Prosím o kontrolu logu - problém s centrem zabezpečení

Zpráva

Lemur · #1 Příspěvek od **Lemur** » 25 pro 2012 16:19

Dobrý den,
nemůžu spustit bránu firewall systému windows ani windows defender myslím že mám v PC vir. Prosím o radu a moc děkuji.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Michal Posvar at 2012-12-25 16:14:49
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 14 GB (5%) free of 297 GB
Total RAM: 2047 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:14:52, on 25.12.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2RPK.EXE
C:\Windows\system32\spool\DRIVERS\W32X86\3\CNABCSWK.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Michal Posvar\Desktop\RSIT.exe
C:\Program Files\trend micro\Michal Posvar.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 177.100.19.151:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [CNAP2 Launcher] C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-159780402-3137050833-2999077547-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 10673 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\NeroLiveEpgUpdate-MichalPosvar-PC_Michal-Posvar.job
C:\Windows\tasks\NeroLiveEpgUpdate-MICHALPOSVAR_Michal-Posvar.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Michal Posvar\AppData\Roaming\Mozilla\Firefox\Profiles\ayzwwxfw.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.google.cz/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {20a82645-c095-46ed-80e3-08825760534b}:0.0.0, {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1, {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:2.5.6.0, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5, {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:4.0.1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.27"
prefs.js - "keyword.URL" - "http://search.conduit.com/ResultsExt.as ... 2475029&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.135 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@garmin.com/GpsControl]
"Description"=Garmin GPS Control for Firefox
"Path"=C:\Program Files\Garmin GPS Plugin\npGarmin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.9.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852]
"Description"=RealMedia Plugin
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662]
"Description"=RealPlayer Version Plugin
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46]
"Description"=6.0.12.46
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
temp
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
AskHPRFF.js
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
NPOFF12.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
nsIQTScriptablePlugin.xpt
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Michal Posvar\AppData\Roaming\Mozilla\Firefox\Profiles\ayzwwxfw.default\extensions\
{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

C:\Users\Michal Posvar\AppData\Roaming\Mozilla\Firefox\Profiles\ayzwwxfw.default\searchplugins\
askcom.xml
conduit.xml
icqplugin-1.xml
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-11-26 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll [2012-06-11 1307728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-11-26 155384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{BFC32E1D-EE75-4A48-BC60-104E11EE2431}
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll [2012-06-11 1307728]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"ICQ Sniffer"= []
"CNAP2 Launcher"=C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE [2010-01-11 226784]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-05-30 59280]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2012-06-07 421776]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-10-30 4297136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"= []
"AdobeBridge"= []
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2007-07-02 220544]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2007-07-02 220544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
C:\Windows\system32\CTXFIHLP.EXE [2008-07-11 19968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EADM\Core.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostSurf Reminder]
C:\Program Files\GhostSurf 2005\Privacy Control Center.exe reminder []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-10-22 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\hp\support\hpsysdrv.exe [2007-04-18 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-07-12 178712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IM Sniffer]
C:\Program Files\IM Sniffer\IMSniffer.exe -start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qyvota]
C:\Users\Michal Posvar\Desktop\qyvota.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2008-03-26 5369856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2011-08-08 1242448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]
C:\Windows\system32\jureg.exe [2008-06-10 54672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Michal Posvar^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2009-02-26 97680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"VIDC.DIVX"=divx.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"msacm.vorbis"=vorbis.acm
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-12-25 16:07:14 ----D---- C:\rsit
2012-12-25 16:07:14 ----D---- C:\Program Files\trend micro
2012-12-24 14:18:52 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2012-12-24 14:18:50 ----A---- C:\Windows\system32\drivers\aswSP.sys
2012-12-24 14:18:42 ----A---- C:\Windows\system32\drivers\aswFW.sys
2012-12-24 14:17:31 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2012-12-24 14:17:31 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2012-12-24 14:17:31 ----A---- C:\Windows\system32\drivers\aswNdis2.sys
2012-12-24 14:17:30 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2012-12-24 14:17:30 ----A---- C:\Windows\system32\drivers\aswKbd.sys
2012-12-24 14:17:29 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2012-12-24 14:16:49 ----A---- C:\Windows\system32\drivers\aswNdis.sys
2012-12-24 14:16:48 ----A---- C:\Windows\avastSS.scr
2012-12-24 14:16:47 ----A---- C:\Windows\system32\aswBoot.exe
2012-12-24 14:16:18 ----D---- C:\ProgramData\AVAST Software
2012-12-24 14:16:18 ----D---- C:\Program Files\AVAST Software
2012-12-24 13:40:55 ----ASH---- C:\hiberfil.sys
2012-12-24 13:35:44 ----A---- C:\Windows\ntbtlog.txt
2012-12-24 12:39:28 ----D---- C:\ProgramData\ESET
2012-12-24 12:26:23 ----D---- C:\Program Files\Mega Codec Pack
2012-12-21 07:01:02 ----A---- C:\Windows\system32\atmlib.dll
2012-12-21 07:01:02 ----A---- C:\Windows\system32\atmfd.dll
2012-12-13 19:17:00 ----A---- C:\Windows\system32\vbscript.dll
2012-12-13 19:17:00 ----A---- C:\Windows\system32\mshtmled.dll
2012-12-13 19:16:59 ----A---- C:\Windows\system32\jsproxy.dll
2012-12-13 19:16:59 ----A---- C:\Windows\system32\ieui.dll
2012-12-13 19:16:58 ----A---- C:\Windows\system32\msfeeds.dll
2012-12-13 19:16:58 ----A---- C:\Windows\system32\ieUnatt.exe
2012-12-13 19:16:57 ----A---- C:\Windows\system32\wininet.dll
2012-12-13 19:16:57 ----A---- C:\Windows\system32\jscript.dll
2012-12-13 19:16:56 ----A---- C:\Windows\system32\url.dll
2012-12-13 19:16:56 ----A---- C:\Windows\system32\jscript9.dll
2012-12-13 19:16:56 ----A---- C:\Windows\system32\iertutil.dll
2012-12-13 19:16:55 ----A---- C:\Windows\system32\urlmon.dll
2012-12-13 19:16:53 ----A---- C:\Windows\system32\ieframe.dll
2012-12-13 19:16:48 ----A---- C:\Windows\system32\mshtml.dll
2012-12-13 03:09:10 ----A---- C:\Windows\system32\Wdfres.dll
2012-12-13 03:09:00 ----A---- C:\Windows\system32\drivers\WUDFRd.sys
2012-12-13 03:09:00 ----A---- C:\Windows\system32\drivers\WUDFPf.sys
2012-12-13 03:08:59 ----A---- C:\Windows\system32\WUDFSvc.dll
2012-12-13 03:08:59 ----A---- C:\Windows\system32\WUDFPlatform.dll
2012-12-13 03:08:59 ----A---- C:\Windows\system32\winusb.dll
2012-12-13 03:08:58 ----A---- C:\Windows\system32\drivers\WdfLdr.sys
2012-12-13 03:08:58 ----A---- C:\Windows\system32\drivers\Wdf01000.sys
2012-12-13 03:08:56 ----A---- C:\Windows\system32\WUDFx.dll
2012-12-13 03:08:56 ----A---- C:\Windows\system32\WUDFHost.exe
2012-12-13 03:08:56 ----A---- C:\Windows\system32\WUDFCoinstaller.dll
2012-12-13 03:05:17 ----A---- C:\Windows\system32\drivers\volsnap.sys
2012-12-13 03:05:14 ----A---- C:\Windows\system32\dpnsvr.exe
2012-12-13 03:05:14 ----A---- C:\Windows\system32\dpnet.dll
2012-12-13 03:05:05 ----A---- C:\Windows\system32\win32k.sys
2012-12-13 03:04:56 ----A---- C:\Windows\system32\kernel32.dll
2012-12-13 03:03:56 ----A---- C:\Windows\system32\tzres.dll
2012-12-06 09:03:45 ----D---- C:\Program Files\Mozilla Firefox
2012-11-26 07:49:11 ----A---- C:\Windows\system32\javaws.exe
2012-11-26 07:49:03 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2012-11-26 07:49:03 ----A---- C:\Windows\system32\javaw.exe
2012-11-26 07:49:03 ----A---- C:\Windows\system32\java.exe

