Dobrý den, mohli byste mi prosím zkontrolovat log

[Duffinek]

Pc se mi zdá poslední dobou nějaký pomalý, ikdyž na jeho léta po něm moc toho chtít nemůžu, tak se touto formou na vás obracím. Předem děkuji.
Logfile of random's system information tool 1.09 (written by random/random)
Run by Owner at 2013-11-14 18:20:36
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 8 GB (11%) free of 76 GB
Total RAM: 1023 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:20:47, on 14.11.2013
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ICQ7M\ICQ.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Owner\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT3072253
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (file missing)
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (file missing)
O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [reset] regedit /s reset.reg
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7M\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Sledovat výstrahy inkoustu - HP Deskjet 3510 series.lnk = ?
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD01B62E-3D04-4B29-9BFF-281F131D9295}: NameServer = 109.224.64.3 109.224.64.5
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7705 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\hkhms5i4.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "keyword.URL" - "http://search.conduit.com/ResultsExt.as ... M=false&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.117 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/McAfeeMssPlugin]
"Description"=McAfee Mss Plugin
"Path"=C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


C:\Documents and Settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\hkhms5i4.default\extensions\
{5911488E-9D1E-40ec-8CBB-06B231CC153F}
{687578b9-7132-4a7a-80e4-30ee31099e03}
{77d2ed30-4cd2-11e0-b8af-0800200c9a66}

C:\Documents and Settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\hkhms5i4.default\searchplugins\
conduit.xml
yahoo-zugo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll [2013-09-06 95648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
uTorrentControl2 Toolbar - C:\Program Files\uTorrentControl2\prxtbuTo0.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}]
StartNow Toolbar Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-11-27 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-11-27 157672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{687578b9-7132-4a7a-80e4-30ee31099e03} - uTorrentControl2 Toolbar - C:\Program Files\uTorrentControl2\prxtbuTo0.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-03 16876032]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-08-06 61440]
"reset"=regedit /s reset.reg []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2012-10-23 5074384]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-06-19 570664]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2011-10-28 49208]
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]
"ICQ"=C:\Program Files\ICQ7M\ICQ.exe [2012-07-30 127040]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]
"Steam"=C:\Program Files\Steam\Steam.exe [2013-08-28 1811880]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Hlavní panel ATI CATALYST.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe

C:\Documents and Settings\Owner\Nabídka Start\Programy\Po spuštění
Sledovat výstrahy inkoustu - HP Deskjet 3510 series.lnk - C:\WINDOWS\system32\RunDll32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-04 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\ICQ7M\ICQ.exe"="C:\Program Files\ICQ7M\ICQ.exe:*:Enabled:ICQ7M"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe"="C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:Instalace zařízení HP (HP Deskjet 3510 series)"
"C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe"="C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:Síťový komunikační program HP (HP Deskjet 3510 series)"
"C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe"="C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe:LocalSubNet:Enabled:Síťový komunikační program HP COM (HP Deskjet 3510 series)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7M\ICQ.exe"="C:\Program Files\ICQ7M\ICQ.exe:*:Enabled:ICQ7M"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FFDS"=ff_vfw.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.XVID"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm

======List of files/folders created in the last 1 month======

2013-11-14 18:20:37 ----D---- C:\Program Files\trend micro
2013-11-14 18:20:35 ----D---- C:\rsit
2013-11-06 15:58:49 ----D---- C:\Program Files\Mozilla Firefox
2013-11-01 18:28:11 ----A---- C:\WINDOWS\system32\drivers\usbprint.sys
2013-11-01 18:14:53 ----D---- C:\Program Files\Hewlett-Packard
2013-11-01 18:14:53 ----D---- C:\Documents and Settings\Owner\Data aplikací\Hewlett-Packard
2013-11-01 18:14:45 ----D---- C:\Program Files\HP Photo Creations
2013-11-01 18:14:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Visan
2013-11-01 18:14:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\HP Photo Creations
2013-11-01 18:14:31 ----D---- C:\Documents and Settings\Owner\Data aplikací\HpUpdate
2013-11-01 18:14:17 ----N---- C:\WINDOWS\system32\HPDiscoPMAD11.dll
2013-11-01 18:14:13 ----A---- C:\WINDOWS\system32\HPWia1_DJ3510.dll
2013-11-01 18:14:13 ----A---- C:\WINDOWS\system32\HPScanTRDrv_DJ3510.dll
2013-11-01 18:14:08 ----A---- C:\WINDOWS\system32\hpinkstsAD11LM.dll
2013-11-01 18:14:08 ----A---- C:\WINDOWS\system32\hpinkstsAD11.dll
2013-11-01 18:14:08 ----A---- C:\WINDOWS\system32\hpinkinsAD11.exe
2013-11-01 18:14:08 ----A---- C:\WINDOWS\system32\hpinkcoiAD11.dll
2013-11-01 18:13:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\HP
2013-11-01 18:13:30 ----D---- C:\Program Files\HP
2013-11-01 18:13:24 ----A---- C:\Documents and Settings\All Users\Data aplikací\Ament.ini

