Policejni vir

Zpráva

jaroslav.24 · #1 Příspěvek od **jaroslav.24** » 24 pro 2013 08:37

Dobrý den
Měl jsem to štěstí, že jsem viděl obrazovku s policejním virem.
Nevím zda v mém pc něco neprovedl, nebo ještě neprovádí.
Avast mlčí, tak opravdu nevím.
Mohl by někdo prosím kouknout preventivně, co se stalo? Doufám že nic.
Děkuji

Logfile of random's system information tool 1.06 (written by random/random)
Run by Kryton at 2013-12-24 08:31:13
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 43 GB (75%) free of 57 GB
Total RAM: 446 MB (35% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cefdb3bc249d14.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"=SiSPower.dll,ModeAgent []
"SiS Windows KeyHook"=C:\WINDOWS\system32\keyhook.exe [2005-03-04 32768]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2013-08-19 77824]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2013-08-20 88363]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2013-08-20 98394]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-20 688218]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2010-03-25 2516296]
"CanonSolutionMenuEx"=C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [2010-04-02 1185112]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2005-11-08 128920]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2013-12-22 3764024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"ConduitFloatingPlugin_oopdmcnionefjjnmchkiimificckpkif"=C:\DOCUME~1\Kryton\LOCALS~1\Temp\CT3318151\plugins\TBVerifier.dll [1617-11-28 297248]

C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-17 239616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Kryton\Plocha\DOTA\Warcraft III\Warcraft III.exe"="C:\Documents and Settings\Kryton\Plocha\DOTA\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\ICQ7.7\ICQ.exe"="C:\Program Files\ICQ7.7\ICQ.exe:*:Enabled:ICQ7.7"
"C:\Program Files\Black Isle\Lionheart\Lionheart.exe"="C:\Program Files\Black Isle\Lionheart\Lionheart.exe:*:Enabled:Lionheart"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.7\ICQ.exe"="C:\Program Files\ICQ7.7\ICQ.exe:*:Enabled:ICQ7.7"

======List of files/folders created in the last 1 months======

2013-12-24 08:31:16 ----D---- C:\Program Files\trend micro
2013-12-24 08:31:13 ----D---- C:\rsit
2013-12-22 06:55:17 ----D---- C:\Documents and Settings\Kryton\Data aplikací\AVAST Software
2013-12-22 06:54:15 ----A---- C:\WINDOWS\system32\aswBoot.exe
2013-12-22 06:53:23 ----D---- C:\Program Files\AVAST Software
2013-12-21 16:19:00 ----HD---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Common Files
2013-12-21 16:18:59 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\MFAData
2013-12-21 11:05:02 ----D---- C:\Program Files\VS Revo Group
2013-12-20 18:18:16 ----D---- C:\sh4ldr
2013-12-20 18:17:39 ----D---- C:\WINDOWS\A358F2F62500420C989C25C4F22DF51E.TMP
2013-12-20 18:17:30 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2013-12-20 17:10:54 ----D---- C:\Program Files\Conduit
2013-12-20 14:00:40 ----D---- C:\Program Files\Google
2013-12-08 16:15:05 ----D---- C:\Program Files\Simutrans
2013-12-06 17:01:47 ----D---- C:\Games
2013-12-06 07:00:27 ----A---- C:\WINDOWS\IsUninst.exe

