Prosim o kontrolu logu - podozrenie na vir

Zpráva

kirkland · #1 Příspěvek od **kirkland** » 01 kvě 2013 01:26

Dobý večer, prosím o kontrolu logu, mam podozrenie ze mam vir v PC. Dakujem

Logfile of random's system information tool 1.09 (written by random/random)
Run by Tomáš at 2013-05-01 02:25:03
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 66 GB (43%) free of 153 GB
Total RAM: 3583 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:25:09, on 1. 5. 2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\INTELLINET\Common\RaRegistry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\MSI\LAN Utility\DiagAP8169.exe
C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
C:\Program Files\INTELLINET\Common\INTELLINET_UI.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tomáš\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Tomáš.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT3225826
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: BitTorrentControl_v12 Toolbar - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files\BitTorrentControl_v12\prxtbBitT.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitTorrentControl_v12 - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files\BitTorrentControl_v12\prxtbBitT.dll
O3 - Toolbar: BitTorrentControl_v12 Toolbar - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files\BitTorrentControl_v12\prxtbBitT.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [DiagAP8169] C:\Program Files\MSI\LAN Utility\DiagAP8169 /hw
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: INTELLINET Wireless Utility.lnk = C:\Program Files\INTELLINET\Common\INTELLINET_UI.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\INTELLINET\Common\RaRegistry.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 6950 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-764733703-839522115-1003Core.job
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-764733703-839522115-1003UA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-764733703-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-764733703-839522115-1003UA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\8tu0ij53.default

prefs.js - "browser.startup.homepage" - "http://search.conduit.com/?ctid=CT32258 ... hSource=13"
prefs.js - "extensions.enabledItems" - "{AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {675eba94-03cf-5dda-6b53-ce37c7e7437c}:4.6.7.7, {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}:10.10.27.6, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28"
prefs.js - "keyword.URL" - "http://search.conduit.com/ResultsExt.as ... ource=2&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.6.602.180 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

C:\Program Files\Mozilla Firefox\extensions\
{675eba94-03cf-5dda-6b53-ce37c7e7437c}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
npnul32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\8tu0ij53.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}

C:\Documents and Settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\8tu0ij53.default\searchplugins\
conduit.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}]
BitTorrentControl_v12 Toolbar - C:\Program Files\BitTorrentControl_v12\prxtbBitT.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - BitTorrentControl_v12 Toolbar - C:\Program Files\BitTorrentControl_v12\prxtbBitT.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-21 16126464]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-09-25 90112]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"DiagAP8169"=C:\Program Files\MSI\LAN Utility\DiagAP8169 /hw []
"M-Audio Taskbar Icon"=C:\WINDOWS\system32\M-AudioTaskBarIcon.exe [2010-12-07 644104]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2013-03-21 5078504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2009-11-15 33120]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-05-19 1957888]
"Google Update"=C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2012-09-15 116648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe [2006-12-19 1093632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe [2012-09-14 138096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2012-09-15 116648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2011-04-26 593920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2012-12-09 336992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tomáš^Nabídka Start^Programy^Po spuštění^Facebook Messenger.lnk]
C:\DOCUME~1\TOM~1\LOCALS~1\DATAAP~1\Facebook\MESSEN~1\214651~1.0\FACEBO~1.EXE []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
INTELLINET Wireless Utility.lnk - C:\Program Files\INTELLINET\Common\INTELLINET_UI.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-12-16 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\BitTorrent\BitTorrent.exe"="C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"vidc.asv2"=asusasv2.dll
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux2"=wdmaud.drv
"wave7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux1"=wdmaud.drv
"wave9"=wdmaud.drv
"mixer9"=wdmaud.drv
"Midi"=wdmaud.drv
"midi2"=wdmaud.drv
"midi3"=wdmaud.drv
"midi1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-05-01 02:25:04 ----D---- C:\Program Files\trend micro
2013-05-01 02:25:03 ----D---- C:\rsit
2013-04-30 18:06:43 ----D---- C:\WINDOWS\LastGood
2013-04-30 18:05:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2013-04-28 01:55:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2817183$
2013-04-28 01:55:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2807986$
2013-04-28 01:55:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2808735$
2013-04-28 01:55:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2820917$
2013-04-28 01:53:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2813345$
2013-04-28 01:52:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2813170$
2013-04-14 04:02:25 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{5E4CAE11-3142-4132-BACC-8515F1910998}
2013-04-14 04:00:10 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{C78336EC-F2EB-4640-99A4-DFE96581B90B}