======List of files/folders modified in the last 1 month======

2013-11-14 18:20:37 ----RD---- C:\Program Files
2013-11-14 18:20:26 ----D---- C:\WINDOWS\Temp
2013-11-14 18:18:52 ----D---- C:\WINDOWS\Prefetch
2013-11-14 16:29:09 ----D---- C:\Program Files\Steam
2013-11-14 16:29:05 ----D---- C:\WINDOWS
2013-11-14 12:35:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-11-14 05:32:29 ----D---- C:\Documents and Settings\Owner\Data aplikací\uTorrent
2013-11-13 20:15:05 ----D---- C:\Program Files\McAfee Security Scan
2013-11-13 13:38:22 ----D---- C:\Program Files\uTorrentControl2
2013-11-13 09:16:23 ----D---- C:\WINDOWS\system32\CatRoot2
2013-11-13 01:40:02 ----D---- C:\WINDOWS\system32
2013-11-07 15:38:49 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-11-03 05:38:02 ----D---- C:\WINDOWS\Minidump
2013-11-01 18:28:16 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-11-01 18:28:11 ----D---- C:\WINDOWS\system32\drivers
2013-11-01 18:28:00 ----HD---- C:\WINDOWS\inf
2013-11-01 18:14:43 ----SHD---- C:\WINDOWS\Installer
2013-11-01 18:14:29 ----SD---- C:\WINDOWS\Tasks
2013-11-01 18:14:13 ----DC---- C:\WINDOWS\system32\DRVSTORE
2013-11-01 18:13:38 ----D---- C:\WINDOWS\twain_32
2013-10-28 08:24:43 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-21 20:55:37 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2012-10-08 159832]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2012-10-08 121216]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2012-10-08 62512]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-18 39936]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2012-10-08 149568]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2012-10-08 40376]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-03 4745216]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2012-10-23 1329304]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2012-11-27 161768]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-08-05 516096]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09 257416]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-09-06 235216]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-11-06 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2012-11-19 489256]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

[Roli]

Zdravím, než budeme pokračovat tak se zeptám, ESET Smart Security je legální ?

[Duffinek]

bohužel není, to mi stáhl kámoš, aby mi pročistil kompa

[Roli]

bohužel není, to mi stáhl kámoš, aby mi pročistil kompa

No to vidím, proto se ptám, tak pryč s ním a pak sem dej nový log z Rsit jinak nemůžem pokračovat.

[Duffinek]

Logfile of random's system information tool 1.09 (written by random/random)
Run by Owner at 2013-11-15 22:09:37
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 13 GB (17%) free of 76 GB
Total RAM: 1023 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:09:42, on 15.11.2013
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ICQ7M\ICQ.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Owner\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT3072253
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (file missing)
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (file missing)
O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [reset] regedit /s reset.reg
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7M\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Sledovat výstrahy inkoustu - HP Deskjet 3510 series.lnk = ?
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD01B62E-3D04-4B29-9BFF-281F131D9295}: NameServer = 109.224.64.3 109.224.64.5
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7484 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\hkhms5i4.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "keyword.URL" - "http://search.conduit.com/ResultsExt.as ... M=false&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.117 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/McAfeeMssPlugin]
"Description"=McAfee Mss Plugin
"Path"=C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


C:\Documents and Settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\hkhms5i4.default\extensions\
{5911488E-9D1E-40ec-8CBB-06B231CC153F}
{687578b9-7132-4a7a-80e4-30ee31099e03}
{77d2ed30-4cd2-11e0-b8af-0800200c9a66}

C:\Documents and Settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\hkhms5i4.default\searchplugins\
conduit.xml
yahoo-zugo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll [2013-09-06 95648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
uTorrentControl2 Toolbar - C:\Program Files\uTorrentControl2\prxtbuTo0.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}]
StartNow Toolbar Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-11-27 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-11-27 157672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{687578b9-7132-4a7a-80e4-30ee31099e03} - uTorrentControl2 Toolbar - C:\Program Files\uTorrentControl2\prxtbuTo0.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-03 16876032]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-08-06 61440]
"reset"=regedit /s reset.reg []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-06-19 570664]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2011-10-28 49208]
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]
"ICQ"=C:\Program Files\ICQ7M\ICQ.exe [2012-07-30 127040]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]
"Steam"=C:\Program Files\Steam\Steam.exe [2013-08-28 1811880]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Hlavní panel ATI CATALYST.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe

C:\Documents and Settings\Owner\Nabídka Start\Programy\Po spuštění
Sledovat výstrahy inkoustu - HP Deskjet 3510 series.lnk - C:\WINDOWS\system32\RunDll32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-04 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\ICQ7M\ICQ.exe"="C:\Program Files\ICQ7M\ICQ.exe:*:Enabled:ICQ7M"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe"="C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:Instalace zařízení HP (HP Deskjet 3510 series)"
"C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe"="C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:Síťový komunikační program HP (HP Deskjet 3510 series)"
"C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe"="C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe:LocalSubNet:Enabled:Síťový komunikační program HP COM (HP Deskjet 3510 series)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7M\ICQ.exe"="C:\Program Files\ICQ7M\ICQ.exe:*:Enabled:ICQ7M"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FFDS"=ff_vfw.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.XVID"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm

======List of files/folders created in the last 1 month======

2013-11-14 18:20:37 ----D---- C:\Program Files\trend micro
2013-11-14 18:20:35 ----D---- C:\rsit
2013-11-06 15:58:49 ----D---- C:\Program Files\Mozilla Firefox
2013-11-01 18:28:11 ----A---- C:\WINDOWS\system32\drivers\usbprint.sys
2013-11-01 18:14:53 ----D---- C:\Program Files\Hewlett-Packard
2013-11-01 18:14:53 ----D---- C:\Documents and Settings\Owner\Data aplikací\Hewlett-Packard
2013-11-01 18:14:45 ----D---- C:\Program Files\HP Photo Creations
2013-11-01 18:14:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Visan
2013-11-01 18:14:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\HP Photo Creations
2013-11-01 18:14:31 ----D---- C:\Documents and Settings\Owner\Data aplikací\HpUpdate
2013-11-01 18:14:17 ----N---- C:\WINDOWS\system32\HPDiscoPMAD11.dll
2013-11-01 18:14:13 ----A---- C:\WINDOWS\system32\HPWia1_DJ3510.dll
2013-11-01 18:14:13 ----A---- C:\WINDOWS\system32\HPScanTRDrv_DJ3510.dll
2013-11-01 18:14:08 ----A---- C:\WINDOWS\system32\hpinkstsAD11LM.dll
2013-11-01 18:14:08 ----A---- C:\WINDOWS\system32\hpinkstsAD11.dll
2013-11-01 18:14:08 ----A---- C:\WINDOWS\system32\hpinkinsAD11.exe
2013-11-01 18:14:08 ----A---- C:\WINDOWS\system32\hpinkcoiAD11.dll
2013-11-01 18:13:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\HP
2013-11-01 18:13:30 ----D---- C:\Program Files\HP
2013-11-01 18:13:24 ----A---- C:\Documents and Settings\All Users\Data aplikací\Ament.ini

======List of files/folders modified in the last 1 month======

2013-11-15 22:08:48 ----D---- C:\WINDOWS\Prefetch
2013-11-15 22:08:36 ----D---- C:\Program Files\Steam
2013-11-15 22:08:14 ----D---- C:\WINDOWS\Temp
2013-11-15 22:08:13 ----D---- C:\WINDOWS
2013-11-15 22:06:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-11-15 22:04:27 ----RD---- C:\Program Files
2013-11-15 22:04:24 ----HD---- C:\WINDOWS\inf
2013-11-15 22:04:24 ----D---- C:\WINDOWS\system32\drivers
2013-11-15 22:04:12 ----D---- C:\WINDOWS\system32\CatRoot2
2013-11-15 22:04:00 ----SHD---- C:\WINDOWS\Installer
2013-11-15 21:34:06 ----D---- C:\Documents and Settings\Owner\Data aplikací\uTorrent
2013-11-13 20:15:05 ----D---- C:\Program Files\McAfee Security Scan
2013-11-13 13:38:22 ----D---- C:\Program Files\uTorrentControl2
2013-11-13 01:40:02 ----D---- C:\WINDOWS\system32
2013-11-07 15:38:49 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-11-03 05:38:02 ----D---- C:\WINDOWS\Minidump
2013-11-01 18:28:16 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-11-01 18:14:29 ----SD---- C:\WINDOWS\Tasks
2013-11-01 18:14:13 ----DC---- C:\WINDOWS\system32\DRVSTORE
2013-11-01 18:13:38 ----D---- C:\WINDOWS\twain_32
2013-10-28 08:24:43 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-21 20:55:37 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-18 39936]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-03 4745216]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2012-11-27 161768]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-08-05 516096]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09 257416]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-09-06 235216]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-11-06 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2012-11-19 489256]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

[Roli]

Tohle fixni v HJT :

O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (file missing)
O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - (no file)
O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (file missing)
O4 - HKLM\..\Run: [reset] regedit /s reset.reg
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

HJT najdeš zde :

C:\Program Files\trend micro\Owner.exe

Fix znamená že spustíš HJT jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :

NMIndexingService

dvojklikem se otevře karta kde nejprve službu zastav tlačítkem Zastavit u položky Typ spouštění vyber Zakázáno a klik na OK.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Stáhni a ulož na plochu AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem spusť,

objeví se okno kde vlevo nahoře klikni na Scan.

Po té proběhne sken a po jeho skončení klikni na Report a to co na Tebe vypadne mi sem zkopíruj.


Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:files 
C:\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\tasks\At*.job /s

:commands
[purity]
[emptytemp]
[start explorer]

klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\

[Duffinek]

# AdwCleaner v3.012 - Report created 17/11/2013 at 22:13:32
# Updated 11/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : Owner - JIRKA-DESKTOP
# Running from : C:\Documents and Settings\Owner\Plocha\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\hkhms5i4.default\searchplugins\Conduit.xml
File Found : C:\Documents and Settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\hkhms5i4.default\searchplugins\yahoo-zugo.xml
Folder Found : C:\Documents and Settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\hkhms5i4.default\Extensions\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Folder Found : C:\Documents and Settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\hkhms5i4.default\Extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
Folder Found C:\Documents and Settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\hkhms5i4.default\CT3072253
Folder Found C:\Documents and Settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\hkhms5i4.default\Smartbar
Folder Found C:\Documents and Settings\Owner\Data aplikací\PriceGong
Folder Found C:\Documents and Settings\Owner\Local Settings\Data aplikací\Conduit
Folder Found C:\Documents and Settings\Owner\Local Settings\Data aplikací\uTorrentControl2
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\StartNow Toolbar
Folder Found C:\Program Files\uTorrentControl2

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Found : HKCU\Software\PriceGong
Key Found : HKCU\Software\smartbar
Key Found : HKCU\Software\StartNow Toolbar
Key Found : HKCU\Software\uTorrentControl2
Key Found : HKCU\Software\Zugo
Key Found : HKCU\Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Found : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}
Key Found : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Found : HKLM\SOFTWARE\Classes\ZGClnt.Mngr
Key Found : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A8D90F3-6F7B-4A8B-8431-A2C6CA340035}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB691B3-CD69-47D7-B0AC-1CFF14329544}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StartNow Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentControl2 Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Found : HKLM\Software\StartNow Toolbar
Key Found : HKLM\Software\uTorrentControl2
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [WeatherBlink Browser Plugin Loader]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [WeatherBlink Search Scope Monitor]

