prosím o kontrolu logu

Zpráva

Rull · #1 Příspěvek od **Rull** » 27 led 2014 15:18

Zdravím

potřeboval bych o kontrolu logu známému,přestal mu jít internet,3x se o to pokoušel obnovou systému ale už ani ta mu nevyskočí a problém přetrvává.Při kontrole Avastem nic nenašel,přes mbam ano ale nyní nejde odinstalovat a když se vypne přes procesy tak se sekne a PC se může akorát restartovat.děkuji za prohlídku logu.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Milan at 2014-01-27 13:35:52
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 4 GB (5%) free of 77 GB
Total RAM: 3071 MB (83% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Obnovení systému.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\9ma4k9tb.default

prefs.js - "browser.startup.homepage" - "http://search.conduit.com/?ctid=CT17505 ... hSource=13"
prefs.js - "keyword.URL" - "http://search.conduit.com/ResultsExt.as ... M=UM_ID&q="

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\9ma4k9tb.default\extensions\
{7473b6bd-4691-4744-a82b-7854eb3d70b6}
{E71B541F-5E72-5555-A47C-E47863195841}
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}

C:\Documents and Settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\9ma4k9tb.default\searchplugins\
conduit.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-05-12 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09 4502400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\prxtbBS_P.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\prxtbBS_P.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-12-19 16062464]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2012-09-23 15512424]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2012-09-23 1634112]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-01-24 3767096]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2013-07-03 3673184]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\Program Files\Valve\Steam\SteamApps\milan706\team fortress 2\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\milan706\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe"="C:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe:*:Enabled:Far Cry"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\World of Warcraft\Launcher.exe"="D:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"D:\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe"="D:\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Valve\Steam\SteamApps\milan706\condition zero\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\milan706\condition zero\hl.exe:*:Enabled:Counter-Strike: Condition Zero"
"C:\Program Files\Valve\Steam\SteamApps\milan706\counter-strike\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\milan706\counter-strike\hl.exe:*:Enabled:Counter-Strike"
"C:\Program Files\TeamViewer\Version8\TeamViewer.exe"="C:\Program Files\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Valve\Steam\SteamApps\common\Half-Life\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\common\Half-Life\hl.exe:*:Enabled:Counter-Strike: Condition Zero"
"C:\Program Files\Valve\Steam\Steam.exe"="C:\Program Files\Valve\Steam\Steam.exe:*:Enabled:Steam Client Bootstrapper (buildbot_winslave04_steam_steam_rel_client_win32@winslave04)"
"C:\Program Files\Team17\Worms Armageddon\Landgen.exe"="C:\Program Files\Team17\Worms Armageddon\Landgen.exe:*:Enabled:Landgen"
"C:\Program Files\Team17\Worms Armageddon\WA.exe"="C:\Program Files\Team17\Worms Armageddon\WA.exe:*:Enabled:Worms Armageddon"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Valve\Steam\SteamApps\common\Team Fortress 2\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\common\Team Fortress 2\hl2.exe:*:Enabled:Team Fortress 2"
"C:\Program Files\Valve\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe"="C:\Program Files\Valve\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Průvodce přenesením souborů a nastavení"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv

======List of files/folders created in the last 1 month======

2014-01-27 13:35:53 ----D---- C:\Program Files\trend micro
2014-01-27 13:35:52 ----D---- C:\rsit
2014-01-26 13:35:06 ----D---- C:\Program Files\Johanka z Arku
2014-01-26 11:46:58 ----A---- C:\WINDOWS\IsUninst.exe
2014-01-25 23:12:53 ----A---- C:\WINDOWS\ntbtlog.txt
2014-01-24 10:22:56 ----D---- C:\Program Files\AVAST Software
2014-01-24 10:16:30 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2014-01-24 09:53:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2013-12-28 16:43:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\QuickSet
2013-12-28 16:43:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\InstallMate

======List of files/folders modified in the last 1 month======

2014-01-27 13:35:53 ----RD---- C:\Program Files
2014-01-27 13:33:32 ----D---- C:\WINDOWS\Prefetch
2014-01-27 13:19:41 ----D---- C:\WINDOWS\system32\NtmsData
2014-01-27 13:17:34 ----D---- C:\WINDOWS\Temp
2014-01-27 13:12:49 ----D---- C:\Documents and Settings\Milan\Data aplikací\vlc
2014-01-27 10:44:12 ----D---- C:\WINDOWS\system32\CatRoot2
2014-01-27 10:27:41 ----D---- C:\WINDOWS\system32
2014-01-27 10:27:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-27 10:23:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-01-26 23:37:10 ----D---- C:\WINDOWS
2014-01-26 16:43:26 ----A---- C:\WINDOWS\win.ini
2014-01-25 20:48:01 ----SD---- C:\WINDOWS\Tasks
2014-01-25 20:42:01 ----D---- C:\Program Files\PokerStars
2014-01-25 19:27:55 ----D---- C:\Documents and Settings
2014-01-24 10:31:17 ----D---- C:\WINDOWS\system32\drivers
2014-01-24 10:26:37 ----A---- C:\WINDOWS\system32\aswBoot.exe
2014-01-24 10:20:18 ----D---- C:\Documents and Settings\Milan\Data aplikací\TS3Client
2014-01-24 09:54:11 ----D---- C:\WINDOWS\system32\config
2014-01-24 09:54:04 ----D---- C:\WINDOWS\system32\wbem
2014-01-24 09:54:04 ----D---- C:\WINDOWS\Registration
2013-12-29 21:39:12 ----D---- C:\WINDOWS\repair

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswNdis;avast! Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\aswNdis.sys [2013-11-22 12112]
R0 aswNdis2;avast! Firewall NDIS Driver; C:\WINDOWS\system32\drivers\aswNdis2.sys [2014-01-24 247192]
R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2014-01-24 49944]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2014-01-24 180248]
R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-08-14 105344]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 aswKbd;aswKbd; \??\C:\WINDOWS\system32\drivers\aswKbd.sys []
R1 AswRdr;aswRdr; \??\C:\WINDOWS\system32\drivers\aswRdr.sys []
R1 aswSnx;aswSnx; \??\C:\WINDOWS\system32\drivers\aswSnx.sys []
R1 aswSP;aswSP; \??\C:\WINDOWS\system32\drivers\aswSP.sys []
R1 aswTdi;aswTdi; \??\C:\WINDOWS\system32\drivers\aswTdi.sys []
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2013-09-09 243128]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-12-21 4405248]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2012-09-23 12557728]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda32.sys [2012-07-03 124264]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 GMSIPCI;GMSIPCI; \??\I:\INSTALL\GMSIPCI.SYS []
S3 kbfiltr;Keyboard Filter; C:\WINDOWS\system32\DRIVERS\KBFILTER.SYS []
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
S3 uwnciaoc;uwnciaoc; \??\C:\DOCUME~1\Milan\LOCALS~1\Temp\uwnciaoc.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-01-24 50344]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2012-09-23 164200]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-09-23 1258856]
R2 Skype C2C Service;Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136]
R2 TeamViewer8;TeamViewer 8; C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S2 avast! Firewall;avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-04 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-07-25 162672]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-04 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-02-28 115608]

