Prosímo kontrolu logu.

Zpráva

Martin000 · #1 Příspěvek od **Martin000** » 08 kvě 2014 17:00

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-05-2014
Ran by Lucka (administrator) on DOMA on 08-05-2014 17:52:01
Running from C:\Documents and Settings\Lucka\Plocha
Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(BitTorrent Inc.) C:\Documents and Settings\Lucka\Data aplikací\uTorrent\uTorrent.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Aladdin Knowledge Systems Ltd.) C:\WINDOWS\system32\hasplms.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Pandora.TV) C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
() C:\WINDOWS\system32\UAService7.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(PandoraTV) C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88363 2003-06-27] (Agere Systems)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [UserFaultCheck] => %systemroot%\system32\dumprep 0 -u
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\S-1-5-21-2052111302-1060284298-839522115-1003\...\Run: [uTorrent] => C:\Documents and Settings\Lucka\Data aplikací\uTorrent\uTorrent.exe [1270352 2014-04-29] (BitTorrent Inc.)
HKU\S-1-5-21-2052111302-1060284298-839522115-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3477312 2012-01-19] (DT Soft Ltd)
HKU\S-1-5-21-2052111302-1060284298-839522115-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.)
Startup: C:\Documents and Settings\Lucka\Nabídka Start\Programy\Po spuštění\Xfire.lnk
ShortcutTarget: Xfire.lnk -> D:\Program Files\Xfire\Xfire.exe (Xfire Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dalesearch.com/?babsrc=HP_ss ... 0&tsp=5025
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.dalesearch.com/?q={searchTer ... 0&tsp=5025
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.dalesearch.com/?q={searchTer ... 0&tsp=5025
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Lucka\Data aplikací\Mozilla\Firefox\Profiles\ja0o3l5a.default
FF user.js: detected! => C:\Documents and Settings\Lucka\Data aplikací\Mozilla\Firefox\Profiles\ja0o3l5a.default\user.js
FF NewTab: hxxp://www.dalesearch.com/?babsrc=NT_ss&mntrId ... 0&tsp=5025
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Lucka\Data aplikací\Mozilla\Firefox\Profiles\ja0o3l5a.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: WebSite Recommendation - C:\Documents and Settings\Lucka\Data aplikací\Mozilla\Firefox\Profiles\ja0o3l5a.default\Extensions\WebSiteRecommendation@weliketheweb.com [2014-03-21]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-29]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Lucka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-17]
CHR Extension: (Disk Google) - C:\Documents and Settings\Lucka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-17]
CHR Extension: (YouTube) - C:\Documents and Settings\Lucka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-17]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\Lucka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-17]
CHR Extension: (avast! Online Security) - C:\Documents and Settings\Lucka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-11-19]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Lucka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-11-17]
CHR Extension: (Peněženka Google) - C:\Documents and Settings\Lucka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-17]
CHR Extension: (Gmail) - C:\Documents and Settings\Lucka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-17]
CHR HKLM\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\DOCUME~1\Lucka\LOCALS~1\Temp\ccex.crx [2013-11-17]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Data aplikací\AVG Secure Search\ChromeExt\13.2.0.5\avg.crx [2013-05-14]

========================== Services (Whitelisted) =================

R2 hasplms; C:\WINDOWS\system32\hasplms.exe [2549248 2008-07-17] (Aladdin Knowledge Systems Ltd.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170408 2013-01-12] (Oracle Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
R2 PanService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [167936 2006-06-16] ()
R2 UserAccess7; C:\WINDOWS\system32\UAService7.exe [126976 2013-06-19] ()

