Prosím o kontrolu - také svchost.exe

lukix207 · Příspěvekod **lukix207** » 14 zář 2013 23:46

Dobrý den,
nejsem koukám sám komu po startu pc naběhne tento proces a vytěžuje procesor.
Chtěl bych Vás poprosit o kontrolu logu a pomoc a nějaké řešení.

Když tento proces ukončím, tak mi také přestane jít zvukovka, ale pouze jen v některých programech a přestal fungovat řežim spánku, pc se jen rebootne.

http://upload.alic.cz/hijackthis.log

Děkuji za každou radu a zajímalo by mne jak jsem si to způsobil.
Avast mi nijak nepomohl a to jsem ho nechal projet všechny hdd před nastartováním systému a bylo to k asi na hodinu, pak to zas začalo.

Reklama

Příspěvekod **memphisto** » 15 zář 2013 09:58

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranìní historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit doèasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po probìhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

lukix207 · Příspěvekod **lukix207** » 15 zář 2013 12:38

http://upload.alic.cz/MBAM-log-2013-09- ... -28%29.txt

http://upload.alic.cz/AdwCleaner%5BR0%5D.txt

guest · Příspěvekod **guest** » 15 zář 2013 12:40

Ty logy musíš vložit sem.

lukix207 · Příspěvekod **lukix207** » 15 zář 2013 12:53

HiJackThis

Kód: Vybrat vše

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:33:11, on 14.9.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
G:\program files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
D:\-=INSTAL=-\System\OCHRANA POCITACE\HijackThis\HijackThis 2.0.2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\setup\avast.setup

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Data aplikací\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -lock
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "G:\program files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdVantage] C:\Documents and Settings\Luki\Data aplikací\advantage\AdVantage.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Luki\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [VoipDiscount] "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://88.102.37.99
O16 - DPF: {DB7ACFA2-9634-4C98-BC9D-FB9416153022} (nvEPLMedia Control) - http://85.13.82.48/control/nvEPLMedia.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 8338 bytes

Malwarebytes' Anti-Malware

Kód: Vybrat vše

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.09.14.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Luki :: BLUEDAEMON [administrátor]

Ochrana: Povolena

15.9.2013 12:10:40
MBAM-log-2013-09-15 (12-26-28).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 276420
Uplynulý čas: 13 minut, 25 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 16
HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Nebyla provedena žádná instrukce.
HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Nebyla provedena žádná instrukce.
HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Nebyla provedena žádná instrukce.
HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Nebyla provedena žádná instrukce.
HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B8746E1-CE17-AF6E-F013-05AC56AA29DF} (PUP.Optional.Tarma.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.Tarma.A) -> Nebyla provedena žádná instrukce.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Nebyla provedena žádná instrukce.
HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Nebyla provedena žádná instrukce.
HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} (PUP.Optional.BrowseToSave.A) -> Nebyla provedena žádná instrukce.
HKCR\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} (PUP.Optional.BrowseToSave.A) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AdVantage (Adware.Vomba) -> Data: C:\Documents and Settings\Luki\Data aplikací\advantage\AdVantage.exe -> Nebyla provedena žádná instrukce.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {571890E5-59C9-11E2-803B-00110987ABFA} -> Nebyla provedena žádná instrukce.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {571890E5-59C9-11E2-803B-00110987ABFA} -> Nebyla provedena žádná instrukce.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 2
C:\Documents and Settings\Luki\Data aplikací\SwvUpdater (PUP.Software.Updater) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\All Users\Data aplikací\Browse2save (PUP.Optional.BrowseToSave.A) -> Nebyla provedena žádná instrukce.

Nalezené soubory: 10
C:\Documents and Settings\All Users\Data aplikací\InstallMate\{28338054-D839-42A7-A04C-901BF3D0A2A2}\Setup.exe (PUP.Optional.Tarma.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\All Users\Data aplikací\InstallMate\{28338054-D839-42A7-A04C-901BF3D0A2A2}\TsuDll.dll (PUP.Optional.Tarma.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Luki\Local Settings\Temp\RUHkeGgR.exe.part (PUP.Optional.Vid) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Luki\Local Settings\Temp\Shortcut_bundlesweetimsetup.exe (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Luki\Local Settings\Temp\SimboApp.exe (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Luki\Local Settings\Temp\Updater.exe (PUP.Optional.Amonetize) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Luki\Data aplikací\SwvUpdater\Updater.xml (PUP.Software.Updater) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Luki\Data aplikací\SwvUpdater\status.cfg (PUP.Software.Updater) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\All Users\Data aplikací\Browse2save\51641b2ef1d03.tlb (PUP.Optional.BrowseToSave.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\All Users\Data aplikací\Browse2save\settings.ini (PUP.Optional.BrowseToSave.A) -> Nebyla provedena žádná instrukce.

(konec)

AdwCleaner

Kód: Vybrat vše

# AdwCleaner v3.004 - Report created 15/09/2013 at 12:28:36
# Updated 15/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Luki - BLUEDAEMON
# Running from : D:\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\Luki\Data aplikací\Mozilla\Firefox\Profiles\2b8pxkqz.default\user.js
File Found : C:\Documents and Settings\Luki\Data aplikací\Mozilla\Firefox\Profiles\y4snhjvo.default\user.js
Folder Found : C:\Documents and Settings\Luki\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\kkmbfigkjbfmpbmkilfpnglagkfbbjad
Folder Found C:\Documents and Settings\All Users\Data aplikací\Browse2Save
Folder Found C:\Documents and Settings\All Users\Data aplikací\Browse2save
Folder Found C:\Documents and Settings\All Users\Data aplikací\SoftSafe
Folder Found C:\Documents and Settings\Luki\Data aplikací\Mozilla\Firefox\Profiles\y4snhjvo.default\Conduit
Folder Found C:\Documents and Settings\Luki\Data aplikací\pdfforge
Folder Found C:\Documents and Settings\Luki\Data aplikací\SwvUpdater
Folder Found C:\Documents and Settings\Luki\Data aplikací\Systweak