======List of files/folders modified in the last 1 month======

2013-05-01 02:25:04 ----D---- C:\Program Files
2013-05-01 02:24:52 ----D---- C:\WINDOWS\Prefetch
2013-05-01 02:16:01 ----D---- C:\Program Files\Winamp
2013-05-01 02:16:01 ----D---- C:\Documents and Settings\Tomáš\Data aplikací\BitTorrent
2013-05-01 02:15:58 ----D---- C:\WINDOWS\Minidump
2013-05-01 02:15:58 ----D---- C:\WINDOWS\Debug
2013-05-01 02:15:58 ----D---- C:\WINDOWS
2013-05-01 02:15:09 ----D---- C:\WINDOWS\temp
2013-04-30 18:07:22 ----SHD---- C:\WINDOWS\Installer
2013-04-30 18:07:20 ----D---- C:\Config.Msi
2013-04-30 18:06:57 ----HD---- C:\WINDOWS\inf
2013-04-30 18:06:57 ----D---- C:\WINDOWS\system32\drivers
2013-04-30 18:06:42 ----D---- C:\WINDOWS\system32\CatRoot2
2013-04-30 18:05:57 ----D---- C:\Program Files\Eset
2013-04-28 14:05:43 ----N---- C:\WINDOWS\SchedLgU.Txt
2013-04-28 11:12:58 ----D---- C:\WINDOWS\system32
2013-04-28 01:55:45 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-04-28 01:55:27 ----HD---- C:\WINDOWS\$hf_mig$
2013-04-27 15:43:52 ----D---- C:\Program Files\M-Audio
2013-04-14 18:44:44 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-04-14 18:44:41 ----A---- C:\WINDOWS\system32\FlashPlayerInstaller.exe
2013-04-14 18:19:59 ----D---- C:\Documents and Settings\Tomáš\Data aplikací\Skype
2013-04-14 18:12:44 ----D---- C:\Documents and Settings\Tomáš\Data aplikací\skypePM
2013-04-14 04:00:36 ----D---- C:\Program Files\Native Instruments
2013-04-12 20:19:34 ----A---- C:\WINDOWS\system32\ssprs.dll
2013-04-12 20:19:34 ----A---- C:\WINDOWS\system32\lsprst7.dll
2013-04-12 20:11:36 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2011-10-28 691696]
R1 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2013-01-10 161368]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2013-01-10 122240]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2013-02-14 62512]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2012-12-09 113168]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2013-01-10 150080]
R2 LANPkt;Realtek LANPkt Protocol; C:\WINDOWS\system32\DRIVERS\LANPkt.sys [2003-09-17 8440]
R2 Scutum50;Scutum50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\Scutum50.sys [2009-10-06 19072]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-12-16 1918464]
R3 Diag69xp;Diag69xp; C:\WINDOWS\System32\Drivers\Diag69xp.sys [2003-09-02 11266]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2013-01-10 40376]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 rt2870;INTELLINET 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2009-09-15 779136]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [2006-09-29 10752]
S1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2006-10-31 11008]
S3 catchme;catchme; \??\C:\DOCUME~1\TOM~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 epmntdrv;epmntdrv; \??\C:\WINDOWS\system32\epmntdrv.sys []
S3 EuGdiDrv;EuGdiDrv; \??\C:\WINDOWS\system32\EuGdiDrv.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
S3 HTCAND32;HTC Device Driver; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
S3 htcnprot;HTC NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\htcnprot.sys [2010-06-22 21248]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-04 4258496]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows; C:\WINDOWS\System32\Drivers\KORGUMDS.SYS [2008-03-09 21720]
S3 LoopBeMidi1;nerds.de LoopBe1 - Internal Midi Port SvcDesc(WDM); C:\WINDOWS\system32\drivers\loopbe1.sys [2011-04-09 10752]
S3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM); C:\WINDOWS\system32\DRIVERS\mausb.sys []
S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro; C:\WINDOWS\system32\DRIVERS\MAudioFastTrackPro.sys [2010-12-07 158600]
S3 MAUSBFTP;Service for M-Audio Fast Track Pro (WDM); C:\WINDOWS\system32\DRIVERS\mausb.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 QV2KUX;Casio Digital Camera; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328]
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-02-06 90880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2013-02-12 12928]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-01-19 503144]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-12-16 434176]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2013-03-21 1341664]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NIHardwareService;NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 3857408]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
R2 RalinkRegistryWriter;Ralink Registry Writer; C:\Program Files\INTELLINET\Common\RaRegistry.exe [2009-12-17 185632]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2006-09-29 258560]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-14 253656]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **Márty84** » 01 kvě 2013 07:17

Zdravim

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Spustte ho.
Kliknete na Prohledat a program zacne pracovat.
Az skonci, vyplivne na vas log (pokud ne, najdete ho zde C:\AdwCleaner[R?].txt ), ten mi sem zkopirujte.

Udelejte !!!kompletni!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

kirkland · #3 Příspěvek od **kirkland** » 01 kvě 2013 10:23

Dobry den,

tu je log z adw cl:

# AdwCleaner v2.300 - Log vytvooen 01/05/2013 v 11:21:39
# Aktualizováno 28/04/2013 Xplode
# Operaení systém : Microsoft Windows XP Service Pack 3 (32 bits)
# Uživatel : Tomáš - TOM-64944E656E2
# Spuštin systém : Normální
# Spuštino z : C:\Documents and Settings\Tomáš\Plocha\adwcleaner.exe
# Volba [Prohledat]