======List of files/folders modified in the last 1 month======

2012-12-25 16:07:14 ----RD---- C:\Program Files
2012-12-25 15:57:00 ----HD---- C:\Windows\Temp
2012-12-25 15:48:19 ----D---- C:\ProgramData\NVIDIA
2012-12-25 15:43:48 ----SD---- C:\ProgramData\Microsoft
2012-12-25 12:57:46 ----D---- C:\Windows\system32\drivers
2012-12-25 12:50:13 ----D---- C:\Windows
2012-12-24 14:18:30 ----D---- C:\Windows\system32\catroot
2012-12-24 14:18:29 ----D---- C:\Windows\inf
2012-12-24 14:18:27 ----D---- C:\Windows\system32\catroot2
2012-12-24 14:18:24 ----SHD---- C:\System Volume Information
2012-12-24 14:17:27 ----D---- C:\Windows\system32\Tasks
2012-12-24 14:17:16 ----SHD---- C:\Windows\Installer
2012-12-24 14:17:16 ----SHD---- C:\Config.Msi
2012-12-24 14:16:47 ----D---- C:\Windows\System32
2012-12-24 14:16:18 ----HD---- C:\ProgramData
2012-12-24 14:07:35 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-12-24 13:35:54 ----D---- C:\Windows\Minidump
2012-12-24 12:39:27 ----D---- C:\Program Files\ESET
2012-12-24 12:28:18 ----D---- C:\Users\Michal Posvar\AppData\Roaming\uTorrent
2012-12-24 12:27:04 ----D---- C:\Windows\Prefetch
2012-12-21 12:39:24 ----D---- C:\Windows\winsxs
2012-12-19 18:55:24 ----D---- C:\Users\Michal Posvar\AppData\Roaming\Vso
2012-12-17 23:59:35 ----A---- C:\Windows\WDICT32.INI
2012-12-13 21:32:09 ----D---- C:\Windows\rescache
2012-12-13 21:11:02 ----D---- C:\Windows\system32\migration
2012-12-13 21:10:58 ----D---- C:\Program Files\Internet Explorer
2012-12-13 19:16:23 ----D---- C:\ProgramData\Microsoft Help
2012-12-13 19:15:35 ----D---- C:\Windows\system32\cs-CZ
2012-12-13 03:26:22 ----D---- C:\Windows\system32\wbem
2012-12-13 03:26:22 ----D---- C:\Windows\system32\drivers\cs-CZ
2012-12-13 03:03:15 ----A---- C:\Windows\system32\mrt.exe
2012-12-11 23:09:33 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2012-12-07 09:30:28 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-12-05 16:59:05 ----D---- C:\Users\Michal Posvar\AppData\Roaming\NVIDIA
2012-11-28 00:09:58 ----D---- C:\Windows\Tasks
2012-11-28 00:08:52 ----A---- C:\Windows\NeroDigital.ini
2012-11-26 07:48:51 ----A---- C:\Windows\system32\npdeployJava1.dll
2012-11-26 07:48:51 ----A---- C:\Windows\system32\deployJava1.dll
2012-11-26 07:48:47 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswNdis;avast! Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\aswNdis.sys [2012-09-21 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service; C:\Windows\system32\drivers\aswNdis2.sys [2012-10-30 199320]
R0 iaStor;Intel RAID Controller; C:\Windows\system32\drivers\iastor.sys [2007-07-12 305176]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2008-10-11 685816]
R1 ASPI32;ASPI32; C:\Windows\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 aswFW;avast! TDI Firewall driver; C:\Windows\system32\drivers\aswFW.sys [2012-10-30 106560]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2012-10-30 20624]
R1 AswRdr;aswRdr; C:\Windows\system32\drivers\AswRdr.sys [2012-10-30 35928]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-10-30 738504]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-10-30 361032]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-10-30 54232]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-10-30 21256]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-10-30 58680]
R2 RMCAST;Ovladač protokolu RMCAST (Pgm); C:\Windows\system32\DRIVERS\RMCAST.sys [2009-04-11 113664]
R3 CT20XUT.DLL;CT20XUT.DLL; C:\Windows\system32\CT20XUT.DLL [2008-07-15 170520]
R3 ctac32k;Creative AC3 Software Decoder; C:\Windows\system32\drivers\ctac32k.sys [2008-07-15 511000]
R3 ctaud2k;Creative Audio Driver (WDM); C:\Windows\system32\drivers\ctaud2k.sys [2008-07-15 527384]
R3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\Windows\system32\CTEXFIFX.DLL [2008-07-15 1323544]
R3 CTHWIUT.DLL;CTHWIUT.DLL; C:\Windows\system32\CTHWIUT.DLL [2008-07-15 72728]
R3 ctprxy2k;Creative Proxy Driver; C:\Windows\system32\drivers\ctprxy2k.sys [2008-07-15 14360]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\Windows\system32\drivers\ctsfm2k.sys [2008-07-15 157208]
R3 emupia;E-mu Plug-in Architecture Driver; C:\Windows\system32\drivers\emupia2k.sys [2008-07-15 92696]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 ha20x2k;Creative 20X HAL Driver; C:\Windows\system32\drivers\ha20x2k.sys [2008-07-15 1173016]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture; C:\Windows\system32\drivers\HCW85BDA.sys [2008-03-19 1176064]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-03-26 2103512]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2012-10-10 10837352]
R3 ossrv;Creative OS Services Driver; C:\Windows\system32\drivers\ctoss2k.sys [2008-07-15 127000]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-12-13 47360]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-10-03 99840]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S0 BtHidBus;Bluetooth HID Bus Service; C:\Windows\System32\Drivers\BtHidBus.sys []
S2 Nsynas32;Nsynas32; C:\Windows\system32\drivers\Nsynas32.sys []
S3 a87ep5uy;a87ep5uy; C:\Windows\system32\drivers\a87ep5uy.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys []
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-10-01 220160]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-10-01 29184]
S3 btnetBUs;IVT Bluetooth Bus Service for BtNic; C:\Windows\System32\Drivers\btnetBus.sys [2008-10-22 29832]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\Windows\system32\drivers\ctdvda2k.sys [2008-07-15 347080]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2011-02-09 25280]
S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\Windows\System32\Drivers\IvtBtBus.sys []
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 ndiscm;Motorola SURFboard USB Cable Modem Windows Driver; C:\Windows\system32\DRIVERS\NetMotCM.sys [2004-02-09 15360]
S3 NTIDrvr;NTIDrvr; \??\C:\Program Files\muvee Technologies\muvee autoProducer 6.1 - HPD\mvBurnerDll\NTIDrvr.sys []
S3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\Windows\system32\drivers\ScreamingBAudio.sys [2009-11-26 34384]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 TTM57SLUsb;TTM 57SL USB driver; C:\Windows\System32\Drivers\TTM57SLUsb.sys [2007-05-21 29568]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2012-02-15 43520]
S3 usbaudio;Ovladač zvuků USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-05-24 55184]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-30 44808]
R2 avast! Firewall;avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2012-10-30 133912]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-04-30 417792]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-07-12 354840]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 NIHardwareService;NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 3576320]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-10-02 645992]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-10 1258856]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 BBUpdate;BBUpdate; C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-06-07 821648]
S2 BBSvc;BingBar Service; C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
S2 BlueSoleilCS;BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-18 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-10-11 72704]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-11 250808]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2008-10-03 79360]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-13 654848]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-18 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-12-06 115168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-03-16 407336]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

