Zdravím chci se zeptat jestli náhodou nemám v pc skype vir
log:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Pocitac at 2012-10-07 10:20:36
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 27 GB (18%) free of 150 GB
Total RAM: 2047 MB (44% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:20:47, on 7.10.2012
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18639)
Boot mode: Normal
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Pocitac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pocitac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pocitac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pocitac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\Pocitac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Pocitac\Desktop\RSIT.exe
C:\Program Files\trend micro\Pocitac.exe
C:\Users\Pocitac\AppData\Local\Google\Chrome\Application\chrome.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\real\realplayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Pocitac\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "D:\Steam\steam.exe" -silent
O4 - HKUS\S-1-5-21-27934734-3223811039-417756276-1005\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-27934734-3223811039-417756276-1005\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-27934734-3223811039-417756276-1005\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-27934734-3223811039-417756276-1005\..\Run: [NetLimiter] D:\NetLimiter 3\NLClientApp.exe /tray (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-27934734-3223811039-417756276-1005\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-27934734-3223811039-417756276-1005\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-27934734-3223811039-417756276-1005\..\Run: [Clownfish] (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-27934734-3223811039-417756276-1005\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User 'UpdatusUser')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - (no file)
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - (no file)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.31.0.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.co ... 4.16.0.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe
O23 - Service: ET Master Server Proxy Service (ET Master Server Proxy) - Unknown owner - C:\ET Master Server Proxy Service\ETMSProxy.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Hotspot Shield Service (hshld) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NetLimiter 3 Service (nlsvc) - Unknown owner - D:\NetLimiter 3\nlsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: TVersity Media Server (TVersityMediaServer) - Unknown owner - C:\ProgramData\TVersity\Media Server\MediaServer.exe
--
End of file - 12455 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-27934734-3223811039-417756276-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-27934734-3223811039-417756276-1000UA.job
C:\Windows\tasks\ReclaimerUpdateFiles_Pocitac.job
C:\Windows\tasks\ReclaimerUpdateXML_Pocitac.job
C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Pocitac.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-23 1088296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-10-09 414416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23 115072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08 202144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-07-05 453544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-08-21 1227224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2008-09-23 1088296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll [2012-06-11 1307728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-07-05 157616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
Hotspot Shield Class - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll [2012-09-28 233288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08 1619352]
{98889811-442D-49dd-99D7-DC866BE87DBC}
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll [2012-06-11 1307728]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-08-21 1227224]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2012-08-21 4282728]
"TkBellExe"=C:\Program Files\real\realplayer\update\realsched.exe [2011-10-09 273528]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"Clownfish"= []