======List of files/folders modified in the last 1 months======

2013-12-24 08:31:16 ----RD---- C:\Program Files
2013-12-24 08:16:38 ----D---- C:\WINDOWS\Temp
2013-12-23 17:15:41 ----D---- C:\WINDOWS
2013-12-23 17:00:32 ----D---- C:\Documents and Settings\Kryton\Data aplikací\vlc
2013-12-22 14:14:44 ----SD---- C:\WINDOWS\Tasks
2013-12-22 14:14:40 ----D---- C:\WINDOWS\system32\drivers
2013-12-22 06:54:15 ----D---- C:\WINDOWS\system32
2013-12-22 06:51:55 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\AVAST Software
2013-12-20 19:46:11 ----SHD---- C:\WINDOWS\Installer
2013-12-20 19:43:52 ----D---- C:\WINDOWS\system32\CatRoot2
2013-12-20 18:52:13 ----D---- C:\WINDOWS\Minidump
2013-12-14 20:27:16 ----D---- C:\Documents and Settings\Kryton\Data aplikací\dvdcss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; \??\C:\WINDOWS\system32\drivers\aswRdr.sys []
R1 aswSnx;aswSnx; \??\C:\WINDOWS\system32\drivers\aswSnx.sys []
R1 aswSP;aswSP; \??\C:\WINDOWS\system32\drivers\aswSP.sys []
R1 aswTdi;aswTdi; \??\C:\WINDOWS\system32\drivers\aswTdi.sys []
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2013-08-19 13312]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2013-08-19 21275]
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2013-08-20 1270540]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2013-08-19 2311680]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2013-08-20 223128]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-06-08 344064]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2013-08-19 240640]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2013-08-19 32768]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2013-08-20 185824]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-17 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-17 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-17 17024]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-12-22 50344]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-20 116648]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-20 116648]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

#2 Příspěvek od **Márty84** » 24 pro 2013 08:42

Zdravim

Proc neni system aktualizovan? Chybi Service Pack 3.

Aktualizujem skener
Smazte RSIT a slozku C:\Program Files\trend micro , pokud ji najdete.
Pak stahnete nove RSIT http://images.malwareremoval.com/random/RSIT.exe a dejte log z nej.

jaroslav.24 · #3 Příspěvek od **jaroslav.24** » 24 pro 2013 08:50

Děkuji za rychlou odpověď.
Aktualizovaný není, protože je staršího data, a funguje tedy lépe bez aktualizací.
Po nich se sekají hry, je pomalejší a tak prostě jsem ho neaktualizoval.
Přidávám log

Logfile of random's system information tool 1.09 (written by random/random)
Run by Kryton at 2013-12-24 08:47:14
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 43 GB (75%) free of 57 GB
Total RAM: 446 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:47:27, on 24.12.2013
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kryton\Plocha\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Kryton.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ConduitFloatingPlugin_oopdmcnionefjjnmchkiimificckpkif] "C:\WINDOWS\system32\Rundll32.exe" "C:\DOCUME~1\Kryton\LOCALS~1\Temp\CT3318151\plugins\TBVerifier.dll",RunConduitFloatingPlugin oopdmcnionefjjnmchkiimificckpkif
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Kryton\Nabídka Start\Programy\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

--
End of file - 4909 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cefdb3bc249d14.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"=SiSPower.dll,ModeAgent []
"SiS Windows KeyHook"=C:\WINDOWS\system32\keyhook.exe [2005-03-04 32768]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2013-08-19 77824]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2013-08-20 88363]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2013-08-20 98394]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-20 688218]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2010-03-25 2516296]
"CanonSolutionMenuEx"=C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [2010-04-02 1185112]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2005-11-08 128920]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2013-12-22 3764024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"ConduitFloatingPlugin_oopdmcnionefjjnmchkiimificckpkif"=C:\DOCUME~1\Kryton\LOCALS~1\Temp\CT3318151\plugins\TBVerifier.dll [1617-11-28 297248]

C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-17 239616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Kryton\Plocha\DOTA\Warcraft III\Warcraft III.exe"="C:\Documents and Settings\Kryton\Plocha\DOTA\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\ICQ7.7\ICQ.exe"="C:\Program Files\ICQ7.7\ICQ.exe:*:Enabled:ICQ7.7"
"C:\Program Files\Black Isle\Lionheart\Lionheart.exe"="C:\Program Files\Black Isle\Lionheart\Lionheart.exe:*:Enabled:Lionheart"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.7\ICQ.exe"="C:\Program Files\ICQ7.7\ICQ.exe:*:Enabled:ICQ7.7"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.XVID"=xvid.dll
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll

======List of files/folders created in the last 1 month======

2013-12-24 08:47:14 ----D---- C:\Program Files\trend micro
2013-12-24 08:31:13 ----D---- C:\rsit
2013-12-22 06:55:17 ----D---- C:\Documents and Settings\Kryton\Data aplikací\AVAST Software
2013-12-22 06:54:21 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2013-12-22 06:54:20 ----A---- C:\WINDOWS\system32\drivers\aswVmm.sys
2013-12-22 06:54:20 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2013-12-22 06:54:20 ----A---- C:\WINDOWS\system32\drivers\aswRvrt.sys
2013-12-22 06:54:19 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2013-12-22 06:54:19 ----A---- C:\WINDOWS\system32\drivers\aswMonFlt.sys
2013-12-22 06:54:18 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2013-12-22 06:54:15 ----A---- C:\WINDOWS\system32\aswBoot.exe
2013-12-22 06:54:11 ----A---- C:\WINDOWS\avastSS.scr
2013-12-22 06:53:23 ----D---- C:\Program Files\AVAST Software
2013-12-21 16:19:00 ----HD---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Common Files
2013-12-21 16:18:59 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\MFAData
2013-12-21 11:05:02 ----D---- C:\Program Files\VS Revo Group
2013-12-20 18:18:16 ----D---- C:\sh4ldr
2013-12-20 18:17:39 ----D---- C:\WINDOWS\A358F2F62500420C989C25C4F22DF51E.TMP
2013-12-20 18:17:30 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2013-12-20 17:10:54 ----D---- C:\Program Files\Conduit
2013-12-20 14:00:40 ----D---- C:\Program Files\Google
2013-12-08 16:15:05 ----D---- C:\Program Files\Simutrans
2013-12-06 17:01:47 ----D---- C:\Games
2013-12-06 07:00:27 ----A---- C:\WINDOWS\IsUninst.exe

======List of files/folders modified in the last 1 month======

2013-12-24 08:47:14 ----RD---- C:\Program Files
2013-12-24 08:16:38 ----D---- C:\WINDOWS\Temp
2013-12-23 17:15:41 ----D---- C:\WINDOWS
2013-12-23 17:00:32 ----D---- C:\Documents and Settings\Kryton\Data aplikací\vlc
2013-12-22 14:14:44 ----SD---- C:\WINDOWS\Tasks
2013-12-22 14:14:40 ----D---- C:\WINDOWS\system32\drivers
2013-12-22 06:54:15 ----D---- C:\WINDOWS\system32
2013-12-22 06:51:55 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\AVAST Software
2013-12-20 19:46:11 ----SHD---- C:\WINDOWS\Installer
2013-12-20 19:43:52 ----D---- C:\WINDOWS\system32\CatRoot2
2013-12-20 18:52:13 ----D---- C:\WINDOWS\Minidump
2013-12-14 20:27:16 ----D---- C:\Documents and Settings\Kryton\Data aplikací\dvdcss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2013-12-22 49944]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2013-12-22 180248]
R0 gagp30kx;Filtr Microsoft Generic AGPv3.0 pro procesorovou platformu K8; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2004-08-04 46464]
R0 SISAGP;SiS AGP Filter; C:\WINDOWS\system32\DRIVERS\SISAGPX.sys [2013-08-19 36992]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2013-08-20 664064]
R1 aswRdr;aswRdr; \??\C:\WINDOWS\system32\drivers\aswRdr.sys []
R1 aswSnx;aswSnx; \??\C:\WINDOWS\system32\drivers\aswSnx.sys []
R1 aswSP;aswSP; \??\C:\WINDOWS\system32\drivers\aswSP.sys []
R1 aswTdi;aswTdi; \??\C:\WINDOWS\system32\drivers\aswTdi.sys []
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2013-08-19 13312]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2013-08-19 21275]
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2013-08-20 1270540]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2013-08-19 2311680]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2013-08-20 223128]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-06-08 344064]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2013-08-19 240640]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2013-08-19 32768]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2013-08-20 185824]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-12-22 50344]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-20 116648]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-20 116648]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

#4 Příspěvek od **Márty84** » 24 pro 2013 08:54

Jenze takhle je deravy jak cednik a cistit to je takovy mensi boj s vetrnymi mlyny