-----------------EOF-----------------

Rull · #2 Příspěvek od **Rull** » 27 led 2014 15:19

GMER 2.1.19355 - http://www.gmer.net
Rootkit scan 2014-01-27 13:31:33
Windows 5.1.2600 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000067 WDC_WD5000AADS-00M2B0 rev.01.00A01 465,76GB
Running: bpvs5qhf.exe; Driver: C:\DOCUME~1\Milan\LOCALS~1\Temp\uwnciaoc.sys

---- System - GMER 2.1 ----

SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwAddBootEntry [0xB1E3CACC]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xB1E3D5AA]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwClose [0xB1E81881]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateEvent [0xB1E49692]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateEventPair [0xB1E496DE]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xB1E49878]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateKey [0xB1E81235]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateMutant [0xB1E49600]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateSection [0xB1E49722]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xB1E49648]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateThread [0xB1E3DAE0]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateTimer [0xB1E49832]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xB1E3E398]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xB1E3CB32]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteKey [0xB1E81F47]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xB1E821FD]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDuplicateObject [0xB1E41BE4]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwEnumerateKey [0xB1E81DB2]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xB1E81C1D]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwLoadDriver [0xB1E3C71E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSP.sys ZwMapViewOfSection [0xB214C506]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xB1E3CB98]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xB1E41FDA]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xB1E3EEDE]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenEvent [0xB1E496BC]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenEventPair [0xB1E49700]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xB1E4989C]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenKey [0xB1E81591]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenMutant [0xB1E49626]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenProcess [0xB1E414DE]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenSection [0xB1E497B0]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xB1E49670]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenThread [0xB1E418C6]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenTimer [0xB1E49856]
SSDT \??\C:\WINDOWS\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xB214C2AA]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryKey [0xB1E81A98]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryObject [0xB1E3ECF4]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryValueKey [0xB1E818EA]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueueApcThread [0xB1E3E84A]
SSDT \??\C:\WINDOWS\system32\drivers\aswSP.sys ZwRenameKey [0xB215A286]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwRestoreKey [0xB1E8087B]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xB1E3CBFE]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetBootOptions [0xB1E3CC64]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetContextThread [0xB1E3E212]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xB1E3C7B8]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xB1E3C98A]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetValueKey [0xB1E8204E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwShutdownSystem [0xB1E3C918]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSuspendProcess [0xB1E3E562]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSuspendThread [0xB1E3E6C4]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xB1E3CA12]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwTerminateProcess [0xB1E3E050]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwTerminateThread [0xB1E3E1F2]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwVdmControl [0xB1E3CCCA]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xB1E3D606]

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2D10 80503910 8 Bytes [91, 15, E8, B1, 26, 96, E4, ...] {XCHG ECX, EAX; ADC EAX, 0x9626b1e8; IN AL, 0xb1}
.text ntkrnlpa.exe!ZwCallbackReturn + 2DF8 805039F8 4 Bytes JMP F2B1E818
.text ntkrnlpa.exe!ZwCallbackReturn + 2E04 80503A04 4 Bytes CALL BEF4EBEC
.text ntkrnlpa.exe!ZwCallbackReturn + 2E80 80503A80 12 Bytes [FE, CB, E3, B1, 64, CC, E3, ...] {DEC BL; JECXZ 0xffffffb5; INT 3 ; JECXZ 0xffffffb9; ADC AH, DL; JECXZ 0xffffffbd}
.text ntkrnlpa.exe!ZwCallbackReturn + 2F28 80503B28 12 Bytes [62, E5, E3, B1, C4, E6, E3, ...]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6F933C0, 0x843B7A, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text C:\WINDOWS\system32\nvsvc32.exe[144] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[144] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[188] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[188] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[212] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[212] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[636] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe[660] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe[660] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[708] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[752] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[764] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\explorer.exe[836] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\explorer.exe[836] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[928] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[936] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[936] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1088] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\RunDLL32.exe[1184] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\RunDLL32.exe[1184] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1208] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1208] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[1260] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[1260] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1300] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1300] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe[1304] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe[1304] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1344] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1344] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1472] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1772] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1772] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Documents and Settings\Milan\Plocha\bpvs5qhf.exe[1860] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Documents and Settings\Milan\Plocha\bpvs5qhf.exe[1860] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2036] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2036] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2780] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2780] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Valve\Steam\Steam.exe[3620] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Valve\Steam\Steam.exe[3620] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]

---- User IAT/EAT - GMER 2.1 ----

IAT C:\WINDOWS\system32\services.exe[752] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003C0002
IAT C:\WINDOWS\system32\services.exe[752] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003C0000

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 976752003 !
Disk \Device\Harddisk0\DR0 PE file @ sector 976752025 !

---- EOF - GMER 2.1 ----

#3 Příspěvek od **Roli** » 27 led 2014 17:16

Zdravím, smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém

Stáhni a ulož na plochu AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem spusť,

objeví se okno kde vlevo nahoře klikni na Scan.

Po té proběhne sken a po jeho skončení klikni na Report a to co na Tebe vypadne mi sem zkopíruj.

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.

V případě nejasností je ZDE obrázkový návod.

Rull · #4 Příspěvek od **Rull** » 28 led 2014 18:13

Pěkný den přeji

kvuli internetu byl problém s combofixem a konzoli kterou jsem zapoměl doplnit instalaci,po obnově která se povedla sem combofix opět pustil tak přikládám 2.logy i s adw,ccleaner nedokázal odstranit registr s Avast Firewall
zde přikládám logy:

# AdwCleaner v3.017 - Report created 28/01/2014 at 14:44:02
# Updated 12/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : Milan - MILAN-9F1E30AF4
# Running from : C:\Documents and Settings\Milan\Plocha\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\9ma4k9tb.default\searchplugins\Conduit.xml
Folder Found : C:\Documents and Settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\9ma4k9tb.default\Extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
Folder Found : C:\Documents and Settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\9ma4k9tb.default\Extensions\{E71B541F-5E72-5555-A47C-E47863195841}
Folder Found : C:\Documents and Settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\9ma4k9tb.default\Extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
Folder Found : C:\Documents and Settings\Milan\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Folder Found : C:\Documents and Settings\Milan\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\hidjnkeodmholilgafgdlgmgggbhnigl
Folder Found C:\Documents and Settings\All Users\Data aplikací\apn
Folder Found C:\Documents and Settings\All Users\Data aplikací\QuickSet
Folder Found C:\Documents and Settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\9ma4k9tb.default\CT1750559
Folder Found C:\Documents and Settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\9ma4k9tb.default\CT3220468
Folder Found C:\Documents and Settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\9ma4k9tb.default\Smartbar
Folder Found C:\Documents and Settings\Milan\Data aplikací\SimilarSites
Folder Found C:\Documents and Settings\Milan\Local Settings\Data aplikací\BS_Player
Folder Found C:\Documents and Settings\Milan\Local Settings\Data aplikací\Conduit
Folder Found C:\Program Files\BS_Player
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\Trymedia

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\BS_Player
Key Found : HKCU\Software\BS_Player
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{807DF5E0-4EF7-48A8-A405-239F3E29FFA9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE69C007-C452-4D3E-86D2-1730DF8BC871}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\torch
Key Found : HKCU\Toolbar
Key Found : HKLM\Software\BS_Player
Key Found : HKLM\SOFTWARE\BS_Player
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{055DD326-956C-4827-9467-A172509E81B3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{91F3F80B-707C-4652-B1B9-FB44D446BF57}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A36BCB13-778D-4A40-99C1-D686086D268F}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1750559
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CCA8F2AB-BE4E-41F0-A289-4D960CEA58EA}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\hidjnkeodmholilgafgdlgmgggbhnigl
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE69C007-C452-4D3E-86D2-1730DF8BC871}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{269E13BE-B9C3-4515-AB92-C2AC48EEDBBF}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E4168A13-F121-4FDD-BDB4-5405FE5E68B1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BS_Player Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{055DD326-956C-4827-9467-A172509E81B3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BS_Player Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BS_Player Toolbar
Key Found : HKLM\Software\SimilarSites
Key Found : HKLM\Software\torch
Key Found : HKLM\Software\Trymedia Systems
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{FE69C007-C452-4D3E-86D2-1730DF8BC871}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FE69C007-C452-4D3E-86D2-1730DF8BC871}]

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.2180

-\\ Mozilla Firefox v19.0.2 (cs)

[ File : C:\Documents and Settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\9ma4k9tb.default\prefs.js ]