***** [Služby] *****

***** [Soubory / Složky] *****

Složka Nalezeno : C:\DOCUME~1\TOM~1\LOCALS~1\Temp\CT3225826
Složka Nalezeno : C:\Documents and Settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\8tu0ij53.default\CT3225826
Složka Nalezeno : C:\Documents and Settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\8tu0ij53.default\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}
Složka Nalezeno : C:\Documents and Settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\8tu0ij53.default\Smartbar
Složka Nalezeno : C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\BitTorrentControl_v12
Složka Nalezeno : C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Conduit
Složka Nalezeno : C:\Program Files\BitTorrentControl_v12
Složka Nalezeno : C:\Program Files\Conduit
Soubor Nalezeno : C:\Documents and Settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\8tu0ij53.default\searchplugins\Conduit.xml
Soubor Nalezeno : C:\Program Files\Mozilla Firefox\.autoreg

***** [Registry] *****

Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
Hodnota Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\Conduit
Klíe Nalezeno : HKCU\Software\BitTorrentControl_v12
Klíe Nalezeno : HKCU\Software\Conduit
Klíe Nalezeno : HKCU\Software\ConduitSearchScopes
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Klíe Nalezeno : HKCU\Software\SmartBar
Klíe Nalezeno : HKCU\Software\Softonic
Klíe Nalezeno : HKCU\Toolbar
Klíe Nalezeno : HKLM\Software\BitTorrentControl_v12
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{4B69AB9E-64FC-40A5-B51E-275841AF64AA}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{E20AC1DB-792A-41CC-BC36-70C2EFE618C2}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Toolbar.CT3225826
Klíe Nalezeno : HKLM\Software\Conduit
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A7721265-11C9-414F-A328-898234CA1C1A}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E8BBACC9-1308-4560-B470-2BCA92D59A68}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E20AC1DB-792A-41CC-BC36-70C2EFE618C2}
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentControl_v12 Toolbar
Klíe Nalezeno : HKU\S-1-5-21-2000478354-764733703-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v6.0.2900.5512

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3225826

-\\ Mozilla Firefox v3.6.28 (sk)

Soubor : C:\Documents and Settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\8tu0ij53.default\prefs.js

Nalezeno : user_pref("CT3225826.BT_Stats", "{\"last_log\":1348322551,\"uuid\":605423521148943,\"seq_id\":1,\"ss[...]
Nalezeno : user_pref("CT3225826.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Nalezeno : user_pref("CT3225826.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Nalezeno : user_pref("CT3225826.FirstTime", "true");
Nalezeno : user_pref("CT3225826.FirstTimeFF3", "true");
Nalezeno : user_pref("CT3225826.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT322[...]
Nalezeno : user_pref("CT3225826.UserID", "UN95731263883541285");
Nalezeno : user_pref("CT3225826.addressBarTakeOverEnabledInHidden", "true");
Nalezeno : user_pref("CT3225826.autoDisableScopes", -1);
Nalezeno : user_pref("CT3225826.browser.search.defaultthis.engineName", true);
Nalezeno : user_pref("CT3225826.cbcountry_001", "SK");
Nalezeno : user_pref("CT3225826.cbfirsttime", "Sat Sep 22 2012 16:02:29 GMT+0200");
Nalezeno : user_pref("CT3225826.embeddedsData", "[{\"appId\":\"129830626805552092\",\"apiPermissions\":{\"cross[...]
Nalezeno : user_pref("CT3225826.enableAlerts", "always");
Nalezeno : user_pref("CT3225826.enableSearchFromAddressBar", "true");
Nalezeno : user_pref("CT3225826.firstTimeDialogOpened", "true");
Nalezeno : user_pref("CT3225826.fixPageNotFoundError", "true");
Nalezeno : user_pref("CT3225826.fixPageNotFoundErrorInHidden", "true");
Nalezeno : user_pref("CT3225826.fixUrls", true);
Nalezeno : user_pref("CT3225826.installId", "fft209.tmp.exe");
Nalezeno : user_pref("CT3225826.installType", "XPE");
Nalezeno : user_pref("CT3225826.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Nalezeno : user_pref("CT3225826.isNewTabEnabled", true);
Nalezeno : user_pref("CT3225826.isPerformedSmartBarTransition", "true");
Nalezeno : user_pref("CT3225826.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Nalezeno : user_pref("CT3225826.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Nalezeno : user_pref("CT3225826.keyword", true);
Nalezeno : user_pref("CT3225826.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps[...]
Nalezeno : user_pref("CT3225826.openThankYouPage", "true");
Nalezeno : user_pref("CT3225826.openUninstallPage", "FALSE");
Nalezeno : user_pref("CT3225826.search.searchAppId", "129830626805552092");
Nalezeno : user_pref("CT3225826.search.searchCount", "0");
Nalezeno : user_pref("CT3225826.searchInNewTabEnabledInHidden", "true");
Nalezeno : user_pref("CT3225826.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Nalezeno : user_pref("CT3225826.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Nalezeno : user_pref("CT3225826.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]
Nalezeno : user_pref("CT3225826.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Nalezeno : user_pref("CT3225826.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Nalezeno : user_pref("CT3225826.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Nalezeno : user_pref("CT3225826.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Nalezeno : user_pref("CT3225826.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1348322547392");
Nalezeno : user_pref("CT3225826.serviceLayer_services_appsMetadata_lastUpdate", "1348322547286");
Nalezeno : user_pref("CT3225826.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1348322549211");
Nalezeno : user_pref("CT3225826.serviceLayer_services_login_10.10.27.6_lastUpdate", "1348322549593");
Nalezeno : user_pref("CT3225826.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1348322549283");
Nalezeno : user_pref("CT3225826.serviceLayer_services_searchAPI_lastUpdate", "1348322546848");
Nalezeno : user_pref("CT3225826.serviceLayer_services_serviceMap_lastUpdate", "1348322546547");
Nalezeno : user_pref("CT3225826.serviceLayer_services_toolbarContextMenu_lastUpdate", "1348322548192");
Nalezeno : user_pref("CT3225826.serviceLayer_services_toolbarSettings_lastUpdate", "1348322546751");
Nalezeno : user_pref("CT3225826.serviceLayer_services_translation_lastUpdate", "1348322547314");
Nalezeno : user_pref("CT3225826.settingsINI", true);
Nalezeno : user_pref("CT3225826.shouldFirstTimeDialog", "false");
Nalezeno : user_pref("CT3225826.smartbar.CTID", "CT3225826");
Nalezeno : user_pref("CT3225826.smartbar.Uninstall", "0");
Nalezeno : user_pref("CT3225826.smartbar.homepage", true);
Nalezeno : user_pref("CT3225826.smartbar.toolbarName", "BitTorrentControl_v12 ");
Nalezeno : user_pref("CT3225826.startPage", "TRUE");
Nalezeno : user_pref("CT3225826.toolbarBornServerTime", "22-9-2012");
Nalezeno : user_pref("CT3225826.toolbarCurrentServerTime", "22-9-2012");
Nalezeno : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=1[...]
Nalezeno : user_pref("Smartbar.ConduitSearchEngineList", "BitTorrentControl_v12 Customized Web Search");
Nalezeno : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3225826[...]
Nalezeno : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties[...]
Nalezeno : user_pref("Smartbar.keywordURLSelectedCTID", "CT3225826");
Nalezeno : user_pref("browser.search.selectedEngine", "BitTorrentControl_v12 Customized Web Search");
Nalezeno : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=13");
Nalezeno : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3225826&SearchSource=2&q=[...]