Neco tam vidim, uvidime, jestli to bude detekovat MBAM

Udelejte !!!kompletni!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

jaroslav.24 · #5 Příspěvek od **jaroslav.24** » 24 pro 2013 09:31

Hotovo pane

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2013.12.24.01

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Kryton :: KRYTON [administrátor]

24.12.2013 9:05:54
MBAM-log-2013-12-24 (09-29-35).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 304760
Uplynulý čas: 22 minut, 14 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKCU\Software\Conduit\ValueApps (PUP.Optional.ValueApps.A) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 5
C:\Program Files\VVSN (Adware.WhenU) -> Nebyla provedena žádná instrukce.
C:\Program Files\VVSN\URL1 (Adware.WhenU) -> Nebyla provedena žádná instrukce.
C:\Program Files\VVSN\URL2 (Adware.WhenU) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kryton\Local Settings\Temp\ct3318151 (PUP.Optional.Conduit.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kryton\Local Settings\Temp\ct3318151\plugins (PUP.Optional.Conduit.A) -> Nebyla provedena žádná instrukce.

Nalezené soubory: 3
C:\WINDOWS\system32\ssins.exe (PUP.Optional.SInstalator) -> Nebyla provedena žádná instrukce.
C:\Program Files\VVSN\vvsn.cfg (Adware.WhenU) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kryton\Local Settings\Temp\ct3318151\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> Nebyla provedena žádná instrukce.

(konec)

#6 Příspěvek od **Márty84** » 24 pro 2013 10:35

Nalezy nechte odstranit. Po odstraneni restartu pc test zopakujte a napiste, zda neco nasel. Podle vysledku zvolim dalsi postup.

jaroslav.24 · #7 Příspěvek od **jaroslav.24** » 24 pro 2013 11:31

Odstraněno, restartováno, skenováno, bez infekce

#8 Příspěvek od **Márty84** » 24 pro 2013 12:55

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Spustte ho.
Kliknete na Scan a program zacne pracovat.
Az skonci, vyplivne na vas log (pokud ne, najdete ho zde C:\AdwCleaner\AdwCleaner[R?].txt ), ten mi sem zkopirujte.

jaroslav.24 · #9 Příspěvek od **jaroslav.24** » 24 pro 2013 13:08

Děkuji že se my věnujete i dnes 24
Tady to je

# AdwCleaner v3.016 - Report created 24/12/2013 at 12:56:28
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : Kryton - KRYTON
# Running from : C:\Documents and Settings\Kryton\Plocha\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Trymedia
Folder Found C:\Documents and Settings\Kryton\Local Settings\Data aplikací\Conduit
Folder Found C:\Documents and Settings\Kryton\Local Settings\Data aplikací\NativeMessaging
Folder Found C:\Program Files\Conduit

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\BI
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\OCS
Key Found : HKCU\Software\SmartBar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Found : HKLM\Software\Trymedia Systems
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_oopdmcnionefjjnmchkiimificckpkif]

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.2180

-\\ Google Chrome v31.0.1650.63

[ File : C:\Documents and Settings\Kryton\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1422 octets] - [24/12/2013 12:56:28]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1482 octets] ##########

#10 Příspěvek od **Márty84** » 24 pro 2013 15:29

Neni zac

Vecere jeste neni, tak obcas k pc nakouknu

Znovu ukoncete vsechny programy a spustte AdwCleaner.
Tentokrat kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne dalsi log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zase zkopirujte.

