks\stampShakeIcon.job moved successfully.
c:\windows\Tasks\User_Feed_Synchronization-{6A24AD4E-E9AD-4B78-8C61-388FF0F8114C}.job moved successfully.
c:\windows\Tasks\wavepadDowngrade.job moved successfully.
c:\windows\Tasks\wavepadShakeIcon.job moved successfully.
File/Folder C:\*.tmp not found.
File/Folder C:\WINDOWS\System32\drivers\*.tmp not found.
File/Folder C:\Documents and Settings\All Users\Data aplikací\*.tmp not found.
File/Folder c:\windows\Tasks\GoogleUpdateTaskMachineCore.job not found.
File/Folder c:\windows\Tasks\GoogleUpdateTaskMachineUA.job not found.
c:\windows\system32\sbbd.exe moved successfully.
c:\program files\Google\Update\Install folder moved successfully.
c:\program files\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\7.4.3230.2052 folder moved successfully.
c:\program files\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24} folder moved successfully.
c:\program files\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0 folder moved successfully.
c:\program files\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB} folder moved successfully.
c:\program files\Google\Update\Download\{70F69490-7B3C-47DF-937D-6DAF06E68207} folder moved successfully.
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.153 folder moved successfully.
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D} folder moved successfully.
c:\program files\Google\Update\Download\{3C122445-AECE-4309-90B7-85A6AEF42AC0}\0.0.0.0 folder moved successfully.
c:\program files\Google\Update\Download\{3C122445-AECE-4309-90B7-85A6AEF42AC0} folder moved successfully.
c:\program files\Google\Update\Download folder moved successfully.
c:\program files\Google\Update\1.3.21.153 folder moved successfully.
c:\program files\Google\Update folder moved successfully.
c:\windows\system32\LVCOMSX.EXE moved successfully.
c:\documents and settings\All Users\Data aplikací\Ad-Aware Browsing Protection folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33438 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Pocitac
->Temp folder emptied: 23702900 bytes
->Temporary Internet Files folder emptied: 4064808 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 87090510 bytes
->Opera cache emptied: 22547 bytes
->Flash cache emptied: 492 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34306 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 110,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 09172013_191229

Files moved on Reboot...

Registry entries deleted on Reboot...

[jaro3]

Spusť OTM a klikni na Clean Up!

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

[mlha]

Dík moc

[memphisto]

i za jara není zač