#2 Příspěvek od **Márty84** » 25 pro 2012 17:50

Zdravim

Proc chcete spoustet firewall windowsu, kdyz vam bezi firewall Avastu? Nebo alespon v logu je toto.
R2 avast! Firewall;avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2012-10-30 133912]

Defender je taky zbytecny, avst ma i stit proti Spyware.

Zustal vam tam taky viset pozustatek Esetu. Dame ho do pryc. Ale pujdeme poporade

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Search a program zacne pracovat.
Az skonci, vyplivne na vas log (pokud ne, najdete ho zde C:\AdwCleaner[R?].txt ), ten mi sem zkopirujte.

Lemur · #3 Příspěvek od **Lemur** » 25 pro 2012 18:28

Dobrý den,
děkuji za radu popíšu Vám jak se mi do systému ten vir dostal. Instaloval jsem "kodeky" ale bohužel se o kodeky nejednalo a místo kodeků jsem nainstaloval vir. po instalaci se zablokoval firewall a internetová ochrana od esetu a ani jedno nešlo zapnout. Eset mi radil at eset internet security přeinstaluji. O to jsem se pokoušel ale vždy úplně na konci instalace se celá instalace vrátila bezdůvodně zpět. takže eset internet security ani eset antiwirus nainstalovat nešli tak jsem provizorně nainstaloval trial verzi avastu internet security a nechal zkontrolovat počítač. Všechny viry co mi avast našel jsem smazal. Rád bych opět odinstaloval Avast a vrátil se k esetu ale nevím jestli mi nyní půjde naistalovat. Mám strach že odinstaluju avast a budu opět bez ineternetové ochrany.

Děkuji Vám moc za pomoc

#4 Příspěvek od **Márty84** » 25 pro 2012 18:42

OK.

Nejdrive to vycistime, protoze je tam smeti jak maku, pak se zbavime toho zbytku esetu (protoze by tam nemusel jit nainstalovat novy), pak odinstalujete Avast + pouzijete jejich cistic, no a pak tam zkusite dat znovu Eset. Tot predbezny plan

Takze pokud s timto postupem souhlasite, udelejte krok s AdwCleanerem, jak jsem psal.

A kouknete do truhly Avastu a napiste mi nazvy tech viru a jejich umisteni.

Lemur · #5 Příspěvek od **Lemur** » 25 pro 2012 19:05

Díky za pomoc

První krok s Adwcleanerem jsem udělal a vyplivl mi tohle:

# AdwCleaner v2.102 - Logfile created 12/25/2012 at 18:52:51
# Updated 23/12/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Michal Posvar - MICHALPOSVAR
# Boot Mode : Normal
# Running from : C:\Users\Michal Posvar\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js
File Found : C:\Users\Michal Posvar\AppData\Roaming\Mozilla\Firefox\Profiles\ayzwwxfw.default\searchplugins\Askcom.xml
File Found : C:\Users\Michal Posvar\AppData\Roaming\Mozilla\Firefox\Profiles\ayzwwxfw.default\searchplugins\Conduit.xml
File Found : C:\Users\Michal Posvar\AppData\Roaming\Mozilla\Firefox\Profiles\ayzwwxfw.default\searchplugins\icqplugin.xml
File Found : C:\Users\Michal Posvar\AppData\Roaming\Mozilla\Firefox\Profiles\ayzwwxfw.default\searchplugins\icqplugin-1.xml
File Found : C:\Users\MICHAL~1\AppData\Local\Temp\Uninstall.exe
File Found : C:\Windows\system32\conduitEngine.tmp
Folder Found : C:\Program Files\ConduitEngine
Folder Found : C:\Program Files\ICQ6Toolbar
Folder Found : C:\ProgramData\ICQ\ICQToolbar
Folder Found : C:\Users\Michal Posvar\AppData\Local\Conduit
Folder Found : C:\Users\Michal Posvar\AppData\LocalLow\Conduit
Folder Found : C:\Users\Michal Posvar\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Michal Posvar\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Michal Posvar\AppData\Roaming\Mozilla\Firefox\Profiles\ayzwwxfw.default\Conduit
Folder Found : C:\Users\Michal Posvar\AppData\Roaming\Mozilla\Firefox\Profiles\ayzwwxfw.default\CT2475029
Folder Found : C:\Users\Michal Posvar\AppData\Roaming\Mozilla\Firefox\Profiles\ayzwwxfw.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0926F81D-817F-462D-8058-FEBCE1E57BF6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AD6B87E1-AC5A-4E5F-B088-30B3A2939EF2}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKU\S-1-5-21-159780402-3137050833-2999077547-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKU\S-1-5-21-159780402-3137050833-2999077547-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Found : HKU\S-1-5-21-159780402-3137050833-2999077547-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