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.2180

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://home.tb.ask.com/index.jhtml?n=77FD35DB&p2=^XN^xdm246^YYA^cz&ptb=0B593ACE-E765-4066-B241-362A1DC1973E&si=CH_WEAT_INTL_CZE_35

-\\ Mozilla Firefox v25.0.1 (cs)

[ File : C:\Documents and Settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\hkhms5i4.default\prefs.js ]

Line Found : user_pref("CT3072253.129805375651312503.APP_WIN_FEATURES", "resizable=0,hscroll=0,vscroll=0,titlebar=1,closebutton=1,saveresizedsize=0,openposition=alignment:(B;L),savelocation=0,closeonexternalclick=[...]
Line Found : user_pref("CT3072253.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3072253.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3072253.Facebook_Mode", "2");
Line Found : user_pref("CT3072253.Facebook_User_Locale", "en");
Line Found : user_pref("CT3072253.FirstTime", "true");
Line Found : user_pref("CT3072253.FirstTimeFF3", "true");
Line Found : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=");
Line Found : user_pref("CT3072253.UserID", "UN34596026944678464");
Line Found : user_pref("CT3072253.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT3072253.autoDisableScopes", -1);
Line Found : user_pref("CT3072253.browser.search.defaultthis.engineName", true);
Line Found : user_pref("CT3072253.cbcountry_001", "CZ");
Line Found : user_pref("CT3072253.cbfirsttime", "Fri Jul 27 2012 06:00:52 GMT+0200");
Line Found : user_pref("CT3072253.countryCode", "CZ");
Line Found : user_pref("CT3072253.enableAlerts", "always");
Line Found : user_pref("CT3072253.enableFix404ByUser", "FALSE");
Line Found : user_pref("CT3072253.enableSearchFromAddressBar", "true");
Line Found : user_pref("CT3072253.firstTimeDialogOpened", "true");
Line Found : user_pref("CT3072253.fixPageNotFoundError", "true");
Line Found : user_pref("CT3072253.fixPageNotFoundErrorByUser", "true");
Line Found : user_pref("CT3072253.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT3072253.fixUrls", true);
Line Found : user_pref("CT3072253.fullUserID", "UN34596026944678464.UP.20130709151705");
Line Found : user_pref("CT3072253.installId", "fftDE.tmp.exe");
Line Found : user_pref("CT3072253.installType", "XPE");
Line Found : user_pref("CT3072253.isCheckedStartAsHidden", true);
Line Found : user_pref("CT3072253.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3072253.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT3072253.isNewTabEnabled", true);
Line Found : user_pref("CT3072253.isPerformedSmartBarTransition", "true");
Line Found : user_pref("CT3072253.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3072253.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3072253.keyword", true);
Line Found : user_pref("CT3072253.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3072253&octid=CT3072253&SearchSource=15&CUI=UN34596026944678464&SSPV=&Lay=1&UM=false\"}[...]
Line Found : user_pref("CT3072253.lastVersion", "10.20.0.513");
Line Found : user_pref("CT3072253.migrateAppsAndComponents", true);
Line Found : user_pref("CT3072253.missingMachineIdSent", "true");
Line Found : user_pref("CT3072253.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fforum.viry.cz%2Fviewtopic.php%3Ff%3D30%26t%3D134056\",\"EB_MAIN_FRAME_TITLE\":\"VIRY.CZ%20%E[...]
Line Found : user_pref("CT3072253.openThankYouPage", "true");
Line Found : user_pref("CT3072253.openUninstallPage", "FALSE");
Line Found : user_pref("CT3072253.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&CUI=UN34596026944678464&UM=&q=");
Line Found : user_pref("CT3072253.originalSearchEngine", "uTorrentControl2 Customized Web Search");
Line Found : user_pref("CT3072253.originalSearchEngineName", "uTorrentControl2 Customized Web Search");
Line Found : user_pref("CT3072253.search.searchAppId", "129571859753931591");
Line Found : user_pref("CT3072253.search.searchCount", "2");
Line Found : user_pref("CT3072253.searchInNewTabEnabledByUser", "true");
Line Found : user_pref("CT3072253.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT3072253.searchSuggestEnabledByUser", "true");
Line Found : user_pref("CT3072253.searchUserMode", "false");
Line Found : user_pref("CT3072253.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3072253.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3072253.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Found : user_pref("CT3072253.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3072253\"}");
Line Found : user_pref("CT3072253.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentControl2.OurToolbar.com//xpi\"}");
Line Found : user_pref("CT3072253.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentControl2 \"}");
Line Found : user_pref("CT3072253.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3072253.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Found : user_pref("CT3072253.serviceLayer_services_Configuration_lastUpdate", "1384708604264");