-\\ Google Chrome v26.0.1410.64

Soubor : C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences

Nalezeno [l.1986] : homepage = "hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=48",
Nalezeno [l.2326] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=48" ]

-\\ Opera v10.50.3296.0

Soubor : C:\Documents and Settings\Tomáš\Data aplikací\Opera\Opera\operaprefs.ini

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [10231 octets] - [01/05/2013 11:21:39]

########## EOF - C:\AdwCleaner[R1].txt - [10292 octets] ##########

#4 Příspěvek od **Márty84** » 01 kvě 2013 10:30

Fajn, jeste pockam na MBAM a podle vysledku zvolim dalsi postup

kirkland · #5 Příspěvek od **kirkland** » 01 kvě 2013 11:46

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2013.05.01.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Tomáš :: TOM-64944E656E2 [administrátor]

1. 5. 2013 11:38:21
MBAM-log-2013-05-01 (12-44-15).txt

Typ: Kompletní kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 445410
Uplynulý čas: 1 hodin, 4 minut, 15 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 7
C:\Documents and Settings\Tomáš\Plocha\Tomi-zaloha\Preberanie\wirelesskeyview.zip (PUP.WirelessKeyView) -> Nebyla provedena žádná instrukce.
D:\Library\Ivory\DYNAMiCS_Ivory_1.5_KeyGen.exe (Trojan.Downloader) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Tomáš\Data aplikací\logs.dat (Bifrose.Trace) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Tomáš\Local Settings\temp\IELOGIN.abc (Malware.Trace) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Tomáš\Local Settings\temp\IEPASS.abc (Malware.Trace) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Tomáš\Local Settings\temp\UuU.uUu (Malware.Trace) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Tomáš\Local Settings\temp\XxX.xXx (Malware.Trace) -> Nebyla provedena žádná instrukce.

(konec)

#6 Příspěvek od **Márty84** » 01 kvě 2013 12:00

Nalezy MBAM nechte odstranit. Pokud to probehne bez potizi, MBAM pak odinstalujte.

Znovu ukoncete vsechny programy a spustte AdwCleaner.
Tentokrat kliknete na Smazat
Program zacne pracovat (muze dojit k restartu pc) a vyplivne dalsi log (pripadne bude zde C:\AdwCleaner [S1].txt ). Ten mi sem zase zkopirujte.

kirkland · #7 Příspěvek od **kirkland** » 01 kvě 2013 12:17

# AdwCleaner v2.300 - Log vytvooen 01/05/2013 v 13:14:32
# Aktualizováno 28/04/2013 Xplode
# Operaení systém : Microsoft Windows XP Service Pack 3 (32 bits)
# Uživatel : Tomáš - TOM-64944E656E2
# Spuštin systém : Normální
# Spuštino z : C:\Documents and Settings\Tomáš\Plocha\adwcleaner.exe
# Volba [Vymazat]