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\SProtector
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKLM\Software\SimplyGen
Key Found : HKLM\Software\SProtector
Key Found : HKLM\Software\Tarma Installer
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [AdVantage]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512


-\\ Mozilla Firefox v23.0.1 (cs)

[ File : C:\Documents and Settings\Luki\Data aplikací\Mozilla\Firefox\Profiles\2b8pxkqz.default\prefs.js ]


[ File : C:\Documents and Settings\Luki\Data aplikací\Mozilla\Firefox\Profiles\y4snhjvo.default\prefs.js ]

Line Found : user_pref("CT1750559.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT1750559.CTID", "CT1750559");
Line Found : user_pref("CT1750559.DialogsAlignMode", "LTR");
Line Found : user_pref("CT1750559.FirstTime", true);
Line Found : user_pref("CT1750559.FirstTimeFF3", true);
Line Found : user_pref("CT1750559.FixPageNotFoundErrors", true);
Line Found : user_pref("CT1750559.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT1750559.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT1750559.Initialize", true);
Line Found : user_pref("CT1750559.InitializeCommonPrefs", true);
Line Found : user_pref("CT1750559.InstalledDate", "Sat Oct 10 2009 13:31:18 GMT+0200");
Line Found : user_pref("CT1750559.InvalidateCache", false);
Line Found : user_pref("CT1750559.IsGrouping", false);
Line Found : user_pref("CT1750559.IsMulticommunity", false);
Line Found : user_pref("CT1750559.IsOpenThankYouPage", true);
Line Found : user_pref("CT1750559.IsOpenUninstallPage", true);
Line Found : user_pref("CT1750559.LanguagePackLastCheckTime", "Sat Oct 10 2009 13:48:55 GMT+0200");
Line Found : user_pref("CT1750559.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT1750559.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT1750559.LastLogin_2.1.0.19", "Sat Oct 10 2009 13:48:54 GMT+0200");
Line Found : user_pref("CT1750559.LatestVersion", "2.1.0.18");
Line Found : user_pref("CT1750559.Locale", "en-us");
Line Found : user_pref("CT1750559.LoginCache", 4);
Line Found : user_pref("CT1750559.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT1750559.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT1750559.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT1750559.RadioIsPodcast", false);
Line Found : user_pref("CT1750559.RadioLastCheckTime", "Sat Oct 10 2009 13:31:17 GMT+0200");
Line Found : user_pref("CT1750559.RadioLastUpdateIPServer", "4");
Line Found : user_pref("CT1750559.RadioLastUpdateServer", "128929877726170000");
Line Found : user_pref("CT1750559.RadioMediaID", "11237206");
Line Found : user_pref("CT1750559.RadioMediaType", "Media Player");
Line Found : user_pref("CT1750559.RadioMenuSelectedID", "EBRadioMenu_CT175055911237206");
Line Found : user_pref("CT1750559.RadioStationName", "1.FM%20Dance");
Line Found : user_pref("CT1750559.RadioStationURL", "hxxp://dance.1.fm/energydance128k?MSWMExt=.asf");
Line Found : user_pref("CT1750559.SHRINK_TOOLBAR", 1);
Line Found : user_pref("CT1750559.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT1750559.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&q=");
Line Found : user_pref("CT1750559.SettingsCheckIntervalMin", 120);
Line Found : user_pref("CT1750559.SettingsLastCheckTime", "Sat Oct 10 2009 13:31:15 GMT+0200");
Line Found : user_pref("CT1750559.SettingsLastUpdate", "1251797327");
Line Found : user_pref("CT1750559.ThirdPartyComponentsInterval", 72);
Line Found : user_pref("CT1750559.ThirdPartyComponentsLastCheck", "Sat Oct 10 2009 13:31:15 GMT+0200");
Line Found : user_pref("CT1750559.ThirdPartyComponentsLastUpdate", "1251797327");
Line Found : user_pref("CT1750559.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Found : user_pref("CT1750559.UserID", "UN30536714594361794");
Line Found : user_pref("CT1750559.WeatherNetwork", "");
Line Found : user_pref("CT1750559.WeatherPollDate", "Sat Oct 10 2009 13:31:17 GMT+0200");
Line Found : user_pref("CT1750559.WeatherUnit", "C");
Line Found : user_pref("CT1750559.alertChannelId", "31130");
Line Found : user_pref("CT1750559.clientLogIsEnabled", true);
Line Found : user_pref("CT1750559.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT1750559.myStuffEnabled", true);
Line Found : user_pref("CT1750559.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT1750559.myStuffSearchUrl", "hxxp://search.conduit.com/Results.aspx?q=SEARCH_TERM&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&SearchType=ToolbarComponents");
Line Found : user_pref("CT1750559.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT1750559.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT1750559.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT1750559");
Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT1750559");
Line Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Line Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Oct 10 2009 13:31:17 GMT+0200");
Line Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Found : user_pref("CommunityToolbar.alert.locale", "en");
Line Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Oct 10 2009 13:31:15 GMT+0200");
Line Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1234796400");
Line Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Found : user_pref("CommunityToolbar.alert.userId", "{b584ab65-1ff0-4b3e-9ba2-fef27702da93}");
Line Found : user_pref("extensions.51641b2ef1c1c.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}c[...]
Line Found : user_pref("extensions.facemoods.aflt", "_#ddrnw");
Line Found : user_pref("extensions.facemoods.firstRun", false);
Line Found : user_pref("extensions.facemoods.lastActv", "2");

[ File : C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\gumcdemq.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\Luki\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [11925 octets] - [15/09/2013 12:28:36]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [11986 octets] ##########

lukix207 · Příspěvekod **lukix207** » 15 zář 2013 13:03

A jinak zdravím modrého ducha také ze Semil :)

guest · Příspěvekod **guest** » 15 zář 2013 13:05

Ahoj, ale tom že si to dal to Code si to nevylepšil. Tohle se rádcům moc špatně čte. Normálně se to sem jenom zkopíruje. Koukni jak to dělají ostatní!

lukix207 · Příspěvekod **lukix207** » 15 zář 2013 13:15

Omluvám se, to jsem nevěděl.

HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:33:11, on 14.9.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
G:\program files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
D:\-=INSTAL=-\System\OCHRANA POCITACE\HijackThis\HijackThis 2.0.2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\setup\avast.setup

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Data aplikací\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -lock
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "G:\program files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdVantage] C:\Documents and Settings\Luki\Data aplikací\advantage\AdVantage.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Luki\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [VoipDiscount] "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://88.102.37.99
O16 - DPF: {DB7ACFA2-9634-4C98-BC9D-FB9416153022} (nvEPLMedia Control) - http://85.13.82.48/control/nvEPLMedia.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 8338 bytes

Malwarebytes' Anti-Malware
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.09.14.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Luki :: BLUEDAEMON [administrátor]

Ochrana: Povolena

15.9.2013 12:10:40
MBAM-log-2013-09-15 (12-26-28).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 276420
Uplynulý čas: 13 minut, 25 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 16
HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Nebyla provedena žádná instrukce.
HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Nebyla provedena žádná instrukce.
HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Nebyla provedena žádná instrukce.
HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Nebyla provedena žádná instrukce.
HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B8746E1-CE17-AF6E-F013-05AC56AA29DF} (PUP.Optional.Tarma.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.Tarma.A) -> Nebyla provedena žádná instrukce.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Nebyla provedena žádná instrukce.
HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Nebyla provedena žádná instrukce.
HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} (PUP.Optional.BrowseToSave.A) -> Nebyla provedena žádná instrukce.
HKCR\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} (PUP.Optional.BrowseToSave.A) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AdVantage (Adware.Vomba) -> Data: C:\Documents and Settings\Luki\Data aplikací\advantage\AdVantage.exe -> Nebyla provedena žádná instrukce.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {571890E5-59C9-11E2-803B-00110987ABFA} -> Nebyla provedena žádná instrukce.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {571890E5-59C9-11E2-803B-00110987ABFA} -> Nebyla provedena žádná instrukce.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 2
C:\Documents and Settings\Luki\Data aplikací\SwvUpdater (PUP.Software.Updater) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\All Users\Data aplikací\Browse2save (PUP.Optional.BrowseToSave.A) -> Nebyla provedena žádná instrukce.

Nalezené soubory: 10
C:\Documents and Settings\All Users\Data aplikací\InstallMate\{28338054-D839-42A7-A04C-901BF3D0A2A2}\Setup.exe (PUP.Optional.Tarma.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\All Users\Data aplikací\InstallMate\{28338054-D839-42A7-A04C-901BF3D0A2A2}\TsuDll.dll (PUP.Optional.Tarma.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Luki\Local Settings\Temp\RUHkeGgR.exe.part (PUP.Optional.Vid) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Luki\Local Settings\Temp\Shortcut_bundlesweetimsetup.exe (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Luki\Local Settings\Temp\SimboApp.exe (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Luki\Local Settings\Temp\Updater.exe (PUP.Optional.Amonetize) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Luki\Data aplikací\SwvUpdater\Updater.xml (PUP.Software.Updater) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Luki\Data aplikací\SwvUpdater\status.cfg (PUP.Software.Updater) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\All Users\Data aplikací\Browse2save\51641b2ef1d03.tlb (PUP.Optional.BrowseToSave.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\All Users\Data aplikací\Browse2save\settings.ini (PUP.Optional.BrowseToSave.A) -> Nebyla provedena žádná instrukce.

(konec)

AdwCleaner
# AdwCleaner v3.004 - Report created 15/09/2013 at 12:28:36
# Updated 15/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Luki - BLUEDAEMON
# Running from : D:\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\Luki\Data aplikací\Mozilla\Firefox\Profiles\2b8pxkqz.default\user.js
File Found : C:\Documents and Settings\Luki\Data aplikací\Mozilla\Firefox\Profiles\y4snhjvo.default\user.js
Folder Found : C:\Documents and Settings\Luki\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\kkmbfigkjbfmpbmkilfpnglagkfbbjad
Folder Found C:\Documents and Settings\All Users\Data aplikací\Browse2Save
Folder Found C:\Documents and Settings\All Users\Data aplikací\Browse2save
Folder Found C:\Documents and Settings\All Users\Data aplikací\SoftSafe
Folder Found C:\Documents and Settings\Luki\Data aplikací\Mozilla\Firefox\Profiles\y4snhjvo.default\Conduit
Folder Found C:\Documents and Settings\Luki\Data aplikací\pdfforge
Folder Found C:\Documents and Settings\Luki\Data aplikací\SwvUpdater
Folder Found C:\Documents and Settings\Luki\Data aplikací\Systweak

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\SProtector
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKLM\Software\SimplyGen
Key Found : HKLM\Software\SProtector
Key Found : HKLM\Software\Tarma Installer
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [AdVantage]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512

-\\ Mozilla Firefox v23.0.1 (cs)

[ File : C:\Documents and Settings\Luki\Data aplikací\Mozilla\Firefox\Profiles\2b8pxkqz.default\prefs.js ]

[ File : C:\Documents and Settings\Luki\Data aplikací\Mozilla\Firefox\Profiles\y4snhjvo.default\prefs.js ]