Line Found : user_pref("CT3072253.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1343361651338");
Line Found : user_pref("CT3072253.serviceLayer_services_appTracking_lastUpdate", "1343361652115");
Line Found : user_pref("CT3072253.serviceLayer_services_appsMetadata_lastUpdate", "1344098761575");
Line Found : user_pref("CT3072253.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1343361651460");
Line Found : user_pref("CT3072253.serviceLayer_services_location_lastUpdate", "1373297360115");
Line Found : user_pref("CT3072253.serviceLayer_services_login_10.10.20.14_lastUpdate", "1346088581881");
Line Found : user_pref("CT3072253.serviceLayer_services_login_10.10.27.6_lastUpdate", "1353318662123");
Line Found : user_pref("CT3072253.serviceLayer_services_login_10.14.370.524_lastUpdate", "1364228027116");
Line Found : user_pref("CT3072253.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363206971286");
Line Found : user_pref("CT3072253.serviceLayer_services_login_10.15.0.562_lastUpdate", "1369253059721");
Line Found : user_pref("CT3072253.serviceLayer_services_login_10.15.2.523_lastUpdate", "1373341639687");
Line Found : user_pref("CT3072253.serviceLayer_services_login_10.16.2.509_lastUpdate", "1372263321466");
Line Found : user_pref("CT3072253.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374948145732");
Line Found : user_pref("CT3072253.serviceLayer_services_login_10.16.70.505_lastUpdate", "1377939213336");
Line Found : user_pref("CT3072253.serviceLayer_services_login_10.16.9.506_lastUpdate", "1379141029813");
Line Found : user_pref("CT3072253.serviceLayer_services_login_10.20.0.513_lastUpdate", "1384718844460");
Line Found : user_pref("CT3072253.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1343361651379");
Line Found : user_pref("CT3072253.serviceLayer_services_searchAPI_lastUpdate", "1384708604249");
Line Found : user_pref("CT3072253.serviceLayer_services_serviceMap_lastUpdate", "1384708604129");
Line Found : user_pref("CT3072253.serviceLayer_services_toolbarContextMenu_lastUpdate", "1343361651427");
Line Found : user_pref("CT3072253.serviceLayer_services_toolbarSettings_lastUpdate", "1384719439233");
Line Found : user_pref("CT3072253.serviceLayer_services_translation_lastUpdate", "1384708604850");
Line Found : user_pref("CT3072253.settingsINI", true);
Line Found : user_pref("CT3072253.shouldFirstTimeDialog", "false");
Line Found : user_pref("CT3072253.showToolbarPermission", "false");
Line Found : user_pref("CT3072253.smartbar.CTID", "CT3072253");
Line Found : user_pref("CT3072253.smartbar.Uninstall", "0");
Line Found : user_pref("CT3072253.smartbar.homepage", true);
Line Found : user_pref("CT3072253.smartbar.isHidden", true);
Line Found : user_pref("CT3072253.smartbar.toolbarName", "uTorrentControl2 ");
Line Found : user_pref("CT3072253.startPage", "userChanged");
Line Found : user_pref("CT3072253.toolbarBornServerTime", "27-7-2012");
Line Found : user_pref("CT3072253.toolbarCurrentServerTime", "17-11-2013");
Line Found : user_pref("CT3072253.toolbarLoginClientTime", "Thu Mar 14 2013 07:05:34 GMT+0100");
Line Found : user_pref("CT3072253.upgradeFromClearSBVersion", true);
Line Found : user_pref("CT3072253.url_history0001", "hxxp://www.facebook.com/patrik.hric:::clickhan ... www.facebo[...]
Line Found : user_pref("CT3072253_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1384722536163,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("Smartbar.ConduitHomepagesList", "");
Line Found : user_pref("Smartbar.ConduitSearchEngineList", "uTorrentControl2 Customized Web Search");
Line Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=3&ctid=CT3072253&CUI=UN34596026944678464");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://klit.startnow.com/s/?src=addrbar&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id[...]
Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3072253");
Line Found : user_pref("browser.search.defaultenginename", "uTorrentControl2 Customized Web Search");
Line Found : user_pref("browser.search.selectedEngine", "uTorrentControl2 Customized Web Search");
Line Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "weatherblink@mindspark.com");
Line Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&CUI=UN34596026944678464&UM=false&q=");
Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3072253");
Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&CUI=UN34596026944678464&UM=UM_ID&q=,hxxp://search.conduit.com/ResultsExt.aspx[...]
Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3072253");
Line Found : user_pref("smartbar.machineId", "J9LJRVG0J6THGMCHTBF/IWXXFX8");
Line Found : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=");
Line Found : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.install_folder", "C:\\Program Files\\StartNow Toolbar");