"Google Update"=C:\Users\Pocitac\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-18 136176]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-09-23 21755688]
"Steam"=D:\Steam\steam.exe -silent []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
c:\program files\amd\dual-core optimizer\amd_dc_opt.exe [2008-07-22 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-02-20 59240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
D:\DAEMON Tools Lite\DTLite.exe [2012-04-11 3672384]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-03-21 1230704]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EADM\Core.exe [2009-03-28 3325952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN]
C:\ProgramData\GameXN\GameXNGO.exe [2012-03-15 347008]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN (news)]
C:\ProgramData\GameXN\GameXNGO.exe [2012-03-15 347008]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN (update)]
C:\ProgramData\GameXN\GameXNGO.exe [2012-03-15 347008]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Pocitac\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-18 136176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.7\ICQ.exe [2012-02-06 127040]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\iTunes\iTunesHelper.exe [2012-03-27 421736]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
D:\LogMeIn\x86\LogMeInSystray.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2012-08-29 1996200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSIAfterburner]
C:\MSI Afterburner\MSIAfterburnerWrapper.exe /s []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetLimiter]
D:\NetLimiter 3\NLClientApp.exe /tray []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
D:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OscarEditor]
C:\Program Files\OSCAR Editor X7\OscarEditor.exe [2010-07-22 2636800]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
C:\Program Files\Pando Networks\Media Booster\PMB.exe [2012-06-03 3089488]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2012-06-11 10996368]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Steam\Steam.exe -silent []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\real\realplayer\update\realsched.exe [2011-10-09 273528]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
c:\program files\utorrent\utorrent.exe [2012-05-11 880496]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
C:\Program Files\Xvid\CheckUpdate.exe [2011-01-17 8192]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^eBoostr Control Panel.lnk]
D:\eBoostr\eBoostrCP.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk]
C:\PROGRA~1\GamePark2\gpcl.exe [2011-07-29 409088]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
C:\PROGRA~1\McAfee Security Scan\2.0.181\SSScheduler.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Pocitac^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
[]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=3
"NoDriveTypeAutoRun"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=3
"NoDriveTypeAutoRun"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=l3codecp.acm
"vidc.cvid"=iccvid.dll
"vidc.XVID"=xvidvfw.dll
"VIDC.FMVC"=fmcodec.dll
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"msacm.vorbis"=vorbis.acm
"VIDC.FPS1"=frapsvid.dll
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux1"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux2"=wdmaud.drv
"wave7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux3"=wdmaud.drv
"wave9"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux4"=wdmaud.drv
"midi9"=wdmaud.drv
"aux5"=wdmaud.drv
"msacm.lhacm"=lhacm.acm
"VIDC.FFDS"=ff_vfw.dll
"aux6"=wdmaud.drv
"aux7"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
======List of files/folders created in the last 1 month======
2012-10-06 00:41:58 ----D---- C:\Program Files\REVisionEffects
2012-10-06 00:27:57 ----D---- C:\Users\Pocitac\AppData\Roaming\Image-Line
2012-10-05 22:09:34 ----D---- C:\ProgramData\Hotspot Shield
2012-10-05 22:09:26 ----D---- C:\Program Files\Hotspot Shield
2012-10-04 18:49:50 ----D---- C:\Users\Pocitac\AppData\Roaming\wargaming.net
2012-10-03 18:44:03 ----D---- C:\ProgramData\Razer
2012-10-02 15:54:12 ----D---- C:\Users\Pocitac\AppData\Roaming\.techniclauncher
2012-10-01 19:44:49 ----D---- C:\Program Files\Microsoft Works
2012-10-01 19:44:11 ----D---- C:\Program Files\Microsoft Visual Studio
