Preventívka

[Minmi]

Zdravím,

prosím o preventívnu kontrolu - sestra sa sťažuje, že má spomalený notebook, ide o asi 6 ročný stroj a má tu celkom bordel pri spustení PC vyhadzuje hlášku: Systém Windows nemôže nájsť súbor "C:\WINDOWS\system32\drivers\Regview.exe". Skontrolujte, či ste zadali správny názov a potom pokus zopakujte. Ak chcete vyhľadať súbor, kliknite na tlačidlo Štart a potom na položku Hľadať.
+ v ovládacom paneli sa nedá otvoriť centrum zabezpečenia - vyhodí, že je momentálne nedostupné, pretože služba centrum zabezpečenia sa nespustila alebo bola zastavená
+ všimol som si, že proces svchost.exe vyťažoval procesor aj na viac ako 90% (ručne som ho vypol v správcovi úloh, ale po reštarte opäť), okrem toho som si všimol pri vypínaní PC nechcel skončiť nejaký program (ukončovanie programu hidden window)
v PC nemala ani antivírus, tak som začal stiahnutím Aviry a kompletnej kontroly, ale nič sa nenašlo
prosím preto o preventívnu kontrolu logu, vopred ďakujem

Logfile of random's system information tool 1.06 (written by random/random)
Run by Monika at 2014-02-15 18:02:23
Systém Microsoft Windows XP Professional Service Pack 3, v.6368
System drive C: has 2 GB (4%) free of 56 GB
Total RAM: 894 MB (57% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-1604221776-839522115-1003Core.job
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-1604221776-839522115-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2011-05-27 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-04 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\PROGRA~1\PCTRAN~1\webie.dll [2004-05-13 319488]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2006-07-29 188416]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe []
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-12-11 344064]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-28 16248320]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2011-05-27 40368]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-29 937920]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"Avira Systray"=C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [2014-01-29 172600]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2013-12-09 684600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=cmd.exe /c start http://www.avg.com/ww.special-uninstall ... er=9.0.872 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2007-11-30 15360]
"amva"=C:\WINDOWS\system32\amvo.exe []
"Facebook Update"=C:\Documents and Settings\Monika\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-09-17 138096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-12-12 47104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-01-16 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Monika\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe"="C:\Documents and Settings\Monika\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{252fa1d5-49e8-11de-889f-001b38c32b5a}]
shell\AutoRun\command - xh319r9b.bat
shell\open\command - xh319r9b.bat


======List of files/folders created in the last 1 months======

2014-02-15 15:38:38 ----D---- C:\WINDOWS\system32\NtmsData
2014-02-15 15:34:36 ----D---- C:\rsit
2014-02-15 15:34:36 ----D---- C:\Program Files\trend micro
2014-02-15 15:24:14 ----D---- C:\Documents and Settings\Monika\Application Data\Avira
2014-02-15 15:04:53 ----D---- C:\Program Files\Avira
2014-02-15 15:04:52 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2014-02-15 14:47:55 ----D---- C:\WINDOWS\assembly
2014-02-15 14:38:04 ----D---- C:\WINDOWS\Microsoft.NET
2014-02-15 14:29:06 ----D---- C:\Program Files\Mozilla Firefox
2014-02-15 14:18:50 ----D---- C:\Documents and Settings\All Users\Application Data\Package Cache
2014-02-05 19:13:34 ----A---- C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-01-19 21:44:45 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe

======List of files/folders modified in the last 1 months======

2014-02-15 17:50:19 ----D---- C:\WINDOWS\Prefetch
2014-02-15 17:32:35 ----D---- C:\WINDOWS\Temp
2014-02-15 16:54:05 ----D---- C:\WINDOWS\system32\CatRoot2
2014-02-15 16:53:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-02-15 16:49:26 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-02-15 16:40:28 ----SHD---- C:\System Volume Information
2014-02-15 15:38:58 ----HD---- C:\WINDOWS\inf
2014-02-15 15:38:38 ----D---- C:\WINDOWS\system32
2014-02-15 15:38:37 ----D---- C:\WINDOWS\repair
2014-02-15 15:38:25 ----D---- C:\WINDOWS\Registration
2014-02-15 15:34:36 ----RD---- C:\Program Files
2014-02-15 15:17:24 ----D---- C:\WINDOWS\system32\drivers
2014-02-15 15:16:11 ----SHD---- C:\WINDOWS\Installer
2014-02-15 15:03:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-15 14:48:01 ----D---- C:\WINDOWS\WinSxS
2014-02-15 14:47:55 ----D---- C:\WINDOWS
2014-02-15 14:42:05 ----D---- C:\WINDOWS\system32\en-us
2014-02-15 14:38:21 ----D---- C:\Program Files\Microsoft.NET
2014-02-15 14:38:09 ----D---- C:\WINDOWS\system32\mui
2014-02-14 20:52:58 ----D---- C:\Documents and Settings\Monika\Application Data\vlc
2014-01-19 21:44:49 ----SD---- C:\WINDOWS\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2013-12-09 135648]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2013-12-09 37352]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\WINDOWS\system32\drivers\HWiNFO32.SYS []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2007-11-30 36352]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2006-07-29 30601]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2013-12-09 28520]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2013-12-09 90400]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2007-09-20 62336]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-09-18 1326528]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-12-12 1414656]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2007-11-30 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2007-09-20 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-28 4304384]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2007-11-20 104320]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2007-11-30 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-11-30 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2007-11-30 17152]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2008-02-08 57408]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2007-11-30 14592]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2007-11-30 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2007-11-30 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2007-11-30 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2007-11-30 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-16 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-16 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira Real-Time Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2013-12-09 440376]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2013-12-09 440376]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-12-12 393216]
R2 Avira.OE.ServiceHost;Avira Service Host; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-01-29 109112]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05 257928]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-02-15 118896]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2007-11-30 14336]
S4 AntiVirWebService;Avira Web Protection; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-12-09 1011768]

-----------------EOF-----------------

[Márty84]

Zdravim

Udelejte !!!kompletni!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

[Minmi]

tak tu je log:

Malwarebytes Anti-Malware (Skúšobná verzia) 1.75.0.1300
www.malwarebytes.org

Verzia databázy: v2014.02.15.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Monika :: ASTOR [administrátor]

Ochrana: Zapnuté

15.2.2014 20:00:00
MBAM-log-2014-02-15 (20-40-54).txt

Typ kontroly: Úplná kontrola (C:\|)
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 248602
Uplynutý čas: 32 min, 14 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)

Detegované registračné hodnoty: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|amva (Spyware.OnlineGames) -> Dáta: C:\WINDOWS\system32\amvo.exe -> Žiadna úloha nevykonaná.

Detegované položky registračných dát: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Škodlivý: (1) Dobrý: (0) -> Žiadna úloha nevykonaná.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Škodlivý: (1) Dobrý: (0) -> Žiadna úloha nevykonaná.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Škodlivý: (1) Dobrý: (0) -> Žiadna úloha nevykonaná.

Detegované priečinky: 0
(Škodlivé položky neboli zistené)

Detegované súbory: 0
(Škodlivé položky neboli zistené)

(koniec)

[Márty84]

Nalezy nechte odstranit/opravit, pak MBAM odinstalujte.


Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Spustte ho.
Kliknete na Scan a program zacne pracovat.
Az skonci, vyplivne na vas log (pokud ne, najdete ho zde C:\AdwCleaner\AdwCleaner[R?].txt ), ten mi sem zkopirujte.

[Minmi]

# AdwCleaner v3.018 - Report created 15/02/2014 at 20:58:48
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3, v.6368 (32 bits)
# Username : Monika - ASTOR
# Running from : C:\Documents and Settings\Monika\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : ICQ Service

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\Monika\Application Data\Mozilla\Firefox\Profiles\gyiaf5i1.default\searchplugins\icqplugin.xml
File Found : C:\Documents and Settings\Monika\Application Data\Mozilla\Firefox\Profiles\gyiaf5i1.default\searchplugins\icqplugin-1.xml
File Found : C:\Documents and Settings\Monika\Application Data\Mozilla\Firefox\Profiles\gyiaf5i1.default\searchplugins\icqplugin-2.xml
File Found : C:\Documents and Settings\Monika\Application Data\Mozilla\Firefox\Profiles\gyiaf5i1.default\searchplugins\icqplugin-3.xml
File Found : C:\Documents and Settings\Monika\Application Data\Mozilla\Firefox\Profiles\gyiaf5i1.default\searchplugins\icqplugin-4.xml
File Found : C:\Documents and Settings\Monika\Application Data\Mozilla\Firefox\Profiles\gyiaf5i1.default\searchplugins\icqplugin-5.xml
File Found : C:\Documents and Settings\Monika\Application Data\Mozilla\Firefox\Profiles\gyiaf5i1.default\searchplugins\icqplugin-6.xml
File Found : C:\Documents and Settings\Monika\Application Data\Mozilla\Firefox\Profiles\gyiaf5i1.default\searchplugins\icqplugin-7.xml
Folder Found : C:\Program Files\Mozilla Firefox\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
Folder Found C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar
Folder Found C:\Documents and Settings\Monika\Application Data\Mozilla\Firefox\Profiles\gyiaf5i1.default\ICQToolbarData
Folder Found C:\Program Files\ICQ6Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\ICQ\ICQToolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\pdfforge
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Key Found : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Key Found : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Key Found : HKLM\Software\ICQ\ICQToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.17128

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.icq.com/
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search] - hxxp://www.icq.com/search/results.php?q={searc ... &ch_id=osd

-\\ Mozilla Firefox v27.0.1 (sk)

[ File : C:\Documents and Settings\Monika\Application Data\Mozilla\Firefox\Profiles\gyiaf5i1.default\prefs.js ]

Line Found : user_pref("icqtoolbar.allowSendURL", false);
Line Found : user_pref("icqtoolbar.engineVerified", false);
Line Found : user_pref("icqtoolbar.hiddenElements", "itb_options");
Line Found : user_pref("icqtoolbar.history", "mmo||skvely-vtip-pro-muze.wz.cz||skvely-vtip-pro-muze||skvely-vtip-pro.||trnavska%20cesta%2C%20bratislava||beanie%20euba||of%20beania||often%20imitated%20but%20never%2[...]
Line Found : user_pref("icqtoolbar.installsource", "1");
Line Found : user_pref("icqtoolbar.numberOfSearches", 0);
Line Found : user_pref("icqtoolbar.previousFFVersion", "3.0.19");
Line Found : user_pref("icqtoolbar.skip_default_search", "no");
Line Found : user_pref("icqtoolbar.uniqueID", "123660781312366078131237214725748");
Line Found : user_pref("icqtoolbar.usageStatstTimestamp", 1290375189);
Line Found : user_pref("icqtoolbar.version", "1.1.4");

*************************

AdwCleaner[R0].txt - [5655 octets] - [15/02/2014 20:58:48]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5715 octets] ##########

[Márty84]

Znovu ukoncete vsechny programy a spustte AdwCleaner.
Tentokrat kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne dalsi log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zase zkopirujte.


Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu a spustte,
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte

[Minmi]

adwcleaner:

# AdwCleaner v3.018 - Report created 15/02/2014 at 21:26:10
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3, v.6368 (32 bits)
# Username : Monika - ASTOR
# Running from : C:\Documents and Settings\Monika\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : ICQ Service

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar
Folder Deleted : C:\Program Files\ICQ6Toolbar
Folder Deleted : C:\Documents and Settings\Monika\Application Data\Mozilla\Firefox\Profiles\gyiaf5i1.default\ICQToolbarData
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
File Deleted : C:\Documents and Settings\Monika\Application Data\Mozilla\Firefox\Profiles\gyiaf5i1.default\searchplugins\icqplugin.xml
File Deleted : C:\Documents and Settings\Monika\Application Data\Mozilla\Firefox\Profiles\gyiaf5i1.default\searchplugins\icqplugin-1.xml
File Deleted : C:\Documents and Settings\Monika\Application Data\Mozilla\Firefox\Profiles\gyiaf5i1.default\searchplugins\icqplugin-2.xml
File Deleted : C:\Documents and Settings\Monika\Application Data\Mozilla\Firefox\Profiles\gyiaf5i1.default\searchplugins\icqplugin-3.xml
File Deleted : C:\Documents and Settings\Monika\Application Data\Mozilla\Firefox\Profiles\gyiaf5i1.default\searchplugins\icqplugin-4.xml
File Deleted : C:\Documents and Settings\Monika\Application Data\Mozilla\Firefox\Profiles\gyiaf5i1.default\searchplugins\icqplugin-5.xml
File Deleted : C:\Documents and Settings\Monika\Application Data\Mozilla\Firefox\Profiles\gyiaf5i1.default\searchplugins\icqplugin-6.xml
File Deleted : C:\Documents and Settings\Monika\Application Data\Mozilla\Firefox\Profiles\gyiaf5i1.default\searchplugins\icqplugin-7.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Key Deleted : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Key Deleted : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Key Deleted : HKCU\Software\ICQ\ICQToolbar
Key Deleted : HKCU\Software\pdfforge
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.17128

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Mozilla Firefox v27.0.1 (sk)

[ File : C:\Documents and Settings\Monika\Application Data\Mozilla\Firefox\Profiles\gyiaf5i1.default\prefs.js ]

Line Deleted : user_pref("icqtoolbar.allowSendURL", false);
Line Deleted : user_pref("icqtoolbar.engineVerified", false);
Line Deleted : user_pref("icqtoolbar.hiddenElements", "itb_options");
Line Deleted : user_pref("icqtoolbar.history", "mmo||skvely-vtip-pro-muze.wz.cz||skvely-vtip-pro-muze||skvely-vtip-pro.||trnavska%20cesta%2C%20bratislava||beanie%20euba||of%20beania||often%20imitated%20but%20never%2[...]
Line Deleted : user_pref("icqtoolbar.installsource", "1");
Line Deleted : user_pref("icqtoolbar.numberOfSearches", 0);
Line Deleted : user_pref("icqtoolbar.previousFFVersion", "3.0.19");
Line Deleted : user_pref("icqtoolbar.skip_default_search", "no");
Line Deleted : user_pref("icqtoolbar.uniqueID", "123660781312366078131237214725748");
Line Deleted : user_pref("icqtoolbar.usageStatstTimestamp", 1290375189);
Line Deleted : user_pref("icqtoolbar.version", "1.1.4");

*************************

AdwCleaner[R0].txt - [5795 octets] - [15/02/2014 20:58:48]
AdwCleaner[S0].txt - [5738 octets] - [15/02/2014 21:26:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5798 octets] ##########

[Minmi]

roguekiller:

RogueKiller V8.8.7 [Feb 11 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operačný systém : Windows XP (5.1.2600 Service Pack 3, v.6368) 32 bits version
Spustené v : Normálny režim
Užívateľ : Monika [Práva Správcu]
Režim : Kontrola -- Dátum : 02/15/2014 21:43:13
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy : 0 ¤¤¤

¤¤¤ Záznamy Registrov : 2 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (proxy.ulib.sk:3128 [Country: (Private Address) (XX), City: (Private Address)]) -> NÁJDENÉ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NÁJDENÉ

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spustenie položky : 0 ¤¤¤

¤¤¤ webové prehliadače : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤

¤¤¤ Ovládač : [NAHRATÉ] ¤¤¤
[Address] SSDT[25] : NtClose @ 0x80567C07 -> HOOKED (Unknown @ 0xF7D9723C)
[Address] SSDT[41] : NtCreateKey @ 0x80573887 -> HOOKED (Unknown @ 0xF7D971F6)
[Address] SSDT[50] : NtCreateSection @ 0x80565433 -> HOOKED (Unknown @ 0xF7D97246)
[Address] SSDT[53] : NtCreateThread @ 0x80578925 -> HOOKED (Unknown @ 0xF7D971EC)
[Address] SSDT[63] : NtDeleteKey @ 0x80595ABA -> HOOKED (Unknown @ 0xF7D971FB)
[Address] SSDT[65] : NtDeleteValueKey @ 0x805936DA -> HOOKED (Unknown @ 0xF7D97205)
[Address] SSDT[68] : NtDuplicateObject @ 0x805749DA -> HOOKED (Unknown @ 0xF7D97237)
[Address] SSDT[98] : NtLoadKey @ 0x805ADCBB -> HOOKED (Unknown @ 0xF7D9720A)
[Address] SSDT[122] : NtOpenProcess @ 0x80574BC1 -> HOOKED (Unknown @ 0xF7D971D8)
[Address] SSDT[128] : NtOpenThread @ 0x80590CFC -> HOOKED (Unknown @ 0xF7D971DD)
[Address] SSDT[177] : NtQueryValueKey @ 0x8056A531 -> HOOKED (Unknown @ 0xF7D9725F)
[Address] SSDT[193] : NtReplaceKey @ 0x8065012A -> HOOKED (Unknown @ 0xF7D97214)
[Address] SSDT[200] : NtRequestWaitReplyPort @ 0x8056DD9E -> HOOKED (Unknown @ 0xF7D97250)
[Address] SSDT[204] : NtRestoreKey @ 0x8064FCC1 -> HOOKED (Unknown @ 0xF7D9720F)
[Address] SSDT[213] : NtSetContextThread @ 0x8062E8FB -> HOOKED (Unknown @ 0xF7D9724B)
[Address] SSDT[237] : NtSetSecurityObject @ 0x80598227 -> HOOKED (Unknown @ 0xF7D97255)
[Address] SSDT[247] : NtSetValueKey @ 0x8057DAF3 -> HOOKED (Unknown @ 0xF7D97200)
[Address] SSDT[255] : NtSystemDebugControl @ 0x8064AD09 -> HOOKED (Unknown @ 0xF7D9725A)
[Address] SSDT[257] : NtTerminateProcess @ 0x80585851 -> HOOKED (Unknown @ 0xF7D971E7)
[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xF7D9726E)
[Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xF7D97273)
[Inline] EAT @firefox.exe (LdrLoadDll) : ntdll.dll -> HOOKED (C:\Program Files\Mozilla Firefox\mozglue.dll @ 0x10001FFD)

¤¤¤ Vonkajšie Hives: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS541660J9SA00 +++++
--- User ---
[MBR] f8ebe17236ae8eae02b7d438244c5b97
[BSP] 804663b4b1fab924cccaa6964e27eb31 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3084480 | Size: 55717 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončené : << RKreport[0]_S_02152014_214313.txt >>

[Márty84]

Tu proxy tam mate schvalne?


Znovu spustte RogueKiller (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.

[Minmi]

po zmazaní:
RogueKiller V8.8.7 [Feb 11 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operačný systém : Windows XP (5.1.2600 Service Pack 3, v.6368) 32 bits version
Spustené v : Normálny režim
Užívateľ : Monika [Práva Správcu]
Režim : Odebrať -- Dátum : 02/15/2014 23:36:55
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy : 0 ¤¤¤

¤¤¤ Záznamy Registrov : 1 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRADENÉ (0)

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spustenie položky : 0 ¤¤¤

¤¤¤ webové prehliadače : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤

¤¤¤ Ovládač : [NAHRATÉ] ¤¤¤
[Address] SSDT[25] : NtClose @ 0x80567C07 -> HOOKED (Unknown @ 0xF7D9723C)
[Address] SSDT[41] : NtCreateKey @ 0x80573887 -> HOOKED (Unknown @ 0xF7D971F6)
[Address] SSDT[50] : NtCreateSection @ 0x80565433 -> HOOKED (Unknown @ 0xF7D97246)
[Address] SSDT[53] : NtCreateThread @ 0x80578925 -> HOOKED (Unknown @ 0xF7D971EC)
[Address] SSDT[63] : NtDeleteKey @ 0x80595ABA -> HOOKED (Unknown @ 0xF7D971FB)
[Address] SSDT[65] : NtDeleteValueKey @ 0x805936DA -> HOOKED (Unknown @ 0xF7D97205)
[Address] SSDT[68] : NtDuplicateObject @ 0x805749DA -> HOOKED (Unknown @ 0xF7D97237)
[Address] SSDT[98] : NtLoadKey @ 0x805ADCBB -> HOOKED (Unknown @ 0xF7D9720A)
[Address] SSDT[122] : NtOpenProcess @ 0x80574BC1 -> HOOKED (Unknown @ 0xF7D971D8)
[Address] SSDT[128] : NtOpenThread @ 0x80590CFC -> HOOKED (Unknown @ 0xF7D971DD)
[Address] SSDT[177] : NtQueryValueKey @ 0x8056A531 -> HOOKED (Unknown @ 0xF7D9725F)
[Address] SSDT[193] : NtReplaceKey @ 0x8065012A -> HOOKED (Unknown @ 0xF7D97214)
[Address] SSDT[200] : NtRequestWaitReplyPort @ 0x8056DD9E -> HOOKED (Unknown @ 0xF7D97250)
[Address] SSDT[204] : NtRestoreKey @ 0x8064FCC1 -> HOOKED (Unknown @ 0xF7D9720F)
[Address] SSDT[213] : NtSetContextThread @ 0x8062E8FB -> HOOKED (Unknown @ 0xF7D9724B)
[Address] SSDT[237] : NtSetSecurityObject @ 0x80598227 -> HOOKED (Unknown @ 0xF7D97255)
[Address] SSDT[247] : NtSetValueKey @ 0x8057DAF3 -> HOOKED (Unknown @ 0xF7D97200)
[Address] SSDT[255] : NtSystemDebugControl @ 0x8064AD09 -> HOOKED (Unknown @ 0xF7D9725A)
[Address] SSDT[257] : NtTerminateProcess @ 0x80585851 -> HOOKED (Unknown @ 0xF7D971E7)
[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xF7D9726E)
[Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xF7D97273)
[Inline] EAT @firefox.exe (LdrLoadDll) : ntdll.dll -> HOOKED (C:\Program Files\Mozilla Firefox\mozglue.dll @ 0x10001FFD)

¤¤¤ Vonkajšie Hives: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS541660J9SA00 +++++
--- User ---
[MBR] f8ebe17236ae8eae02b7d438244c5b97
[BSP] 804663b4b1fab924cccaa6964e27eb31 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3084480 | Size: 55717 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončené : << RKreport[0]_D_02152014_233655.txt >>
RKreport[0]_S_02152014_214313.txt



po oprave host: (mimochodom Avira vyhodilo hlášku, že hosts file boli zablokované - z eventu: In accordance with security guidelines, the Administrator has blocked access to the Hosts file.)

RogueKiller V8.8.7 [Feb 11 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operačný systém : Windows XP (5.1.2600 Service Pack 3, v.6368) 32 bits version
Spustené v : Normálny režim
Užívateľ : Monika [Práva Správcu]
Režim : Oprava HOSTS -- Dátum : 02/15/2014 23:39:00
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy : 0 ¤¤¤

¤¤¤ Záznamy Registrov : 0 ¤¤¤

¤¤¤ Ovládač : [NAHRATÉ] ¤¤¤

¤¤¤ Vonkajšie Hives: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Resetovaný HOSTS: ¤¤¤


Dokončené : << RKreport[0]_H_02152014_233900.txt >>
RKreport[0]_D_02152014_233655.txt;RKreport[0]_S_02152014_214313.txt


čo sa týka tých proxov, predpokladám, že to asi mala nastavené kvôli knižnici (http://www.ulib.sk/sk/sluzby/pripojenie ... siete-ukb/)

[Márty84]

Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte ComboFix.
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[Minmi]

ak by vám nevadilo, mohli by sme potom pokračovať na konci týždňa? radšej to pozálohujem, predsa, nie je to moje - sestra tu má dosť vecí, materiálov zo školy a pod., by ma asi zabila keby sa niečo stalo v súvislosti s tým sa chcem opýtať - keď pripojím externý disk, nemôže sa tam dostať dáka háveď? + je v poriadku pc vypnúť a potom pokračovať následne combofixom? vďaka

[Márty84]

ak by vám nevadilo, mohli by sme potom pokračovať na konci týždňa?

Urcite

keď pripojím externý disk, nemôže sa tam dostať dáka háveď?

Sama by tam skocit nemela, ale nesmite si ji tam hodit sam.

je v poriadku pc vypnúť a potom pokračovať následne combofixom?

Jasne ze ho muzete vypnout

[Minmi]

keď pripojím externý disk, nemôže sa tam dostať dáka háveď?

Sama by tam skocit nemela, ale nesmite si ji tam hodit sam.

Mohli by ste byť konkrétnejší? keď budem kopírovať len dáke dokumenty, pdf a fotky, je možné, že by sa to tam mohlo dostať?

[Márty84]

Mozne je vsechno, ale je to nepravdepodobne