Line Found : user_pref("CT1750559.1000082.isPlayDisplay", "true");
Line Found : user_pref("CT1750559.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM Dance\",\"description\":\"1.FM Dance\",\"url\":\"mms://dance.1.fm/energydance128k?MSWMExt=.asf\"}");
Line Found : user_pref("CT1750559.1000234.TWC_TMP_city", "UHERSKY BROD");
Line Found : user_pref("CT1750559.1000234.TWC_TMP_country", "CZ");
Line Found : user_pref("CT1750559.1000234.TWC_country", "CZECH REPUBLIC");
Line Found : user_pref("CT1750559.1000234.TWC_locId", "EZXX0001");
Line Found : user_pref("CT1750559.1000234.TWC_location", "Beroun, Czech Republic");
Line Found : user_pref("CT1750559.1000234.TWC_region", "OT");
Line Found : user_pref("CT1750559.1000234.TWC_temp_dis", "c");
Line Found : user_pref("CT1750559.1000234.TWC_wind_dis", "kmh");
Line Found : user_pref("CT1750559.1000234.weatherData", "{\"icon\":\"32.png\",\"temperature\":\"28°C\",\"temperatureClear\":\"28°C\",\"highTemperature\":\"28°C\",\"lowTemperature\":\"19°C\",\"feelsLike\":\"29°C\",[...]
Line Found : user_pref("CT1750559.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT1750559.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT1750559.FirstTime", "true");
Line Found : user_pref("CT1750559.FirstTimeFF3", "true");
Line Found : user_pref("CT1750559.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&q=");
Line Found : user_pref("CT1750559.UserID", "UN56346289758484615");
Line Found : user_pref("CT1750559.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT1750559.appButtonDisablenull.enc", "MA==");
Line Found : user_pref("CT1750559.autoDisableScopes", -1);
Line Found : user_pref("CT1750559.browser.search.defaultthis.engineName", true);
Line Found : user_pref("CT1750559.defaultSearch", "true");
Line Found : user_pref("CT1750559.embeddedsData", "[{\"appId\":\"128520273115419467\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Found : user_pref("CT1750559.enableAlerts", "always");
Line Found : user_pref("CT1750559.enableFix404ByUser", "TRUE");
Line Found : user_pref("CT1750559.enableSearchFromAddressBar", "true");
Line Found : user_pref("CT1750559.firstTimeDialogOpened", "true");
Line Found : user_pref("CT1750559.fixPageNotFoundError", "true");
Line Found : user_pref("CT1750559.fixPageNotFoundErrorByUser", "true");
Line Found : user_pref("CT1750559.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT1750559.fixUrls", true);
Line Found : user_pref("CT1750559.installId", "ct1750559_bs_player.exe");
Line Found : user_pref("CT1750559.installType", "ConduitNSISIntegration");
Line Found : user_pref("CT1750559.isCheckedStartAsHidden", true);
Line Found : user_pref("CT1750559.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT1750559.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT1750559.isNewTabEnabled", true);
Line Found : user_pref("CT1750559.isPerformedSmartBarTransition", "true");
Line Found : user_pref("CT1750559.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT1750559.keyword", true);
Line Found : user_pref("CT1750559.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT1750559&octid=CT1750559&SearchSource=15&CUI=UN56346289758484615&SSPV=NT_FF_RD&Lay=1&UM=[...]
Line Found : user_pref("CT1750559.lastVersion", "10.14.65.43");
Line Found : user_pref("CT1750559.migrateAppsAndComponents", true);
Line Found : user_pref("CT1750559.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://BSPlayerControlBar.OurToolbar.com/\",\[...]
Line Found : user_pref("CT1750559.openThankYouPage", "false");
Line Found : user_pref("CT1750559.openUninstallPage", "false");
Line Found : user_pref("CT1750559.search.searchAppId", "128520273115419467");
Line Found : user_pref("CT1750559.search.searchCount", "0");
Line Found : user_pref("CT1750559.searchInNewTabEnabledByUser", "true");
Line Found : user_pref("CT1750559.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT1750559.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT1750559.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT1750559.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Found : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT1750559\"}");
Line Found : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://BSPlayer.OurToolbar.com//xpi\"}");
Line Found : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"BS Player\"}");
Line Found : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT1750559.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1363555755604");
Line Found : user_pref("CT1750559.serviceLayer_services_appTracking_lastUpdate", "1363757129619");
Line Found : user_pref("CT1750559.serviceLayer_services_appsMetadata_lastUpdate", "1366380739790");
Line Found : user_pref("CT1750559.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1362664512938");
Line Found : user_pref("CT1750559.serviceLayer_services_location_lastUpdate", "1363757242324");
Line Found : user_pref("CT1750559.serviceLayer_services_login_10.10.27.6_lastUpdate", "1358427804851");
Line Found : user_pref("CT1750559.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363757242641");
Line Found : user_pref("CT1750559.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1362664513080");
Line Found : user_pref("CT1750559.serviceLayer_services_searchAPI_lastUpdate", "1363757242344");
Line Found : user_pref("CT1750559.serviceLayer_services_serviceMap_lastUpdate", "1363757242267");
Line Found : user_pref("CT1750559.serviceLayer_services_setupAPI_lastUpdate", "1363757242604");
Line Found : user_pref("CT1750559.serviceLayer_services_toolbarContextMenu_lastUpdate", "1362664512509");
Line Found : user_pref("CT1750559.serviceLayer_services_toolbarSettings_lastUpdate", "1366380739801");
Line Found : user_pref("CT1750559.serviceLayer_services_translation_lastUpdate", "1363757242892");
Line Found : user_pref("CT1750559.settingsINI", true);
Line Found : user_pref("CT1750559.shouldFirstTimeDialog", "false");
Line Found : user_pref("CT1750559.smartbar.CTID", "CT1750559");
Line Found : user_pref("CT1750559.smartbar.Uninstall", "0");
Line Found : user_pref("CT1750559.smartbar.homepage", true);
Line Found : user_pref("CT1750559.smartbar.toolbarName", "BS Player ");
Line Found : user_pref("CT1750559.toolbarBornServerTime", "19-11-2012");
Line Found : user_pref("CT1750559.toolbarCurrentServerTime", "20-3-2013");
Line Found : user_pref("CT1750559.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U=");
Line Found : user_pref("CT1750559.upgradeFromClearSBVersion", true);
Line Found : user_pref("CT1750559_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1388766464951,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("CT3220468.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM4ODE1NTQyNSwidXVpZCI6MjY5NTExNzE5ODI5OTUxLCJzZXFfaWQiOjQyLCJzc2IiOjEzNTI4NDYxNDl9");
Line Found : user_pref("CT3220468.CBOpenMAMSettings", "0");
Line Found : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3220468.FirstTime", "true");
Line Found : user_pref("CT3220468.FirstTimeFF3", "true");
Line Found : user_pref("CT3220468.PG_ENABLE", "dHJ1ZQ==");
Line Found : user_pref("CT3220468.PG_ENABLE.enc", "ZEhKMVpRPT0=");
Line Found : user_pref("CT3220468.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Found : user_pref("CT3220468.SF_STATUS.enc", "RU5BQkxFRA==");
Line Found : user_pref("CT3220468.SF_USER_ID", "%E9%EF%EA%E5%B8%BD%B7%B8%B8%B6%B7%B9%B7%BB%BA%BA%B8%B9%BE%B7%BC%BB%BF%B8%BB");
Line Found : user_pref("CT3220468.SF_USER_ID.enc", "Y2lkXzI3MTIyMDEzMTU0NDIzODE2NTkyNQ==");
Line Found : user_pref("CT3220468.UserID", "UN50497781378570329");
Line Found : user_pref("CT3220468._key_cl_active", "%BE%BF%BF%B9%BB%BC%BA%E8%B3%E9%BD%EC%BB%B3%BA%E8%BD%BF%B3%BE%B6%EC%BC%B3%B9%B8%EC%EB%BC%B9%B9%B9%EB%E8%BD%BC");
Line Found : user_pref("CT3220468._key_cl_active.enc", "ODk5MzU2NGItYzdmNS00Yjc5LTgwZjYtMzJmZTYzMzNlYjc2");
Line Found : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT3220468.autoDisableScopes", -1);
Line Found : user_pref("CT3220468.cb_user_id_000", "%C9%C8%B7%BF%B6%BC%B8%B8%BD%BE%BF%B6%BF%BF%E5%B7%B9%BE%BE%B7%BB%BB%BA%BB%BA%B6%B8%BD%E5%CC%EF%F8%EB%EC%F5%FE");
Line Found : user_pref("CT3220468.cb_user_id_000.enc", "Q0IxOTA2MjI3ODkwOTlfMTM4ODE1NTQ1NDAyN19GaXJlZm94");
Line Found : user_pref("CT3220468.cbcountry_001", "CZ");
Line Found : user_pref("CT3220468.cbfirsttime.enc", "VHVlIE5vdiAxMyAyMDEyIDIzOjM1OjQ4IEdNVCswMTAw");
Line Found : user_pref("CT3220468.defaultSearch", "FALSE");
Line Found : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Found : user_pref("CT3220468.enableAlerts", "always");
Line Found : user_pref("CT3220468.enableFix404ByUser", "FALSE");
Line Found : user_pref("CT3220468.enableSearchFromAddressBar", "FALSE");
Line Found : user_pref("CT3220468.firstTimeDialogOpened", "true");