-\\ Mozilla Firefox v17.0.1 (cs)

File : C:\Users\Michal Posvar\AppData\Roaming\Mozilla\Firefox\Profiles\ayzwwxfw.default\prefs.js

Found : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2269050.CTID", "CT2269050");
Found : user_pref("CT2269050.CurrentServerDate", "14-7-2010");
Found : user_pref("CT2269050.DialogsAlignMode", "LTR");
Found : user_pref("CT2269050.DownloadReferralCookieData", "");
Found : user_pref("CT2269050.EMailNotifierPollDate", "Wed Jul 14 2010 15:59:32 GMT+0200");
Found : user_pref("CT2269050.FirstServerDate", "14-7-2010");
Found : user_pref("CT2269050.FirstTime", true);
Found : user_pref("CT2269050.FirstTimeFF3", true);
Found : user_pref("CT2269050.FirstTimeSettingsDone", true);
Found : user_pref("CT2269050.FixPageNotFoundErrors", true);
Found : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2269050.Initialize", true);
Found : user_pref("CT2269050.InitializeCommonPrefs", true);
Found : user_pref("CT2269050.InstallationAndCookieDataSentCount", 1);
Found : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Found : user_pref("CT2269050.InstalledDate", "Wed Jul 14 2010 15:59:32 GMT+0200");
Found : user_pref("CT2269050.InvalidateCache", false);
Found : user_pref("CT2269050.IsGrouping", false);
Found : user_pref("CT2269050.IsMulticommunity", false);
Found : user_pref("CT2269050.IsOpenThankYouPage", false);
Found : user_pref("CT2269050.IsOpenUninstallPage", false);
Found : user_pref("CT2269050.LanguagePackLastCheckTime", "Wed Jul 14 2010 15:59:33 GMT+0200");
Found : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2269050.LastLogin_2.7.0.14", "Wed Jul 14 2010 15:59:32 GMT+0200");
Found : user_pref("CT2269050.LatestVersion", "2.1.0.18");
Found : user_pref("CT2269050.Locale", "en");
Found : user_pref("CT2269050.LoginCache", 4);
Found : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Found : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Found : user_pref("CT2269050.RadioIsPodcast", false);
Found : user_pref("CT2269050.RadioLastCheckTime", "Wed Jul 14 2010 15:59:33 GMT+0200");
Found : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Found : user_pref("CT2269050.RadioMediaID", "12473383");
Found : user_pref("CT2269050.RadioMediaType", "Media Player");
Found : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Found : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Found : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Found : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Found : user_pref("CT2269050.SearchInNewTabEnabled", true);
Found : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Wed Jul 14 2010 15:59:33 GMT+0200");
Found : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2269050.SettingsLastCheckTime", "Wed Jul 14 2010 15:59:29 GMT+0200");
Found : user_pref("CT2269050.SettingsLastUpdate", "1277823092");
Found : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Wed Jul 14 2010 15:59:29 GMT+0200");
Found : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1277823092");
Found : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Found : user_pref("CT2269050.UserID", "UN81151946565559375");
Found : user_pref("CT2269050.WeatherNetwork", "");
Found : user_pref("CT2269050.WeatherPollDate", "Wed Jul 14 2010 15:59:32 GMT+0200");
Found : user_pref("CT2269050.WeatherUnit", "C");
Found : user_pref("CT2269050.alertChannelId", "666138");
Found : user_pref("CT2269050.clientLogIsEnabled", false);
Found : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2269050.myStuffEnabled", true);
Found : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CT2475029.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2475029.CTID", "ct2475029");
Found : user_pref("CT2475029.CommunitiesChangesLastCheckTime", "Thu Jul 14 2011 18:46:23 GMT+0200");
Found : user_pref("CT2475029.CommunityChanged", true);
Found : user_pref("CT2475029.CurrentServerDate", "14-7-2011");
Found : user_pref("CT2475029.DialogsAlignMode", "LTR");
Found : user_pref("CT2475029.DownloadDomainsCheckInterval", "168");
Found : user_pref("CT2475029.DownloadDomainsListLastCheckTime", "Thu Jul 14 2011 18:46:24 GMT+0200");
Found : user_pref("CT2475029.DownloadDomainsListLastServerUpdateTime", "1201069983");
Found : user_pref("CT2475029.EMailNotifierPollDate", "Thu Jul 14 2011 18:46:26 GMT+0200");
Found : user_pref("CT2475029.FeedLastCount129133095456874337", 0);
Found : user_pref("CT2475029.FeedPollDate129132307482029379", "Thu Jul 14 2011 18:46:24 GMT+0200");
Found : user_pref("CT2475029.FeedPollDate129132307482029381", "Thu Jul 14 2011 18:46:24 GMT+0200");
Found : user_pref("CT2475029.FeedPollDate129132307482029382", "Thu Jul 14 2011 18:46:25 GMT+0200");
Found : user_pref("CT2475029.FeedPollDate129133095459686870", "Thu Jul 14 2011 18:46:24 GMT+0200");
Found : user_pref("CT2475029.FeedPollDate129133095459686871", "Thu Jul 14 2011 18:46:24 GMT+0200");
Found : user_pref("CT2475029.FeedPollDate129137437659687146", "Thu Jul 14 2011 18:46:24 GMT+0200");
Found : user_pref("CT2475029.FeedPollDate129137437659687147", "Thu Jul 14 2011 18:46:24 GMT+0200");
Found : user_pref("CT2475029.FeedPollDate129137437659687148", "Thu Jul 14 2011 18:46:24 GMT+0200");
Found : user_pref("CT2475029.FeedTTL129132307482029379", 40);
Found : user_pref("CT2475029.FeedTTL129132307482029381", 40);
Found : user_pref("CT2475029.FeedTTL129132307482029382", 40);
Found : user_pref("CT2475029.FeedTTL129133095459686870", 40);
Found : user_pref("CT2475029.FeedTTL129133095459686871", 40);
Found : user_pref("CT2475029.FeedTTL129137437659687146", 40);
Found : user_pref("CT2475029.FeedTTL129137437659687147", 40);
Found : user_pref("CT2475029.FeedTTL129137437659687148", 40);
Found : user_pref("CT2475029.FirstServerDate", "14-7-2011");
Found : user_pref("CT2475029.FirstTime", true);
Found : user_pref("CT2475029.FirstTimeFF3", true);
Found : user_pref("CT2475029.FixPageNotFoundErrors", true);
Found : user_pref("CT2475029.GroupingLastCheckTime", "Thu Jul 14 2011 18:46:24 GMT+0200");
Found : user_pref("CT2475029.GroupingLastErrorCode", "");
Found : user_pref("CT2475029.GroupingLastResponse", true);
Found : user_pref("CT2475029.GroupingLastServerUpdateTime", "129536623130000000");
Found : user_pref("CT2475029.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2475029.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2475029.Initialize", true);