2012-10-01 19:40:15 ----D---- C:\Program Files\Microsoft Visual Studio 8
2012-09-29 11:15:24 ----D---- C:\Users\Pocitac\AppData\Roaming\Logitech
2012-09-29 11:14:37 ----R---- C:\Windows\bwUnin-8.1.1.87-8876480SL.exe
2012-09-29 11:11:55 ----A---- C:\Windows\system32\BtCoreIf.dll
2012-09-29 11:11:51 ----A---- C:\Windows\system32\KemXML.dll
2012-09-29 11:11:51 ----A---- C:\Windows\system32\KemWnd.dll
2012-09-29 11:11:51 ----A---- C:\Windows\system32\KemUtil.dll
2012-09-29 11:11:51 ----A---- C:\Windows\system32\kemutb.dll
2012-09-29 11:11:31 ----D---- C:\ProgramData\Logitech
2012-09-29 11:11:27 ----D---- C:\Program Files\Common Files\Logishrd
2012-09-29 11:11:23 ----D---- C:\Program Files\Logitech
2012-09-29 11:10:55 ----D---- C:\ProgramData\LogiShrd
2012-09-26 17:14:12 ----D---- C:\Users\Pocitac\AppData\Roaming\SPORE
2012-09-26 16:46:26 ----D---- C:\Spore
2012-09-23 09:19:43 ----D---- C:\videa
2012-09-22 21:41:42 ----A---- C:\Windows\system32\PnkBstrB.exe
2012-09-22 17:57:37 ----D---- C:\Users\Pocitac\AppData\Roaming\LolClient
2012-09-22 15:56:55 ----D---- C:\Battlefield 2
2012-09-22 13:09:20 ----D---- C:\Program Files\Common Files\Skype
2012-09-22 12:49:44 ----D---- C:\LoL
2012-09-19 17:36:27 ----HD---- C:\Windows\PIF
2012-09-17 15:58:26 ----D---- C:\temp
2012-09-17 15:55:22 ----A---- C:\Windows\system32\nvhdap32.dll
2012-09-17 15:55:22 ----A---- C:\Windows\system32\drivers\nvhda32v.sys
2012-09-17 15:55:21 ----A---- C:\Windows\system32\nvopencl.dll
2012-09-17 15:55:20 ----A---- C:\Windows\system32\nvwgf2um.dll
2012-09-17 15:55:20 ----A---- C:\Windows\system32\nvoglv32.dll
2012-09-17 15:55:20 ----A---- C:\Windows\system32\nvdispgenco32.dll
2012-09-17 15:55:20 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2012-09-17 15:55:19 ----A---- C:\Windows\system32\nvcuda.dll
2012-09-17 15:55:18 ----A---- C:\Windows\system32\nvcuvid.dll
2012-09-17 15:55:18 ----A---- C:\Windows\system32\nvcuvenc.dll
2012-09-17 15:55:18 ----A---- C:\Windows\system32\nvcompiler.dll
2012-09-16 18:32:05 ----D---- C:\Rockstar Games
2012-09-16 11:32:05 ----D---- C:\Users\Pocitac\AppData\Roaming\Kalydo
2012-09-11 16:38:41 ----D---- C:\Users\Pocitac\AppData\Roaming\Need for Speed World
2012-09-08 00:29:32 ----D---- C:\Windows\system32\RTCOM
2012-09-08 00:28:19 ----A---- C:\Windows\system32\WavesLib.dll
2012-09-08 00:28:19 ----A---- C:\Windows\system32\WavesGUILib.dll
2012-09-08 00:28:19 ----A---- C:\Windows\system32\tosade.dll
2012-09-08 00:28:19 ----A---- C:\Windows\system32\TepeqAPO.dll
2012-09-08 00:28:19 ----A---- C:\Windows\system32\tadefxapo2.dll
2012-09-08 00:28:19 ----A---- C:\Windows\system32\tadefxapo.dll
2012-09-08 00:28:18 ----A---- C:\Windows\system32\SRSWOW.dll
2012-09-08 00:28:18 ----A---- C:\Windows\system32\SRSTSXT.dll
2012-09-08 00:28:18 ----A---- C:\Windows\system32\SRSTSHD.dll
2012-09-08 00:28:18 ----A---- C:\Windows\system32\SRSHP360.dll
2012-09-08 00:28:17 ----A---- C:\Windows\system32\SFSS_APO.dll
2012-09-08 00:28:17 ----A---- C:\Windows\system32\SFNHK.dll
2012-09-08 00:28:17 ----A---- C:\Windows\system32\SFCOM.dll
2012-09-08 00:28:17 ----A---- C:\Windows\system32\SFAPO.dll
2012-09-08 00:28:16 ----A---- C:\Windows\system32\drivers\RTKVHDA.sys
2012-09-08 00:28:15 ----A---- C:\Windows\system32\RtkPgExt.dll
2012-09-08 00:28:15 ----A---- C:\Windows\system32\RtkCoLDR.dll
2012-09-08 00:28:15 ----A---- C:\Windows\system32\RtkCoInstII.dll
2012-09-08 00:28:15 ----A---- C:\Windows\system32\RtkApoApi.dll
2012-09-08 00:28:15 ----A---- C:\Windows\system32\RtkAPO.dll
2012-09-08 00:28:14 ----A---- C:\Windows\system32\RTEEP32A.dll
2012-09-08 00:28:14 ----A---- C:\Windows\system32\RTEEL32A.dll
2012-09-08 00:28:14 ----A---- C:\Windows\system32\RTEEG32A.dll
2012-09-08 00:28:14 ----A---- C:\Windows\system32\RTEED32A.dll
2012-09-08 00:28:14 ----A---- C:\Windows\system32\RP3DHT32.dll
2012-09-08 00:28:14 ----A---- C:\Windows\system32\RP3DAA32.dll
2012-09-08 00:28:14 ----A---- C:\Windows\system32\RCoRes.dat
2012-09-08 00:28:14 ----A---- C:\Windows\system32\drivers\RTAIODAT.DAT
2012-09-08 00:28:13 ----A---- C:\Windows\system32\R4EEP32A.dll
2012-09-08 00:28:13 ----A---- C:\Windows\system32\R4EEL32A.dll
2012-09-08 00:28:13 ----A---- C:\Windows\system32\R4EEG32A.dll
2012-09-08 00:28:13 ----A---- C:\Windows\system32\R4EED32A.dll
2012-09-08 00:28:13 ----A---- C:\Windows\system32\R4EEA32A.dll
2012-09-08 00:28:13 ----A---- C:\Windows\system32\MaxxVolumeSDAPO.dll
2012-09-08 00:28:13 ----A---- C:\Windows\system32\MaxxAudioRealtek2.dll
2012-09-08 00:28:12 ----A---- C:\Windows\system32\MaxxAudioRealtek.dll
2012-09-08 00:28:12 ----A---- C:\Windows\system32\MaxxAudioEQ.dll
2012-09-08 00:28:12 ----A---- C:\Windows\system32\MaxxAudioAPOShell.dll
2012-09-08 00:28:12 ----A---- C:\Windows\system32\MaxxAudioAPO30.dll
2012-09-08 00:28:12 ----A---- C:\Windows\system32\MaxxAudioAPO20.dll
2012-09-08 00:28:12 ----A---- C:\Windows\system32\MaxxAudioAPO.dll
2012-09-08 00:28:12 ----A---- C:\Windows\system32\KAAPORT.dll
2012-09-08 00:28:08 ----A---- C:\Windows\system32\FMAPO.dll
2012-09-08 00:28:08 ----A---- C:\Windows\system32\DTSVoiceClarityDLL.dll
2012-09-08 00:28:08 ----A---- C:\Windows\system32\DTSU2PREC32.dll
2012-09-08 00:28:07 ----A---- C:\Windows\system32\DTSU2PLFX32.dll
2012-09-08 00:28:07 ----A---- C:\Windows\system32\DTSU2PGFX32.dll
2012-09-08 00:28:07 ----A---- C:\Windows\system32\DTSSymmetryDLL.dll
2012-09-08 00:28:07 ----A---- C:\Windows\system32\DTSS2SpeakerDLL.dll
2012-09-08 00:28:07 ----A---- C:\Windows\system32\DTSS2HeadphoneDLL.dll
2012-09-08 00:28:07 ----A---- C:\Windows\system32\DTSNeoPCDLL.dll
2012-09-08 00:28:07 ----A---- C:\Windows\system32\DTSLimiterDLL.dll
2012-09-08 00:28:07 ----A---- C:\Windows\system32\DTSLFXAPO.dll
2012-09-08 00:28:07 ----A---- C:\Windows\system32\DTSGFXAPONS.dll
2012-09-08 00:28:07 ----A---- C:\Windows\system32\DTSGFXAPO.dll
2012-09-08 00:28:07 ----A---- C:\Windows\system32\DTSGainCompensatorDLL.dll
2012-09-08 00:28:06 ----A---- C:\Windows\system32\DTSBoostDLL.dll
2012-09-08 00:28:06 ----A---- C:\Windows\system32\DTSBassEnhancementDLL.dll
2012-09-08 00:28:06 ----A---- C:\Windows\system32\AERTARen.dll
2012-09-08 00:28:06 ----A---- C:\Windows\system32\AERTACap.dll
2012-09-08 00:28:05 ----D---- C:\Program Files\Realtek
2012-09-08 00:28:01 ----A---- C:\Windows\RtlExUpd.dll
======List of files/folders modified in the last 1 month======
2012-10-07 10:20:47 ----D---- C:\Windows\Prefetch
2012-10-07 10:20:38 ----D---- C:\Program Files\trend micro
2012-10-07 10:15:01 ----D---- C:\Windows\Temp
2012-10-07 10:11:00 ----D---- C:\Windows\Tasks
2012-10-07 10:08:22 ----D---- C:\Users\Pocitac\AppData\Roaming\Skype
2012-10-07 10:08:17 ----D---- C:\Users\Pocitac\AppData\Roaming\skypePM
2012-10-07 10:07:46 ----D---- C:\Windows\system32\Tasks
2012-10-07 10:05:48 ----D---- C:\ProgramData\NVIDIA
2012-10-07 02:09:44 ----D---- C:\Users\Pocitac\AppData\Roaming\foobar2000
2012-10-07 00:31:45 ----D---- C:\Users\Pocitac\AppData\Roaming\Sony
2012-10-06 23:10:06 ----D---- C:\ProgramData\PMB Files
2012-10-06 23:08:54 ----D---- C:\ProgramData\Electronic Arts
2012-10-06 22:56:52 ----D---- C:\Windows\System32
2012-10-06 19:30:29 ----SHD---- C:\System Volume Information
2012-10-06 18:24:56 ----SHD---- C:\Windows\Installer
2012-10-06 17:57:38 ----D---- C:\Users\Pocitac\AppData\Roaming\uTorrent
2012-10-06 15:28:57 ----D---- C:\Windows
2012-10-06 13:43:00 ----D---- C:\Windows\system32\directx
2012-10-06 13:42:54 ----HD---- C:\Windows\msdownld.tmp
2012-10-06 11:25:57 ----D---- C:\Windows\inf
2012-10-06 11:25:45 ----D---- C:\aTube Catcher 2.0
2012-10-06 11:25:36 ----D---- C:\Program Files\DsNET Corp
2012-10-06 01:15:06 ----D---- C:\Users\Pocitac\AppData\Roaming\vlc
2012-10-06 00:41:58 ----D---- C:\Program Files
2012-10-06 00:38:31 ----SD---- C:\ProgramData\Microsoft
2012-10-06 00:23:48 ----RSD---- C:\Windows\assembly
2012-10-05 22:09:34 ----D---- C:\ProgramData
2012-10-05 13:46:54 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-10-04 15:44:36 ----D---- C:\Users\Pocitac\AppData\Roaming\Mozilla
2012-10-03 18:53:35 ----D---- C:\Program Files\ffdshow
2012-10-03 18:53:29 ----D---- C:\ProgramData\IObit
2012-10-02 16:31:41 ----A---- C:\Windows\Zmodeler.ini
2012-10-01 20:03:43 ----SD---- C:\Users\Pocitac\AppData\Roaming\Microsoft
2012-10-01 19:50:23 ----D---- C:\ProgramData\Microsoft Help
2012-10-01 19:50:21 ----D---- C:\Program Files\Common Files\microsoft shared
2012-10-01 19:49:45 ----D---- C:\Windows\ShellNew
2012-10-01 19:49:36 ----A---- C:\Windows\win.ini
2012-10-01 19:49:32 ----D---- C:\Program Files\Common Files\System
2012-10-01 19:47:20 ----D---- C:\Windows\winsxs
2012-10-01 19:44:32 ----D---- C:\Program Files\MSBuild
2012-10-01 19:44:16 ----D---- C:\Program Files\Microsoft Office
2012-10-01 19:43:34 ----RSD---- C:\Windows\Fonts
2012-10-01 17:31:34 ----D---- C:\ProgramData\CanonIJPLM
2012-09-29 11:14:32 ----HD---- C:\Program Files\InstallShield Installation Information
2012-09-29 11:13:42 ----D---- C:\Windows\system32\catroot
2012-09-29 11:13:23 ----D---- C:\Windows\system32\drivers
2012-09-29 11:11:27 ----D---- C:\Program Files\Common Files
2012-09-24 09:58:20 ----D---- C:\Users\Pocitac\AppData\Roaming\602XML
2012-09-22 13:09:23 ----RD---- C:\Program Files\Skype
2012-09-22 13:09:23 ----D---- C:\ProgramData\Skype
2012-09-21 21:51:09 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2012-09-17 16:01:38 ----D---- C:\Program Files\NVIDIA Corporation
2012-09-17 15:57:10 ----D---- C:\Windows\system32\catroot2
2012-09-16 18:58:52 ----A---- C:\Windows\struct~.ini
2012-09-09 19:00:27 ----D---- C:\ProgramData\DAEMON Tools Lite
2012-09-09 19:00:13 ----D---- C:\Users\Pocitac\AppData\Roaming\DAEMON Tools Lite
2012-09-08 12:41:50 ----D---- C:\Program Files\Google
2012-09-08 10:44:02 ----D---- C:\Users\Pocitac\AppData\Roaming\Awesomium
2012-09-08 00:30:44 ----HD---- C:\Program Files\Temp
2012-09-08 00:28:27 ----A---- C:\Windows\DIFxAPI.dll
2012-09-08 00:14:05 ----D---- C:\Windows\Minidump
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 eBoost;eBoostr caching filter driver; C:\Windows\system32\drivers\eBoost.sys [2009-05-20 125544]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-04-29 477240]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2012-08-21 35928]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-08-21 729752]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-08-21 355632]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-08-21 54232]
R1 HssDRV6;Hotspot Shield Routing Driver 6; C:\Windows\system32\DRIVERS\hssdrv6.sys [2012-07-10 35560]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2012-05-31 113104]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-08-21 21256]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-08-21 58680]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [2012-06-08 47640]
R3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 HssDrv;Hotspot Shield Helper Miniport; C:\Windows\system32\DRIVERS\HssDrv.sys [2011-05-25 37376]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2012-06-19 3240400]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys [2012-06-08 10144]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
R3 NLNdisMP;NLNdisMP; C:\Windows\system32\DRIVERS\nlndis.sys [2011-03-21 5230088]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2012-07-03 149352]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2012-08-30 10790760]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2010-06-23 259176]
R3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\Windows\system32\drivers\ScreamingBAudio.sys [2010-07-01 34896]
R3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2012-04-06 33512]
R3 usbaudio;Ovladač zvuků USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-18 73088]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S1 nltdi;nltdi; \??\D:\NetLimiter 3\nltdi.sys []
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\D:\LogMeIn\x86\RaInfo.sys []
S2 X6XSEx_Pr298;X6XSEx_Pr298; C:\Windows\system32\drivers\X6XSEx_Pr298.sys []
S3 aohjef32;aohjef32; C:\Windows\system32\drivers\aohjef32.sys []
S3 catchme;catchme; \??\C:\Users\Pocitac\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 EagleNT;EagleNT; C:\Windows\system32\drivers\EagleNT.sys []
S3 EagleXNt;EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys []
S3 ewusbnet;HUAWEI USB-NDIS miniport; C:\Windows\system32\DRIVERS\ewusbnet.sys [2009-07-23 112128]
S3 GGSAFERDriver;GGSAFER Driver; \??\D:\Garena Plus\Room\safedrv.sys []
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-07-23 102912]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 NLNdisPT;NetLimiter Ndis Protocol Service; C:\Windows\system32\DRIVERS\nlndis.sys [2011-03-21 5230088]
S3 RivaTuner32;RivaTuner32; \??\C:\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys []
S3 UMPass;Ovladač Microsoft UMPass; C:\Windows\system32\DRIVERS\umpass.sys [2008-01-18 7680]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2012-06-05 104792]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
S3 WinRing0_1_2_0;WinRing0_1_2_0; \??\D:\Game Booster 3\Driver\WinRing0.sys [2010-11-01 14416]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\system32\drivers\LMIRfsClientNP.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-02-27 55144]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-08-21 44808]
R2 ET Master Server Proxy;ET Master Server Proxy Service; C:\ET Master Server Proxy Service\ETMSProxy.exe [2012-01-21 9728]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 1385896]
R2 hshld;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2012-10-06 547696]
R2 HssSrv;Hotspot Shield Routing Service; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [2012-10-06 413040]
R2 HssWd;Hotspot Shield Monitoring Service; C:\Program Files\Hotspot Shield\bin\hsswd.exe [2012-10-06 388464]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2010-04-05 116104]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-08-30 645992]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2012-06-15 76888]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2009-07-24 189728]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
R2 TeamViewer7;TeamViewer 7; C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service; C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [2012-01-05 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-16 136176]
S2 nlsvc;NetLimiter 3 Service; D:\NetLimiter 3\nlsvc.exe []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-16 136176]
S3 HssTrayService;Hotspot Shield Tray Service; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [2012-10-06 78072]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-03-27 821608]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-03-16 407336]
S3 SwitchBoard;Adobe SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 TVersityMediaServer;TVersity Media Server; C:\ProgramData\TVersity\Media Server\MediaServer.exe [2010-11-24 921600]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 BBSvc;BingBar Service; C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
S4 BBUpdate;BBUpdate; C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
S4 EBOOSTRSVC;eBoostr Service; D:\eBoostr\EBstrSvc.exe []
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-12-04 655624]
S4 Guard.Mail.ru;Guard.Mail.ru; C:\Program Files\Guard-ICQ\GuardICQ.exe [2012-02-06 1564368]
S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service; D:\Program Files\Hi-Rez Studios\HiPatchService.exe []
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
skype virus
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: skype virus
Zdravim 
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
- Ulozte nejlepe na plochu
- Ukoncete vsechny programy
- Kliknete na Search
- Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte
Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
- Ukoncete vsechny programy
- Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
- Pockejte na dokonceni PreScanu
- Zvolte moznost Prohledat (scan)
- Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte
- Detailni postup vc. obrazku mate zde http://forum.viry.cz/viewtopic.php?f=24&t=120452
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: skype virus
ok takže rogue killer:
RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Operační systém: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : Pocitac [Práva správce]
Mód : Kontrola -- Datum : 10/07/2012 11:39:02
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 4 ¤¤¤
[TASK][SUSP PATH] {9799DFA5-4D6A-48AE-BB11-1F5EDDC836EB} : C:\Windows\System32\pcalua.exe -a "C:\Users\Pocitac\Desktop\CSS-DIGITALZONE\!!! NAINSTALOVAT POSLEDNÍ !!!\CSSMasterServer.exe" -d "C:\Users\Pocitac\Desktop\CSS-DIGITALZONE\!!! NAINSTALOVAT POSLEDNÍ !!!" -> NALEZENO
[HJ] HKLM\[...]\System : EnableLUA (0) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
IRP[IRP_MJ_CREATE] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8545B1E8)
IRP[IRP_MJ_CLOSE] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8545B1E8)
IRP[IRP_MJ_DEVICE_CONTROL] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8545B1E8)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8545B1E8)
IRP[IRP_MJ_POWER] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8545B1E8)
IRP[IRP_MJ_SYSTEM_CONTROL] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8545B1E8)
IRP[IRP_MJ_PNP] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8545B1E8)
¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 etmaster.idsoftware.com
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD2500AAKS-00VYA0 ATA Device +++++
--- User ---
[MBR] f9fa06394f869b1579c5bd05f411543a
[BSP] fd5ffe920dd8335035f520bb53627ff8 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 150000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 307202048 | Size: 88473 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[1].txt >>
RKreport[1].txt
a adwcleaner:
# AdwCleaner v2.003 - Logfile created 10/07/2012 at 11:37:25
# Updated 23/09/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# User : Pocitac - SKLEENY
# Boot Mode : Normal
# Running from : C:\Users\Pocitac\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
File Found : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
File Found : C:\user.js
File Found : C:\Users\Pocitac\AppData\Roaming\Mozilla\Firefox\Profiles\k2cgf8ji.default\searchplugins\SweetIm.xml
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\SweetIM
Folder Found : C:\Program Files\Yontoo
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
Folder Found : C:\ProgramData\SweetIM
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Users\Pocitac\AppData\Local\APN
Folder Found : C:\Users\Pocitac\AppData\Local\Babylon
Folder Found : C:\Users\Pocitac\AppData\Local\Conduit
Folder Found : C:\Users\Pocitac\AppData\Local\TempDir
Folder Found : C:\Users\Pocitac\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Pocitac\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Pocitac\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Pocitac\AppData\LocalLow\Conduit
Folder Found : C:\Users\Pocitac\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\Pocitac\AppData\LocalLow\PriceGong
Folder Found : C:\Windows\Installer\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Folder Found : C:\Windows\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Babylon
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\facemoods.com
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownloader
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IM
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SweetIm
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BabylonToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C0CEA572-2978-4DFC-A672-8100FF0E276A}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonTC.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\BabyDict
Key Found : HKLM\SOFTWARE\Classes\BabyGloss
Key Found : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Key Found : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Key Found : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication
Key Found : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication.1
Key Found : HKLM\SOFTWARE\Classes\BabyOptFile
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45e2-857D-2A368FE749E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF390AA1-1E65-4825-B8E7-BE6B47BD56B8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Found : HKLM\SOFTWARE\Classes\sim-packages
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{0C2E529C-A82C-4AC6-8807-0B51F7AD7BB2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\facemoods.com
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownloader
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Found : HKLM\Software\SweetIm
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1005\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1005\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1005\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1005\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1005\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1005\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
***** [Internet Browsers] *****
-\\ Internet Explorer v7.0.6001.18000
[OK] Registry is clean.
-\\ Mozilla Firefox v9.0.1 (cs)
Profile name : default
File : C:\Users\Pocitac\AppData\Roaming\Mozilla\Firefox\Profiles\k2cgf8ji.default\prefs.js
Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "c47d53b800000000000000ff06391205");
Found : user_pref("extensions.BabylonToolbar_i.id", "c47d53b800000000000000ff06391205");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15459");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&babsrc=N[...]