Line Found : user_pref("CT3220468.fixPageNotFoundError", "true");
Line Found : user_pref("CT3220468.fixPageNotFoundErrorByUser", "true");
Line Found : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT3220468.fixUrls", true);
Line Found : user_pref("CT3220468.installId", "fft200.tmp.exe");
Line Found : user_pref("CT3220468.installType", "XPE");
Line Found : user_pref("CT3220468.isCheckedStartAsHidden", true);
Line Found : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3220468.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT3220468.isNewTabEnabled", true);
Line Found : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
Line Found : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3220468.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3220468&octid=CT3220468&SearchSource=15&CUI=UN50497781378570329&SSPV=NT_FF_RD&Lay=1&UM=[...]
Line Found : user_pref("CT3220468.lastVersion", "10.14.370.524");
Line Found : user_pref("CT3220468.mam_gk_appStateReportTime", "%B7%B9%BE%BE%B7%BB%BB%BA%B8%BA%BC%B6%BF");
Line Found : user_pref("CT3220468.mam_gk_appStateReportTime.enc", "MTM4ODE1NTQyNDYwOQ==");
Line Found : user_pref("CT3220468.mam_gk_appState_Clarity_Active", "%F5%F4");
Line Found : user_pref("CT3220468.mam_gk_appState_Clarity_Active.enc", "b24=");
Line Found : user_pref("CT3220468.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Found : user_pref("CT3220468.mam_gk_appState_PriceGong.enc", "b24=");
Line Found : user_pref("CT3220468.mam_gk_appsConfig.enc", "eyJBcHBzQ29uZmlndXJhdGlvbiI6W3siaWQiOiJDbGFyaXR5X0FjdGl2ZSIsInVybCI6Imh0dHA6Ly9zdG9yYWdlLmNvbmR1aXQuY29tL21hbS8zcmRwYXJ0eWFwcHMvY2xhcml0eVJheS9jcl9hY3Rpdm[...]
Line Found : user_pref("CT3220468.mam_gk_appsDefaultEnabled", "%F4%FB%F2%F2");
Line Found : user_pref("CT3220468.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Found : user_pref("CT3220468.mam_gk_calledSetupService.enc", "MQ==");
Line Found : user_pref("CT3220468.mam_gk_currentVersion", "%B7%B4%B7%B8%B4%B6%B4%BB");
Line Found : user_pref("CT3220468.mam_gk_currentVersion.enc", "MS4xMi4wLjU=");
Line Found : user_pref("CT3220468.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Found : user_pref("CT3220468.mam_gk_first_time", "%B7");
Line Found : user_pref("CT3220468.mam_gk_first_time.enc", "MQ==");
Line Found : user_pref("CT3220468.mam_gk_lastLoginTime", "%B7%B9%BE%BE%B7%BB%BB%BA%B8%BB%B9%BF%B8");
Line Found : user_pref("CT3220468.mam_gk_lastLoginTime.enc", "MTM4ODE1NTQyNTM5Mg==");
Line Found : user_pref("CT3220468.mam_gk_localization.enc", "eyJkaWFsb2dPSyI6eyJUZXh0IjoiT0sifSwiZG1ib3gxIjp7IlRleHQiOiJEZWFsXHJcbm9mIHRoZSBkYXkifSwiZG1ib3gyIjp7IlRleHQiOiJGcmVlXHJcblNoaXBtZW50In0sImRtYnVsbGV0MSI6[...]
Line Found : user_pref("CT3220468.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3220468.mam_gk_settings1.12.0.5", "%u0101%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0%u0101%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%B[...]
Line Found : user_pref("CT3220468.mam_gk_settings1.12.0.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzEyMjciLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6Ijg0XzAiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5[...]
Line Found : user_pref("CT3220468.mam_gk_settings1.4.3.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsd[...]
Line Found : user_pref("CT3220468.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjE1Xy0xIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1b[...]
Line Found : user_pref("CT3220468.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODRfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiQ1oiLCJpc1dlbGNvbWVFeHBlc[...]
Line Found : user_pref("CT3220468.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3220468.mam_gk_showWelcomeGadget", "%EC%E7%F2%F9%EB");
Line Found : user_pref("CT3220468.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Found : user_pref("CT3220468.mam_gk_stamp", "%BE%BA%E5%B6");
Line Found : user_pref("CT3220468.mam_gk_stamp.enc", "ODRfMA==");
Line Found : user_pref("CT3220468.mam_gk_userId", "%B7%E8%EB%BF%B8%BF%BD%B9%B3%BE%B9%BB%B6%B3%BA%BF%BB%EA%B3%BF%EB%B6%B6%B3%B9%BF%B6%B8%EA%E7%B6%B9%BC%BC%EB%BA");
Line Found : user_pref("CT3220468.mam_gk_userId.enc", "MWJlOTI5NzMtODM1MC00OTVkLTllMDAtMzkwMmRhMDM2NmU0");
Line Found : user_pref("CT3220468.mam_gk_user_approval_interacted", "%B7");
Line Found : user_pref("CT3220468.mam_gk_user_approval_interacted.enc", "MQ==");
Line Found : user_pref("CT3220468.mam_gk_user_apps_selection.enc", "");
Line Found : user_pref("CT3220468.mam_gk_welcomeDialogMode", "%B7");
Line Found : user_pref("CT3220468.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Found : user_pref("CT3220468.migrateAppsAndComponents", true);
Line Found : user_pref("CT3220468.missingMachineIdSent", "true");
Line Found : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://uTorrentControlv2.OurToolbar.com/\",\"[...]
Line Found : user_pref("CT3220468.openThankYouPage", "true");
Line Found : user_pref("CT3220468.openUninstallPage", "FALSE");
Line Found : user_pref("CT3220468.price-gong.isManagedApp", "true");
Line Found : user_pref("CT3220468.search.searchAppId", "129813684258939747");
Line Found : user_pref("CT3220468.search.searchCount", "0");
Line Found : user_pref("CT3220468.searchInNewTabEnabledByUser", "true");
Line Found : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3220468\"}");
Line Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentControlv2.OurToolbar.com//xpi\"}");
Line Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentControl_v2\"}");
Line Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"1\"}");
Line Found : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1363037935581");
Line Found : user_pref("CT3220468.serviceLayer_services_appTracking_lastUpdate", "1353958585862");
Line Found : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1366380739656");
Line Found : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1363037935361");
Line Found : user_pref("CT3220468.serviceLayer_services_location_lastUpdate", "1363757241228");
Line Found : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1358427803815");
Line Found : user_pref("CT3220468.serviceLayer_services_login_10.14.370.524_lastUpdate", "1363757242107");
Line Found : user_pref("CT3220468.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363037935495");
Line Found : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1363037935429");
Line Found : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1363757241319");
Line Found : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1363757241176");
Line Found : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1363037935285");
Line Found : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1366380739685");
Line Found : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1363757242194");
Line Found : user_pref("CT3220468.settingsINI", true);
Line Found : user_pref("CT3220468.shouldFirstTimeDialog", "false");
Line Found : user_pref("CT3220468.smartbar.CTID", "CT3220468");
Line Found : user_pref("CT3220468.smartbar.Uninstall", "0");
Line Found : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
Line Found : user_pref("CT3220468.toolbarBornServerTime", "14-11-2012");
Line Found : user_pref("CT3220468.toolbarCurrentServerTime", "20-3-2013");
Line Found : user_pref("CT3220468.toolbarLoginClientTime", "Thu Mar 14 2013 10:02:38 GMT+0100");
Line Found : user_pref("CT3220468.upgradeFromClearSBVersion", true);
Line Found : user_pref("CT3220468.url_history0001", "%EE%FA%FA%F6%C0%B5%B5%EA%F5%E9%F9%B4%ED%F5%F5%ED%F2%EB%B4%E9%F5%F3%B5%C0%C0%C0%E9%F2%EF%E9%F1%EE%E7%F4%EA%F2%EB%F8%C0%C0%C0%B7%B9%BC%B9%BD%BB%BD%B7%BF%BC%B7%B8%[...]
Line Found : user_pref("CT3220468.url_history0001.enc", "aHR0cDovL2RvY3MuZ29vZ2xlLmNvbS86OjpjbGlja2hhbmRsZXI6OjoxMzYzNzU3MTk2MTI2LCwsaHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo6OmNsaWNraGFuZGxlcjo6OjEzNjM3NTczMzM0OTQsLCxodHRw[...]
Line Found : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1388766464329,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13");
Line Found : user_pref("Smartbar.ConduitSearchEngineList", "BS Player Customized Web Search");
Line Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&q=");
Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT1750559");
Line Found : user_pref("browser.search.selectedEngine", "BS Player Customized Web Search");
Line Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13");
Line Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN56346289758484615&UM=UM_ID&q=");
Line Found : user_pref("smartBar.searchInNewTabOwner", "CT1750559");
Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN56346289758484615&UM=UM_ID&q=");
Line Found : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&q=");