Found : user_pref("CT2475029.InitializeCommonPrefs", true);
Found : user_pref("CT2475029.InstalledDate", "Thu Jul 14 2011 18:46:23 GMT+0200");
Found : user_pref("CT2475029.InvalidateCache", false);
Found : user_pref("CT2475029.IsGrouping", true);
Found : user_pref("CT2475029.IsMulticommunity", true);
Found : user_pref("CT2475029.IsOpenThankYouPage", false);
Found : user_pref("CT2475029.IsOpenUninstallPage", true);
Found : user_pref("CT2475029.LanguagePackLastCheckTime", "Thu Jul 14 2011 18:46:25 GMT+0200");
Found : user_pref("CT2475029.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2475029.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2475029.LastLogin_2.5.6.0", "Thu Jul 14 2011 18:46:24 GMT+0200");
Found : user_pref("CT2475029.LatestVersion", "3.3.3.2");
Found : user_pref("CT2475029.Locale", "en");
Found : user_pref("CT2475029.LoginCache", 4);
Found : user_pref("CT2475029.MCDetectTooltipHeight", "83");
Found : user_pref("CT2475029.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2475029.MCDetectTooltipWidth", "295");
Found : user_pref("CT2475029.RadioIsPodcast", false);
Found : user_pref("CT2475029.RadioLastCheckTime", "Thu Jul 14 2011 18:46:25 GMT+0200");
Found : user_pref("CT2475029.RadioLastUpdateIPServer", "0");
Found : user_pref("CT2475029.RadioMediaID", "13098944");
Found : user_pref("CT2475029.RadioMediaType", "Media Player");
Found : user_pref("CT2475029.RadioMenuSelectedID", "EBRadioMenu_CT247502913098944");
Found : user_pref("CT2475029.RadioStationName", "Mellesleg%20-%20Rapp");
Found : user_pref("CT2475029.RadioStationURL", "hxxp://195.228.254.168:8060/");
Found : user_pref("CT2475029.SHRINK_TOOLBAR", 1);
Found : user_pref("CT2475029.SavedHomepage", "www.google.cz");
Found : user_pref("CT2475029.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2475029.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2475029.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT247[...]
Found : user_pref("CT2475029.SearchInNewTabEnabled", true);
Found : user_pref("CT2475029.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2475029.SearchInNewTabLastCheckTime", "Thu Jul 14 2011 18:46:24 GMT+0200");
Found : user_pref("CT2475029.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2475029.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2475029.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2475029.SettingsLastCheckTime", "Thu Jul 14 2011 18:46:20 GMT+0200");
Found : user_pref("CT2475029.SettingsLastUpdate", "1309177913");
Found : user_pref("CT2475029.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2475029.ThirdPartyComponentsLastCheck", "Thu Jul 14 2011 18:46:20 GMT+0200");
Found : user_pref("CT2475029.ThirdPartyComponentsLastUpdate", "1246786978");
Found : user_pref("CT2475029.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Found : user_pref("CT2475029.UserID", "UN10223785465787058");
Found : user_pref("CT2475029.WeatherNetwork", "");
Found : user_pref("CT2475029.WeatherPollDate", "Thu Jul 14 2011 18:46:24 GMT+0200");
Found : user_pref("CT2475029.WeatherUnit", "C");
Found : user_pref("CT2475029.clientLogIsEnabled", true);
Found : user_pref("CT2475029.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2475029.ct2475029.DialogsAlignMode", "LTR");
Found : user_pref("CT2475029.ct2475029.FeedLastCount129133095456874337", 160);
Found : user_pref("CT2475029.ct2475029.GroupingInvalidateCache", false);
Found : user_pref("CT2475029.ct2475029.GroupingLastCheckTime", "Thu Jul 14 2011 18:46:25 GMT+0200");
Found : user_pref("CT2475029.ct2475029.GroupingLastErrorCode", "");
Found : user_pref("CT2475029.ct2475029.GroupingLastResponse", true);
Found : user_pref("CT2475029.ct2475029.GroupingLastServerUpdateTime", "129536623130000000");
Found : user_pref("CT2475029.ct2475029.InvalidateCache", false);
Found : user_pref("CT2475029.ct2475029.LanguagePackLastCheckTime", "Thu Jul 14 2011 18:46:26 GMT+0200");
Found : user_pref("CT2475029.ct2475029.Locale", "en");
Found : user_pref("CT2475029.ct2475029.RadioLastCheckTime", "Thu Jul 14 2011 18:46:25 GMT+0200");
Found : user_pref("CT2475029.ct2475029.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2475029.ct2475029.RadioLastUpdateServer", "129054397178370000");
Found : user_pref("CT2475029.ct2475029.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_[...]
Found : user_pref("CT2475029.ct2475029.SearchInNewTabLastCheckTime", "Thu Jul 14 2011 18:46:26 GMT+0200");
Found : user_pref("CT2475029.ct2475029.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2475029.ct2475029.SettingsLastCheckTime", "Thu Jul 14 2011 18:46:23 GMT+0200");
Found : user_pref("CT2475029.ct2475029.SettingsLastUpdate", "1309177913");
Found : user_pref("CT2475029.ct2475029.ThirdPartyComponentsLastCheck", "Thu Jul 14 2011 18:46:23 GMT+0200");
Found : user_pref("CT2475029.ct2475029.ThirdPartyComponentsLastUpdate", "1246786978");
Found : user_pref("CT2475029.myStuffEnabled", true);
Found : user_pref("CT2475029.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2475029.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2475029.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2475029.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2475029.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.google.com/search?ie=UTF-8&oe[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,CT2475029");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050,CT2475029");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Jul 14 2010 15:59:32 GMT+0200");
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2475029");
Found : user_pref("CommunityToolbar.twitter.user_1344951.LastCheckTime", "Thu Jul 14 2011 18:46:43 GMT+0200"[...]
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultthis.engineName", "MyAshampoo Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&Sea[...]
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("extensions.snipit.askTbInstalled", true);
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q=");

*************************

AdwCleaner[R1].txt - [20747 octets] - [25/12/2012 18:52:51]

########## EOF - C:\AdwCleaner[R1].txt - [20808 octets] ##########

Ve virové truhle avastu mám pouze tohle:

dfsc.sys
c:\windows\system32\drivers
popis viru: win32:aluroot-e [Rtk]

ostatní infikované soubory jsem smazal...