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu a spustte.
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte

jaroslav.24 · #11 Příspěvek od **jaroslav.24** » 24 pro 2013 15:55

Zde je adw

# AdwCleaner v3.016 - Report created 24/12/2013 at 15:51:28
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : Kryton - KRYTON
# Running from : C:\Documents and Settings\Kryton\Plocha\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Trymedia
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Documents and Settings\Kryton\Local Settings\Data aplikací\Conduit
Folder Deleted : C:\Documents and Settings\Kryton\Local Settings\Data aplikací\NativeMessaging

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_oopdmcnionefjjnmchkiimificckpkif]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKLM\Software\Trymedia Systems

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.2180

-\\ Google Chrome v31.0.1650.63

[ File : C:\Documents and Settings\Kryton\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1562 octets] - [24/12/2013 12:56:28]
AdwCleaner[R1].txt - [1622 octets] - [24/12/2013 13:04:26]
AdwCleaner[R2].txt - [1682 octets] - [24/12/2013 15:50:32]
AdwCleaner[S0].txt - [1635 octets] - [24/12/2013 15:51:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1695 octets] ##########

jaroslav.24 · #12 Příspěvek od **jaroslav.24** » 24 pro 2013 16:00

A tady je Killer

RogueKiller V8.7.13 [Dec 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 2) 32 bits version
Spuštěno v : Normální režim
Uživatel : Kryton [Práva správce]
Mód : Kontrola -- Datum : 12/24/2013 15:58:32
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 1 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 3 ¤¤¤
[All Users][SUSP UNIC] Ralink Wireless Utility.lnk : C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Ralink Wireless Utility.lnk [-] -> NALEZENO
[All Users][SUSP UNIC] Utility Tray.lnk : C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Utility Tray.lnk [-] -> NALEZENO
[All Users.WINDOWS][SUSP UNIC] Ralink Wireless Utility.lnk : C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Ralink Wireless Utility.lnk [-] -> NALEZENO

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0xc0000033] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) HTS541060G9AT00 +++++
--- User ---
[MBR] c45483383152f42413aa72acca1bf429
[BSP] d5db20dc0cdd6b2ed009a86645d85e05 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 57223 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_S_12242013_155832.txt >>

#13 Příspěvek od **Márty84** » 25 pro 2013 00:15

Znovu spustte RogueKiller (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.

jaroslav.24 · #14 Příspěvek od **jaroslav.24** » 25 pro 2013 08:23

Log po smazání

RogueKiller V8.7.13 [Dec 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 2) 32 bits version
Spuštěno v : Normální režim
Uživatel : Kryton [Práva správce]
Mód : Odebrat -- Datum : 12/25/2013 08:22:11
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 1 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 3 ¤¤¤
[All Users][SUSP UNIC] Ralink Wireless Utility.lnk : C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Ralink Wireless Utility.lnk [-] -> VYMAZÁNO
[All Users][SUSP UNIC] Utility Tray.lnk : C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Utility Tray.lnk [-] -> VYMAZÁNO
[All Users.WINDOWS][SUSP UNIC] Ralink Wireless Utility.lnk : C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Ralink Wireless Utility.lnk [-] -> VYMAZÁNO

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0xc0000033] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) HTS541060G9AT00 +++++
--- User ---
[MBR] c45483383152f42413aa72acca1bf429
[BSP] d5db20dc0cdd6b2ed009a86645d85e05 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 57223 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_D_12252013_082211.txt >>
RKreport[0]_S_12242013_155832.txt;RKreport[0]_S_12252013_082201.txt

jaroslav.24 · #15 Příspěvek od **jaroslav.24** » 25 pro 2013 08:25

log po oprava host

RogueKiller V8.7.13 [Dec 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 2) 32 bits version
Spuštěno v : Normální režim
Uživatel : Kryton [Práva správce]
Mód : Oprava HOSTS -- Datum : 12/25/2013 08:24:08
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0xc0000033] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost

Dokončeno : << RKreport[0]_H_12252013_082408.txt >>
RKreport[0]_D_12252013_082211.txt;RKreport[0]_S_12242013_155832.txt;RKreport[0]_S_12252013_082201.txt

VIRY.CZ

Policejni vir

Policejni vir

Re: Policejni vir

Re: Policejni vir

Re: Policejni vir

Re: Policejni vir

Re: Policejni vir

Re: Policejni vir

Re: Policejni vir

Re: Policejni vir

Re: Policejni vir

Re: Policejni vir

Re: Policejni vir

Re: Policejni vir

Re: Policejni vir

Re: Policejni vir