-\\ Google Chrome v32.0.1700.76

[ File : C:\Documents and Settings\Milan\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [25642 octets] - [13/12/2013 18:21:19]
AdwCleaner[R1].txt - [27483 octets] - [28/01/2014 14:44:02]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [27544 octets] ##########

Rull · #5 Příspěvek od **Rull** » 28 led 2014 18:14

Combo 1)

ComboFix 14-01-27.02 - Milan 28.01.2014 15:05:21.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.3071.2536 [GMT 1:00]
Spuštěný z: c:\documents and settings\Milan\Plocha\Potvora.com
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-12-28 do 2014-01-28 )))))))))))))))))))))))))))))))
.
.
2014-01-27 12:35 . 2014-01-27 12:35 -------- d-----w- c:\program files\trend micro
2014-01-27 12:35 . 2014-01-27 12:35 -------- d-----w- C:\rsit
2014-01-26 12:35 . 2014-01-27 15:03 -------- d-----w- c:\program files\Johanka z Arku
2014-01-26 10:46 . 1999-01-11 09:40 306688 ----a-w- c:\windows\IsUninst.exe
2014-01-25 19:05 . 2004-08-17 13:49 4096 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\USMT\iconlib.dll
2014-01-25 18:27 . 2014-01-25 18:27 -------- d-----w- c:\documents and settings\Administrator
2014-01-24 09:22 . 2014-01-24 09:22 -------- d-----w- c:\program files\AVAST Software
2014-01-24 09:16 . 2014-01-27 17:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-01-24 08:54 . 2014-01-24 08:54 -------- d-----w- c:\windows\system32\wbem\Repository
2014-01-24 08:53 . 2014-01-24 08:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-01-03 20:13 . 2014-01-03 20:13 -------- d-----w- c:\documents and settings\Milan\Local Settings\Data aplikací\cache
2014-01-03 20:13 . 2014-01-23 16:50 -------- d-----w- c:\documents and settings\Milan\Local Settings\Data aplikací\FullTiltPoker
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-24 09:26 . 2013-07-12 17:20 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-24 09:26 . 2013-07-12 17:20 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-24 09:26 . 2013-07-12 17:20 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-24 09:26 . 2012-11-04 19:43 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-24 09:26 . 2012-11-04 19:43 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-24 09:26 . 2012-11-04 19:43 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-01-24 09:26 . 2012-11-04 19:43 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-01-24 09:26 . 2012-11-04 19:43 43152 ----a-w- c:\windows\avastSS.scr
2014-01-24 09:26 . 2012-11-04 19:43 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-24 08:55 . 2013-11-22 12:19 247192 ----a-w- c:\windows\system32\drivers\aswndis2.sys
2013-11-22 12:19 . 2012-11-22 14:16 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-11-22 12:19 . 2013-11-22 12:19 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2013-03-11 21:47 . 2013-03-11 21:47 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\prxtbBS_P.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2011-05-09 09:49 176936 ----a-w- c:\program files\BS_Player\prxtbBS_P.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\prxtbBS_P.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\prxtbBS_P.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-24 09:26 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-09-23 15512424]
"NvMediaCenter"="NvMCTray.dll" [2012-09-23 108392]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-09-23 1634112]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-24 3767096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\Half-Life\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\Team Fortress 2\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\Left 4 Dead 2\\left4dead2.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [22.11.2013 13:19 12112]
R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswndis2.sys [22.11.2013 13:19 247192]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [12.7.2013 18:20 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [12.7.2013 18:20 180248]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [22.11.2012 15:16 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4.11.2012 20:43 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4.11.2012 20:43 410784]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [9.9.2013 12:17 243128]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [12.7.2013 18:20 67824]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [13.12.2013 18:26 701512]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [19.2.2013 20:04 3467768]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13.12.2013 18:26 22856]
S2 avast! Firewall;avast! Firewall;"c:\program files\AVAST Software\Avast\afwServ.exe" --> c:\program files\AVAST Software\Avast\afwServ.exe [?]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [9.10.2013 9:58 3275136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [25.7.2013 7:52 162672]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [24.1.2014 10:16 40776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-16 18:27 1211672 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-01-28 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-24 09:26]
.
2014-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-04 18:51]
.
2014-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-04 18:51]
.
2014-01-25 c:\windows\Tasks\Obnovení systému.job
- c:\windows\system32\Restore\rstrui.exe [2012-11-04 13:49]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
TCP: Interfaces\{A4A6E678-8472-47F2-9DE9-ED5AE24E7759}: NameServer = 212.24.128.8
FF - ProfilePath - c:\documents and settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\9ma4k9tb.default\
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN56346289758484615&UM=UM_ID&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{FE69C007-C452-4d3e-86D2-1730DF8BC871} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-28 15:10
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\avast! sandbox
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Celkový čas: 2014-01-28 15:13:01
ComboFix-quarantined-files.txt 2014-01-28 14:12
.
Před spuštěním: 5 274 275 840
Po spuštění: 5 595 648 000
.
- - End Of File - - AF24CD5F94748EB7BB046D3327C9C038
413FC2A0C716421B3158746D63736515

Rull · #6 Příspěvek od **Rull** » 28 led 2014 18:14

Combo 2)