*************************

AdwCleaner[R0].txt - [16688 octets] - [17/11/2013 22:13:32]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [16749 octets] ##########

[Duffinek]

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\*.tmp not found.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\System32\SET21DC.tmp moved successfully.
C:\WINDOWS\System32\SET21E8.tmp moved successfully.
File/Folder C:\WINDOWS\*.tmp not found.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33401965 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: Owner
->Temp folder emptied: 1811633 bytes
->Temporary Internet Files folder emptied: 1343555 bytes
->FireFox cache emptied: 489419365 bytes
->Flash cache emptied: 664 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7192 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 502,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 11172013_221729

Files moved on Reboot...

Registry entries deleted on Reboot...

[Roli]

Znovu spusť AdwCleaner ale tentokrát klikni na Clean,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té mi sem zase zkopíruj Report.


Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!

tímto po sobě uklidí.


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.

[Duffinek]

# AdwCleaner v3.012 - Report created 18/11/2013 at 16:54:54
# Updated 11/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : Owner - JIRKA-DESKTOP
# Running from : C:\Documents and Settings\Owner\Plocha\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\StartNow Toolbar
Folder Deleted : C:\Program Files\uTorrentControl2
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Data aplikací\Conduit
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Data aplikací\uTorrentControl2
Folder Deleted : C:\Documents and Settings\Owner\Data aplikací\PriceGong
Folder Deleted : C:\Documents and Settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\hkhms5i4.default\Smartbar
Folder Deleted : C:\Documents and Settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\hkhms5i4.default\CT3072253
Folder Deleted : C:\Documents and Settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\hkhms5i4.default\Extensions\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Folder Deleted : C:\Documents and Settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\hkhms5i4.default\Extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
File Deleted : C:\Documents and Settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\hkhms5i4.default\searchplugins\Conduit.xml
File Deleted : C:\Documents and Settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\hkhms5i4.default\searchplugins\yahoo-zugo.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr
Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [WeatherBlink Search Scope Monitor]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [WeatherBlink Browser Plugin Loader]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A8D90F3-6F7B-4A8B-8431-A2C6CA340035}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB691B3-CD69-47D7-B0AC-1CFF14329544}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\StartNow Toolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\uTorrentControl2
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\StartNow Toolbar
Key Deleted : HKLM\Software\uTorrentControl2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StartNow Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentControl2 Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.2180

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v25.0.1 (cs)

[ File : C:\Documents and Settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\hkhms5i4.default\prefs.js ]

Line Deleted : user_pref("CT3072253.129805375651312503.APP_WIN_FEATURES", "resizable=0,hscroll=0,vscroll=0,titlebar=1,closebutton=1,saveresizedsize=0,openposition=alignment:(B;L),savelocation=0,closeonexternalclick=[...]
Line Deleted : user_pref("CT3072253.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3072253.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3072253.Facebook_Mode", "2");
Line Deleted : user_pref("CT3072253.Facebook_User_Locale", "en");
Line Deleted : user_pref("CT3072253.FirstTime", "true");
Line Deleted : user_pref("CT3072253.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=");
Line Deleted : user_pref("CT3072253.UserID", "UN34596026944678464");
Line Deleted : user_pref("CT3072253.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3072253.autoDisableScopes", -1);
Line Deleted : user_pref("CT3072253.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT3072253.cbcountry_001", "CZ");
Line Deleted : user_pref("CT3072253.cbfirsttime", "Fri Jul 27 2012 06:00:52 GMT+0200");
Line Deleted : user_pref("CT3072253.countryCode", "CZ");
Line Deleted : user_pref("CT3072253.enableAlerts", "always");
Line Deleted : user_pref("CT3072253.enableFix404ByUser", "FALSE");
Line Deleted : user_pref("CT3072253.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3072253.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3072253.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3072253.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3072253.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3072253.fixUrls", true);
Line Deleted : user_pref("CT3072253.fullUserID", "UN34596026944678464.UP.20130709151705");
Line Deleted : user_pref("CT3072253.installId", "fftDE.tmp.exe");
Line Deleted : user_pref("CT3072253.installType", "XPE");
Line Deleted : user_pref("CT3072253.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3072253.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3072253.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3072253.isNewTabEnabled", true);
Line Deleted : user_pref("CT3072253.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT3072253.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3072253.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3072253.keyword", true);
Line Deleted : user_pref("CT3072253.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3072253&octid=CT3072253&SearchSource=15&CUI=UN34596026944678464&SSPV=&Lay=1&UM=false\"}[...]
Line Deleted : user_pref("CT3072253.lastVersion", "10.20.0.513");
Line Deleted : user_pref("CT3072253.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3072253.missingMachineIdSent", "true");
Line Deleted : user_pref("CT3072253.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://uTorrentControl2.OurToolbar.com/\",\"E[...]