#6 Příspěvek od **Márty84** » 25 pro 2012 20:50

Znovu ukoncete vsechny programy a spustte AdwCleaner jako spravce.
Tentokrat kliknete na Delete
Program zacne pracovat (muze dojit k restartu pc) a vyplivne dalsi log (pripadne bude zde C:\AdwCleaner [S1].txt ). Ten mi sem zase zkopirujte.

Lemur · #7 Příspěvek od **Lemur** » 26 pro 2012 11:12

Dobrý den, můžem dnes pokračovat v čištění?

tady posílám log z adw cleaneru po stisknutí delete:

# AdwCleaner v2.103 - Logfile created 12/26/2012 at 11:06:22
# Updated 25/12/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Michal Posvar - MICHALPOSVAR
# Boot Mode : Normal
# Running from : C:\Users\Michal Posvar\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Users\MICHAL~1\AppData\Local\Temp\Zynga
File Deleted : C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js
File Deleted : C:\Users\Michal Posvar\AppData\Roaming\Mozilla\Firefox\Profiles\ayzwwxfw.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Michal Posvar\AppData\Roaming\Mozilla\Firefox\Profiles\ayzwwxfw.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Michal Posvar\AppData\Roaming\Mozilla\Firefox\Profiles\ayzwwxfw.default\searchplugins\icqplugin.xml
File Deleted : C:\Users\Michal Posvar\AppData\Roaming\Mozilla\Firefox\Profiles\ayzwwxfw.default\searchplugins\icqplugin-1.xml
File Deleted : C:\Windows\system32\conduitEngine.tmp
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Program Files\ICQ6Toolbar
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\Users\Michal Posvar\AppData\Local\Conduit
Folder Deleted : C:\Users\Michal Posvar\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Michal Posvar\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Michal Posvar\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Michal Posvar\AppData\Roaming\Mozilla\Firefox\Profiles\ayzwwxfw.default\Conduit
Folder Deleted : C:\Users\Michal Posvar\AppData\Roaming\Mozilla\Firefox\Profiles\ayzwwxfw.default\CT2475029
Folder Deleted : C:\Users\Michal Posvar\AppData\Roaming\Mozilla\Firefox\Profiles\ayzwwxfw.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0926F81D-817F-462D-8058-FEBCE1E57BF6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AD6B87E1-AC5A-4E5F-B088-30B3A2939EF2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\49CF605F02C7954F4E139D18828DE298CD59217C
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe_2ac78060bc5856b0c1cf873bb919b58
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (cs)

File : C:\Users\Michal Posvar\AppData\Roaming\Mozilla\Firefox\Profiles\ayzwwxfw.default\prefs.js