Line Found : user_pref("CT1750559.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT1750559.CTID", "CT1750559");
Line Found : user_pref("CT1750559.DialogsAlignMode", "LTR");
Line Found : user_pref("CT1750559.FirstTime", true);
Line Found : user_pref("CT1750559.FirstTimeFF3", true);
Line Found : user_pref("CT1750559.FixPageNotFoundErrors", true);
Line Found : user_pref("CT1750559.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT1750559.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT1750559.Initialize", true);
Line Found : user_pref("CT1750559.InitializeCommonPrefs", true);
Line Found : user_pref("CT1750559.InstalledDate", "Sat Oct 10 2009 13:31:18 GMT+0200");
Line Found : user_pref("CT1750559.InvalidateCache", false);
Line Found : user_pref("CT1750559.IsGrouping", false);
Line Found : user_pref("CT1750559.IsMulticommunity", false);
Line Found : user_pref("CT1750559.IsOpenThankYouPage", true);
Line Found : user_pref("CT1750559.IsOpenUninstallPage", true);
Line Found : user_pref("CT1750559.LanguagePackLastCheckTime", "Sat Oct 10 2009 13:48:55 GMT+0200");
Line Found : user_pref("CT1750559.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT1750559.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT1750559.LastLogin_2.1.0.19", "Sat Oct 10 2009 13:48:54 GMT+0200");
Line Found : user_pref("CT1750559.LatestVersion", "2.1.0.18");
Line Found : user_pref("CT1750559.Locale", "en-us");
Line Found : user_pref("CT1750559.LoginCache", 4);
Line Found : user_pref("CT1750559.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT1750559.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT1750559.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT1750559.RadioIsPodcast", false);
Line Found : user_pref("CT1750559.RadioLastCheckTime", "Sat Oct 10 2009 13:31:17 GMT+0200");
Line Found : user_pref("CT1750559.RadioLastUpdateIPServer", "4");
Line Found : user_pref("CT1750559.RadioLastUpdateServer", "128929877726170000");
Line Found : user_pref("CT1750559.RadioMediaID", "11237206");
Line Found : user_pref("CT1750559.RadioMediaType", "Media Player");
Line Found : user_pref("CT1750559.RadioMenuSelectedID", "EBRadioMenu_CT175055911237206");
Line Found : user_pref("CT1750559.RadioStationName", "1.FM%20Dance");
Line Found : user_pref("CT1750559.RadioStationURL", "hxxp://dance.1.fm/energydance128k?MSWMExt=.asf");
Line Found : user_pref("CT1750559.SHRINK_TOOLBAR", 1);
Line Found : user_pref("CT1750559.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT1750559.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&q=");
Line Found : user_pref("CT1750559.SettingsCheckIntervalMin", 120);
Line Found : user_pref("CT1750559.SettingsLastCheckTime", "Sat Oct 10 2009 13:31:15 GMT+0200");
Line Found : user_pref("CT1750559.SettingsLastUpdate", "1251797327");
Line Found : user_pref("CT1750559.ThirdPartyComponentsInterval", 72);
Line Found : user_pref("CT1750559.ThirdPartyComponentsLastCheck", "Sat Oct 10 2009 13:31:15 GMT+0200");
Line Found : user_pref("CT1750559.ThirdPartyComponentsLastUpdate", "1251797327");
Line Found : user_pref("CT1750559.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Found : user_pref("CT1750559.UserID", "UN30536714594361794");
Line Found : user_pref("CT1750559.WeatherNetwork", "");
Line Found : user_pref("CT1750559.WeatherPollDate", "Sat Oct 10 2009 13:31:17 GMT+0200");
Line Found : user_pref("CT1750559.WeatherUnit", "C");
Line Found : user_pref("CT1750559.alertChannelId", "31130");
Line Found : user_pref("CT1750559.clientLogIsEnabled", true);
Line Found : user_pref("CT1750559.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT1750559.myStuffEnabled", true);
Line Found : user_pref("CT1750559.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT1750559.myStuffSearchUrl", "hxxp://search.conduit.com/Results.aspx?q=SEARCH_TERM&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&SearchType=ToolbarComponents");
Line Found : user_pref("CT1750559.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT1750559.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT1750559.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT1750559");
Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT1750559");
Line Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Line Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Oct 10 2009 13:31:17 GMT+0200");
Line Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Found : user_pref("CommunityToolbar.alert.locale", "en");
Line Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Oct 10 2009 13:31:15 GMT+0200");
Line Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1234796400");
Line Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Found : user_pref("CommunityToolbar.alert.userId", "{b584ab65-1ff0-4b3e-9ba2-fef27702da93}");
Line Found : user_pref("extensions.51641b2ef1c1c.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}c[...]
Line Found : user_pref("extensions.facemoods.aflt", "_#ddrnw");
Line Found : user_pref("extensions.facemoods.firstRun", false);
Line Found : user_pref("extensions.facemoods.lastActv", "2");

[ File : C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\gumcdemq.default\prefs.js ]

-\\ Google Chrome v

[ File : C:\Documents and Settings\Luki\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [11925 octets] - [15/09/2013 12:28:36]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [11986 octets] ##########

Příspěvekod **memphisto** » 15 zář 2013 16:27

V Mbam i adw nech vše smazat a dodej logy po smazání

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

Stáhni si Junkware Removal Tool

na svojí plochu.
Deaktivuj si svůj antivirový program.
Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

lukix207 · Příspěvekod **lukix207** » 15 zář 2013 19:19

Kód: Vybrat vše

Ták jsem to všecko provedl

MBAM
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
http://www.malwarebytes.org

Verze: v2013.09.14.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Luki :: BLUEDAEMON [administrátor]

Ochrana: Povolena

15.9.2013 17:38:10
mbam-log-2013-09-15 (17-38-10).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 276519
Uplynulý čas: 35 minut, 56 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 16
HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Přesun do karantény a smazání se zdařilo.
HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Přesun do karantény a smazání se zdařilo.
HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Přesun do karantény a smazání se zdařilo.
HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Přesun do karantény a smazání se zdařilo.
HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Přesun do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Přesun do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Přesun do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B8746E1-CE17-AF6E-F013-05AC56AA29DF} (PUP.Optional.Tarma.A) -> Přesun do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.Tarma.A) -> Přesun do karantény a smazání se zdařilo.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Přesun do karantény a smazání se zdařilo.
HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -> Přesun do karantény a smazání se zdařilo.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Přesun do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Přesun do karantény a smazání se zdařilo.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Přesun do karantény a smazání se zdařilo.
HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} (PUP.Optional.BrowseToSave.A) -> Přesun do karantény a smazání se zdařilo.
HKCR\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} (PUP.Optional.BrowseToSave.A) -> Přesun do karantény a smazání se zdařilo.