Line Deleted : user_pref("CT3072253.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3072253.openThankYouPage", "true");
Line Deleted : user_pref("CT3072253.openUninstallPage", "FALSE");
Line Deleted : user_pref("CT3072253.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&CUI=UN34596026944678464&UM=&q=");
Line Deleted : user_pref("CT3072253.originalSearchEngine", "uTorrentControl2 Customized Web Search");
Line Deleted : user_pref("CT3072253.originalSearchEngineName", "uTorrentControl2 Customized Web Search");
Line Deleted : user_pref("CT3072253.search.searchAppId", "129571859753931591");
Line Deleted : user_pref("CT3072253.search.searchCount", "2");
Line Deleted : user_pref("CT3072253.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3072253.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3072253.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3072253.searchUserMode", "false");
Line Deleted : user_pref("CT3072253.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3072253.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3072253.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3072253.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3072253\"}");
Line Deleted : user_pref("CT3072253.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentControl2.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3072253.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentControl2 \"}");
Line Deleted : user_pref("CT3072253.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3072253.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3072253.serviceLayer_services_Configuration_lastUpdate", "1384708604264");
Line Deleted : user_pref("CT3072253.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1343361651338");
Line Deleted : user_pref("CT3072253.serviceLayer_services_appTracking_lastUpdate", "1343361652115");
Line Deleted : user_pref("CT3072253.serviceLayer_services_appsMetadata_lastUpdate", "1344098761575");
Line Deleted : user_pref("CT3072253.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1343361651460");
Line Deleted : user_pref("CT3072253.serviceLayer_services_location_lastUpdate", "1373297360115");
Line Deleted : user_pref("CT3072253.serviceLayer_services_login_10.10.20.14_lastUpdate", "1346088581881");
Line Deleted : user_pref("CT3072253.serviceLayer_services_login_10.10.27.6_lastUpdate", "1353318662123");
Line Deleted : user_pref("CT3072253.serviceLayer_services_login_10.14.370.524_lastUpdate", "1364228027116");
Line Deleted : user_pref("CT3072253.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363206971286");
Line Deleted : user_pref("CT3072253.serviceLayer_services_login_10.15.0.562_lastUpdate", "1369253059721");
Line Deleted : user_pref("CT3072253.serviceLayer_services_login_10.15.2.523_lastUpdate", "1373341639687");
Line Deleted : user_pref("CT3072253.serviceLayer_services_login_10.16.2.509_lastUpdate", "1372263321466");
Line Deleted : user_pref("CT3072253.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374948145732");
Line Deleted : user_pref("CT3072253.serviceLayer_services_login_10.16.70.505_lastUpdate", "1377939213336");
Line Deleted : user_pref("CT3072253.serviceLayer_services_login_10.16.9.506_lastUpdate", "1379141029813");
Line Deleted : user_pref("CT3072253.serviceLayer_services_login_10.20.0.513_lastUpdate", "1384775018874");
Line Deleted : user_pref("CT3072253.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1343361651379");
Line Deleted : user_pref("CT3072253.serviceLayer_services_searchAPI_lastUpdate", "1384708604249");
Line Deleted : user_pref("CT3072253.serviceLayer_services_serviceMap_lastUpdate", "1384708604129");
Line Deleted : user_pref("CT3072253.serviceLayer_services_toolbarContextMenu_lastUpdate", "1343361651427");
Line Deleted : user_pref("CT3072253.serviceLayer_services_toolbarSettings_lastUpdate", "1384788405939");
Line Deleted : user_pref("CT3072253.serviceLayer_services_translation_lastUpdate", "1384708604850");
Line Deleted : user_pref("CT3072253.settingsINI", true);
Line Deleted : user_pref("CT3072253.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3072253.showToolbarPermission", "false");
Line Deleted : user_pref("CT3072253.smartbar.CTID", "CT3072253");
Line Deleted : user_pref("CT3072253.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3072253.smartbar.homepage", true);
Line Deleted : user_pref("CT3072253.smartbar.isHidden", true);
Line Deleted : user_pref("CT3072253.smartbar.toolbarName", "uTorrentControl2 ");
Line Deleted : user_pref("CT3072253.startPage", "userChanged");
Line Deleted : user_pref("CT3072253.toolbarBornServerTime", "27-7-2012");
Line Deleted : user_pref("CT3072253.toolbarCurrentServerTime", "18-11-2013");
Line Deleted : user_pref("CT3072253.toolbarLoginClientTime", "Thu Mar 14 2013 07:05:34 GMT+0100");
Line Deleted : user_pref("CT3072253.upgradeFromClearSBVersion", true);
Line Deleted : user_pref("CT3072253.url_history0001", "hxxp://www.facebook.com/patrik.hric:::clickhan ... www.facebo[...]
Line Deleted : user_pref("CT3072253_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1384788403953,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "uTorrentControl2 Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=3&ctid=CT3072253&CUI=UN34596026944678464");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://klit.startnow.com/s/?src=addrbar&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id[...]
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3072253");
Line Deleted : user_pref("browser.search.defaultenginename", "uTorrentControl2 Customized Web Search");
Line Deleted : user_pref("browser.search.selectedEngine", "uTorrentControl2 Customized Web Search");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "weatherblink@mindspark.com");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&CUI=UN34596026944678464&UM=false&q=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3072253");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&CUI=UN34596026944678464&UM=UM_ID&q=,hxxp://search.conduit.com/ResultsExt.aspx[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3072253");
Line Deleted : user_pref("smartbar.machineId", "J9LJRVG0J6THGMCHTBF/IWXXFX8");
Line Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=");
Line Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.install_folder", "C:\\Program Files\\StartNow Toolbar");