Deleted : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2269050.CTID", "CT2269050");
Deleted : user_pref("CT2269050.CurrentServerDate", "14-7-2010");
Deleted : user_pref("CT2269050.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2269050.DownloadReferralCookieData", "");
Deleted : user_pref("CT2269050.EMailNotifierPollDate", "Wed Jul 14 2010 15:59:32 GMT+0200");
Deleted : user_pref("CT2269050.FirstServerDate", "14-7-2010");
Deleted : user_pref("CT2269050.FirstTime", true);
Deleted : user_pref("CT2269050.FirstTimeFF3", true);
Deleted : user_pref("CT2269050.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2269050.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2269050.Initialize", true);
Deleted : user_pref("CT2269050.InitializeCommonPrefs", true);
Deleted : user_pref("CT2269050.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2269050.InstalledDate", "Wed Jul 14 2010 15:59:32 GMT+0200");
Deleted : user_pref("CT2269050.InvalidateCache", false);
Deleted : user_pref("CT2269050.IsGrouping", false);
Deleted : user_pref("CT2269050.IsMulticommunity", false);
Deleted : user_pref("CT2269050.IsOpenThankYouPage", false);
Deleted : user_pref("CT2269050.IsOpenUninstallPage", false);
Deleted : user_pref("CT2269050.LanguagePackLastCheckTime", "Wed Jul 14 2010 15:59:33 GMT+0200");
Deleted : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2269050.LastLogin_2.7.0.14", "Wed Jul 14 2010 15:59:32 GMT+0200");
Deleted : user_pref("CT2269050.LatestVersion", "2.1.0.18");
Deleted : user_pref("CT2269050.Locale", "en");
Deleted : user_pref("CT2269050.LoginCache", 4);
Deleted : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2269050.RadioIsPodcast", false);
Deleted : user_pref("CT2269050.RadioLastCheckTime", "Wed Jul 14 2010 15:59:33 GMT+0200");
Deleted : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Deleted : user_pref("CT2269050.RadioMediaID", "12473383");
Deleted : user_pref("CT2269050.RadioMediaType", "Media Player");
Deleted : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Deleted : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Deleted : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Deleted : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Deleted : user_pref("CT2269050.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Wed Jul 14 2010 15:59:33 GMT+0200");
Deleted : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2269050.SettingsLastCheckTime", "Wed Jul 14 2010 15:59:29 GMT+0200");
Deleted : user_pref("CT2269050.SettingsLastUpdate", "1277823092");
Deleted : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Wed Jul 14 2010 15:59:29 GMT+0200");
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1277823092");
Deleted : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2269050.UserID", "UN81151946565559375");
Deleted : user_pref("CT2269050.WeatherNetwork", "");
Deleted : user_pref("CT2269050.WeatherPollDate", "Wed Jul 14 2010 15:59:32 GMT+0200");
Deleted : user_pref("CT2269050.WeatherUnit", "C");
Deleted : user_pref("CT2269050.alertChannelId", "666138");
Deleted : user_pref("CT2269050.clientLogIsEnabled", false);
Deleted : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2269050.myStuffEnabled", true);
Deleted : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT2475029.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2475029.CTID", "ct2475029");
Deleted : user_pref("CT2475029.CommunitiesChangesLastCheckTime", "Thu Jul 14 2011 18:46:23 GMT+0200");
Deleted : user_pref("CT2475029.CommunityChanged", true);
Deleted : user_pref("CT2475029.CurrentServerDate", "14-7-2011");
Deleted : user_pref("CT2475029.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2475029.DownloadDomainsCheckInterval", "168");
Deleted : user_pref("CT2475029.DownloadDomainsListLastCheckTime", "Thu Jul 14 2011 18:46:24 GMT+0200");
Deleted : user_pref("CT2475029.DownloadDomainsListLastServerUpdateTime", "1201069983");
Deleted : user_pref("CT2475029.EMailNotifierPollDate", "Thu Jul 14 2011 18:46:26 GMT+0200");
Deleted : user_pref("CT2475029.FeedLastCount129133095456874337", 0);
Deleted : user_pref("CT2475029.FeedPollDate129132307482029379", "Thu Jul 14 2011 18:46:24 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129132307482029381", "Thu Jul 14 2011 18:46:24 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129132307482029382", "Thu Jul 14 2011 18:46:25 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129133095459686870", "Thu Jul 14 2011 18:46:24 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129133095459686871", "Thu Jul 14 2011 18:46:24 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129137437659687146", "Thu Jul 14 2011 18:46:24 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129137437659687147", "Thu Jul 14 2011 18:46:24 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129137437659687148", "Thu Jul 14 2011 18:46:24 GMT+0200");
Deleted : user_pref("CT2475029.FeedTTL129132307482029379", 40);
Deleted : user_pref("CT2475029.FeedTTL129132307482029381", 40);
Deleted : user_pref("CT2475029.FeedTTL129132307482029382", 40);
Deleted : user_pref("CT2475029.FeedTTL129133095459686870", 40);
Deleted : user_pref("CT2475029.FeedTTL129133095459686871", 40);
Deleted : user_pref("CT2475029.FeedTTL129137437659687146", 40);
Deleted : user_pref("CT2475029.FeedTTL129137437659687147", 40);
Deleted : user_pref("CT2475029.FeedTTL129137437659687148", 40);
Deleted : user_pref("CT2475029.FirstServerDate", "14-7-2011");
Deleted : user_pref("CT2475029.FirstTime", true);
Deleted : user_pref("CT2475029.FirstTimeFF3", true);
Deleted : user_pref("CT2475029.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2475029.GroupingLastCheckTime", "Thu Jul 14 2011 18:46:24 GMT+0200");
Deleted : user_pref("CT2475029.GroupingLastErrorCode", "");
Deleted : user_pref("CT2475029.GroupingLastResponse", true);
Deleted : user_pref("CT2475029.GroupingLastServerUpdateTime", "129536623130000000");
Deleted : user_pref("CT2475029.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2475029.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2475029.Initialize", true);
Deleted : user_pref("CT2475029.InitializeCommonPrefs", true);
Deleted : user_pref("CT2475029.InstalledDate", "Thu Jul 14 2011 18:46:23 GMT+0200");
Deleted : user_pref("CT2475029.InvalidateCache", false);
Deleted : user_pref("CT2475029.IsGrouping", true);
Deleted : user_pref("CT2475029.IsMulticommunity", true);
Deleted : user_pref("CT2475029.IsOpenThankYouPage", false);
Deleted : user_pref("CT2475029.IsOpenUninstallPage", true);
Deleted : user_pref("CT2475029.LanguagePackLastCheckTime", "Thu Jul 14 2011 18:46:25 GMT+0200");
Deleted : user_pref("CT2475029.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2475029.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2475029.LastLogin_2.5.6.0", "Thu Jul 14 2011 18:46:24 GMT+0200");
Deleted : user_pref("CT2475029.LatestVersion", "3.3.3.2");
Deleted : user_pref("CT2475029.Locale", "en");
Deleted : user_pref("CT2475029.LoginCache", 4);
Deleted : user_pref("CT2475029.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2475029.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2475029.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2475029.RadioIsPodcast", false);
Deleted : user_pref("CT2475029.RadioLastCheckTime", "Thu Jul 14 2011 18:46:25 GMT+0200");
Deleted : user_pref("CT2475029.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT2475029.RadioMediaID", "13098944");
Deleted : user_pref("CT2475029.RadioMediaType", "Media Player");
Deleted : user_pref("CT2475029.RadioMenuSelectedID", "EBRadioMenu_CT247502913098944");
Deleted : user_pref("CT2475029.RadioStationName", "Mellesleg%20-%20Rapp");
Deleted : user_pref("CT2475029.RadioStationURL", "hxxp://195.228.254.168:8060/");
Deleted : user_pref("CT2475029.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2475029.SavedHomepage", "www.google.cz");
Deleted : user_pref("CT2475029.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2475029.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2475029.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT247[...]
Deleted : user_pref("CT2475029.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2475029.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2475029.SearchInNewTabLastCheckTime", "Thu Jul 14 2011 18:46:24 GMT+0200");
Deleted : user_pref("CT2475029.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2475029.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2475029.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2475029.SettingsLastCheckTime", "Thu Jul 14 2011 18:46:20 GMT+0200");
Deleted : user_pref("CT2475029.SettingsLastUpdate", "1309177913");
Deleted : user_pref("CT2475029.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2475029.ThirdPartyComponentsLastCheck", "Thu Jul 14 2011 18:46:20 GMT+0200");
Deleted : user_pref("CT2475029.ThirdPartyComponentsLastUpdate", "1246786978");
Deleted : user_pref("CT2475029.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Deleted : user_pref("CT2475029.UserID", "UN10223785465787058");
Deleted : user_pref("CT2475029.WeatherNetwork", "");
Deleted : user_pref("CT2475029.WeatherPollDate", "Thu Jul 14 2011 18:46:24 GMT+0200");
Deleted : user_pref("CT2475029.WeatherUnit", "C");
Deleted : user_pref("CT2475029.clientLogIsEnabled", true);
Deleted : user_pref("CT2475029.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2475029.ct2475029.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2475029.ct2475029.FeedLastCount129133095456874337", 160);
Deleted : user_pref("CT2475029.ct2475029.GroupingInvalidateCache", false);
Deleted : user_pref("CT2475029.ct2475029.GroupingLastCheckTime", "Thu Jul 14 2011 18:46:25 GMT+0200");
Deleted : user_pref("CT2475029.ct2475029.GroupingLastErrorCode", "");
Deleted : user_pref("CT2475029.ct2475029.GroupingLastResponse", true);
Deleted : user_pref("CT2475029.ct2475029.GroupingLastServerUpdateTime", "129536623130000000");
Deleted : user_pref("CT2475029.ct2475029.InvalidateCache", false);
Deleted : user_pref("CT2475029.ct2475029.LanguagePackLastCheckTime", "Thu Jul 14 2011 18:46:26 GMT+0200");
Deleted : user_pref("CT2475029.ct2475029.Locale", "en");
Deleted : user_pref("CT2475029.ct2475029.RadioLastCheckTime", "Thu Jul 14 2011 18:46:25 GMT+0200");
Deleted : user_pref("CT2475029.ct2475029.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2475029.ct2475029.RadioLastUpdateServer", "129054397178370000");
Deleted : user_pref("CT2475029.ct2475029.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_[...]
Deleted : user_pref("CT2475029.ct2475029.SearchInNewTabLastCheckTime", "Thu Jul 14 2011 18:46:26 GMT+0200");
Deleted : user_pref("CT2475029.ct2475029.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2475029.ct2475029.SettingsLastCheckTime", "Thu Jul 14 2011 18:46:23 GMT+0200");
Deleted : user_pref("CT2475029.ct2475029.SettingsLastUpdate", "1309177913");
Deleted : user_pref("CT2475029.ct2475029.ThirdPartyComponentsLastCheck", "Thu Jul 14 2011 18:46:23 GMT+0200");
Deleted : user_pref("CT2475029.ct2475029.ThirdPartyComponentsLastUpdate", "1246786978");
Deleted : user_pref("CT2475029.myStuffEnabled", true);
Deleted : user_pref("CT2475029.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2475029.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2475029.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2475029.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2475029.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.google.com/search?ie=UTF-8&oe[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,CT2475029");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050,CT2475029");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Jul 14 2010 15:59:32 GMT+0200");
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2475029");
Deleted : user_pref("CommunityToolbar.twitter.user_1344951.LastCheckTime", "Thu Jul 14 2011 18:46:43 GMT+0200"[...]
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultthis.engineName", "MyAshampoo Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&Sea[...]
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.snipit.askTbInstalled", true);
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q=");

