Preventivni kontrola logu z RSIT

[Peky]

Dobry podvecer, prosim o kontrolu logu. PC je jakesi zabrzdene. diky

Logfile of random's system information tool 1.09 (written by random/random)
Run by Radek at 2013-10-11 18:42:50
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 132 GB (87%) free of 153 GB
Total RAM: 1023 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:43:18, on 11.10.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Radek\Local Settings\Temporary Internet Files\Content.IE5\SW0XM261\RSIT[1].exe
C:\Program Files\trend micro\Radek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0 ... rol_32.CAB
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe

--
End of file - 3512 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Allway Sync_{4927CC08F2AFB4BE0E03BC4D2505C7BF}.job
C:\WINDOWS\tasks\Allway Sync_{4F048EE96F1E39D3B6F944C68749B5B5}.job
C:\WINDOWS\tasks\Express FilesUpdate.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{996AA60E-3CCA-4039-960B-62AC5A6087F8}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"=c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [2002-10-23 86016]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2005-05-19 57344]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Software\Internet\Zoiper_2.14_Free\Zoiper.exe"="C:\Software\Internet\Zoiper_2.14_Free\Zoiper.exe:*:Enabled:Zoiper"
"C:\Program Files\Attractel\Zoiper\Zoiper.exe"="C:\Program Files\Attractel\Zoiper\Zoiper.exe:*:Enabled:Zoiper"
"C:\Program Files\CounterPath\X-Lite\x-lite.exe"="C:\Program Files\CounterPath\X-Lite\x-lite.exe:*:Enabled:X-Lite"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\ExpressFiles\expressdl.exe"="C:\Program Files\ExpressFiles\expressdl.exe:*:Enabled:Express Files"
"C:\Program Files\ExpressFiles\ExpressFiles.exe"="C:\Program Files\ExpressFiles\ExpressFiles.exe:*:Enabled:Express Files"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=ctwdm32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=ctwdm32.dll

======List of files/folders created in the last 1 month======

2013-10-11 18:42:50 ----D---- C:\rsit

======List of files/folders modified in the last 1 month======

2013-10-11 18:43:03 ----D---- C:\Program Files\trend micro
2013-10-11 18:42:57 ----D---- C:\WINDOWS\Prefetch
2013-10-11 18:38:12 ----D---- C:\WINDOWS\Temp
2013-10-11 18:36:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-10-11 18:31:07 ----HD---- C:\WINDOWS\inf
2013-10-11 18:31:07 ----D---- C:\WINDOWS
2013-10-11 18:31:05 ----D---- C:\WINDOWS\system32\CatRoot2
2013-10-08 19:48:02 ----D---- C:\Program Files\AutoCAD LT 98
2013-10-06 09:50:26 ----D---- C:\Documents and Settings\Radek\Data aplikací\ICQ
2013-09-24 11:50:54 ----D---- C:\WINDOWS\system32
2013-09-24 11:50:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-09-12 19:08:36 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2010-12-17 31088]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R3 ctljystk;Game port pro zařízení Creative SB Live!; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2002-09-25 140800]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-04-14 1897408]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-04-14 701440]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S3 NetSvc;Intel NCS NetService; c:\Program Files\Intel\NCS\Sync\NetSvc.exe [2002-09-27 139264]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

[Mc_Murphy]

Zdravím.

Vydrž minutku, na logu se intenzivně pracuje.

[Mc_Murphy]

Stáhni Junkware Removal Tool - http://thisisudax.org/downloads/JRT.exe

• Ulož jej nejlépe na Plochu.
• Po spuštění se zobrazí licenční podmínky, stiskni libovolnou klávesu.
• Proběhne vytvoření zálohy a následně prohledávání.
• Proběhne scanováni a pak se objeví log, který bude případně uložen v C:\JRT jako JRT.txt, ten mi sem vlož.

[Peky]

ajajaj je tam snad nejaka breberka ?


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Radek on so 12.10.2013 at 9:54:48,06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 12.10.2013 at 10:00:40,35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diky Peky

[Mc_Murphy]

Stáhni AdwCleaner - http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulož jej nejlépe na Plochu.
• Ukonči všechny programy!!
• Spusť AdwCleaner.
• Klikni na tlačítko [Scan].
• Proběhne scan.
• Po kliknutí na tlačítko [Report] na Tebe vyskočí log - jeho obsah mi sem vlož.
• Log bude případně uložen na systémovém disku jako C:\AdwCleaner\AdwCleaner[R?].txt.

[Peky]

ok tady to je

# AdwCleaner v3.007 - Report created 13/10/2013 at 09:19:53
# Updated 09/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Radek - RADEK
# Running from : C:\Documents and Settings\Radek\Local Settings\Temporary Internet Files\Content.IE5\REQSTJCL\adwcleaner[1].exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\WINDOWS\Tasks\Express FilesUpdate.job
Folder Found C:\Documents and Settings\All Users\Data aplikací\Babylon
Folder Found C:\Documents and Settings\All Users\Data aplikací\ICQ\ICQToolbar
Folder Found C:\Documents and Settings\All Users\Data aplikací\Tarma Installer
Folder Found C:\Documents and Settings\Radek\Data aplikací\ExpressFiles

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\536dedabc35e847
Key Found : HKCU\Software\ExpressFiles
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BrowserProtect
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\536dedabc35e847
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\Software\ExpressFiles
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje
Key Found : HKLM\Software\ICQ\ICQToolbar
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\ExpressFiles\expressdl.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\ExpressFiles\ExpressFiles.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search] - hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

-\\ Mozilla Firefox v

[ File : C:\Documents and Settings\Radek\Data aplikací\Mozilla\Firefox\Profiles\[opt]rs0\prefs.js ]


*************************

AdwCleaner[R0].txt - [2766 octets] - [13/10/2013 09:19:53]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2826 octets] ##########

[Mc_Murphy]

Provedeme opravy.