==================== Drivers (Whitelisted) ====================

R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [350720 2008-03-27] (Aladdin Knowledge Systems Ltd.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [26984 2012-11-08] (AVG Technologies)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [242240 2012-02-03] (DT Soft Ltd)
R3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [170392 2006-10-24] (Intel Corporation)
R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.)
R2 Haspnt; C:\WINDOWS\system32\drivers\Haspnt.sys [47616 2012-08-31] (Aladdin Knowledge Systems)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R3 w70n51; C:\WINDOWS\System32\DRIVERS\w70n51.sys [674560 2006-07-13] (Intel® Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-08 17:52 - 2014-05-08 17:52 - 00011913 _____ () C:\Documents and Settings\Lucka\Plocha\FRST.txt
2014-05-08 17:50 - 2014-05-08 17:52 - 00000000 ____D () C:\FRST
2014-05-08 17:49 - 2014-05-08 17:49 - 01053184 _____ (Farbar) C:\Documents and Settings\Lucka\Plocha\FRST.exe
2014-05-04 21:18 - 2014-05-04 21:18 - 00005504 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-04-29 13:34 - 2014-05-01 11:34 - 17931952 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-04-23 21:24 - 2014-04-23 21:27 - 00000000 ____D () C:\Documents and Settings\Lucka\Plocha\Tisk prosim prosim
2014-04-09 21:40 - 2014-04-09 21:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-09 21:34 - 2014-04-09 21:35 - 00011471 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-09 13:08 - 2014-04-09 21:40 - 00013804 _____ () C:\WINDOWS\KB2922229.log
2014-04-08 12:01 - 2013-10-04 14:16 - 00072960 _____ (SimilarSites) C:\Documents and Settings\Lucka\Plocha\Kopie - SimilarBundleGenericDl.exe
2014-04-08 12:01 - 2012-07-13 10:41 - 00000706 _____ () C:\Documents and Settings\Lucka\Plocha\Kopie - TapinRadio.lnk
2014-04-08 12:01 - 2012-05-26 16:37 - 155059785 _____ (HTC Corporation ) C:\Documents and Settings\Lucka\Plocha\Kopie - setup_3.0.5551.exe