*************************

AdwCleaner[R1].txt - [20878 octets] - [25/12/2012 18:52:51]
AdwCleaner[S1].txt - [20265 octets] - [26/12/2012 11:06:22]

########## EOF - C:\AdwCleaner[S1].txt - [20326 octets] ##########

#8 Příspěvek od **Márty84** » 26 pro 2012 12:29

Muzem

Udelejte !!!uplnou!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

Lemur · #9 Příspěvek od **Lemur** » 26 pro 2012 18:38

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.65.1.1000
www.malwarebytes.org

Verze databáze: v2012.12.26.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Michal Posvar :: MICHALPOSVAR [administrátor]

Ochrana: Povolena

26.12.2012 15:50:32
mbam-log-2012-12-26 (18-36-09).txt

Typ: Úplná kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 569998
Uplynulý čas: 2 hodin, 45 minut, 13 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TNod (Trojan.Agent.CK) -> Žádná instrukce nebyla provedena.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 9
C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol - Kopie.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.
C:\Program Files\ESET\TNod User & Password Finder\uninst-tnod.exe (Trojan.Agent.CK) -> Žádná instrukce nebyla provedena.
C:\ProgramData\Microsoft\Media Tools\temp\tmp79FD.exe (RootKit.0Access) -> Žádná instrukce nebyla provedena.
C:\Users\Michal Posvar\AppData\Local\Temp\~nsu.tmp\Au_.exe (Trojan.Agent.CK) -> Žádná instrukce nebyla provedena.
C:\Users\Michal Posvar\AppData\Local\Temp\~nsu.tmp\Bu_.exe (Trojan.Agent.CK) -> Žádná instrukce nebyla provedena.
C:\Users\Michal Posvar\AppData\Local\Temp\~nsu.tmp\Cu_.exe (Trojan.Agent.CK) -> Žádná instrukce nebyla provedena.
C:\Users\Michal Posvar\Desktop\TNod_v1.4.2.1_package\TNod-1.4.2.1-final-setup-\TNod-1.4.2.1-final-setup.exe (Trojan.Agent.CK) -> Žádná instrukce nebyla provedena.
C:\Users\Michal Posvar\vypis slozek\DirToTxt.exe (Backdoor.Bot) -> Žádná instrukce nebyla provedena.
C:\Windows\System32\windows (Rootkit.Agent) -> Žádná instrukce nebyla provedena.

(konec)

#10 Příspěvek od **Márty84** » 26 pro 2012 18:55

(RootKit.0Access) a jeeeje. To neni dobre.

Nalezy nechte odstranit a rad bych videl log, co MBAM po odstraneni a restartu ukaze. Potrebuji vedet, zda se mu to povedlo.

Lemur · #11 Příspěvek od **Lemur** » 26 pro 2012 19:07

Nálezy jsem odstranil a MBAM mi nabídl restart ale po restartu mi žádný log nevyhodil mám provést znovu úplnou kontrolu?

#12 Příspěvek od **Márty84** » 26 pro 2012 19:14

Jen ho spustte a kouknete, jestli jsou ty soubory v karantene. Pripadne udeljte jen rychlou kontrolu.

Lemur · #13 Příspěvek od **Lemur** » 26 pro 2012 19:21

takto vypadá karanténa http://img29.imageshack.us/img29/1790/beznzvu2fz.jpg ted jdu spustit rychlou kontrolu

#14 Příspěvek od **Márty84** » 26 pro 2012 19:47

OK. Kdyz zase neco najde, odstrante to a pokracujte TDSSKillerem. A kdyz nic nenajde, tak taky

vyosek píše: Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe
Kliknete na volbu Change parametrs

V okne Additional Option zakliknete vsechny moznosti

Kliknete na OK

Utilite prikazte, at skenuje - klik na Start Scan

Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip

Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip

Pokud mate vsude Skip, kliknete na Continue

Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

Kolem 20:00 jdu spat, jelikoz ve 2 vstavam do prace. Takze odepisu az zitra odpoledne

Lemur · #15 Příspěvek od **Lemur** » 26 pro 2012 21:17

výsledek rychlé kontroly:

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.65.1.1000
www.malwarebytes.org

Verze databáze: v2012.12.26.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Michal Posvar :: MICHALPOSVAR [administrátor]

Ochrana: Povolena

26.12.2012 20:27:28
mbam-log-2012-12-26 (20-27-28).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 253785
Uplynulý čas: 8 minut, 45 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

mám odstranit z karantény MBAM ty registry těch virů?

VIRY.CZ

Prosím o kontrolu logu - problém s centrem zabezpečení

Prosím o kontrolu logu - problém s centrem zabezpečení

Re: Prosím o kontrolu logu - problém s centrem zabezpečení

Re: Prosím o kontrolu logu - problém s centrem zabezpečení

Re: Prosím o kontrolu logu - problém s centrem zabezpečení

Re: Prosím o kontrolu logu - problém s centrem zabezpečení

Re: Prosím o kontrolu logu - problém s centrem zabezpečení

Re: Prosím o kontrolu logu - problém s centrem zabezpečení

Re: Prosím o kontrolu logu - problém s centrem zabezpečení

Re: Prosím o kontrolu logu - problém s centrem zabezpečení

Re: Prosím o kontrolu logu - problém s centrem zabezpečení

Re: Prosím o kontrolu logu - problém s centrem zabezpečení

Re: Prosím o kontrolu logu - problém s centrem zabezpečení

Re: Prosím o kontrolu logu - problém s centrem zabezpečení

Re: Prosím o kontrolu logu - problém s centrem zabezpečení

Re: Prosím o kontrolu logu - problém s centrem zabezpečení