***** [Služby] *****

***** [Soubory / Složky] *****

Složka Vymazáno : C:\DOCUME~1\TOM~1\LOCALS~1\Temp\CT3225826
Složka Vymazáno : C:\Documents and Settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\8tu0ij53.default\CT3225826
Složka Vymazáno : C:\Documents and Settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\8tu0ij53.default\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}
Složka Vymazáno : C:\Documents and Settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\8tu0ij53.default\Smartbar
Složka Vymazáno : C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\BitTorrentControl_v12
Složka Vymazáno : C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Conduit
Složka Vymazáno : C:\Program Files\BitTorrentControl_v12
Složka Vymazáno : C:\Program Files\Conduit
Soubor Vymazáno : C:\Documents and Settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\8tu0ij53.default\searchplugins\Conduit.xml
Soubor Vymazáno : C:\Program Files\Mozilla Firefox\.autoreg

***** [Registry] *****

Hodnota Vymazáno : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
Hodnota Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
Klíe Vymazáno : HKCU\Software\AppDataLow\Software\Conduit
Klíe Vymazáno : HKCU\Software\BitTorrentControl_v12
Klíe Vymazáno : HKCU\Software\Conduit
Klíe Vymazáno : HKCU\Software\ConduitSearchScopes
Klíe Vymazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Klíe Vymazáno : HKCU\Software\SmartBar
Klíe Vymazáno : HKCU\Software\Softonic
Klíe Vymazáno : HKCU\Toolbar
Klíe Vymazáno : HKLM\Software\BitTorrentControl_v12
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{4B69AB9E-64FC-40A5-B51E-275841AF64AA}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{E20AC1DB-792A-41CC-BC36-70C2EFE618C2}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Toolbar.CT3225826
Klíe Vymazáno : HKLM\Software\Conduit
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A7721265-11C9-414F-A328-898234CA1C1A}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E8BBACC9-1308-4560-B470-2BCA92D59A68}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E20AC1DB-792A-41CC-BC36-70C2EFE618C2}
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentControl_v12 Toolbar

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v6.0.2900.5512

Zaminino : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3225826 --> hxxp://www.google.com

-\\ Mozilla Firefox v3.6.28 (sk)

Soubor : C:\Documents and Settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\8tu0ij53.default\prefs.js

Vymazáno : user_pref("CT3225826.BT_Stats", "{\"last_log\":1348322551,\"uuid\":605423521148943,\"seq_id\":1,\"ss[...]
Vymazáno : user_pref("CT3225826.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Vymazáno : user_pref("CT3225826.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Vymazáno : user_pref("CT3225826.FirstTime", "true");
Vymazáno : user_pref("CT3225826.FirstTimeFF3", "true");
Vymazáno : user_pref("CT3225826.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT322[...]
Vymazáno : user_pref("CT3225826.UserID", "UN95731263883541285");
Vymazáno : user_pref("CT3225826.addressBarTakeOverEnabledInHidden", "true");
Vymazáno : user_pref("CT3225826.autoDisableScopes", -1);
Vymazáno : user_pref("CT3225826.browser.search.defaultthis.engineName", true);
Vymazáno : user_pref("CT3225826.cbcountry_001", "SK");
Vymazáno : user_pref("CT3225826.cbfirsttime", "Sat Sep 22 2012 16:02:29 GMT+0200");
Vymazáno : user_pref("CT3225826.embeddedsData", "[{\"appId\":\"129830626805552092\",\"apiPermissions\":{\"cross[...]
Vymazáno : user_pref("CT3225826.enableAlerts", "always");
Vymazáno : user_pref("CT3225826.enableSearchFromAddressBar", "true");
Vymazáno : user_pref("CT3225826.firstTimeDialogOpened", "true");
Vymazáno : user_pref("CT3225826.fixPageNotFoundError", "true");
Vymazáno : user_pref("CT3225826.fixPageNotFoundErrorInHidden", "true");
Vymazáno : user_pref("CT3225826.fixUrls", true);
Vymazáno : user_pref("CT3225826.installId", "fft209.tmp.exe");
Vymazáno : user_pref("CT3225826.installType", "XPE");
Vymazáno : user_pref("CT3225826.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Vymazáno : user_pref("CT3225826.isNewTabEnabled", true);
Vymazáno : user_pref("CT3225826.isPerformedSmartBarTransition", "true");
Vymazáno : user_pref("CT3225826.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Vymazáno : user_pref("CT3225826.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Vymazáno : user_pref("CT3225826.keyword", true);
Vymazáno : user_pref("CT3225826.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps[...]
Vymazáno : user_pref("CT3225826.openThankYouPage", "true");
Vymazáno : user_pref("CT3225826.openUninstallPage", "FALSE");
Vymazáno : user_pref("CT3225826.search.searchAppId", "129830626805552092");
Vymazáno : user_pref("CT3225826.search.searchCount", "0");
Vymazáno : user_pref("CT3225826.searchInNewTabEnabledInHidden", "true");
Vymazáno : user_pref("CT3225826.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Vymazáno : user_pref("CT3225826.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Vymazáno : user_pref("CT3225826.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]
Vymazáno : user_pref("CT3225826.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Vymazáno : user_pref("CT3225826.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Vymazáno : user_pref("CT3225826.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Vymazáno : user_pref("CT3225826.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Vymazáno : user_pref("CT3225826.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1348322547392");
Vymazáno : user_pref("CT3225826.serviceLayer_services_appsMetadata_lastUpdate", "1348322547286");
Vymazáno : user_pref("CT3225826.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1348322549211");
Vymazáno : user_pref("CT3225826.serviceLayer_services_login_10.10.27.6_lastUpdate", "1348322549593");
Vymazáno : user_pref("CT3225826.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1348322549283");
Vymazáno : user_pref("CT3225826.serviceLayer_services_searchAPI_lastUpdate", "1348322546848");
Vymazáno : user_pref("CT3225826.serviceLayer_services_serviceMap_lastUpdate", "1348322546547");
Vymazáno : user_pref("CT3225826.serviceLayer_services_toolbarContextMenu_lastUpdate", "1348322548192");
Vymazáno : user_pref("CT3225826.serviceLayer_services_toolbarSettings_lastUpdate", "1348322546751");
Vymazáno : user_pref("CT3225826.serviceLayer_services_translation_lastUpdate", "1348322547314");
Vymazáno : user_pref("CT3225826.settingsINI", true);
Vymazáno : user_pref("CT3225826.shouldFirstTimeDialog", "false");
Vymazáno : user_pref("CT3225826.smartbar.CTID", "CT3225826");
Vymazáno : user_pref("CT3225826.smartbar.Uninstall", "0");
Vymazáno : user_pref("CT3225826.smartbar.homepage", true);
Vymazáno : user_pref("CT3225826.smartbar.toolbarName", "BitTorrentControl_v12 ");
Vymazáno : user_pref("CT3225826.startPage", "TRUE");
Vymazáno : user_pref("CT3225826.toolbarBornServerTime", "22-9-2012");
Vymazáno : user_pref("CT3225826.toolbarCurrentServerTime", "22-9-2012");
Vymazáno : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=1[...]
Vymazáno : user_pref("Smartbar.ConduitSearchEngineList", "BitTorrentControl_v12 Customized Web Search");
Vymazáno : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3225826[...]
Vymazáno : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties[...]
Vymazáno : user_pref("Smartbar.keywordURLSelectedCTID", "CT3225826");
Vymazáno : user_pref("browser.search.selectedEngine", "BitTorrentControl_v12 Customized Web Search");
Vymazáno : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=13");
Vymazáno : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3225826&SearchSource=2&q=[...]