ComboFix 14-01-27.02 - Milan 28.01.2014 17:55:47.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.3071.2599 [GMT 1:00]
Spuštěný z: c:\documents and settings\Milan\Plocha\Potvora.com
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-12-28 do 2014-01-28 )))))))))))))))))))))))))))))))
.
.
2014-01-27 12:35 . 2014-01-27 12:35 -------- d-----w- C:\rsit
2014-01-26 12:35 . 2014-01-28 16:41 -------- d-----w- c:\program files\Johanka z Arku
2014-01-25 18:27 . 2014-01-28 16:41 -------- d-s---w- c:\documents and settings\Administrator
2014-01-03 20:13 . 2014-01-03 20:13 -------- d-----w- c:\documents and settings\Milan\Local Settings\Data aplikací\cache
2014-01-03 20:13 . 2014-01-23 16:50 -------- d-----w- c:\documents and settings\Milan\Local Settings\Data aplikací\FullTiltPoker
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-28 16:48 . 2014-01-28 16:48 247192 ----a-w- c:\windows\system32\drivers\aswndis2.sys.1390927682
2014-01-28 16:47 . 2013-11-22 12:19 247192 ----a-w- c:\windows\system32\drivers\aswndis2.sys
2013-11-22 12:19 . 2012-11-22 14:16 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-11-22 12:19 . 2013-11-22 12:19 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2013-11-18 16:19 . 2013-07-12 17:20 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-18 16:19 . 2013-07-12 17:20 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-18 16:19 . 2013-07-12 17:20 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-18 16:19 . 2012-11-04 19:43 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-11-18 16:19 . 2012-11-04 19:43 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-11-18 16:19 . 2012-11-04 19:43 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-18 16:19 . 2012-11-04 19:43 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-11-18 16:19 . 2012-11-04 19:43 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-11-18 16:19 . 2012-11-04 19:43 43152 ----a-w- c:\windows\avastSS.scr
2013-11-18 16:19 . 2012-11-04 19:43 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-11 21:47 . 2013-03-11 21:47 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\prxtbBS_P.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2011-05-09 09:49 176936 ----a-w- c:\program files\BS_Player\prxtbBS_P.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\prxtbBS_P.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\prxtbBS_P.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-18 16:19 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-09-23 15512424]
"NvMediaCenter"="NvMCTray.dll" [2012-09-23 108392]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-09-23 1634112]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-18 3568312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\Half-Life\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\Team Fortress 2\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\Left 4 Dead 2\\left4dead2.exe"=
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [22.11.2013 13:19 12112]
R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswndis2.sys [22.11.2013 13:19 247192]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [12.7.2013 18:20 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [12.7.2013 18:20 178304]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [22.11.2012 15:16 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4.11.2012 20:43 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4.11.2012 20:43 403440]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [9.9.2013 12:17 243128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4.11.2012 20:43 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [12.7.2013 18:20 70384]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [22.11.2013 13:19 116776]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [13.12.2013 18:26 701512]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [19.2.2013 20:04 3467768]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13.12.2013 18:26 22856]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [9.10.2013 9:58 3275136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [25.7.2013 7:52 162672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 09:21 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-01-28 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-04 16:19]
.
2014-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-04 18:51]
.
2014-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-04 18:51]
.
2014-01-25 c:\windows\Tasks\Obnovení systému.job
- c:\windows\system32\Restore\rstrui.exe [2012-11-04 13:49]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.1 62.240.178.250
FF - ProfilePath - c:\documents and settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\9ma4k9tb.default\
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN56346289758484615&UM=UM_ID&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{FE69C007-C452-4d3e-86D2-1730DF8BC871} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-28 17:59
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Celkový čas: 2014-01-28 18:00:51
ComboFix-quarantined-files.txt 2014-01-28 17:00
ComboFix2.txt 2014-01-28 14:13
.
Před spuštěním: 2 522 775 552
Po spuštění: 2 512 674 816
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 114010B70A3774A0444000A85397AE35
413FC2A0C716421B3158746D63736515

#7 Příspěvek od **Roli** » 28 led 2014 22:10

Znovu spusť AdwCleaner ale tentokrát klikni na Clean,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té mi sem zase zkopíruj Report.

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

FireFox:: 
FF - ProfilePath - c:\documents and settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\9ma4k9tb.default\
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT17505 ... hSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... M=UM_ID&q=

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:

Obrázek

Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

Rull · #8 Příspěvek od **Rull** » 29 led 2014 12:28

tady jsou logy z adw - scan a clean

# AdwCleaner v3.017 - Report created 29/01/2014 at 12:14:51
# Updated 12/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : Administrator - MILAN-9F1E30AF4
# Running from : C:\Documents and Settings\Administrator.MILAN-9F1E30AF4\Plocha\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found C:\Documents and Settings\All Users\Data aplikací\apn
Folder Found C:\Documents and Settings\All Users\Data aplikací\QuickSet
Folder Found C:\Program Files\BS_Player
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\Trymedia

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKLM\Software\BS_Player
Key Found : HKLM\SOFTWARE\BS_Player
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{055DD326-956C-4827-9467-A172509E81B3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{91F3F80B-707C-4652-B1B9-FB44D446BF57}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A36BCB13-778D-4A40-99C1-D686086D268F}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1750559
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CCA8F2AB-BE4E-41F0-A289-4D960CEA58EA}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\hidjnkeodmholilgafgdlgmgggbhnigl
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{269E13BE-B9C3-4515-AB92-C2AC48EEDBBF}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E4168A13-F121-4FDD-BDB4-5405FE5E68B1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BS_Player Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{055DD326-956C-4827-9467-A172509E81B3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BS_Player Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BS_Player Toolbar
Key Found : HKLM\Software\SimilarSites
Key Found : HKLM\Software\torch
Key Found : HKLM\Software\Trymedia Systems
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FE69C007-C452-4D3E-86D2-1730DF8BC871}]

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.2180

*************************

AdwCleaner[R0].txt - [25642 octets] - [13/12/2013 18:21:19]
AdwCleaner[R1].txt - [54884 octets] - [28/01/2014 14:44:02]
AdwCleaner[R2].txt - [27379 octets] - [29/01/2014 12:08:19]
AdwCleaner[R3].txt - [3257 octets] - [29/01/2014 12:14:51]
AdwCleaner[S0].txt - [356 octets] - [29/01/2014 11:47:44]
AdwCleaner[S1].txt - [356 octets] - [29/01/2014 12:09:21]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [3435 octets] ##########

# AdwCleaner v3.017 - Report created 29/01/2014 at 12:15:31
# Updated 12/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : Administrator - MILAN-9F1E30AF4
# Running from : C:\Documents and Settings\Administrator.MILAN-9F1E30AF4\Plocha\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\apn
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\QuickSet
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Trymedia
Folder Deleted : C:\Program Files\BS_Player

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hidjnkeodmholilgafgdlgmgggbhnigl
Key Deleted : HKLM\SOFTWARE\BS_Player
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BS_Player Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1750559
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{91F3F80B-707C-4652-B1B9-FB44D446BF57}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{055DD326-956C-4827-9467-A172509E81B3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36BCB13-778D-4A40-99C1-D686086D268F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CCA8F2AB-BE4E-41F0-A289-4D960CEA58EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{055DD326-956C-4827-9467-A172509E81B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{269E13BE-B9C3-4515-AB92-C2AC48EEDBBF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E4168A13-F121-4FDD-BDB4-5405FE5E68B1}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FE69C007-C452-4D3E-86D2-1730DF8BC871}]
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SimilarSites
Key Deleted : HKLM\Software\torch
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BS_Player Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.2180