Nalezené hodnoty v registru: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AdVantage (Adware.Vomba) -> Data: C:\Documents and Settings\Luki\Data aplikací\advantage\AdVantage.exe -> Přesun do karantény a smazání se zdařilo.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {571890E5-59C9-11E2-803B-00110987ABFA} -> Přesun do karantény a smazání se zdařilo.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {571890E5-59C9-11E2-803B-00110987ABFA} -> Přesun do karantény a smazání se zdařilo.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 2
C:\Documents and Settings\Luki\Data aplikací\SwvUpdater (PUP.Software.Updater) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\All Users\Data aplikací\Browse2save (PUP.Optional.BrowseToSave.A) -> Přesun do karantény a smazání se zdařilo.

Nalezené soubory: 10
C:\Documents and Settings\All Users\Data aplikací\InstallMate\{28338054-D839-42A7-A04C-901BF3D0A2A2}\Setup.exe (PUP.Optional.Tarma.A) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\All Users\Data aplikací\InstallMate\{28338054-D839-42A7-A04C-901BF3D0A2A2}\TsuDll.dll (PUP.Optional.Tarma.A) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Luki\Local Settings\Temp\RUHkeGgR.exe.part (PUP.Optional.Vid) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Luki\Local Settings\Temp\Shortcut_bundlesweetimsetup.exe (PUP.Optional.SweetIM) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Luki\Local Settings\Temp\SimboApp.exe (PUP.Optional.SweetIM) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Luki\Local Settings\Temp\Updater.exe (PUP.Optional.Amonetize) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Luki\Data aplikací\SwvUpdater\Updater.xml (PUP.Software.Updater) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Luki\Data aplikací\SwvUpdater\status.cfg (PUP.Software.Updater) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\All Users\Data aplikací\Browse2save\51641b2ef1d03.tlb (PUP.Optional.BrowseToSave.A) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\All Users\Data aplikací\Browse2save\settings.ini (PUP.Optional.BrowseToSave.A) -> Přesun do karantény a smazání se zdařilo.

(konec)

ADW
# AdwCleaner v3.004 - Report created 15/09/2013 at 18:17:52
# Updated 15/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Luki - BLUEDAEMON
# Running from : D:\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\SoftSafe
Folder Deleted : C:\Documents and Settings\Luki\Data aplikací\pdfforge
Folder Deleted : C:\Documents and Settings\Luki\Data aplikací\Systweak
Folder Deleted : C:\Documents and Settings\Luki\Data aplikací\Mozilla\Firefox\Profiles\y4snhjvo.default\Conduit
File Deleted : C:\Documents and Settings\Luki\Data aplikací\Mozilla\Firefox\Profiles\2b8pxkqz.default\user.js
File Deleted : C:\Documents and Settings\Luki\Data aplikací\Mozilla\Firefox\Profiles\y4snhjvo.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SimplyGen
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512

-\\ Mozilla Firefox v23.0.1 (cs)

[ File : C:\Documents and Settings\Luki\Data aplikací\Mozilla\Firefox\Profiles\2b8pxkqz.default\prefs.js ]

[ File : C:\Documents and Settings\Luki\Data aplikací\Mozilla\Firefox\Profiles\y4snhjvo.default\prefs.js ]

Line Deleted : user_pref("CT1750559.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT1750559.CTID", "CT1750559");
Line Deleted : user_pref("CT1750559.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT1750559.FirstTime", true);
Line Deleted : user_pref("CT1750559.FirstTimeFF3", true);
Line Deleted : user_pref("CT1750559.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT1750559.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT1750559.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT1750559.Initialize", true);
Line Deleted : user_pref("CT1750559.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT1750559.InstalledDate", "Sat Oct 10 2009 13:31:18 GMT+0200");
Line Deleted : user_pref("CT1750559.InvalidateCache", false);
Line Deleted : user_pref("CT1750559.IsGrouping", false);
Line Deleted : user_pref("CT1750559.IsMulticommunity", false);
Line Deleted : user_pref("CT1750559.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT1750559.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT1750559.LanguagePackLastCheckTime", "Sat Oct 10 2009 13:48:55 GMT+0200");
Line Deleted : user_pref("CT1750559.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT1750559.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT1750559.LastLogin_2.1.0.19", "Sat Oct 10 2009 13:48:54 GMT+0200");
Line Deleted : user_pref("CT1750559.LatestVersion", "2.1.0.18");
Line Deleted : user_pref("CT1750559.Locale", "en-us");
Line Deleted : user_pref("CT1750559.LoginCache", 4);
Line Deleted : user_pref("CT1750559.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT1750559.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT1750559.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT1750559.RadioIsPodcast", false);
Line Deleted : user_pref("CT1750559.RadioLastCheckTime", "Sat Oct 10 2009 13:31:17 GMT+0200");
Line Deleted : user_pref("CT1750559.RadioLastUpdateIPServer", "4");
Line Deleted : user_pref("CT1750559.RadioLastUpdateServer", "128929877726170000");
Line Deleted : user_pref("CT1750559.RadioMediaID", "11237206");
Line Deleted : user_pref("CT1750559.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT1750559.RadioMenuSelectedID", "EBRadioMenu_CT175055911237206");
Line Deleted : user_pref("CT1750559.RadioStationName", "1.FM%20Dance");
Line Deleted : user_pref("CT1750559.RadioStationURL", "hxxp://dance.1.fm/energydance128k?MSWMExt=.asf");
Line Deleted : user_pref("CT1750559.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT1750559.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT1750559.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&q=");
Line Deleted : user_pref("CT1750559.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT1750559.SettingsLastCheckTime", "Sat Oct 10 2009 13:31:15 GMT+0200");
Line Deleted : user_pref("CT1750559.SettingsLastUpdate", "1251797327");
Line Deleted : user_pref("CT1750559.ThirdPartyComponentsInterval", 72);
Line Deleted : user_pref("CT1750559.ThirdPartyComponentsLastCheck", "Sat Oct 10 2009 13:31:15 GMT+0200");
Line Deleted : user_pref("CT1750559.ThirdPartyComponentsLastUpdate", "1251797327");
Line Deleted : user_pref("CT1750559.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Deleted : user_pref("CT1750559.UserID", "UN30536714594361794");
Line Deleted : user_pref("CT1750559.WeatherNetwork", "");
Line Deleted : user_pref("CT1750559.WeatherPollDate", "Sat Oct 10 2009 13:31:17 GMT+0200");
Line Deleted : user_pref("CT1750559.WeatherUnit", "C");
Line Deleted : user_pref("CT1750559.alertChannelId", "31130");
Line Deleted : user_pref("CT1750559.clientLogIsEnabled", true);
Line Deleted : user_pref("CT1750559.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT1750559.myStuffEnabled", true);
Line Deleted : user_pref("CT1750559.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT1750559.myStuffSearchUrl", "hxxp://search.conduit.com/Results.aspx?q=SEARCH_TERM&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&SearchType=ToolbarComponents");
Line Deleted : user_pref("CT1750559.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT1750559.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT1750559.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1750559");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1750559");
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Oct 10 2009 13:31:17 GMT+0200");
Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Oct 10 2009 13:31:15 GMT+0200");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1234796400");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "{b584ab65-1ff0-4b3e-9ba2-fef27702da93}");
Line Deleted : user_pref("extensions.51641b2ef1c1c.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}c[...]
Line Deleted : user_pref("extensions.facemoods.aflt", "_#ddrnw");
Line Deleted : user_pref("extensions.facemoods.firstRun", false);
Line Deleted : user_pref("extensions.facemoods.lastActv", "2");