-\\ Google Chrome v26.0.1410.64

Soubor : C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences

Vymazáno [l.1986] : homepage = "hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=48",
Vymazáno [l.2329] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=48" ]

-\\ Opera v10.50.3296.0

Soubor : C:\Documents and Settings\Tomáš\Data aplikací\Opera\Opera\operaprefs.ini

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [10362 octets] - [01/05/2013 11:21:39]
AdwCleaner[S1].txt - [10172 octets] - [01/05/2013 13:14:32]

########## EOF - C:\AdwCleaner[S1].txt - [10233 octets] ##########

#8 Příspěvek od **Márty84** » 01 kvě 2013 14:24

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu a spustte.
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte

kirkland · #9 Příspěvek od **kirkland** » 01 kvě 2013 16:12

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Tomáš [Práva správce]
Mód : Kontrola -- Datum : 05/01/2013 17:11:54
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 2 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600AAJS-08PSA0 +++++
--- User ---
[MBR] ca85ba12d675fc923dd0f7049cfa1ac6
[BSP] 69f21f7860c988325bfda751bba60473 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD3200AAKX-001CA0 +++++
--- User ---
[MBR] 1c0ed00a95d66cf5383698b9426cc7bf
[BSP] 6864b89280eb12240879b2c69698d6ee : Windows XP MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1]_S_05012013_02d1711.txt >>
RKreport[1]_S_05012013_02d1711.txt

#10 Příspěvek od **Márty84** » 01 kvě 2013 18:06

Znovu spustte RogueKiller (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.

kirkland · #11 Příspěvek od **kirkland** » 01 kvě 2013 18:51

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Tomáš [Práva správce]
Mód : Odebrat -- Datum : 05/01/2013 19:50:39
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 2 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600AAJS-08PSA0 +++++
--- User ---
[MBR] ca85ba12d675fc923dd0f7049cfa1ac6
[BSP] 69f21f7860c988325bfda751bba60473 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD3200AAKX-001CA0 +++++
--- User ---
[MBR] 1c0ed00a95d66cf5383698b9426cc7bf
[BSP] 6864b89280eb12240879b2c69698d6ee : Windows XP MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[2]_D_05012013_02d1950.txt >>
RKreport[1]_S_05012013_02d1711.txt ; RKreport[2]_D_05012013_02d1950.txt

#12 Příspěvek od **Márty84** » 02 kvě 2013 02:35

Kde je druhy log z RK?

kirkland píše:...mam podozrenie ze mam vir v PC...

Jak se to projevuje?