*************************

AdwCleaner[R0].txt - [25642 octets] - [13/12/2013 18:21:19]
AdwCleaner[R1].txt - [54884 octets] - [28/01/2014 14:44:02]
AdwCleaner[R2].txt - [27379 octets] - [29/01/2014 12:08:19]
AdwCleaner[R3].txt - [3515 octets] - [29/01/2014 12:14:51]
AdwCleaner[S0].txt - [356 octets] - [29/01/2014 11:47:44]
AdwCleaner[S1].txt - [356 octets] - [29/01/2014 12:09:21]
AdwCleaner[S2].txt - [3383 octets] - [29/01/2014 12:15:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3443 octets] ##########

Rull · #9 Příspěvek od **Rull** » 29 led 2014 12:41

ComboFix 14-01-27.02 - Milan 29.01.2014 12:32:46.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.3071.2636 [GMT 1:00]
Spuštěný z: c:\documents and settings\Milan\Plocha\Potvora.com
Použité ovládací přepínače :: c:\docume~1\Milan\Plocha\CFScript.txt
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\RECYCLER(2)
c:\recycler(2)\S-1-5-21-583907252-1035525444-682003330-1003(2)\INFO2
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-12-28 do 2014-01-29 )))))))))))))))))))))))))))))))
.
.
2014-01-28 16:46 . 2014-01-28 16:46 -------- d-----w- c:\windows\system32\wbem\Repository
2014-01-28 16:42 . 2014-01-28 16:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-01-28 16:41 . 2014-01-28 16:41 -------- d-----w- c:\program files\AVAST Software
2014-01-27 12:35 . 2014-01-27 12:35 -------- d-----w- C:\rsit
2014-01-26 12:35 . 2014-01-28 16:41 -------- d-----w- c:\program files\Johanka z Arku
2014-01-25 18:27 . 2014-01-28 16:41 -------- d-s---w- c:\documents and settings\Administrator
2014-01-03 20:13 . 2014-01-03 20:13 -------- d-----w- c:\documents and settings\Milan\Local Settings\Data aplikací\cache
2014-01-03 20:13 . 2014-01-29 08:50 -------- d-----w- c:\documents and settings\Milan\Local Settings\Data aplikací\FullTiltPoker
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-28 16:48 . 2013-11-22 12:19 247192 ----a-w- c:\windows\system32\drivers\aswndis2.sys
2013-11-22 12:19 . 2012-11-22 14:16 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-11-22 12:19 . 2013-11-22 12:19 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2013-11-18 16:19 . 2013-07-12 17:20 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-18 16:19 . 2013-07-12 17:20 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-18 16:19 . 2013-07-12 17:20 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-18 16:19 . 2012-11-04 19:43 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-11-18 16:19 . 2012-11-04 19:43 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-11-18 16:19 . 2012-11-04 19:43 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-18 16:19 . 2012-11-04 19:43 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-11-18 16:19 . 2012-11-04 19:43 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-11-18 16:19 . 2012-11-04 19:43 43152 ----a-w- c:\windows\avastSS.scr
2013-11-18 16:19 . 2012-11-04 19:43 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-11 21:47 . 2013-03-11 21:47 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-18 16:19 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-09-23 15512424]
"NvMediaCenter"="NvMCTray.dll" [2012-09-23 108392]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-09-23 1634112]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-18 3568312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\Half-Life\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\Team Fortress 2\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\Left 4 Dead 2\\left4dead2.exe"=
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [22.11.2013 13:19 12112]
R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswndis2.sys [22.11.2013 13:19 247192]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [12.7.2013 18:20 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [12.7.2013 18:20 178304]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [22.11.2012 15:16 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4.11.2012 20:43 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4.11.2012 20:43 403440]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [9.9.2013 12:17 243128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4.11.2012 20:43 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [12.7.2013 18:20 70384]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [22.11.2013 13:19 116776]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [13.12.2013 18:26 701512]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [19.2.2013 20:04 3467768]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13.12.2013 18:26 22856]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [9.10.2013 9:58 3275136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [25.7.2013 7:52 162672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 09:21 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-01-29 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-04 16:19]
.
2014-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-04 18:51]
.
2014-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-04 18:51]
.
2014-01-25 c:\windows\Tasks\Obnovení systému.job
- c:\windows\system32\Restore\rstrui.exe [2012-11-04 13:49]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.1 62.240.178.250
FF - ProfilePath - c:\documents and settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\9ma4k9tb.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-29 12:39
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Celkový čas: 2014-01-29 12:39:54
ComboFix-quarantined-files.txt 2014-01-29 11:39
ComboFix2.txt 2014-01-28 17:00
ComboFix3.txt 2014-01-28 14:13
.
Před spuštěním: 2 016 903 168
Po spuštění: 2 010 308 608
.
- - End Of File - - 22D3B92A54197D7A7D50222B721783DD
413FC2A0C716421B3158746D63736515

#10 Příspěvek od **Roli** » 29 led 2014 20:49

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.

Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.

Máme čisto tak co na to PC, respektive co ten problém s připojením ?

Rull · #11 Příspěvek od **Rull** » 30 led 2014 13:01

při samotné obnově nevydržel déle než do vypnutí,ted už internet jde i po zapnutí bez použití obnovy takže určitě pokrok

nyní už se zdá čistý až na odinstalaci mbam,nelze odinstalovat ani smazat adresář,při vypnutí procesu se počítač zasekne takže nevím jak se toho zmetka zbavit

#12 Příspěvek od **Roli** » 30 led 2014 16:25

Rull píše:.......... až na odinstalaci mbam,nelze odinstalovat ani smazat adresář,při vypnutí procesu se počítač zasekne takže nevím jak se toho zmetka zbavit

On ničemu nevadí tak ho tam nech, nastav aby nenajížděl po startu PC a maximálně mu stopni služby.

#13 Příspěvek od **cernohous13** » 30 led 2014 16:26

Zdravím a omlouvám se za vstup

v nouzovém režimu http://downloads.malwarebytes.org/file/mbam_clean

#14 Příspěvek od **Roli** » 30 led 2014 16:30

cernohous13 píše:Zdravím a omlouvám se za vstup

Rull · #15 Příspěvek od **Rull** » 31 led 2014 12:26

tak ,,mbam,, už je pryč tak děkuji

jinak při nouzovém režimu v síti jsem zkoušel prohlídnout připojení a tam je zas ta chyba která se právě vyskytovala v normálním chodu tak nevím jestli to není nějaká zlá předzvěst..?

VIRY.CZ

prosím o kontrolu logu

prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu