Preventívna kontrola RSIT

Zpráva

mirec2211 · #1 Příspěvek od **mirec2211** » 08 lis 2014 07:44

Ahojte, potrebujem skontrolovat starý PC, ktorý vyuzívajú najmä rodičia. Ďakujem

Logfile of random's system information tool 1.10 (written by random/random)
Run by Uzivatel at 2014-11-08 07:43:15
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 21 GB (42%) free of 50 GB
Total RAM: 1280 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:43:22, on 8.11.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21310)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PrintCtrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Uzivatel\Desktop\RSIT.exe
C:\Program Files\trend micro\Uzivatel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/en/index.php?rvs=google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/en/index.php?rvs=google
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [3170 Scan2PC] "C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://G:\INSTAL~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Previesť cieľ odkazu do formátu Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Previesť do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Pridať cieľ odkazu do existujúceho súboru PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Pridať do existujúceho súboru PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Printer Control - ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM - C:\WINDOWS\system32\PrintCtrl.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8599 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job - C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe update all silent repair
C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Uzivatel\Application Data\Mozilla\Firefox\Profiles\q2s1d0n5.default

prefs.js - "browser.startup.homepage" - "http://www.cas.sk/"
prefs.js - "extensions.enabledItems" - "web2pdfextension@web2pdf.adobedotcom:1.1, {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.3, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6, jqs@sun.com:1.0, langpack-sk@firefox.mozilla.org:3.6, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28"

"web2pdfextension@web2pdf.adobedotcom"=C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.152 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Acrobat]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Documents and Settings\Uzivatel\Application Data\Mozilla\Firefox\Profiles\q2s1d0n5.default\extensions\
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05 339872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-04 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05 339872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05 339872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2003-05-05 143360]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"nwiz"=nwiz.exe /install []
"Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [2009-02-27 552960]
"3170 Scan2PC"=C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe [2009-01-30 503808]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2014-10-01 5088456]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2011-09-05 2904984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [2011-09-05 36760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-07 37296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [2009-09-02 315478]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TNOD UP]
C:\Program Files\TNod User & Password Finder\TNODUP.exe [2012-07-06 1028800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Aktualizovat ESET licenci.lnk]
C:\PROGRA~1\ESET\MINODL~1\MINODL~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Uzivatel^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2007-09-20 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\twain_32\Samsung\ScanMgr.exe"="C:\WINDOWS\twain_32\Samsung\ScanMgr.exe:*:Enabled:Scan Manger"
"C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe"="C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe:*:Enabled:ScanToPC"
"C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe"="C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe:*:Enabled:SScanToIO"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MIDI1"=SYNCOR11.DLL
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll

======List of files/folders created in the last 1 month======

2014-11-08 07:42:26 ----D---- C:\WINDOWS\SxsCaPendDel
2014-11-08 07:29:19 ----D---- C:\32788R22FWJFW
2014-11-07 22:32:37 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2014-11-07 20:59:34 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2014-11-07 20:48:58 ----SHD---- C:\RECYCLER
2014-11-07 20:46:12 ----D---- C:\WINDOWS\temp
2014-11-07 20:46:10 ----A---- C:\ComboFix.txt
2014-11-07 20:33:14 ----A---- C:\WINDOWS\zip.exe
2014-11-07 20:33:14 ----A---- C:\WINDOWS\SWXCACLS.exe
2014-11-07 20:33:14 ----A---- C:\WINDOWS\SWSC.exe
2014-11-07 20:33:14 ----A---- C:\WINDOWS\SWREG.exe
2014-11-07 20:33:14 ----A---- C:\WINDOWS\sed.exe
2014-11-07 20:33:14 ----A---- C:\WINDOWS\PEV.exe
2014-11-07 20:33:14 ----A---- C:\WINDOWS\NIRCMD.exe
2014-11-07 20:33:14 ----A---- C:\WINDOWS\MBR.exe
2014-11-07 20:33:14 ----A---- C:\WINDOWS\grep.exe
2014-11-07 20:32:59 ----D---- C:\Qoobox
2014-11-07 20:32:46 ----D---- C:\WINDOWS\erdnt
2014-10-31 11:18:32 ----D---- C:\Program Files\Mozilla Firefox
2014-10-10 08:59:12 ----A---- C:\WINDOWS\system32\drivers\epfwtdi.sys
2014-10-10 08:59:12 ----A---- C:\WINDOWS\system32\drivers\epfwndis.sys
2014-10-10 08:59:12 ----A---- C:\WINDOWS\system32\drivers\epfw.sys
2014-10-10 08:59:12 ----A---- C:\WINDOWS\system32\drivers\ehdrv.sys
2014-10-10 08:59:12 ----A---- C:\WINDOWS\system32\drivers\eamonm.sys