[ File : C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\gumcdemq.default\prefs.js ]

-\\ Google Chrome v

[ File : C:\Documents and Settings\Luki\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [12067 octets] - [15/09/2013 12:28:36]
AdwCleaner[R1].txt - [10741 octets] - [15/09/2013 18:16:26]
AdwCleaner[S0].txt - [10897 octets] - [15/09/2013 18:17:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10958 octets] ##########

RK
RogueKiller V8.6.11 [Sep 11 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Luki [Práva správce]
Mód : Kontrola -- Datum : 09/15/2013 18:48:30
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 3 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Google Update ("C:\Documents and Settings\Luki\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c [x]) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-2025429265-764733703-839522115-1003\[...]\Run : Google Update ("C:\Documents and Settings\Luki\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c [x]) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 2 ¤¤¤
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2025429265-764733703-839522115-1003UA.job : C:\Documents and Settings\Luki\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [x][x] -> NALEZENO
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2025429265-764733703-839522115-1003Core.job : C:\Documents and Settings\Luki\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe - /c [x] -> NALEZENO

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD200EB-00BHF0 +++++
--- User ---
[MBR] 982c848b57628c703ed7c1587133c832
[BSP] 10c9c70d86f9a2847420ad70f526a116 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 19085 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD200EB-00BHF0 +++++
--- User ---
[MBR] 19dd2c68b99527b8bc580a8f24e18e95
[BSP] 953578f7c42473cd15898d6195032002 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 286173 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: WDC WD200EB-00BHF0 +++++
--- User ---
[MBR] 9c82890d9443dfda0fca70cf61f903a1
[BSP] bbab6c97874a9114b4bc3da4f464dd04 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 119236 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 244197072 | Size: 119236 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: WDC WD200EB-00BHF0 +++++
--- User ---
[MBR] f04fb56022de4ad37995c6c02f56ebe9
[BSP] 89c58685e472407f414923f9fa1ee982 : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 194474 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[0]_S_09152013_184830.txt >>

JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Microsoft Windows XP x86
Ran by Luki on ne 15.09.2013 at 18:50:09,28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4750f506-9e49-4a46-a4f2-872bf28fa4b9}

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Documents and Settings\Luki\Data aplikacˇ\mozilla\firefox\profiles\y4snhjvo.default\minidumps [5 files]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 15.09.2013 at 18:55:49,32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Kód: Vybrat vše

Zatím proces stále nabíhá. A když ho zastavím v taskmanageru tak jsem si všiml že se mění nastavení vzhledu win (z vzhledu xp na klasický a zas zpátky)

Příspěvekod **memphisto** » 15 zář 2013 19:39

Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje "Smazání- Finished "
- Klikni na "Zprávy " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je oznaèen pro odstranění, stačí restartovat počítač.

lukix207 · Příspěvekod **lukix207** » 15 zář 2013 20:32

RK
RogueKiller V8.6.11 [Sep 11 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Luki [Práva správce]
Mód : Odebrat -- Datum : 09/15/2013 19:47:43
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 5 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Google Update ("C:\Documents and Settings\Luki\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c [x]) -> VYMAZÁNO
[RUN][SUSP PATH] HKUS\S-1-5-21-2025429265-764733703-839522115-1003\[...]\Run : Google Update ("C:\Documents and Settings\Luki\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c [x]) -> [0x2] Systém nemůže nalézt uvedený soubor.
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> VYMAZÁNO
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ naplánované úlohy : 2 ¤¤¤
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2025429265-764733703-839522115-1003UA.job : C:\Documents and Settings\Luki\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [x][x] -> VYMAZÁNO
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2025429265-764733703-839522115-1003Core.job : C:\Documents and Settings\Luki\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe - /c [x] -> VYMAZÁNO

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD200EB-00BHF0 +++++
--- User ---
[MBR] 982c848b57628c703ed7c1587133c832
[BSP] 10c9c70d86f9a2847420ad70f526a116 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 19085 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD200EB-00BHF0 +++++
--- User ---
[MBR] 19dd2c68b99527b8bc580a8f24e18e95
[BSP] 953578f7c42473cd15898d6195032002 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 286173 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: WDC WD200EB-00BHF0 +++++
--- User ---
[MBR] 9c82890d9443dfda0fca70cf61f903a1
[BSP] bbab6c97874a9114b4bc3da4f464dd04 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 119236 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 244197072 | Size: 119236 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: WDC WD200EB-00BHF0 +++++
--- User ---
[MBR] f04fb56022de4ad37995c6c02f56ebe9
[BSP] 89c58685e472407f414923f9fa1ee982 : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 194474 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[0]_D_09152013_194743.txt >>
RKreport[0]_S_09152013_194705.txt

