Prosím o kontrolu Logu

[NoriSek]

Dobrý den,
poslední dobou se mi zpomalil PC, internet netuším čím to může být. Sám už si nevím rady je možné, že mám slledované PC? Myslim si, že sestava je obstojná a nikdy se ani v přahrávači nesekal.

Intel Celeron D 331 OC 28% (3,41GHz)
2GB Ram (DDR PC3200 )
ATi 3650 512MB

Snad mi někdo pomůže

-- 29. 10. 2012 15:32 --

Log HijackThis

Kód: Vybrat vše

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:31:38, on 29.10.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\TP-LINK\COMMON\RaRegistry.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\BPK\bpk.exe
C:\Program Files\TP-LINK\COMMON\TWCU.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\mom.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\*****\Plocha\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SS SS Plugin - {1D1B2879-99FF-11E3-8D96-D7ACAC95952A} - C:\Documents and Settings\All Users\BPK\bpkwb.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [bpk] C:\Documents and Settings\All Users\BPK\bpk.exe
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP 2012\qip.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: TP-LINK Wireless Utility.lnk = C:\Program Files\TP-LINK\COMMON\TWCU.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\TP-LINK\COMMON\RaRegistry.exe

--
End of file - 6130 bytes


-- 29. 10. 2012 15:34 --

Log DDS

Kód: Vybrat vše

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.9.2
Run by ***** at 14:33:03 on 2012-10-29
Systém Microsoft Windows XP Professional  5.1.2600.3.1250.420.1029.18.2047.1531 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 4.2 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\TP-LINK\COMMON\RaRegistry.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\BPK\bpk.exe
C:\Program Files\TP-LINK\COMMON\TWCU.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\mom.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SS Plugin Class: {1D1B2879-99FF-11E3-8D96-D7ACAC95952A} - c:\documents and settings\all users\bpk\bpkwb.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [bpk] c:\documents and settings\all users\bpk\bpk.exe
uRun: [Infium] "c:\program files\qip 2012\qip.exe" /autorun
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\tp-lin~1.lnk - c:\program files\tp-link\common\TWCU.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.5.1 192.168.5.1
TCP: Interfaces\{523B16FA-6217-44E5-9D83-41F05957F19E} : DHCPNameServer = 192.168.5.1 192.168.5.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
Hosts: 127.0.0.1   www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\*****\data aplikací\mozilla\firefox\profiles\j74jaa2w.default\
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-4-28 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-7-2 95896]
R1 tidnet;TID NDIS Protocol Driver;c:\windows\system32\drivers\tidnet.sys [2009-9-15 19200]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-7-2 810144]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\tp-link\common\RaRegistry.exe [2012-10-20 185632]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [2012-10-20 19072]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2008-4-13 69120]
R3 rt2870;TP-LINK Wireless USB Adapter;c:\windows\system32\drivers\rt2870.sys [2012-10-20 827488]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-10-4 250808]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [2012-10-28 24448]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2012-10-28 100736]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-10-24 115168]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2012-9-13 104280]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?]
.
=============== Created Last 30 ================
.
2012-11-24 00:19:20   --------   d-----w-   c:\program files\TopCD
2012-10-29 12:28:49   --------   d-----w-   c:\documents and settings\*****\data aplikací\Ad-Aware Antivirus
2012-10-28 15:02:08   --------   d-----w-   c:\documents and settings\*****\data aplikací\DVDVideoSoftIEHelpers
2012-10-28 15:01:08   --------   d-----w-   C:\Microgaming
2012-10-28 15:01:01   --------   d-----w-   c:\program files\Mozilla Maintenance Service
2012-10-28 13:05:34   --------   d-----w-   c:\program files\common files\DVDVideoSoft
2012-10-28 13:05:32   --------   d-----w-   c:\program files\DVDVideoSoft
2012-10-28 13:04:39   --------   d-----w-   c:\documents and settings\*****\data aplikací\DVDVideoSoft
2012-10-28 12:39:07   24448   ----a-w-   c:\windows\system32\drivers\ewdcsc.sys
2012-10-28 12:39:07   113280   ----a-w-   c:\windows\system32\drivers\ewusbnet.sys
2012-10-28 12:39:07   102528   ----a-w-   c:\windows\system32\drivers\ewusbmdm.sys
2012-10-28 12:39:07   100736   ----a-w-   c:\windows\system32\drivers\ewusbdev.sys
2012-10-28 12:38:50   --------   d-----w-   c:\program files\O2
2012-10-26 21:18:25   --------   d-----w-   c:\documents and settings\*****\data aplikací\BSplayer Pro
2012-10-26 21:18:25   --------   d-----w-   c:\documents and settings\*****\data aplikací\BSplayer
2012-10-26 21:18:14   --------   d-----w-   c:\program files\Webteh
2012-10-26 14:05:04   21504   -c--a-w-   c:\windows\system32\dllcache\hidserv.dll
2012-10-26 14:05:04   21504   ----a-w-   c:\windows\system32\hidserv.dll
2012-10-26 14:05:01   14592   -c--a-w-   c:\windows\system32\dllcache\kbdhid.sys
2012-10-26 14:05:01   14592   ----a-w-   c:\windows\system32\drivers\kbdhid.sys
2012-10-26 14:04:49   32128   -c--a-w-   c:\windows\system32\dllcache\usbccgp.sys
2012-10-26 14:04:49   32128   ----a-w-   c:\windows\system32\drivers\usbccgp.sys
2012-10-25 03:21:36   733184   ----a-w-   c:\program files\common files\installshield\professional\runtime\10\01\intel32\iKernel.dll
2012-10-25 03:21:36   69715   ----a-w-   c:\program files\common files\installshield\professional\runtime\10\01\intel32\ctor.dll
2012-10-25 03:21:36   5632   ----a-w-   c:\program files\common files\installshield\professional\runtime\10\01\intel32\DotNetInstaller.exe
2012-10-25 03:21:36   266240   ----a-w-   c:\program files\common files\installshield\professional\runtime\10\01\intel32\iscript.dll
2012-10-25 03:21:36   172032   ----a-w-   c:\program files\common files\installshield\professional\runtime\10\01\intel32\iuser.dll
2012-10-25 03:21:27   180356   ----a-w-   c:\program files\common files\installshield\professional\runtime\10\01\intel32\iGdi.dll
2012-10-25 03:21:26   303236   ----a-w-   c:\program files\common files\installshield\professional\runtime\10\01\intel32\setup.dll
2012-10-24 20:48:43   --------   d-----w-   c:\documents and settings\*****\data aplikací\Mozilla
2012-10-24 08:45:46   --------   d-----w-   c:\program files\Microsoft Bootvis
2012-10-24 04:14:48   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2012-10-24 04:08:14   --------   d-----w-   c:\windows\pss
2012-10-24 03:52:03   --------   d-----w-   c:\program files\RegCleaner
2012-10-20 12:03:21   42672   ------w-   c:\windows\system32\wbsys.dll
2012-10-20 12:03:19   --------   d-----w-   c:\program files\Stardock
2012-10-20 11:51:39   796032   ----a-w-   c:\windows\system32\Scutum.dll
2012-10-20 11:51:39   200704   ----a-w-   c:\windows\system32\ssleay32.dll
2012-10-20 11:51:39   19072   ----a-w-   c:\windows\system32\drivers\Scutum50.sys
2012-10-20 11:51:39   180224   ----a-w-   c:\windows\system32\W32N55.dll
2012-10-20 11:51:39   152968   ----a-w-   c:\windows\system32\RalinkGina.dll
2012-10-20 11:51:39   147456   ----a-w-   c:\windows\system32\DiagFunc.dll
2012-10-20 11:51:39   1085440   ----a-w-   c:\windows\system32\libeay32.dll
2012-10-20 11:51:32   --------   d-----w-   c:\program files\TP-LINK
2012-10-20 11:46:57   827488   ----a-r-   c:\windows\system32\drivers\rt2870.sys
2012-10-20 11:33:46   219648   ----a-w-   c:\windows\system32\uxtheme.uxtender
2012-10-20 11:31:25   441   ----a-w-   C:\bootbak.bat
2012-10-20 11:30:27   608448   ----a-w-   c:\windows\system32\comctl32.ocx
2012-10-20 11:18:23   --------   d-----w-   c:\program files\MacSearch_v.1.4.3
2012-10-20 11:17:41   --------   d-----w-   c:\program files\Styler
2012-10-20 11:17:04   --------   d-----w-   c:\program files\TrueTransparency
2012-10-20 10:53:14   --------   d--h--w-   c:\documents and settings\all users\BPK
2012-10-19 16:39:31   --------   d-----w-   c:\windows\system32\appmgmt
2012-10-18 22:48:23   --------   d-----w-   c:\documents and settings\*****\data aplikací\Opera
2012-10-18 17:17:25   --------   d-----w-   c:\documents and settings\*****\data aplikací\Hamachi
2012-10-18 17:16:52   25280   ----a-w-   c:\windows\system32\drivers\hamachi.sys
2012-10-18 17:16:51   --------   d-----w-   c:\program files\Hamachi
2012-10-18 12:38:57   --------   d-----w-   c:\documents and settings\*****\.android
2012-10-18 12:38:42   143872   ----a-w-   c:\windows\system32\javacpl.cpl
2012-10-18 12:38:41   821736   ----a-w-   c:\windows\system32\npDeployJava1.dll
2012-10-18 12:38:41   746984   ----a-w-   c:\windows\system32\deployJava1.dll
2012-10-18 12:38:19   93672   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2012-10-18 12:35:11   --------   d-----w-   c:\documents and settings\*****\data aplikací\Sun
2012-10-18 11:49:40   --------   d-----w-   c:\documents and settings\*****\VirtualBox VMs
2012-10-18 11:49:10   --------   d-----w-   c:\documents and settings\*****\.VirtualBox
2012-10-18 11:46:37   187736   ----a-w-   c:\windows\system32\drivers\VBoxDrv.sys
2012-10-18 11:46:29   94040   ----a-w-   c:\windows\system32\drivers\VBoxUSBMon.sys
2012-10-17 23:40:13   --------   d-----w-   c:\documents and settings\*****\data aplikací\RedDotGames
2012-10-17 23:39:01   3690496   ----a-w-   c:\windows\system32\tv3d65.dll
2012-10-17 23:35:19   --------   d-----w-   c:\program files\Play
2012-10-11 23:02:15   --------   d-----w-   c:\documents and settings\*****\data aplikací\vlc
2012-10-11 17:07:41   --------   d-----w-   c:\documents and settings\*****\data aplikací\BlackBean
2012-10-11 10:21:00   --------   d-----w-   c:\documents and settings\*****\data aplikací\Skype
2012-10-10 20:54:10   --------   d-----w-   c:\program files\common files\DirectX
2012-10-10 19:19:02   12160   -c--a-w-   c:\windows\system32\dllcache\mouhid.sys
2012-10-10 19:19:02   12160   ----a-w-   c:\windows\system32\drivers\mouhid.sys
2012-10-09 14:55:07   281768   ----a-w-   c:\windows\system32\PnkBstrB.xtr
2012-10-08 17:40:23   --------   d-----w-   c:\program files\GamePark
2012-10-08 17:33:54   --------   d-sh--w-   c:\windows\ftpcache
2012-10-08 17:30:57   22328   ------w-   c:\documents and settings\*****\data aplikací\PnkBstrK.sys
2012-10-08 17:30:57   139832   ----a-w-   c:\windows\system32\drivers\PnkBstrK.sys
2012-10-08 17:30:41   281768   ----a-w-   c:\windows\system32\PnkBstrB.exe
2012-10-08 17:30:41   281768   ----a-w-   c:\windows\system32\PnkBstrB.ex0
2012-10-08 17:30:37   76888   ----a-w-   c:\windows\system32\PnkBstrA.exe
2012-10-08 17:30:37   --------   d-----w-   c:\windows\system32\LogFiles
2012-10-08 15:13:54   --------   d-----w-   c:\documents and settings\*****\data aplikací\InstallShield
2012-10-08 11:26:19   --------   d-sh--w-   C:\found.000
2012-10-08 03:59:23   --------   d-sh--w-   c:\documents and settings\*****\PrivacIE
2012-10-08 03:50:46   --------   d-----w-   c:\documents and settings\*****\data aplikací\QIP
2012-10-08 03:50:17   --------   d-----w-   c:\program files\QIP 2012
2012-10-08 03:39:55   --------   d-----w-   c:\program files\ESET
2012-10-08 03:39:04   --------   d-----w-   c:\program files\TNod User & Password Finder
2012-10-07 16:13:22   --------   d-----w-   c:\documents and settings\*****\data aplikací\Tropico3
2012-10-06 23:06:24   737280   ----a-w-   c:\windows\iun6002.exe
2012-10-06 23:06:19   --------   d-----w-   c:\program files\Codec Pack - All In 1
2012-10-06 20:00:40   10368   -c--a-w-   c:\windows\system32\dllcache\hidusb.sys
2012-10-06 20:00:40   10368   ----a-w-   c:\windows\system32\drivers\hidusb.sys
2012-10-06 16:28:52   733184   ----a-w-   c:\program files\common files\installshield\professional\runtime\10\00\intel32\iKernel.dll
2012-10-06 16:28:52   69715   ----a-w-   c:\program files\common files\installshield\professional\runtime\10\00\intel32\ctor.dll
2012-10-06 16:28:52   5632   ----a-w-   c:\program files\common files\installshield\professional\runtime\10\00\intel32\DotNetInstaller.exe
2012-10-06 16:28:52   266240   ----a-w-   c:\program files\common files\installshield\professional\runtime\10\00\intel32\iscript.dll
2012-10-06 16:28:52   172032   ----a-w-   c:\program files\common files\installshield\professional\runtime\10\00\intel32\iuser.dll
2012-10-06 16:28:49   303236   ----a-w-   c:\program files\common files\installshield\professional\runtime\10\00\intel32\setup.dll
2012-10-06 16:28:49   180356   ----a-w-   c:\program files\common files\installshield\professional\runtime\10\00\intel32\iGdi.dll
2012-10-06 01:37:28   --------   d-sh--w-   c:\documents and settings\*****\IETldCache
2012-10-06 01:19:38   521728   -c----w-   c:\windows\system32\dllcache\jsdbgui.dll
2012-10-06 01:18:58   6144   -c----w-   c:\windows\system32\dllcache\iecompat.dll
2012-10-06 01:18:32   --------   d-----w-   c:\windows\ie8updates
2012-10-06 01:18:20   743424   -c----w-   c:\windows\system32\dllcache\iedvtool.dll
2012-10-06 01:18:20   247808   -c----w-   c:\windows\system32\dllcache\ieproxy.dll
2012-10-06 01:18:20   12800   -c----w-   c:\windows\system32\dllcache\xpshims.dll
2012-10-06 01:16:31   --------   dc-h--w-   c:\windows\ie8
2012-10-05 22:01:48   309616   ----a-w-   c:\windows\system32\wmv8dmod.dll
2012-10-05 22:01:48   241664   ----a-w-   c:\windows\system32\mp4sds32.ax
2012-10-05 22:01:47   420240   ----a-w-   c:\windows\system32\mpg4c32.dll
2012-10-05 21:55:21   696320   ----a-w-   c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2012-10-05 21:55:21   57344   ----a-w-   c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2012-10-05 21:55:21   5632   ----a-w-   c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2012-10-05 21:55:21   237568   ----a-w-   c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2012-10-05 21:55:21   155648   ----a-w-   c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2012-10-05 21:55:19   282756   ----a-w-   c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2012-10-05 21:55:19   163972   ----a-w-   c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2012-10-05 13:05:07   --------   d-----w-   c:\program files\uTorrent
2012-10-05 13:04:26   --------   d-----w-   c:\documents and settings\*****\data aplikací\uTorrent
2012-10-05 12:29:14   26368   -c--a-w-   c:\windows\system32\dllcache\usbstor.sys
2012-10-05 12:08:32   272128   -c----w-   c:\windows\system32\dllcache\bthport.sys
2012-10-05 12:08:32   272128   ------w-   c:\windows\system32\drivers\bthport.sys
2012-10-05 12:02:27   293376   ------w-   c:\windows\system32\browserchoice.exe
2012-10-05 00:26:17   8704   -c----w-   c:\windows\system32\dllcache\tsbyuv.dll
2012-10-05 00:26:17   48128   -c----w-   c:\windows\system32\dllcache\iyuv_32.dll
2012-10-05 00:25:36   3072   -c----w-   c:\windows\system32\dllcache\iacenc.dll
2012-10-05 00:25:36   3072   ------w-   c:\windows\system32\iacenc.dll
2012-10-05 00:25:11   --------   d-----w-   c:\windows\system32\AGEIA
2012-10-05 00:24:25   --------   d-----w-   c:\program files\common files\Wise Installation Wizard
2012-10-05 00:22:03   26144   ----a-w-   c:\windows\system32\spupdsvc.exe
2012-10-05 00:22:03   --------   d-----w-   c:\windows\system32\PreInstall
.
==================== Find3M  ====================
.
2012-10-24 07:15:39   73656   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-24 07:15:39   696760   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-10-20 11:33:46   219648   ----a-w-   c:\windows\system32\uxtheme.dll
2012-10-04 18:59:55   444952   ----a-w-   c:\windows\system32\wrap_oal.dll
2012-10-04 18:59:54   109080   ----a-w-   c:\windows\system32\OpenAL32.dll
2012-10-04 18:45:58   0   ----a-w-   c:\windows\ativpsrm.bin
2012-09-13 06:30:22   104280   ----a-w-   c:\windows\system32\drivers\VBoxNetAdp.sys
2012-08-28 15:18:59   916992   ----a-w-   c:\windows\system32\wininet.dll
2012-08-28 15:18:53   43520   ------w-   c:\windows\system32\licmgr10.dll
2012-08-28 15:18:52   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:32   385024   ------w-   c:\windows\system32\html.iec
2012-08-24 13:53:44   177664   ----a-w-   c:\windows\system32\wintrust.dll
2012-08-24 07:57:00   113104   ----a-w-   c:\windows\system32\drivers\scdemu.sys
2012-08-23 06:27:29   2195072   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-08-23 06:27:29   2071808   ----a-w-   c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 14:33:47,28 ===============


-- 29. 10. 2012 15:40 --

[Milanr1]

1) OS není optimalizovaný.
2) Bezpečnostní systém není aktualizovaný.
3) OS je úspěšně hacknutý.
Keylogger + trojan:
C:\Documents and Settings\All Users\BPK\bpk.exe
SS SS Plugin - {1D1B2879-99FF-11E3-8D96-D7ACAC95952A} - C:\Documents and Settings\All Users\BPK\bpkwb.dll

Co s tím?
1) Odpojit OS od sítě.
2) Vyházet (= smazat) výše uvedené exploity + příslušné záznamy v registru v nouzovém režimu.
3) Vyčistit Tempy a cache:
cleanmgr
4) Nepoužívat vektory exploitů:
C:\Program Files\QIP 2012\qip.exe
C:\Program Files\Messenger\msmsgs.exe
free herní servery
apod.
5) Používat výhradně jen plnou verzi pravidelně aktualizovaného bezpečnostního sw.
6) Nepoužívat předregistrovaný OS z torrentů. Bývá zamořen exploity.
7) Zbytečně bez příčiny neupravovat originální OS pomocí nLite.
8 ) Optimalizovat OS.

Pokud to nezvládneš:
svěř to odborníkovi.

[NoriSek]

bpk jsem instaloval sám optimalizace os prosim o upresneni.. a na legalni windows fakt nemám a mimochodem cemu vadi qip.. Mam pocit, ze nemuzu mit jiz nic

[Milanr1]

To nic nemění na tom, že se jedná o exploit.
Naprostou většinu exploitů si nainstaluje BFU vědomě.
Jen netuší, že se jedná o exploity.
Btw:
nelegální OS se zde neřeší: viz Pravidla fóra.

[soban]

Pokud nemáš na OS jsou i OS zadarmo - různé verze Linuxu, freedos a pod....

Podpora nelegálního OS se zde neřeší.

[KineCZek]

Podporu k WAREZ softwaru hledej u toho, od nejz sis WAREZ software stahnul. Ze je velke mnozstvi warez veci infikovanych uz v okamziku, kdy si je stahujes, je totiz smutnym faktem.