======List of files/folders modified in the last 1 month======

2014-11-08 07:43:22 ----D---- C:\WINDOWS\Prefetch
2014-11-08 07:43:19 ----D---- C:\Program Files\trend micro
2014-11-08 07:42:27 ----D---- C:\WINDOWS\WinSxS
2014-11-08 07:42:26 ----D---- C:\WINDOWS
2014-11-08 07:41:45 ----RD---- C:\Program Files
2014-11-08 07:41:15 ----D---- C:\WINDOWS\system32
2014-11-08 07:40:25 ----SHD---- C:\WINDOWS\Installer
2014-11-07 22:42:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-11-07 22:42:45 ----D---- C:\WINDOWS\system32\drivers
2014-11-07 22:34:05 ----HD---- C:\WINDOWS\inf
2014-11-07 22:34:04 ----D---- C:\WINDOWS\system32\CatRoot2
2014-11-07 22:17:59 ----SD---- C:\WINDOWS\Tasks
2014-11-07 21:37:20 ----D---- C:\Program Files\Total Video Converter
2014-11-07 20:44:02 ----A---- C:\WINDOWS\system.ini
2014-11-07 20:43:52 ----D---- C:\WINDOWS\system32\drivers\etc
2014-11-07 20:43:21 ----D---- C:\Program Files\ESET
2014-11-07 20:40:56 ----D---- C:\WINDOWS\AppPatch
2014-11-07 20:40:53 ----D---- C:\Program Files\Common Files
2014-11-01 08:05:00 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-10-26 07:43:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-10 15:18:33 ----D---- C:\Documents and Settings\Uzivatel\Application Data\vlc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BtHidBus;Bluetooth HID Bus Service; C:\WINDOWS\System32\Drivers\BtHidBus.sys [2009-06-17 20744]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 RRamdisk;Ramdisk Driver; C:\WINDOWS\system32\DRIVERS\rramdisk.sys [2003-12-09 10368]
R0 uagp35;Microsoft AGPv3.5 Filter; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-14 44672]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2003-07-02 27904]
R0 viasraid;viasraid; C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-01 77056]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2007-09-20 77568]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 37760]
R1 eamonm;eamonm; C:\WINDOWS\system32\DRIVERS\eamonm.sys [2014-10-10 191928]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2014-10-10 135296]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2014-10-10 63160]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2011-08-25 231248]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 cpuz135;cpuz135; \??\C:\WINDOWS\system32\drivers\cpuz135_x32.sys []
R2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2014-10-10 176448]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2007-09-20 62336]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 btnetBUs;Bluetooth PAN Bus Service; C:\WINDOWS\System32\Drivers\btnetBus.sys [2009-06-17 29192]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2014-10-10 39464]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2009-06-17 25480]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-09-20 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-07-15 578368]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2009-06-17 32392]
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2009-06-17 14088]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2009-07-08 39304]
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 catchme;catchme; \??\C:\DOCUME~1\Uzivatel\LOCALS~1\Temp\catchme.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2003-09-04 41984]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\safedrv.sys []
S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []
S3 Revoflt;Revoflt; C:\WINDOWS\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2009-06-17 14856]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2007-09-20 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2007-09-20 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2014-10-01 1349576]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 Printer Control;Printer Control; C:\WINDOWS\system32\PrintCtrl.exe [2009-06-16 77824]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23 107912]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24 267440]
S3 BlueSoleilCS;BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2009-09-02 1466476]
S3 BsHelpCS;BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2009-09-02 102503]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23 107912]
S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-10-31 114288]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 ABBYY.Licensing.FineReader.Corporate.9.0;ABBYY FineReader 9.0 CE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\CE\NetworkLicenseServer.exe [2008-10-27 759072]
S4 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2011-02-07 72704]
S4 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-02-29 158856]

-----------------EOF-----------------

#2 Příspěvek od **cernohous13** » 08 lis 2014 08:39

Zdravím,

co tam mám vidět po tvém použití ComboFixu

ten je určen pro spuštění až na pokyn rádce.

Zkopíruj mi sem jeho obsah C:\ComboFix.txt

jsou s PC nějaké konkrétní problémy?

mirec2211 · #3 Příspěvek od **mirec2211** » 08 lis 2014 08:52

Ospravedlnujem sa, brat dal vcera rovno Combofix. Som o tom nevedel. Pridavam LOG z neho. no PC ide pomaly. mozno to je už vekom počítača, ale aj videa na youtube sekajú.

ComboFix 14-11-03.01 - Uzivatel 07.11.2014 20:36:31.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1280.690 [GMT 1:00]
Running from: c:\documents and settings\Uzivatel\Desktop\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Uzivatel\WINDOWS
c:\program files\ESET\MiNODLogin
c:\program files\ESET\MiNODLogin\MiNODLogin.exe
c:\program files\ESET\MiNODLogin\MiNODLogin.jar
c:\program files\ESET\MiNODLogin\MiNODLoginLib.dll
c:\program files\ESET\MiNODLogin\MiNODLoginUninst.exe
c:\program files\ESET\MiNODLogin\servidores.xml
c:\windows\system32\MUI\041b\tourstart.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-10-07 to 2014-11-07 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-24 14:13 . 2012-03-30 07:34 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-24 14:13 . 2011-05-17 10:39 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-02-27 552960]
"3170 Scan2PC"="c:\windows\Twain_32\Samsung\CLX3170\Scan2pc.exe" [2009-01-30 503808]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2011-2-4 565248]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Aktualizovat ESET licenci.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Aktualizovat ESET licenci.lnk
backup=c:\windows\pss\Aktualizovat ESET licenci.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Uzivatel\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2011-09-05 17:04 2904984 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2011-09-05 17:04 36760 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 04:42 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
2009-09-02 08:44 315478 ----a-w- c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-01-20 18:16 4617600 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TNOD UP]
2012-07-06 05:57 1028800 ----a-w- c:\program files\TNod User & Password Finder\TNODUP.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Scan2Pc.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Sscan2io.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [17.6.2009 14:01 20744]
R0 RRamdisk;Ramdisk Driver;c:\windows\system32\drivers\rramdisk.sys [4.2.2011 12:06 10368]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [4.2.2011 9:31 77056]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 22:55 67664]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [11.4.2011 12:31 21992]
R2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [27.2.2011 20:04 77824]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [17.6.2009 14:02 29192]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [17.6.2009 14:01 25480]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [8.7.2011 9:48 27064]
S4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12.8.2011 0:38 116608]
S4 ABBYY.Licensing.FineReader.Corporate.9.0;ABBYY FineReader 9.0 CE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\CE\NetworkLicenseServer.exe [27.10.2008 18:03 759072]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.8.2011 15:25 2152152]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 8:50 158856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-16 10:22 1077576 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 07:50]
.
2014-11-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 14:13]
.
2014-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-04 10:36]
.
2014-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-04 10:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toggle.com/en/index.php?rvs=google
mStart Page = hxxp://www.toggle.com/en/index.php?rvs=google
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - g:\instal~1\Office12\EXCEL.EXE/3000
IE: Previesť cieľ odkazu do formátu Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Previesť do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Pridať cieľ odkazu do existujúceho súboru PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Pridať do existujúceho súboru PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
TCP: DhcpNameServer = 217.75.71.141 193.58.193.11
FF - ProfilePath - c:\documents and settings\Uzivatel\Application Data\Mozilla\Firefox\Profiles\q2s1d0n5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cas.sk/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-DU Meter - c:\program files\DU Meter\DUMeter.exe
AddRemove-MiNODLogin - c:\program files\ESET\MiNODLogin\MiNODLoginUninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-11-07 20:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(728)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2014-11-07 20:46:09
ComboFix-quarantined-files.txt 2014-11-07 19:45
.
Pre-Run: 21 515 886 592 bytes free
Post-Run: 21 758 754 816 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.
- - End Of File - - A3A7EB76C67FAF9CC087FD1824A7655C
8F558EB6672622401DA993E1E865C861

#4 Příspěvek od **cernohous13** » 08 lis 2014 09:54

Tak jedeme dál

Stáhni Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
Ulož jej na plochu a spusť - zobrazí se licenční podminky -> start libovolnou klávesou.
Bude vytvořena záloha a proběhne skenování.
Vyskočí log (nebo je uložen zde c:\JRT jako JRT.txt) - zkopíruj jej sem

Stáhni AdwCleaner
http://www.bleepingcomputer.com/download/adwcleaner/
Ulož nejlépe na plochu -> ukonči všechny programy -> spusť AdwCleaner -> klikni na Scan po dokončení na Clean
bude provedena oprava, restartuje se - (případně restartuj) a vypadne log C:\AdwCleaner\AdwCleaner[S?].txt , jeho obsah vložíš sem

pravděpodobně budeš nucen vypnout na tu chvíli antivir - je to čisté, prověřeno

vyosek píše: Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
Po spuštění do okna vlozte skript nize
Kód: Vybrat vše
srinfo;
autoclean;
emptyclsid;
iedefaults;
process;
hijackthis;
emptyalltemp;
resethosts;
Nasledne kliknete na Run Script

PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
Log bude zde C:\zoek-results.log

mirec2211 · #5 Příspěvek od **mirec2211** » 08 lis 2014 11:58

Prikladám všetky LOGy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.6 (11.05.2014:1)
OS: Microsoft Windows XP x86
Ran by Uzivatel on so 08.11.2014 at 11:46:47,15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd"
Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd.1"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\genericasktoolbar.dll"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\interface\{ac71b60e-94c9-4ede-ba46-e146747bb67e}"

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Uzivatel\local settings\application data\asktoolbar"

~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\Uzivatel\Application Data\mozilla\firefox\profiles\q2s1d0n5.default\user.js

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 08.11.2014 at 11:56:50,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v4.100 - Report created 08/11/2014 at 12:08:41
# DB v2014-11-07.1
# Updated 08/11/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Uzivatel - UZIVATEL-72E328
# Running from : C:\Documents and Settings\Uzivatel\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\Uzivatel\My Documents\Updater

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-041B-0000-0000000FF1CE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.21310

-\\ Mozilla Firefox v33.0.3 (x86 sk)

-\\ Google Chrome v34.0.1847.137

*************************

AdwCleaner[R0].txt - [2502 octets] - [08/11/2014 11:59:59]
AdwCleaner[S0].txt - [2446 octets] - [08/11/2014 12:08:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2506 octets] ##########

Zoek.exe v5.0.0.0 Updated 06-November-2014
Tool run by Uzivatel on so 08.11.2014 at 12:19:55,64.
Systém Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Uzivatel\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

8.11.2014 12:32:37 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1715567821-1614895754-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{D03C1618-BEAF-42DB-87BC-9F2FE41DAE60} deleted successfully
HKEY_USERS\S-1-5-21-1715567821-1614895754-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{F524A2CC-8FE7-4A44-A74A-21D427F5842C} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\jqs@sun.com deleted successfully

==== Running Processes ======================

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PrintCtrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Uzivatel\Desktop\zoek.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Documents and Settings\Uzivatel\Application Data\Mozilla\Firefox\Profiles\q2s1d0n5.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 0);
---- Lines jqs@sun.com modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"web2pdfextension@web2pdf.adobedotcom\":{\"descriptor\":\"C:\\\\Pr
user_pref("extensions.enabledItems", "web2pdfextension@web2pdf.adobedotcom:1.1,{b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.3,{d10d0bf8-f5b5-c8b4-a8b2-2
---- FireFox user.js and prefs.js backups ----

prefs_08.11.2014_1254_.backup

ProfilePath: C:\Documents and Settings\Uzivatel\Application Data\Thunderbird\Profiles\phtgn7pi.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_08.11.2014_1254_.backup

==== Deleting Files \ Folders ======================

C:\Program Files\Java deleted
C:\Program Files\ComPlus Applications deleted
C:\Documents and Settings\Uzivatel\Desktop\SRDownloader.exe deleted
"C:\Documents and Settings\Uzivatel\Application Data\Flock" deleted
"C:\Documents and Settings\Uzivatel\Application Data\DMCache" deleted

======== System Restore Points ========

RP1042: 27.8.2014 20:29:23 - Kontrolný bod systému
RP1043: 29.8.2014 15:37:47 - Kontrolný bod systému
RP1044: 30.8.2014 16:23:39 - Kontrolný bod systému
RP1045: 31.8.2014 16:30:22 - Kontrolný bod systému
RP1046: 1.9.2014 17:49:49 - Kontrolný bod systému
RP1047: 2.9.2014 18:01:07 - Kontrolný bod systému
RP1048: 3.9.2014 18:17:47 - Kontrolný bod systému
RP1049: 4.9.2014 18:31:32 - Kontrolný bod systému
RP1050: 6.9.2014 10:01:13 - Kontrolný bod systému
RP1051: 7.9.2014 10:02:49 - Kontrolný bod systému
RP1052: 8.9.2014 10:03:51 - Kontrolný bod systému
RP1053: 9.9.2014 10:51:24 - Kontrolný bod systému
RP1054: 10.9.2014 11:51:52 - Kontrolný bod systému
RP1055: 12.9.2014 9:44:03 - Kontrolný bod systému
RP1056: 13.9.2014 10:25:56 - Kontrolný bod systému
RP1057: 14.9.2014 11:06:52 - Kontrolný bod systému
RP1058: 15.9.2014 11:22:12 - Kontrolný bod systému
RP1059: 16.9.2014 11:54:41 - Kontrolný bod systému
RP1060: 17.9.2014 16:12:54 - Kontrolný bod systému
RP1061: 18.9.2014 16:19:01 - Kontrolný bod systému
RP1062: 19.9.2014 17:13:17 - Kontrolný bod systému
RP1063: 20.9.2014 17:18:43 - Kontrolný bod systému
RP1064: 21.9.2014 18:59:05 - Kontrolný bod systému
RP1065: 22.9.2014 19:48:19 - Kontrolný bod systému
RP1066: 24.9.2014 12:20:18 - Kontrolný bod systému
RP1067: 28.9.2014 8:52:37 - Kontrolný bod systému
RP1068: 29.9.2014 9:50:51 - Kontrolný bod systému
RP1069: 30.9.2014 10:25:32 - Kontrolný bod systému
RP1070: 1.10.2014 19:09:07 - Kontrolný bod systému
RP1071: 3.10.2014 11:10:30 - Kontrolný bod systému
RP1072: 4.10.2014 11:46:04 - Kontrolný bod systému
RP1073: 5.10.2014 12:01:00 - Kontrolný bod systému
RP1074: 6.10.2014 12:56:55 - Kontrolný bod systému
RP1075: 8.10.2014 10:21:44 - Kontrolný bod systému
RP1076: 9.10.2014 14:38:11 - Kontrolný bod systému
RP1077: 10.10.2014 15:12:26 - Kontrolný bod systému
RP1078: 11.10.2014 16:02:15 - Kontrolný bod systému
RP1079: 12.10.2014 16:45:16 - Kontrolný bod systému
RP1080: 13.10.2014 17:11:11 - Kontrolný bod systému
RP1081: 14.10.2014 17:36:03 - Kontrolný bod systému
RP1082: 15.10.2014 18:33:46 - Kontrolný bod systému
RP1083: 16.10.2014 19:10:33 - Kontrolný bod systému
RP1084: 17.10.2014 19:14:34 - Kontrolný bod systému
RP1085: 19.10.2014 11:04:58 - Kontrolný bod systému
RP1086: 20.10.2014 11:07:11 - Kontrolný bod systému
RP1087: 21.10.2014 19:19:24 - Kontrolný bod systému
RP1088: 23.10.2014 7:35:55 - Kontrolný bod systému
RP1089: 24.10.2014 10:31:47 - Kontrolný bod systému
RP1090: 25.10.2014 15:34:28 - Kontrolný bod systému
RP1091: 26.10.2014 14:45:09 - Kontrolný bod systému
RP1092: 27.10.2014 15:22:46 - Kontrolný bod systému
RP1093: 28.10.2014 15:43:49 - Kontrolný bod systému
RP1094: 29.10.2014 17:26:26 - Kontrolný bod systému
RP1095: 30.10.2014 18:19:17 - Kontrolný bod systému
RP1096: 31.10.2014 18:54:09 - Kontrolný bod systému
RP1097: 1.11.2014 19:10:02 - Kontrolný bod systému
RP1098: 2.11.2014 19:56:21 - Kontrolný bod systému
RP1099: 4.11.2014 17:15:14 - Kontrolný bod systému
RP1100: 5.11.2014 17:51:48 - Kontrolný bod systému
RP1101: 6.11.2014 18:00:57 - Kontrolný bod systému
RP1102: 7.11.2014 18:16:34 - Kontrolný bod systému
RP1103: 7.11.2014 21:37:18 - Spyware Terminator 2012 (7.11.2014 21:37:11)
RP1104: 7.11.2014 22:16:29 - Revo Uninstaller Pro's restore point - SUPERAntiSpyware
RP1105: 8.11.2014 7:40:21 - Removed Ad-Aware
RP1106: 8.11.2014 7:48:36 - TrueCrypt uninstallation
RP1107: 8.11.2014 8:42:08 - Revo Uninstaller Pro's restore point - CZShare Manager
RP1108: 8.11.2014 8:44:05 - Revo Uninstaller Pro's restore point - Total Video Converter 3.20 090114
RP1109: 8.11.2014 8:45:48 - Revo Uninstaller Pro's restore point - Flock 0.7
RP1110: 8.11.2014 12:32:36 - zoek.exe restore point

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"web2pdfextension@web2pdf.adobedotcom"="C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn" [23.10.2011 12:56]

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\Uzivatel\Application Data\Mozilla\Firefox\Profiles\q2s1d0n5.default
- Undetermined - {b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\Uzivatel\Application Data\Mozilla\Firefox\Profiles\q2s1d0n5.default
40AAE0A1A4F664828DF5A95875AEA1C8 - C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll - Google Update
DFC9460CC37E5C414DC4680B10C19E7A - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash
0CA4180B21C6B728578F3B0433BB740E - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
ED327201724EA05D509B7939ABE49E98 - C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll - Silverlight Plug-In
198BED114015C2671C88FDC32CDCB21D - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll - Adobe Acrobat
4393DCB856A2A109E266E6F59E2EF31A - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat
4393DCB856A2A109E266E6F59E2EF31A - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
C0F8E64200332C0A2B6A78D29257968D - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.9
A517760D4AD38550BC1DFD6B96F1B59C - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.9
E2B1CAEE5DDA3A60DB4212BB12AFE1E3 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.9
6C79088343E7D1A6E9239CDD21A94EEA - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.9
ED5D191844D295959F82EB8C27546AC8 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.9
8E324717EDBF12F7E005D26DF26A0F96 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.9
6C859C6FCE6D694EAFD7EA3AE66D54DB - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.6.9
1A02FC0F35E1236136A2AF0BAE2D1A0E - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll - Foxit Reader Plugin for Mozilla
28000D7EEB2FD95A36E1A7539F599C3B - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
5D41BCD19A3D90E4EBB58A6BFB79E4F7 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
8B6884E3E1E5F8ABA5FA0C6A2B13181D - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
73DD5296E57633ED34BD52F86E276451 - C:\Program Files\Foxit Software\Foxit Reader\plugins\NPSWF32.dll - Shockwave Flash
D64C331B7D2723D3C8A05810D0D30AE0 - C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrlui.dll - Microsoft (R) Silverlight

==== Chromium Look ======================

AdBlock - Uzivatel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

==== Chromium Startpages ======================

C:\Documents and Settings\Uzivatel\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.zoznam.sk/",
"startup_urls": [ "http://www.zoznam.sk/" ],

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.toggle.com/en/index.php?rvs=google"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.toggle.com/en/index.php?rvs=google"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{D03C1618-BEAF-42DB-87BC-9F2FE41DAE60}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D03C1618-BEAF-42DB-87BC-9F2FE41DAE60}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1715567821-1614895754-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully
HKEY_USERS\S-1-5-21-1715567821-1614895754-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TNOD UP deleted successfully

==== HijackThis Entries ======================

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [3170 Scan2PC] "C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://G:\INSTAL~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Previesť cieľ odkazu do formátu Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Previesť do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Pridať cieľ odkazu do existujúceho súboru PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Pridať do existujúceho súboru PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Printer Control - ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM - C:\WINDOWS\system32\PrintCtrl.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Documents and Settings\Uzivatel\Local Settings\Application Data\Mozilla\Firefox\Profiles\q2s1d0n5.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Documents and Settings\Uzivatel\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=640 folders=43 92749272 bytes)

==== Empty Temp Folders ======================

C:\Documents and Settings\Default User\Local Settings\temp emptied successfully
C:\Documents and Settings\LocalService\Local Settings\temp emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\temp emptied successfully
C:\Documents and Settings\Uzivatel\Local Settings\temp will be emptied at reboot
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\Uzivatel\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on so 08.11.2014 at 13:20:06,17 ======================

#6 Příspěvek od **cernohous13** » 08 lis 2014 14:18

Tak ještě kontrola

Stáhni a nainstaluj MBAM zde http://www.bleepingcomputer.com/downloa ... re/dl/241/ verzi 1.75
Při instalaci ti jako první nabídne instalaci nové verze - dáš Storno - bude aktualizována jen databáze
Po instalaci Spustit -> na 1.záložce "Kontrolor" -> Úplná kontrola -> Prohledat
po dokončení scanu vyskočí okno Notepad s výsledkem - obsah zkopíruj do své odpovědi
zatím nic nemazat - počkej na posouzení a program nezavírej

mirec2211 · #7 Příspěvek od **mirec2211** » 08 lis 2014 17:24

tak nech sa paci. mi niektore tie subory pridu ako cracky na programy. najradsej by som to pomazal.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verzia databázy: v2014.11.08.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
Uzivatel :: UZIVATEL-72E328 [administrátor]

8.11.2014 15:40:36
MBAM-log-2014-11-08 (17-22-00).txt

Typ kontroly: Úplná kontrola (C:\|D:\|)
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 358279
Uplynutý čas: 1 hod, 38 min, 33 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Škodlivý: (1) Dobrý: (0) -> Žiadna úloha nevykonaná.

Detegované priečinky: 0
(Škodlivé položky neboli zistené)

Detegované súbory: 15
C:\Qoobox\Quarantine\C\Program Files\ESET\MiNODLogin\MiNODLoginUninst.exe.vir (Riskware.KG) -> Žiadna úloha nevykonaná.
C:\System Volume Information\_restore{6A7FDC1F-CB3D-4973-89B4-AFA349DE4FC0}\RP1102\A0093152.exe (Riskware.KG) -> Žiadna úloha nevykonaná.
C:\System Volume Information\_restore{6A7FDC1F-CB3D-4973-89B4-AFA349DE4FC0}\RP1103\A0093254.EXE (Trojan.WGAPatch) -> Žiadna úloha nevykonaná.
D:\3) TNODUP 1.4.2.1 Final\TNod User & Password Finder\uninst-tnod.exe (Trojan.Agent.CK) -> Žiadna úloha nevykonaná.
D:\ZÁLOHA USB\ABBYY FineReader 9.0.0.1042 Corporate Edition CZE\Loader.rar (PUP.Hacktool.Patcher) -> Žiadna úloha nevykonaná.
D:\ZÁLOHA USB\Advanced_SystemCare_professional\Advanced SystemCare Pro V3.0 Patch^N^Keygen.rar (RiskWare.Tool.CK) -> Žiadna úloha nevykonaná.
D:\ZÁLOHA USB\AVG Anti-Spyware 7.5.1.43\Patch.rar (PUP.Hacktool.Patcher) -> Žiadna úloha nevykonaná.
D:\ZÁLOHA USB\Nero_8.2.8.0_Micro\Nero_8.2.8.0_Micro KEYGEN.rar (RiskWare.Tool.HCK) -> Žiadna úloha nevykonaná.
D:\ZÁLOHA USB\O&O Defrag Professional Edition v10.0.1634 Incl Keygen\keygen.rar (RiskWare.Tool.CK) -> Žiadna úloha nevykonaná.
D:\ZÁLOHA USB\TechSmith.Camtasia.Studio.v6.0.3 [ZACHYTAVANIE OBRAZU NA MONITORE]\keygen.rar (Backdoor.RBot) -> Žiadna úloha nevykonaná.
D:\Programy\Advanced_SystemCare_Personal\Advanced SystemCare Pro V3.0 Patch^N^Keygen.rar (RiskWare.Tool.CK) -> Žiadna úloha nevykonaná.
D:\Programy\O&O Defrag Professional Edition v10.0.1634 Incl Keygen\keygen.rar (RiskWare.Tool.CK) -> Žiadna úloha nevykonaná.
D:\Programy\O&O Defrag Professional Edition v10.0.1634 Incl Keygen\o&o defrag professional 11.5.4101\KEYGEN.rar (Backdoor.RBot) -> Žiadna úloha nevykonaná.
D:\Programy\TOTAL VIDEO CONVERTER 3.21 SK\CRACK.rar (Trojan.WGAPatch) -> Žiadna úloha nevykonaná.
D:\Programy\EVEREST ultimate\Everest5.30\SND-LE46015-KG.rar (PUP.RiskwareTool.CK) -> Žiadna úloha nevykonaná.

(koniec)

#8 Příspěvek od **cernohous13** » 08 lis 2014 17:27

dobrý postřeh - nech vše Odstranit a proveď nový scan MBAM

mirec2211 · #9 Příspěvek od **mirec2211** » 08 lis 2014 20:09

odstranene a nový test nenasiel ziadnu haved. PC je cistejsi,ale stale pomaly. som skusilaj pustit film co mam v PC a seka obraz. ide zvuk, ale obraz ee. ja si myslim, ze to bude niečo mechanicke. ten PC ma už cca 10 rokov. len nič ma nenapadá, ze kde moze byť chyba :/

#10 Příspěvek od **cernohous13** » 09 lis 2014 05:37

MBAM odinstaluj http://www.malwarebytes.org/mbam-clean.exe

Ještě se podíváme jak je na tom HDD
Sáhni http://www.studna.cz/crystaldiskinfo-p-11601.html
rozbal do nové složky a spusť DiskInfo.exe
pak Ctrl+C a do své odpovědi zde Ctrl+V

mirec2211 · #11 Příspěvek od **mirec2211** » 09 lis 2014 09:24

Nech sa páči. z mojho laického pohladu to vypada na vadný disk.

----------------------------------------------------------------------------
CrystalDiskInfo 6.2.1 (C) 2008-2014 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows XP Professional SP3 [5.1 Build 2600] (x86)
Date : 2014/11/09 9:26:15

-- Controller Map ----------------------------------------------------------
+ VIA Bus Master IDE Controller [ATA]
+ Primary IDE Channel (0)
- WDC WD2500JB-22REA0
+ Secondary IDE Channel (1)
- SAMSUNG CD-R/RW SW-252F
- TSSTcorp CD/DVDW SH-S182D
- VIA Serial ATA RAID Controller [SCSI]

-- Disk List ---------------------------------------------------------------
(1) WDC WD2500JB-22REA0 : 250,0 GB [0/0/0, pd1] - wd

----------------------------------------------------------------------------
(1) WDC WD2500JB-22REA0
----------------------------------------------------------------------------
Model : WDC WD2500JB-22REA0
Firmware : 20.00K20
Serial Number : WD-WCANKM506198
Disk Size : 250,0 GB (8,4/137,4/250,0/250,0)
Buffer Size : 8192 KB
Queue Depth : 1
# of Sectors : 488397168
Rotation Rate : Neznámy údaj
Interface : Parallel ATA
Major Version : ATA/ATAPI-7
Minor Version : ----
Transfer Mode : UDMA/100 | UDMA/100
Power On Hours : 23994 hod.
Power On Count : 2925 krát
Temperature : 37 C (98 F)
Health Status : Pozor
Features : S.M.A.R.T., AAM, 48bit LBA
APM Level : ----
AAM Level : 80FEh [OFF]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 000000000000 Počet chybných čítaní
03 189 _93 _21 0000000015A5 Čas na roztočenie platní
04 _98 _98 __0 000000000B81 Počet spustení/zastavení
05 199 199 140 000000000008 Počet premapovaných sektorov
07 200 200 _51 000000000000 Počet chybných vyhľadávaní
09 _68 _68 __0 000000005DBA Počet odpracovaných hodín
0A 100 100 _51 000000000000 Počet opakovaných pokusov o roztočenie platní
0B 100 100 _51 000000000000 Počet pokusov o prekalibrovanie
0C _98 _98 __0 000000000B6D Počet cyklov zapnutia zariadenia
C2 113 100 __0 000000000025 Teplota
C4 197 197 __0 000000000003 Počet udalostí s cieľom realokovania sektorov
C5 200 200 __0 000000000001 Počet podozrivých sektorov
C6 200 200 __0 000000000001 Počet neopraviteľných sektorov
C7 200 200 __0 000000000365 Počet chýb v kontrolnom súčte UltraDMA
C8 200 200 _51 000000000000 Počet chýb pri zápise sektorov

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 427A 3FFF C837 0010 0000 0000 003F 0000 0000 0000 Bz?..7.......?......
010: 2020 2020 2057 442D 5743 414E 4B4D 3530 3631 3938 WD-WCANKM506198
020: 0000 4000 0032 3230 2E30 304B 3230 5744 4320 5744 ..@..220.00K20WDC WD
030: 3235 3030 4A42 2D32 3252 4541 3020 2020 2020 2020 2500JB-22REA0
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00 ..../.
050: 4001 0000 0000 0007 3FFF 0010 003F FC10 00FB 0110 @.......?....?......
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000 ...........x.x.x.x..
070: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 ....................
080: 00FE 0000 746B 7F01 4633 7469 3C01 4623 203F 0000 ....tk..F3ti<.F# ?..
090: 0000 0000 FFFE 600D 80FE 0008 0000 0000 86A0 0001 ......`.............
100: 5970 1D1C 0000 0000 0000 0000 0000 0000 0000 0000 Yp..................
110: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 ....................
120: 0000 0000 0000 0000 0000 0000 0000 0000 0009 0000 ....................
130: 0000 0000 0000 1276 0000 0000 0000 0000 0000 0000 .......v............
140: 0000 0000 0004 0000 0000 0000 0000 0000 0000 0000 ....................
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 ....................
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 ....................
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 ....................
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 ....................
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 ....................
200: 0000 0000 0000 0000 0000 0000 003F 0000 0000 0000 .............?......
210: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 ....................
220: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 ....................
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 ....................
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 ....................
250: 0000 0000 0000 0000 0000 32A5 ..........2.

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 0F 00 C8 C8 00 00 00 00 00 00 00 03 03 ................
010: 00 BD 5D A5 15 00 00 00 00 00 04 32 00 62 62 81 ..]........2.bb.
020: 0B 00 00 00 00 00 05 33 00 C7 C7 08 00 00 00 00 .......3........
030: 00 00 07 0F 00 C8 C8 00 00 00 00 00 00 00 09 32 ...............2
040: 00 44 44 BA 5D 00 00 00 00 00 0A 13 00 64 64 00 .DD.]........dd.
050: 00 00 00 00 00 00 0B 12 00 64 64 00 00 00 00 00 .........dd.....
060: 00 00 0C 32 00 62 62 6D 0B 00 00 00 00 00 C2 22 ...2.bbm......."
070: 00 71 64 25 00 00 00 00 00 00 C4 32 00 C5 C5 03 .qd%.......2....
080: 00 00 00 00 00 00 C5 12 00 C8 C8 01 00 00 00 00 ................
090: 00 00 C6 10 00 C8 C8 01 00 00 00 00 00 00 C7 3E ...............>
0A0: 00 C8 C8 65 03 00 00 00 00 00 C8 09 00 C8 C8 00 ...e............
0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
160: 00 00 00 00 00 00 00 00 00 00 82 00 00 1E 01 7B ...............{
170: 03 00 01 00 02 5A 06 00 00 00 00 00 00 00 00 00 .....Z..........
180: 00 00 01 06 00 00 00 00 00 00 00 00 00 00 00 00 ................
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 47 ...............G

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 33 C8 C8 C8 C8 C8 C8 00 00 00 00 03 15 ...3............
010: 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 ................
020: 00 00 00 00 00 00 05 8C 00 00 00 00 00 00 00 00 ................
030: 00 00 07 33 C8 C8 C8 C8 C8 C8 00 00 00 00 09 00 ...3............
040: 00 00 00 00 00 00 00 00 00 00 0A 33 00 00 00 00 ...........3....
050: 00 00 00 00 00 00 0B 33 00 00 00 00 00 00 00 00 .......3........
060: 00 00 0C 00 00 00 00 00 00 00 00 00 00 00 C2 00 ................
070: 00 00 00 00 00 00 00 00 00 00 C4 00 00 00 00 00 ................
080: 00 00 00 00 00 00 C5 00 00 00 00 00 00 00 00 00 ................
090: 00 00 C6 00 01 00 00 00 00 00 00 00 00 00 C7 00 ................
0A0: 00 00 00 00 00 00 00 00 00 00 C8 33 C8 C8 C8 C8 ...........3....
0B0: C8 C8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 ...............a

#12 Příspěvek od **cernohous13** » 09 lis 2014 10:27

Sice ještě nic dramatického ale úplně OK to není

Proveď kontrolu http://www.stahuj.centrum.cz/utility_a_ ... hd-tune-2/
na 4. záložce Error Scan - kolik červených ?

Start -> Spustit... -> napiš cmd ->Ok
do černého okna napiš příkaz chkdsk /f/r -> "Enter"
souhlas - restartuj - proběhne kontrola a případná oprava chyb HDD.

mirec2211 · #13 Příspěvek od **mirec2211** » 09 lis 2014 13:05

Tak test ukázal 1 červený štvorček. po aplikovaní príkazu do CMD riadku som restartoval PC, prebehol test a nasledne som opäť otestoval HDD cez HD Tune a stále ukazuje ten istý chybný štvorček.

#14 Příspěvek od **cernohous13** » 09 lis 2014 15:38

Ten sektor je chybný ale chkdsk jej měl označit a systém ho nebude používat

Jak se chová PC nyní?

mirec2211 · #15 Příspěvek od **mirec2211** » 09 lis 2014 15:49

Pc ide lepšie, ale videa stále sekaju. Nerozumiem tomu. Asi je to už starý PC. Skúšal som aj iný prehrávač ale nepomohlo. Vlc vždy išiel dobre. :-/ som uz z toho zúfalý.

VIRY.CZ

Preventívna kontrola RSIT

Preventívna kontrola RSIT

Re: Preventívna kontrola RSIT

Re: Preventívna kontrola RSIT

Re: Preventívna kontrola RSIT

Re: Preventívna kontrola RSIT

Re: Preventívna kontrola RSIT

Re: Preventívna kontrola RSIT

Re: Preventívna kontrola RSIT

Re: Preventívna kontrola RSIT

Re: Preventívna kontrola RSIT

Re: Preventívna kontrola RSIT

Re: Preventívna kontrola RSIT

Re: Preventívna kontrola RSIT

Re: Preventívna kontrola RSIT

Re: Preventívna kontrola RSIT