*************************

AdwCleaner[R0].txt - [16830 octets] - [17/11/2013 22:13:32]
AdwCleaner[R1].txt - [16989 octets] - [18/11/2013 16:54:04]
AdwCleaner[S0].txt - [17143 octets] - [18/11/2013 16:54:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17204 octets] ##########




ComboFix 13-11-16.01 - Owner 18.11.2013 17:05:38.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1023.381 [GMT 1:00]
Spuštěný z: c:\documents and settings\Owner\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\WeatherBlink
c:\program files\WeatherBlink\bar\1.bin\AppIntegrator64.exe
c:\program files\WeatherBlink\bar\1.bin\AppIntegratorStub64.dll
c:\program files\WeatherBlink\bar\1.bin\BOOTSTRAP.JS
c:\program files\WeatherBlink\bar\1.bin\CREXT.DLL
c:\program files\WeatherBlink\bar\1.bin\CrExtPgc.exe
c:\program files\WeatherBlink\bar\1.bin\DPNMNGR.DLL
c:\program files\WeatherBlink\bar\1.bin\EXEMANAGER.DLL
c:\program files\WeatherBlink\bar\1.bin\gcauxstb.dll
c:\program files\WeatherBlink\bar\1.bin\gcbar.dll
c:\program files\WeatherBlink\bar\1.bin\gcbarsvc.exe
c:\program files\WeatherBlink\bar\1.bin\gcbprtct.dll
c:\program files\WeatherBlink\bar\1.bin\gcbrmon.exe
c:\program files\WeatherBlink\bar\1.bin\gcbrstub.dll
c:\program files\WeatherBlink\bar\1.bin\gcdatact.dll
c:\program files\WeatherBlink\bar\1.bin\gcdlghk.dll
c:\program files\WeatherBlink\bar\1.bin\gcdyn.dll
c:\program files\WeatherBlink\bar\1.bin\gcfeedmg.dll
c:\program files\WeatherBlink\bar\1.bin\gcidle.dll
c:\program files\WeatherBlink\bar\1.bin\gcieovr.dll
c:\program files\WeatherBlink\bar\1.bin\gcimpipe.exe
c:\program files\WeatherBlink\bar\1.bin\gcmedint.exe
c:\program files\WeatherBlink\bar\1.bin\gcmlbtn.dll
c:\program files\WeatherBlink\bar\1.bin\gcmsg.dll
c:\program files\WeatherBlink\bar\1.bin\gcPlugin.dll
c:\program files\WeatherBlink\bar\1.bin\gcradio.dll
c:\program files\WeatherBlink\bar\1.bin\gcregfft.dll
c:\program files\WeatherBlink\bar\1.bin\gcreghk.dll
c:\program files\WeatherBlink\bar\1.bin\gcregiet.dll
c:\program files\WeatherBlink\bar\1.bin\gcscript.dll
c:\program files\WeatherBlink\bar\1.bin\gcskin.dll
c:\program files\WeatherBlink\bar\1.bin\gcsknlcr.dll
c:\program files\WeatherBlink\bar\1.bin\gcskplay.exe
c:\program files\WeatherBlink\bar\1.bin\gcSrcAs.dll
c:\program files\WeatherBlink\bar\1.bin\gcSrchMn.exe
c:\program files\WeatherBlink\bar\1.bin\gctpinst.dll
c:\program files\WeatherBlink\bar\1.bin\gcuabtn.dll
c:\program files\WeatherBlink\bar\1.bin\gchighin.exe
c:\program files\WeatherBlink\bar\1.bin\gchkstub.dll
c:\program files\WeatherBlink\bar\1.bin\gchtmlmu.dll
c:\program files\WeatherBlink\bar\1.bin\gchttpct.dll
c:\program files\WeatherBlink\bar\1.bin\Hpg64.dll
c:\program files\WeatherBlink\bar\1.bin\CHROME.MANIFEST
c:\program files\WeatherBlink\bar\1.bin\chrome\gcffxtbr.jar
c:\program files\WeatherBlink\bar\1.bin\INSTALL.RDF
c:\program files\WeatherBlink\bar\1.bin\installKeys.js
c:\program files\WeatherBlink\bar\1.bin\LOGO.BMP
c:\program files\WeatherBlink\bar\1.bin\NPgcStub.dll
c:\program files\WeatherBlink\bar\1.bin\T8EXTEX.DLL
c:\program files\WeatherBlink\bar\1.bin\T8EXTPEX.DLL
c:\program files\WeatherBlink\bar\1.bin\T8HTML.DLL
c:\program files\WeatherBlink\bar\1.bin\T8RES.DLL
c:\program files\WeatherBlink\bar\1.bin\T8TICKER.DLL
c:\program files\WeatherBlink\bar\1.bin\VERIFY.DLL
c:\program files\WeatherBlink\bar\gen1\COMMON.T8S
c:\program files\WeatherBlink\bar\IE9Mesg\COMMON.T8S
c:\program files\WeatherBlink\bar\Message\COMMON.T8S
c:\program files\WeatherBlink\bar\Settings\s_pid.dat
c:\windows\system32\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WEATHERBLINKSERVICE
-------\Service_WeatherBlinkService
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-18 do 2013-11-18 )))))))))))))))))))))))))))))))
.
.
2013-11-17 21:12 . 2013-11-18 15:55 -------- d-----w- C:\AdwCleaner
2013-11-17 21:06 . 2013-11-17 21:06 -------- d-----w- c:\program files\CCleaner
2013-11-14 17:20 . 2013-11-17 21:00 -------- d-----w- c:\program files\trend micro
2013-11-01 17:28 . 2004-08-03 22:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2013-11-01 17:28 . 2004-08-03 22:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2013-11-01 17:13 . 2013-11-01 17:13 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HP
2013-11-01 17:13 . 2013-11-01 17:14 -------- d-----w- c:\program files\HP
2013-11-01 17:11 . 2013-11-01 17:28 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\HP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 17:22 . 2012-07-26 17:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7M\ICQ.exe" [2012-07-30 127040]
"Steam"="c:\program files\Steam\Steam.exe" [2013-08-28 1811880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-03 16876032]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-05 61440]
.
c:\documents and settings\Owner\Nabídka Start\Programy\Po spuštění\
Sledovat výstrahy inkoustu - HP Deskjet 3510 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 3510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN33A1NM6W05TY;CONNECTION=USB;MONITOR=1; [2004-8-18 33280]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Hlavní panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe SystemTray [2005-8-6 61440]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 273296]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\ICQ7M\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\Steam.exe"=
.
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [6.9.2013 18:29 235216]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2013-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 17:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ7M\ICQ.exe
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\hkhms5i4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-WeatherBlink - c:\progra~1\WEATHE~2\bar\1.bin\gcbar.dll
HKLM-Run-WeatherBlink Search Scope Monitor - c:\progra~1\WEATHE~2\bar\1.bin\gcsrchmn.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-18 17:10
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(468)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDll32.exe
c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2013-11-18 17:12:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-11-18 16:12
.
Před spuštěním: 7 356 342 272
Po spuštění: 7 242 694 656
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 3F9B62CC583E85B87CB5E4D8F9E09CEC
413FC2A0C716421B3158746D63736515

[Roli]

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Doinstaluj Service Pack 3


Pak dej vědět jaký je stav PC.

[Duffinek]

Hotovo, kromě Service Pack 3 - co to je?
Jinak se mi pc zdá lepší.

[Roli]

Hotovo, kromě Service Pack 3 - co to je?

TOHLE Ty si vyber ten pro Windows XP, stáhni, nainstaluj a pak dej zase vědět jaký je stav PC.

[Duffinek]

Hotovo, zatím vše v poho

[Roli]

V tom případě je to z mé strany vše.