==================== One Month Modified Files and Folders =======

2014-05-08 17:52 - 2014-05-08 17:52 - 00011913 _____ () C:\Documents and Settings\Lucka\Plocha\FRST.txt
2014-05-08 17:52 - 2014-05-08 17:50 - 00000000 ____D () C:\FRST
2014-05-08 17:52 - 2012-01-23 19:41 - 00000000 ____D () C:\Documents and Settings\Lucka\Data aplikací\uTorrent
2014-05-08 17:52 - 2012-01-23 11:17 - 00000000 ____D () C:\Documents and Settings\Lucka\Plocha
2014-05-08 17:49 - 2014-05-08 17:49 - 01053184 _____ (Farbar) C:\Documents and Settings\Lucka\Plocha\FRST.exe
2014-05-08 17:48 - 2012-01-23 19:48 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
2014-05-08 17:34 - 2012-12-25 23:33 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-08 17:32 - 2012-01-23 11:05 - 01528820 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-08 17:31 - 2014-03-10 09:40 - 00000222 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-05-08 17:31 - 2013-07-31 12:39 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-08 17:31 - 2013-07-31 12:39 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-05-08 17:31 - 2012-01-30 12:31 - 00000000 ____D () C:\Documents and Settings\Lucka\Data aplikací\Skype
2014-05-08 17:31 - 2012-01-23 11:17 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-08 17:31 - 2004-08-18 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-08 17:30 - 2012-01-23 11:17 - 00032350 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-08 17:30 - 2012-01-23 11:17 - 00000178 ___SH () C:\Documents and Settings\Lucka\ntuser.ini
2014-05-08 17:26 - 2014-03-10 09:40 - 00000216 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-05-08 17:26 - 2012-03-15 18:36 - 00003264 _____ () C:\WINDOWS\wincmd.ini
2014-05-05 14:36 - 2012-02-03 10:47 - 00000000 ____D () C:\Documents and Settings\Lucka\Plocha\Fotky
2014-05-05 14:07 - 2013-09-30 14:09 - 00024064 _____ () C:\Documents and Settings\Lucka\Plocha\Docházka Lucka.xls
2014-05-04 21:18 - 2014-05-04 21:18 - 00005504 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-05-04 21:18 - 2014-02-12 14:42 - 00009284 _____ () C:\WINDOWS\updspapi.log
2014-05-04 21:18 - 2014-01-16 00:44 - 00073212 _____ () C:\WINDOWS\iis6.log
2014-05-04 21:18 - 2014-01-16 00:44 - 00068011 _____ () C:\WINDOWS\FaxSetup.log
2014-05-04 21:18 - 2014-01-16 00:44 - 00032516 _____ () C:\WINDOWS\ocgen.log
2014-05-04 21:18 - 2014-01-16 00:44 - 00031020 _____ () C:\WINDOWS\tsoc.log
2014-05-04 21:18 - 2014-01-16 00:44 - 00022592 _____ () C:\WINDOWS\comsetup.log
2014-05-04 21:18 - 2014-01-16 00:44 - 00021200 _____ () C:\WINDOWS\msmqinst.log
2014-05-04 21:18 - 2014-01-16 00:44 - 00013699 _____ () C:\WINDOWS\ntdtcsetup.log
2014-05-04 21:18 - 2014-01-16 00:44 - 00011913 _____ () C:\WINDOWS\netfxocm.log
2014-05-04 21:18 - 2014-01-16 00:44 - 00004675 _____ () C:\WINDOWS\MedCtrOC.log
2014-05-04 21:18 - 2014-01-16 00:44 - 00004246 _____ () C:\WINDOWS\ocmsn.log
2014-05-04 21:18 - 2014-01-16 00:44 - 00003421 _____ () C:\WINDOWS\tabletoc.log
2014-05-04 21:18 - 2014-01-16 00:44 - 00003399 _____ () C:\WINDOWS\msgsocm.log
2014-05-04 21:18 - 2014-01-16 00:44 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-05-01 11:34 - 2014-04-29 13:34 - 17931952 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-05-01 11:34 - 2012-04-15 18:30 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-01 11:34 - 2012-01-23 19:26 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-04-30 10:12 - 2011-11-03 17:50 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-04-30 10:12 - 2004-08-18 14:00 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-04-24 07:20 - 2012-01-23 12:31 - 00000000 ____D () C:\Documents and Settings\Lucka\Local Settings\Data aplikací\Adobe
2014-04-24 07:19 - 2012-01-24 23:50 - 00000000 ____D () C:\Documents and Settings\Lucka\Dokumenty\Stažené soubory
2014-04-24 07:19 - 2012-01-23 19:48 - 00166400 _____ () C:\Documents and Settings\Lucka\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-23 21:27 - 2014-04-23 21:24 - 00000000 ____D () C:\Documents and Settings\Lucka\Plocha\Tisk prosim prosim
2014-04-14 23:14 - 2012-01-23 13:36 - 00002563 _____ () C:\Documents and Settings\Lucka\Plocha\Microsoft Office Word 2007.lnk
2014-04-13 17:28 - 2012-01-23 11:17 - 00000000 ___RD () C:\Documents and Settings\Lucka\Dokumenty\Obrázky
2014-04-12 23:24 - 2012-01-23 11:50 - 01030536 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-09 21:41 - 2012-01-23 13:04 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2014-04-09 21:40 - 2014-04-09 21:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-09 21:40 - 2014-04-09 13:08 - 00013804 _____ () C:\WINDOWS\KB2922229.log
2014-04-09 21:40 - 2014-01-16 00:44 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-04-09 21:39 - 2013-08-16 03:04 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-09 21:36 - 2012-02-03 07:05 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-09 21:35 - 2014-04-09 21:34 - 00011471 _____ () C:\WINDOWS\KB2936068-IE8.log

Files to move or delete:
====================
C:\Documents and Settings\All Users\Data aplikací\MagicPlayDVD.ini

Some content of TEMP:
====================
C:\Documents and Settings\Lucka\Local Settings\Temp\comver.dll
C:\Documents and Settings\Lucka\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\Lucka\Local Settings\Temp\utt3.tmp.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe
[2004-08-18 14:00] - [2008-04-14 09:52] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1

C:\WINDOWS\system32\winlogon.exe
[2004-08-18 14:00] - [2008-04-14 09:52] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea

C:\WINDOWS\system32\svchost.exe
[2004-08-18 14:00] - [2008-04-14 09:52] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93

C:\WINDOWS\system32\services.exe
[2004-08-18 14:00] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 9ef697af07bb8dd82c3b02ca953a95b7

C:\WINDOWS\system32\User32.dll
[2004-08-18 14:00] - [2008-04-14 09:52] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53

C:\WINDOWS\system32\userinit.exe
[2004-08-18 14:00] - [2008-04-14 09:52] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239

C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys
[2004-08-18 14:00] - [2008-04-14 08:42] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1

==================== End Of Log ============================

#2 Příspěvek od **Márty84** » 09 kvě 2014 13:29

Zdravim

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Spustte ho.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.

Martin000 · #3 Příspěvek od **Martin000** » 09 kvě 2014 17:16

# AdwCleaner v3.207 - Report created 09/05/2014 at 18:11:46
# Updated 05/05/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Lucka - DOMA
# Running from : C:\Documents and Settings\Lucka\Plocha\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Nabídka Start\Programy\Optimizer Pro
Folder Deleted : C:\Program Files\1ClickDownload
Folder Deleted : C:\Program Files\SimilarSites
Folder Deleted : C:\Program Files\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\WINDOWS\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Folder Deleted : C:\Documents and Settings\Lucka\Local Settings\Data aplikací\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Lucka\Local Settings\Data aplikací\Conduit
Folder Deleted : C:\Documents and Settings\Lucka\Local Settings\Data aplikací\Minibar
Folder Deleted : C:\Documents and Settings\Lucka\Data aplikací\Babylon
Folder Deleted : C:\Documents and Settings\Lucka\Data aplikací\dvdvideosoftiehelpers
Folder Deleted : C:\Documents and Settings\Lucka\Data aplikací\OpenCandy
Folder Deleted : C:\Documents and Settings\Lucka\Data aplikací\Optimizer Pro
Folder Deleted : C:\Documents and Settings\Lucka\Data aplikací\SimilarSites
Folder Deleted : C:\Documents and Settings\Lucka\Data aplikací\Systweak
Folder Deleted : C:\Documents and Settings\Lucka\Data aplikací\Mozilla\Firefox\Profiles\ja0o3l5a.default\ICQToolbarData
Folder Deleted : C:\Documents and Settings\Lucka\Data aplikací\Mozilla\Firefox\Profiles\ja0o3l5a.default\SweetPacksToolbarData
Folder Deleted : C:\Documents and Settings\Lucka\Data aplikací\Mozilla\Firefox\Profiles\ja0o3l5a.default\Extensions\WebSiteRecommendation@weliketheweb.com
File Deleted : C:\WINDOWS\system32\roboot.exe
File Deleted : C:\Documents and Settings\Lucka\Plocha\Continue SweetIM Installation.lnk
File Deleted : C:\Documents and Settings\Lucka\Data aplikací\Mozilla\Firefox\Profiles\ja0o3l5a.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06E50566-0AB7-431C-841D-62794727DAF9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F13D3582-1359-4F8F-9A48-EF3AE9F5701C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\YourFileDownloader\Downloader.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\YourFileDownloader\YourFile.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe]
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\YourFileDownloader
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c3e85ee9-5892-4142-b537-bceb3dac4c3d}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ea8fa6be-29be-4af2-9352-841f83215eb0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{c3e85ee9-5892-4142-b537-bceb3dac4c3d}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{ea8fa6be-29be-4af2-9352-841f83215eb0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\547B38670606DF14AA57B0BB83F3AE4D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D
Key Deleted : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D
Key Deleted : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v28.0 (cs)

[ File : C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\twi6rr9w.default\prefs.js ]

[ File : C:\Documents and Settings\Lucka\Data aplikací\Mozilla\Firefox\Profiles\ja0o3l5a.default\prefs.js ]

Line Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Data aplikací\\AVG Secure Search\\FireFoxExt\\13.2.0.5");
Line Deleted : user_pref("browser.newtab.url", "hxxp://www.dalesearch.com/?babsrc=NT_ss&mntrId ... 0&tsp=5025");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112553&tt=3512_5&babsrc=NT_ss&mntrId=5452e2af000000000000000cf1334b22");
Line Deleted : user_pref("extensions.kango.storage.minibar.config", "{\"name\":\"DB Toolbar\",\"description\":\"Improve your online experience\",\"toolbar\":{\"url\":\"hxxp://www.bigspeedpro.com/button/%affiliate_id[...]
Line Deleted : user_pref("extensions.kango.storage.minibar.homepageSet", "\"1\"");
Line Deleted : user_pref("extensions.kango.storage.minibar.searchassistSet", "\"1\"");
Line Deleted : user_pref("extensions.kango.storage.minibar.searchengineSet", "\"1\"");
Line Deleted : user_pref("icqtoolbar.allowSendURL", false);
Line Deleted : user_pref("icqtoolbar.engineVerified", true);
Line Deleted : user_pref("icqtoolbar.firstTbRun", false);
Line Deleted : user_pref("icqtoolbar.geolastmodified", 1354088528);
Line Deleted : user_pref("icqtoolbar.history", "lada||boing||sportka||Star%20Wars%20Omnibus%3A%20Clone%20Wars%20Volume%203%E2%80%94The%20Republic%20Falls%20TPB%20torrent||%20jedi%20comic||%20jedi%20prisoner||slave%2[...]
Line Deleted : user_pref("icqtoolbar.icqgeo", 42);
Line Deleted : user_pref("icqtoolbar.installTime", "1343379057");
Line Deleted : user_pref("icqtoolbar.newtab2_state", false);
Line Deleted : user_pref("icqtoolbar.newtab_most_visited_state", "0");
Line Deleted : user_pref("icqtoolbar.newtab_recently_closed_state", "1");
Line Deleted : user_pref("icqtoolbar.numberOfSearches", 0);
Line Deleted : user_pref("icqtoolbar.previousFFVersion", "16.0.2");
Line Deleted : user_pref("icqtoolbar.skip_default_search", "no");
Line Deleted : user_pref("icqtoolbar.suggestions", false);
Line Deleted : user_pref("icqtoolbar.uniqueID", "132784920613278495661327919269949");
Line Deleted : user_pref("icqtoolbar.usageStatstTimestamp", 1354273458);
Line Deleted : user_pref("icqtoolbar.version", "1.5.3");
Line Deleted : user_pref("icqtoolbar.voucherHideClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherWasShown", 0);
Line Deleted : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Line Deleted : user_pref("icqtoolbar.xmlLanguage", "cs");
Line Deleted : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Line Deleted : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
Line Deleted : user_pref("sweetim.toolbar.Visibility.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Line Deleted : user_pref("sweetim.toolbar.cargo", "3.1010000");
Line Deleted : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.cda.returnValue", "hide");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote ... crg=$cargo;");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Line Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube.com/.*|.*.yahoo.com/.*|.[...]
Line Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Line Deleted : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Line Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Line Deleted : user_pref("sweetim.toolbar.newtab.created", "true");
Line Deleted : user_pref("sweetim.toolbar.newtab.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.newtab.url", "hxxp://search.babylon.com/?affID=112553&tt=3512_5&babsrc=NT_ss&mntrId=5452e2af000000000000000cf1334b22");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Google");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolba ... crg=$cargo;");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.callback", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
Line Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
Line Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Line Deleted : user_pref("sweetim.toolbar.simapp_id", "{D1A7AE31-10B3-11E2-ABC6-000CF1334B22}");
Line Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000&st=12&barid={D1A7AE31-10B3-11E2-ABC6-000CF1334B22}");
Line Deleted : user_pref("sweetim.toolbar.version", "1.7.0.3");

-\\ Google Chrome v

[ File : C:\Documents and Settings\Lucka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [28191 octets] - [09/05/2014 18:10:45]
AdwCleaner[S0].txt - [28471 octets] - [09/05/2014 18:11:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [28532 octets] ##########

#4 Příspěvek od **Márty84** » 10 kvě 2014 00:15

Udelejte !!!kompletni!!! kontrolu s MBAM http://www.bleepingcomputer.com/downloa ... re/dl/241/ a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce. Navod zde http://forum.viry.cz/viewtopic.php?f=29&t=115222

Martin000 · #5 Příspěvek od **Martin000** » 11 kvě 2014 17:53

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2014.05.11.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Lucka :: DOMA [administrátor]

Ochrana: Povolena

11.5.2014 17:13:11
MBAM-log-2014-05-11 (18-51-11).txt

Typ: Kompletní kontrola (C:\|D:\|F:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 427264
Uplynulý čas: 1 hodin, 36 minut, 9 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 3
C:\WINDOWS\Installer\22b6100.msi (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\WINDOWS\Installer\22b6107.msi (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\WINDOWS\Installer\22b610e.msi (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.

(konec)

#6 Příspěvek od **Márty84** » 11 kvě 2014 18:01

Nalezy nechte odstranit, pak MBAM odinstalujte.

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu a spustte.
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte

Martin000 · #7 Příspěvek od **Martin000** » 11 kvě 2014 18:20

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Lucka [Práva správce]
Mód : Kontrola -- Datum : 05/11/2014 19:14:00
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 1 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 1 ¤¤¤
[Lucka][SUSP UNIC] Xfire.lnk : C:\Documents and Settings\Lucka\Nabídka Start\Programy\Po spuštění\Xfire.lnk @D:\PROGRA~1\Xfire\Xfire.exe [-][7] -> NALEZENO

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Inline] SSDT[41] : NtCreateKey @ 0x804D7571 -> HOOKED (C:\WINDOWS\system32\drivers\aksfridge.sys @ 0xB7ADDFA7)
[Inline] SSDT[119] : NtOpenKey @ 0x804D7576 -> HOOKED (C:\WINDOWS\system32\drivers\aksfridge.sys @ 0xB7AD5AB9)

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HM080GC +++++
--- User ---
[MBR] 5307a2cd8f18128e8ed97956ad9ded18
[BSP] 51450c104fc4cd3129ed4f6b3adf4548 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 49996 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 102392640 | Size: 26319 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Apacer Technology Inc. USB Device +++++
--- User ---
[MBR] 312e4143fdc7de106d7898e6dd7dd7aa
[BSP] 9d3fd1d63a77062a7cc680e427edaef9 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 MB
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )

Dokončeno : << RKreport[0]_S_05112014_191400.txt >>

#8 Příspěvek od **Márty84** » 11 kvě 2014 18:27

Znovu spustte RogueKiller (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.

Martin000 · #9 Příspěvek od **Martin000** » 11 kvě 2014 18:30

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Lucka [Práva správce]
Mód : Odebrat -- Datum : 05/11/2014 19:29:25
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 1 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 1 ¤¤¤
[Lucka][SUSP UNIC] Xfire.lnk : C:\Documents and Settings\Lucka\Nabídka Start\Programy\Po spuštění\Xfire.lnk @D:\PROGRA~1\Xfire\Xfire.exe [-][7] -> VYMAZÁNO

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Inline] SSDT[41] : NtCreateKey @ 0x804D7571 -> HOOKED (C:\WINDOWS\system32\drivers\aksfridge.sys @ 0xB7ADDFA7)
[Inline] SSDT[119] : NtOpenKey @ 0x804D7576 -> HOOKED (C:\WINDOWS\system32\drivers\aksfridge.sys @ 0xB7AD5AB9)

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HM080GC +++++
--- User ---
[MBR] 5307a2cd8f18128e8ed97956ad9ded18
[BSP] 51450c104fc4cd3129ed4f6b3adf4548 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 49996 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 102392640 | Size: 26319 MB
User = LL1 ... OK!

Martin000 · #10 Příspěvek od **Martin000** » 11 kvě 2014 18:33

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Lucka [Práva správce]
Mód : Oprava HOSTS -- Datum : 05/11/2014 19:30:43
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost

Dokončeno : << RKreport[0]_H_05112014_193043.txt >>
RKreport[0]_D_05112014_192925.txt;RKreport[0]_S_05112014_191400.txt

#11 Příspěvek od **Márty84** » 11 kvě 2014 18:38

Je s tim pc nejaky konkretni problem, nebo jde ciste jen o prevenci?

Dejte log z RSIT http://images.malwareremoval.com/random/RSIT.exe . Navod zde http://forum.viry.cz/viewtopic.php?f=30&t=130787

Martin000 · #12 Příspěvek od **Martin000** » 11 kvě 2014 18:51

Pár dní nešla spustit mozila teť už zase jde, asi neměla náladu na práci

jinak je vše v pořádku.

Děkuji za pomoc log z Rsit dodám.

#13 Příspěvek od **Márty84** » 11 kvě 2014 19:01

Martin000 · #14 Příspěvek od **Martin000** » 11 kvě 2014 19:51

Logfile of random's system information tool 1.09 (written by random/random)
Run by Lucka at 2014-05-11 20:50:39
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (7%) free of 50 GB
Total RAM: 1023 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:50:44, on 11.5.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Lucka\Data aplikací\uTorrent\uTorrent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Lucka\Plocha\RSIT.exe
C:\Program Files\trend micro\Lucka.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\Lucka\Data aplikací\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Unknown owner - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (file missing)
O23 - Service: MBAMService - Unknown owner - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 7232 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Lucka\Data aplikací\Mozilla\Firefox\Profiles\ja0o3l5a.default

prefs.js - "browser.search.useDBForOrder" - "false"
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.206 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.10.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-01-12 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14 4531320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-01-12 170416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-06-27 88363]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"uTorrent"=C:\Documents and Settings\Lucka\Data aplikací\uTorrent\uTorrent.exe [2014-04-29 1270352]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-01-19 3477312]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2014-02-10 20924576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-02-07 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\ICQ7.7\ICQ.exe"="C:\Program Files\ICQ7.7\ICQ.exe:*:Enabled:ICQ7.7"
"C:\Program Files\AVG\AVG2012\avgmfapx.exe"="C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Instalátor AVG"
"D:\Program Files\14 Degrees East\Fallout Tactics\BOS.exe"="D:\Program Files\14 Degrees East\Fallout Tactics\BOS.exe:*:Enabled:BOS"
"C:\WINDOWS\system32\msiexec.exe"="C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup"
"D:\Program Files\NAMCO BANDAI Games\Warhammer® Mark of Chaos™\Warhammer.exe"="D:\Program Files\NAMCO BANDAI Games\Warhammer® Mark of Chaos™\Warhammer.exe:*:Disabled:Warhammer®: Mark of Chaos™"
"C:\Documents and Settings\Lucka\Data aplikací\uTorrent\uTorrent.exe"="C:\Documents and Settings\Lucka\Data aplikací\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Program Files\GameSpy Arcade\Aphex.exe"="D:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\PANDORA.TV\PanService\PanProcess.exe"="C:\Program Files\PANDORA.TV\PanService\PanProcess.exe:*:Enabled:PanProcess"
"C:\Program Files\PANDORA.TV\PanService\PandoraService.exe"="C:\Program Files\PANDORA.TV\PanService\PandoraService.exe:*:Enabled:PandoraService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.7\ICQ.exe"="C:\Program Files\ICQ7.7\ICQ.exe:*:Enabled:ICQ7.7"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2014-05-11 20:50:39 ----D---- C:\rsit
2014-05-11 16:32:35 ----D---- C:\Documents and Settings\Lucka\Data aplikací\Malwarebytes
2014-05-11 16:12:31 ----D---- C:\Program Files\SMAZATTTTTTT
2014-05-11 16:12:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-05-11 16:12:31 ----A---- C:\WINDOWS\system32\drivers\mbamchameleon.sys
2014-05-11 16:12:31 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2014-05-10 10:28:14 ----D---- C:\Program Files\Mozilla Firefox
2014-05-09 18:11:16 ----A---- C:\WINDOWS\system32\sqlite3.dll
2014-05-09 18:09:52 ----D---- C:\AdwCleaner
2014-05-08 17:50:18 ----D---- C:\FRST
2014-04-29 13:34:28 ----A---- C:\WINDOWS\system32\FlashPlayerInstaller.exe

======List of files/folders modified in the last 1 month======

2014-05-11 20:50:44 ----D---- C:\Program Files\trend micro
2014-05-11 20:50:25 ----D---- C:\WINDOWS\system32
2014-05-11 20:48:06 ----D---- C:\Documents and Settings\Lucka\Data aplikací\uTorrent
2014-05-11 20:47:26 ----D---- C:\Documents and Settings\Lucka\Data aplikací\Skype
2014-05-11 19:22:57 ----A---- C:\WINDOWS\wincmd.ini
2014-05-11 19:22:34 ----RD---- C:\Program Files
2014-05-11 19:19:30 ----D---- C:\WINDOWS\system32\drivers
2014-05-11 19:11:25 ----D---- C:\WINDOWS\system32\CatRoot2
2014-05-11 19:05:21 ----SHD---- C:\WINDOWS\Installer
2014-05-11 16:24:43 ----D---- C:\WINDOWS\Prefetch
2014-05-11 16:19:11 ----D---- C:\Documents and Settings\Lucka\Data aplikací\DAEMON Tools Lite
2014-05-11 16:18:12 ----D---- C:\WINDOWS\Debug
2014-05-11 16:18:12 ----D---- C:\WINDOWS
2014-05-11 16:17:52 ----D---- C:\WINDOWS\Temp
2014-05-11 13:47:05 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-05-10 10:59:00 ----N---- C:\WINDOWS\SchedLgU.Txt
2014-05-08 17:48:03 ----A---- C:\WINDOWS\NeroDigital.ini
2014-05-04 21:18:51 ----HD---- C:\WINDOWS\inf
2014-05-04 21:18:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-05-01 11:34:34 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-04-30 10:12:55 ----A---- C:\WINDOWS\system32\mshtml.dll
2014-04-12 23:24:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 avgtp;avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys []
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2012-02-03 242240]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 aksfridge;aksfridge; \??\C:\WINDOWS\system32\drivers\aksfridge.sys []
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2005-03-04 127872]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2003-06-27 1196352]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-02-07 1133568]
R3 E1000;Intel(R) PRO/1000 Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2006-10-24 170392]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2011-08-11 32368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-14 28672]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 w70n51;Intel(R) PRO/Wireless 7100 Adapter Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w70n51.sys [2006-07-13 674560]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HTCAND32;HTC Device Driver; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
S3 htcnprot;HTC NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\htcnprot.sys [2010-06-22 21248]
S3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2013-02-12 12928]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2013-07-17 60160]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2013-07-17 123008]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-01-19 503144]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-02-07 364544]
R2 hasplms;HASP License Manager; C:\WINDOWS\system32\hasplms.exe [2008-07-17 2549248]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2011-08-11 38760]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-01-12 170408]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 PanService;PandoraService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [2012-09-28 625304]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2006-06-16 167936]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2013-06-19 126976]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe []
S2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe []
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-01 257712]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-09-05 234776]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-05-10 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#15 Příspěvek od **Márty84** » 12 kvě 2014 04:01

Jeste jeden sken a budem mazat.

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe , ulozte na plochu a spustte.
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

31.5. pro neaktivitu

http://forum.viry.cz/viewtopic.php?f=12&t=123975

VIRY.CZ

Prosímo kontrolu logu.

Prosímo kontrolu logu.

Re: Prosímo kontrolu logu.

Re: Prosímo kontrolu logu.

Re: Prosímo kontrolu logu.

Re: Prosímo kontrolu logu.

Re: Prosímo kontrolu logu.

Re: Prosímo kontrolu logu.

Re: Prosímo kontrolu logu.

Re: Prosímo kontrolu logu.

Re: Prosímo kontrolu logu.

Re: Prosímo kontrolu logu.

Re: Prosímo kontrolu logu.

Re: Prosímo kontrolu logu.

Re: Prosímo kontrolu logu.

Re: Prosímo kontrolu logu.