Dejte novy log z RSIT

kirkland · #13 Příspěvek od **kirkland** » 02 kvě 2013 14:07

Prepacte nevsimol som si ze aj ten druhy log treba Tu je:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Tomáš [Práva správce]
Mód : Odebrat -- Datum : 05/02/2013 15:05:35
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600AAJS-08PSA0 +++++
--- User ---
[MBR] ca85ba12d675fc923dd0f7049cfa1ac6
[BSP] 69f21f7860c988325bfda751bba60473 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD3200AAKX-001CA0 +++++
--- User ---
[MBR] 1c0ed00a95d66cf5383698b9426cc7bf
[BSP] 6864b89280eb12240879b2c69698d6ee : Windows XP MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[4]_D_05022013_02d1505.txt >>
RKreport[1]_S_05012013_02d1711.txt ; RKreport[2]_D_05012013_02d1950.txt ; RKreport[3]_H_05022013_02d1504.txt ; RKreport[4]_D_05022013_02d1505.txt

kirkland · #14 Příspěvek od **kirkland** » 02 kvě 2013 14:09

Prejavuje sa to tak ze ked som dal scanovat ESETom disky tak mi nasiel vela roznych infiltraci, tak som tusil ze nieco neni v poriadku..

kirkland · #15 Příspěvek od **kirkland** » 02 kvě 2013 14:10

Logfile of random's system information tool 1.09 (written by random/random)
Run by Tomáš at 2013-05-02 15:10:05
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 65 GB (43%) free of 153 GB
Total RAM: 3583 MB (82% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:10:08, on 2. 5. 2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\INTELLINET\Common\RaRegistry.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\MSI\LAN Utility\DiagAP8169.exe
C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\INTELLINET\Common\INTELLINET_UI.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tomáš\Plocha\RSIT.exe
C:\Program Files\trend micro\Tomáš.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [DiagAP8169] C:\Program Files\MSI\LAN Utility\DiagAP8169 /hw
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: INTELLINET Wireless Utility.lnk = C:\Program Files\INTELLINET\Common\INTELLINET_UI.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\INTELLINET\Common\RaRegistry.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 6266 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-764733703-839522115-1003Core.job
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-764733703-839522115-1003UA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-764733703-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-764733703-839522115-1003UA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\8tu0ij53.default

prefs.js - "extensions.enabledItems" - "{AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {675eba94-03cf-5dda-6b53-ce37c7e7437c}:4.6.7.7, {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}:10.10.27.6, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.6.602.180 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

C:\Program Files\Mozilla Firefox\extensions\
{675eba94-03cf-5dda-6b53-ce37c7e7437c}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
npnul32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\8tu0ij53.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-21 16126464]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-09-25 90112]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"DiagAP8169"=C:\Program Files\MSI\LAN Utility\DiagAP8169 /hw []
"M-Audio Taskbar Icon"=C:\WINDOWS\system32\M-AudioTaskBarIcon.exe [2010-12-07 644104]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2013-03-21 5078504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2009-11-15 33120]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-05-19 1957888]
"Google Update"=C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2012-09-15 116648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe [2006-12-19 1093632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe [2012-09-14 138096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2012-09-15 116648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2011-04-26 593920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2012-12-09 336992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tomáš^Nabídka Start^Programy^Po spuštění^Facebook Messenger.lnk]
C:\DOCUME~1\TOM~1\LOCALS~1\DATAAP~1\Facebook\MESSEN~1\214651~1.0\FACEBO~1.EXE []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
INTELLINET Wireless Utility.lnk - C:\Program Files\INTELLINET\Common\INTELLINET_UI.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-12-16 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\BitTorrent\BitTorrent.exe"="C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"vidc.asv2"=asusasv2.dll
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux2"=wdmaud.drv
"wave7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux1"=wdmaud.drv
"wave9"=wdmaud.drv
"mixer9"=wdmaud.drv
"Midi"=wdmaud.drv
"midi2"=wdmaud.drv
"midi3"=wdmaud.drv
"midi1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-05-01 13:14:32 ----A---- C:\AdwCleaner[S1].txt
2013-05-01 11:21:39 ----A---- C:\AdwCleaner[R1].txt
2013-05-01 02:25:04 ----D---- C:\Program Files\trend micro
2013-05-01 02:25:03 ----D---- C:\rsit
2013-04-30 18:05:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2013-04-28 01:55:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2817183$
2013-04-28 01:55:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2807986$
2013-04-28 01:55:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2808735$
2013-04-28 01:55:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2820917$
2013-04-28 01:53:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2813345$
2013-04-28 01:52:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2813170$
2013-04-14 04:02:25 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{5E4CAE11-3142-4132-BACC-8515F1910998}
2013-04-14 04:00:10 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{C78336EC-F2EB-4640-99A4-DFE96581B90B}