ComboFix
ComboFix 13-09-14.01 - Luki 15.09.2013 20:20:04.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1581 [GMT 2:00]
Spuštěný z: c:\documents and settings\Luki\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Luki\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences
c:\documents and settings\Luki\WINDOWS
c:\windows\IsUn0405.exe
c:\windows\msmqinst.log
c:\windows\SET2C.tmp
c:\windows\system\msvcrt40.dll
c:\windows\system32\SET423.tmp
c:\windows\system32\SETB6.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-15 do 2013-09-15 )))))))))))))))))))))))))))))))
.
.
2013-09-15 18:03 . 2013-09-15 18:10 -------- d-----w- C:\32788R22FWJFW
2013-09-15 18:01 . 2013-09-15 18:01 -------- d-----w- c:\windows\LastGood
2013-09-15 16:50 . 2013-09-15 16:50 -------- d-----w- c:\windows\ERUNT
2013-09-15 10:27 . 2013-09-15 16:18 -------- d-----w- C:\AdwCleaner
2013-09-15 10:02 . 2013-09-15 10:02 -------- d-----w- c:\documents and settings\Luki\Data aplikací\Malwarebytes
2013-09-15 10:02 . 2013-09-15 10:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-09-15 10:02 . 2013-09-15 10:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-15 10:02 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-15 08:04 . 2013-09-15 08:04 -------- d-----w- C:\$WIN_NT$.~BT
2013-09-14 23:32 . 2011-10-14 14:47 174592 -c----w- c:\windows\system32\dllcache\winmm.dll
2013-09-14 23:31 . 2010-08-27 05:54 99840 -c----w- c:\windows\system32\dllcache\srvsvc.dll
2013-09-14 23:31 . 2008-05-09 10:56 90112 -c----w- c:\windows\system32\dllcache\wshext.dll
2013-09-14 23:31 . 2008-05-09 10:56 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll
2013-09-14 23:31 . 2008-07-07 20:29 253952 -c----w- c:\windows\system32\dllcache\es.dll
2013-09-14 23:31 . 2009-03-21 14:09 988160 -c----w- c:\windows\system32\dllcache\kernel32.dll
2013-09-14 23:30 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
2013-09-14 23:16 . 2011-01-21 14:44 440320 -c----w- c:\windows\system32\dllcache\shimgvw.dll
2013-09-14 21:05 . 2013-09-14 20:56 1266056 ----a-w- C:\WindowsXP-KB927891-v3-x86-ENU.exe
2013-09-14 21:05 . 2013-09-14 20:32 3038 ----a-w- C:\fix_svchost.bat
2013-09-14 21:05 . 2013-09-14 20:32 6216032 ----a-w- C:\windowsupdateagent30-x86.exe
2013-09-14 20:37 . 2013-09-14 20:37 -------- d-----w- c:\documents and settings\Administrator
2013-09-13 08:55 . 2013-08-30 07:48 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-09-13 08:55 . 2013-08-30 07:48 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-09-13 08:55 . 2013-08-30 07:48 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-09-12 20:37 . 2001-08-17 19:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2013-09-12 20:37 . 2001-08-17 19:51 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2013-09-12 20:37 . 2008-04-14 06:51 27648 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2013-09-12 20:37 . 2008-04-14 06:51 27648 ----a-w- c:\windows\system32\irmon.dll
2013-09-12 20:37 . 2008-04-14 06:52 152064 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2013-09-12 20:37 . 2008-04-14 06:52 152064 ----a-w- c:\windows\system32\irftp.exe
2013-09-12 20:37 . 2008-04-13 22:24 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2013-09-12 20:37 . 2008-04-13 22:24 88192 ----a-w- c:\windows\system32\drivers\irda.sys
2013-09-12 20:37 . 2008-04-14 06:52 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2013-09-12 20:37 . 2008-04-14 06:52 8192 ----a-w- c:\windows\system32\wshirda.dll
2013-09-12 20:34 . 2001-08-17 19:51 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2013-09-12 20:34 . 2001-08-17 19:51 18688 ----a-w- c:\windows\system32\drivers\irsir.sys
2013-09-05 18:46 . 2013-09-05 18:46 -------- d-----w- c:\documents and settings\Luki\Data aplikací\PC Suite
2013-09-05 18:46 . 2013-09-05 18:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Suite
2013-08-25 17:01 . 2013-08-25 17:01 -------- d-----w- c:\documents and settings\Luki\Data aplikací\PC Remote
2013-08-25 17:00 . 2013-08-25 17:00 -------- d-----w- c:\program files\PC Remote
2013-08-23 19:04 . 2013-08-23 19:04 -------- d-----w- c:\documents and settings\Luki\Local Settings\Data aplikací\Symbian-Toys.com
2013-08-23 19:04 . 2013-08-23 19:04 -------- d-----w- c:\documents and settings\Luki\Data aplikací\NaviFirmPlus
2013-08-19 19:13 . 2013-08-19 19:13 -------- d-----w- c:\documents and settings\Luki\Data aplikací\YCanPDF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-13 22:45 . 2012-04-04 18:43 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-13 22:45 . 2011-06-01 15:06 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-30 07:48 . 2011-01-03 16:45 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2011-01-03 15:05 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2011-02-27 08:07 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2011-01-03 15:05 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-08-30 07:48 . 2011-01-03 16:45 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:47 . 2011-02-15 16:38 41664 ----a-w- c:\windows\avastSS.scr
2013-08-30 07:47 . 2011-01-03 15:05 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-28 16:46 . 2011-05-08 16:49 53064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2013-08-28 16:46 . 2011-05-08 16:48 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-08-28 16:46 . 2011-05-08 16:49 31560 ----a-w- c:\windows\system32\LMIport.dll
2013-08-28 16:46 . 2011-05-08 16:48 92488 ----a-w- c:\windows\system32\LMIinit.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 130736 ----a-w- c:\documents and settings\Luki\Data aplikací\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 130736 ----a-w- c:\documents and settings\Luki\Data aplikací\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 130736 ----a-w- c:\documents and settings\Luki\Data aplikací\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 130736 ----a-w- c:\documents and settings\Luki\Data aplikací\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-06-10 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-06-10 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"ftutil2"="ftutil2.dll" [2003-12-17 106496]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"iTunesHelper"="g:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2013-08-28 16:46 92488 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"g:\\program files\\TmUnitedForever\\TmForever.exe"=
"g:\\program files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"d:\\-=INSTAL=-\\Games\\Quake 3\\quake3.exe"=
"c:\\Program Files\\QIP 2012\\qip.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"g:\\program files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Luki\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8888:TCP"= 8888:TCP:aver
"8888:UDP"= 8888:UDP:aver
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [13.9.2013 10:55 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [13.9.2013 10:55 177864]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [1.1.2011 16:52 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [1.1.2011 16:52 5248]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [29.8.2007 3:04 116264]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [27.2.2011 10:07 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3.1.2011 18:45 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.1.2011 18:45 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [13.9.2013 10:55 66336]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [1.3.2011 12:11 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [17.9.2010 15:40 13624]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [15.9.2013 12:02 22856]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [3.4.2012 18:20 27632]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [15.9.2013 12:02 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3.6.2013 16:21 162408]
S2 UltraMonUtility;UltraMon Utility Driver;\??\c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys --> c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [?]
S3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\drivers\3xHybrid.sys [29.12.2009 17:46 1121536]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys --> c:\windows\system32\drivers\AtihdXP3.sys [?]
S3 emu10kx;Creative EMU10K1/EMU10K2 Audio Driver (WDM);c:\windows\system32\drivers\e10kx2k.sys --> c:\windows\system32\drivers\e10kx2k.sys [?]
S3 MSI_DVD_010507;MSI_DVD_010507;\??\c:\program files\MSI\Live Update 5\DVDSYS32_100507.sys --> c:\program files\MSI\Live Update 5\DVDSYS32_100507.sys [?]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;\??\c:\program files\MSI\Live Update 5\msibios32_100507.sys --> c:\program files\MSI\Live Update 5\msibios32_100507.sys [?]
S3 MSI_VGASYS_010507;MSI_VGASYS_010507;\??\c:\program files\MSI\Live Update 5\VGASYS32_100507.sys --> c:\program files\MSI\Live Update 5\VGASYS32_100507.sys [?]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;\??\c:\program files\MSI\Live Update 5\NTIOLib.sys --> c:\program files\MSI\Live Update 5\NTIOLib.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [3.4.2012 18:18 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [3.4.2012 18:18 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [3.4.2012 18:18 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [3.4.2012 18:19 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [3.4.2012 18:18 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [3.4.2012 18:18 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [3.4.2012 18:19 115752]
S3 usbser32;Neato Robotics USB Driver;c:\windows\system32\drivers\usbser.sys [1.6.2011 17:57 26112]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 22:45]
.
2013-08-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2013-09-15 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-09-13 07:47]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Link to &MidpX - c:\program files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
TCP: DhcpNameServer = 192.168.0.10
FF - ProfilePath - c:\documents and settings\Luki\Data aplikací\Mozilla\Firefox\Profiles\y4snhjvo.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: !HIDDEN! 2011-01-06 17:37; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-LinkMagic for magicolor 1680MF - (no file)
HKCU-Run-VoipDiscount - c:\program files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Botanicula - c:\program files\GOG.com\Botanicula\unins000.exe
AddRemove-Botanicula_is1 - c:\program files\GOG.com\Botanicula\unins000.exe
AddRemove-Creative News - c:\program files\Creative\News\CTNews.isu
AddRemove-EBookME_is1 - c:\program files\EBookME\unins000.exe
AddRemove-Restorator2007_is1 - c:\program files\Restorator 2007\UninsHs.exe
AddRemove-TmNationsForever_is1 - e:\program files\TmNationsForever\unins000.exe
AddRemove-TmUnited_is1 - e:\program files\TrackMania United\unins000.exe
AddRemove-Vypínač na dobrou noc_is1 - c:\program files\Vypínač na dobrou noc\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-15 20:27
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2025429265-764733703-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8A9327CD-ACE0-61A3-548F-F2AAA3E39807}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Celkový čas: 2013-09-15 20:29:59
ComboFix-quarantined-files.txt 2013-09-15 18:29
.
Před spuštěním: 1 652 027 392
Po spuštění: 1 911 205 888
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[Boot Loader]
Timeout=2
Default=c:\$win_nt$.~bt\BOOTSECT.DAT
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
c:\$win_nt$.~bt\BOOTSECT.DAT="Microsoft Windows XP Professional - instalace"
.
- - End Of File - - 6FA49667014A5FD7179E996E2CF15651
413FC2A0C716421B3158746D63736515

Prosím o kontrolu - také svchost.exe Vyřešeno

Prosím o kontrolu - také svchost.exe

Re: Prosím o kontrolu - také svchost.exe

Re: Prosím o kontrolu - také svchost.exe

Re: Prosím o kontrolu - také svchost.exe

Re: Prosím o kontrolu - také svchost.exe

Re: Prosím o kontrolu - také svchost.exe

Re: Prosím o kontrolu - také svchost.exe

Re: Prosím o kontrolu - také svchost.exe

Re: Prosím o kontrolu - také svchost.exe

Re: Prosím o kontrolu - také svchost.exe

Re: Prosím o kontrolu - také svchost.exe

Re: Prosím o kontrolu - také svchost.exe

Kdo je online