• Ukonči všechny programy!!
• Spusť AdwCleaner znovu.
• Klikni na tlačítko [Clean].
• Proběhne vyčištění.
• Po restartu PC\NTB na Tebe vyskočí log - jeho obsah mi sem vlož.
• Log může být zobrazen také kliknutím na tlačítko [Report] nebo bude případně uložen na systémovém disku jako C:\AdwCleaner\AdwCleaner[S?].txt.

[Peky]

ok tady to je

# AdwCleaner v3.007 - Report created 13/10/2013 at 09:19:53
# Updated 09/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Radek - RADEK
# Running from : C:\Documents and Settings\Radek\Local Settings\Temporary Internet Files\Content.IE5\REQSTJCL\adwcleaner[1].exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\WINDOWS\Tasks\Express FilesUpdate.job
Folder Found C:\Documents and Settings\All Users\Data aplikací\Babylon
Folder Found C:\Documents and Settings\All Users\Data aplikací\ICQ\ICQToolbar
Folder Found C:\Documents and Settings\All Users\Data aplikací\Tarma Installer
Folder Found C:\Documents and Settings\Radek\Data aplikací\ExpressFiles

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\536dedabc35e847
Key Found : HKCU\Software\ExpressFiles
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BrowserProtect
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\536dedabc35e847
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\Software\ExpressFiles
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje
Key Found : HKLM\Software\ICQ\ICQToolbar
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\ExpressFiles\expressdl.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\ExpressFiles\ExpressFiles.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search] - hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

-\\ Mozilla Firefox v

[ File : C:\Documents and Settings\Radek\Data aplikací\Mozilla\Firefox\Profiles\[opt]rs0\prefs.js ]


*************************

AdwCleaner[R0].txt - [2766 octets] - [13/10/2013 09:19:53]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2826 octets] ##########

[Mc_Murphy]

Nedal jsi opravy, ale zase jen hledat, tak znova...

[Peky]

ok jasne tady to je (nevsiml jsem se odpovedi a hodil tam to samy )

# AdwCleaner v3.007 - Report created 15/10/2013 at 17:20:34
# Updated 09/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Radek - RADEK
# Running from : C:\Documents and Settings\Radek\Local Settings\Temporary Internet Files\Content.IE5\8LQ07BFG\adwcleaner[1].exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\ICQ\ICQToolbar
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Tarma Installer
Folder Deleted : C:\Documents and Settings\Radek\Data aplikací\ExpressFiles
File Deleted : C:\WINDOWS\Tasks\Express FilesUpdate.job

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BrowserProtect
Key Deleted : HKCU\Software\536dedabc35e847
Key Deleted : HKLM\SOFTWARE\536dedabc35e847
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\ExpressFiles\expressdl.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\ExpressFiles\ExpressFiles.exe]
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\ICQ\ICQToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Mozilla Firefox v

[ File : C:\Documents and Settings\Radek\Data aplikací\Mozilla\Firefox\Profiles\[opt]rs0\prefs.js ]


*************************

AdwCleaner[R0].txt - [2906 octets] - [13/10/2013 09:19:53]
AdwCleaner[R1].txt - [2966 octets] - [15/10/2013 17:19:31]
AdwCleaner[S0].txt - [2873 octets] - [15/10/2013 17:20:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2933 octets] ##########

[Mc_Murphy]

OK, v poho. Stáhni RogueKiller - http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

• Ulož jej nejlépe na Plochu.
• Ukonči všechny programy!
• Spusť RogueKiller.
• Počkej, než program dokončí Prescan.
• Potom klikni na tlačítko [Prohledat] a počkej, až prohlídka proběhne.
• Klikni na tlačítko [Zpráva] - otevře se log, ten mi sem vlož.
• Detailní postup včetně obrázků najdeš zde: http://forum.viry.cz/viewtopic.php?f=24&t=120452

[Peky]

RogueKiller V8.7.4 [Oct 16 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Radek [Práva správce]
Mód : Kontrola -- Datum : 10/16/2013 17:44:52
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 3 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> NALEZENO
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standardní diskové jednotky) - WDC WD1600AVBB-63SYA0 +++++
--- User ---
[MBR] 3018c4dc4ae66b255024b334d169cc08
[BSP] e1a12b05bd6df1a248b1335c9a83b095 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_S_10162013_174452.txt >>

[Mc_Murphy]

Takže provedeme další opravy.

• Ukonči všechny programy!
• Spusť RogueKiller.
• Počkej, než program dokončí Prescan.
• Zvol možnost [Prohledat] a počkej, až prohlídka proběhne.
• V záložce Registry nech všechny nálezy označeny.
• Klikni na tlačítko [Smazat] a následně na [Zpráva] - otevře se log, ten mi sem vlož.

[Peky]

ok tady to je

RogueKiller V8.7.4 [Oct 16 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Radek [Práva správce]
Mód : Odebrat -- Datum : 10/19/2013 09:30:32
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 3 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> VYMAZÁNO
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standardní diskové jednotky) - WDC WD1600AVBB-63SYA0 +++++
--- User ---
[MBR] 3018c4dc4ae66b255024b334d169cc08
[BSP] e1a12b05bd6df1a248b1335c9a83b095 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_D_10192013_093032.txt >>
RKreport[0]_S_10192013_093030.txt

[Mc_Murphy]

Vlož mi sem prosím nový aktuální log ze RSITu, ať se podívám, co se povedlo a co zatím ne.