======List of files/folders modified in the last 1 month======

2013-05-02 15:09:50 ----D---- C:\WINDOWS\system32\drivers
2013-05-02 15:04:03 ----D---- C:\WINDOWS\temp
2013-05-01 20:34:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-05-01 17:11:09 ----D---- C:\WINDOWS\Prefetch
2013-05-01 13:16:16 ----D---- C:\Program Files
2013-05-01 13:14:39 ----D---- C:\Program Files\Mozilla Firefox
2013-05-01 13:12:11 ----D---- C:\WINDOWS
2013-05-01 13:11:57 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2013-05-01 02:16:01 ----D---- C:\Program Files\Winamp
2013-05-01 02:16:01 ----D---- C:\Documents and Settings\Tomáš\Data aplikací\BitTorrent
2013-05-01 02:15:58 ----D---- C:\WINDOWS\Minidump
2013-05-01 02:15:58 ----D---- C:\WINDOWS\Debug
2013-04-30 18:07:22 ----SHD---- C:\WINDOWS\Installer
2013-04-30 18:07:20 ----D---- C:\Config.Msi
2013-04-30 18:06:57 ----HD---- C:\WINDOWS\inf
2013-04-30 18:06:42 ----D---- C:\WINDOWS\system32\CatRoot2
2013-04-30 18:05:57 ----D---- C:\Program Files\Eset
2013-04-28 11:12:58 ----D---- C:\WINDOWS\system32
2013-04-28 01:55:45 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-04-28 01:55:27 ----HD---- C:\WINDOWS\$hf_mig$
2013-04-27 15:43:52 ----D---- C:\Program Files\M-Audio
2013-04-14 18:44:44 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-04-14 18:44:41 ----A---- C:\WINDOWS\system32\FlashPlayerInstaller.exe
2013-04-14 18:19:59 ----D---- C:\Documents and Settings\Tomáš\Data aplikací\Skype
2013-04-14 18:12:44 ----D---- C:\Documents and Settings\Tomáš\Data aplikací\skypePM
2013-04-14 04:00:36 ----D---- C:\Program Files\Native Instruments
2013-04-12 20:19:34 ----A---- C:\WINDOWS\system32\ssprs.dll
2013-04-12 20:19:34 ----A---- C:\WINDOWS\system32\lsprst7.dll
2013-04-12 20:11:36 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2011-10-28 691696]
R1 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2013-01-10 161368]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2013-01-10 122240]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2013-02-14 62512]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2012-12-09 113168]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2013-01-10 150080]
R2 LANPkt;Realtek LANPkt Protocol; C:\WINDOWS\system32\DRIVERS\LANPkt.sys [2003-09-17 8440]
R2 Scutum50;Scutum50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\Scutum50.sys [2009-10-06 19072]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-12-16 1918464]
R3 Diag69xp;Diag69xp; C:\WINDOWS\System32\Drivers\Diag69xp.sys [2003-09-02 11266]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2013-01-10 40376]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 rt2870;INTELLINET 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2009-09-15 779136]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [2006-09-29 10752]
S1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2006-10-31 11008]
S3 catchme;catchme; \??\C:\DOCUME~1\TOM~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 epmntdrv;epmntdrv; \??\C:\WINDOWS\system32\epmntdrv.sys []
S3 EuGdiDrv;EuGdiDrv; \??\C:\WINDOWS\system32\EuGdiDrv.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
S3 HTCAND32;HTC Device Driver; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
S3 htcnprot;HTC NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\htcnprot.sys [2010-06-22 21248]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-04 4258496]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows; C:\WINDOWS\System32\Drivers\KORGUMDS.SYS [2008-03-09 21720]
S3 LoopBeMidi1;nerds.de LoopBe1 - Internal Midi Port SvcDesc(WDM); C:\WINDOWS\system32\drivers\loopbe1.sys [2011-04-09 10752]
S3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM); C:\WINDOWS\system32\DRIVERS\mausb.sys []
S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro; C:\WINDOWS\system32\DRIVERS\MAudioFastTrackPro.sys [2010-12-07 158600]
S3 MAUSBFTP;Service for M-Audio Fast Track Pro (WDM); C:\WINDOWS\system32\DRIVERS\mausb.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 QV2KUX;Casio Digital Camera; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328]
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-02-06 90880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2013-02-12 12928]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-01-19 503144]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-12-16 434176]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2013-03-21 1341664]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NIHardwareService;NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 3857408]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
R2 RalinkRegistryWriter;Ralink Registry Writer; C:\Program Files\INTELLINET\Common\RaRegistry.exe [2009-12-17 185632]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2006-09-29 258560]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-14 253656]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

VIRY.CZ

Prosim o kontrolu logu - podozrenie na vir

Prosim o kontrolu logu - podozrenie na vir

Re: Prosim o kontrolu logu - podozrenie na vir

Re: Prosim o kontrolu logu - podozrenie na vir

Re: Prosim o kontrolu logu - podozrenie na vir

Re: Prosim o kontrolu logu - podozrenie na vir

Re: Prosim o kontrolu logu - podozrenie na vir

Re: Prosim o kontrolu logu - podozrenie na vir

Re: Prosim o kontrolu logu - podozrenie na vir

Re: Prosim o kontrolu logu - podozrenie na vir

Re: Prosim o kontrolu logu - podozrenie na vir

Re: Prosim o kontrolu logu - podozrenie na vir

Re: Prosim o kontrolu logu - podozrenie na vir

Re: Prosim o kontrolu logu - podozrenie na vir

Re: Prosim o kontrolu logu - podozrenie na vir

Re: Prosim o kontrolu logu - podozrenie na vir