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1718:03:47");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q=");
-\\ Google Chrome v22.0.1229.79
File : C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
-\\ Opera v11.52.1100.0
File : C:\Users\Pocitac\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [15022 octets] - [07/10/2012 11:37:25]
########## EOF - C:\AdwCleaner[R1].txt - [15083 octets] ##########
RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Operační systém: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : Pocitac [Práva správce]
Mód : Kontrola -- Datum : 10/07/2012 11:39:02
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 4 ¤¤¤
[TASK][SUSP PATH] {9799DFA5-4D6A-48AE-BB11-1F5EDDC836EB} : C:\Windows\System32\pcalua.exe -a "C:\Users\Pocitac\Desktop\CSS-DIGITALZONE\!!! NAINSTALOVAT POSLEDNÍ !!!\CSSMasterServer.exe" -d "C:\Users\Pocitac\Desktop\CSS-DIGITALZONE\!!! NAINSTALOVAT POSLEDNÍ !!!" -> NALEZENO
[HJ] HKLM\[...]\System : EnableLUA (0) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
IRP[IRP_MJ_CREATE] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8545B1E8)
IRP[IRP_MJ_CLOSE] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8545B1E8)
IRP[IRP_MJ_DEVICE_CONTROL] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8545B1E8)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8545B1E8)
IRP[IRP_MJ_POWER] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8545B1E8)
IRP[IRP_MJ_SYSTEM_CONTROL] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8545B1E8)
IRP[IRP_MJ_PNP] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8545B1E8)
¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 etmaster.idsoftware.com
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD2500AAKS-00VYA0 ATA Device +++++
--- User ---
[MBR] f9fa06394f869b1579c5bd05f411543a
[BSP] fd5ffe920dd8335035f520bb53627ff8 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 150000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 307202048 | Size: 88473 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[1].txt >>
RKreport[1].txt
a adwcleaner:
# AdwCleaner v2.003 - Logfile created 10/07/2012 at 11:37:25
# Updated 23/09/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# User : Pocitac - SKLEENY
# Boot Mode : Normal
# Running from : C:\Users\Pocitac\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
File Found : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
File Found : C:\user.js
File Found : C:\Users\Pocitac\AppData\Roaming\Mozilla\Firefox\Profiles\k2cgf8ji.default\searchplugins\SweetIm.xml
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\SweetIM
Folder Found : C:\Program Files\Yontoo
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
Folder Found : C:\ProgramData\SweetIM
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Users\Pocitac\AppData\Local\APN
Folder Found : C:\Users\Pocitac\AppData\Local\Babylon
Folder Found : C:\Users\Pocitac\AppData\Local\Conduit
Folder Found : C:\Users\Pocitac\AppData\Local\TempDir
Folder Found : C:\Users\Pocitac\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Pocitac\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Pocitac\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Pocitac\AppData\LocalLow\Conduit
Folder Found : C:\Users\Pocitac\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\Pocitac\AppData\LocalLow\PriceGong
Folder Found : C:\Windows\Installer\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Folder Found : C:\Windows\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Babylon
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\facemoods.com
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownloader
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IM
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SweetIm
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BabylonToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C0CEA572-2978-4DFC-A672-8100FF0E276A}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonTC.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\BabyDict
Key Found : HKLM\SOFTWARE\Classes\BabyGloss
Key Found : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Key Found : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Key Found : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication
Key Found : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication.1
Key Found : HKLM\SOFTWARE\Classes\BabyOptFile
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45e2-857D-2A368FE749E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF390AA1-1E65-4825-B8E7-BE6B47BD56B8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Found : HKLM\SOFTWARE\Classes\sim-packages
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{0C2E529C-A82C-4AC6-8807-0B51F7AD7BB2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\facemoods.com
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownloader
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Found : HKLM\Software\SweetIm
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1005\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1005\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1005\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1005\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1005\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1005\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
***** [Internet Browsers] *****
-\\ Internet Explorer v7.0.6001.18000
[OK] Registry is clean.
-\\ Mozilla Firefox v9.0.1 (cs)
Profile name : default
File : C:\Users\Pocitac\AppData\Roaming\Mozilla\Firefox\Profiles\k2cgf8ji.default\prefs.js
Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "c47d53b800000000000000ff06391205");
Found : user_pref("extensions.BabylonToolbar_i.id", "c47d53b800000000000000ff06391205");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15459");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&babsrc=N[...]
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1718:03:47");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q=");
-\\ Google Chrome v22.0.1229.79
File : C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
-\\ Opera v11.52.1100.0
File : C:\Users\Pocitac\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [15022 octets] - [07/10/2012 11:37:25]
########## EOF - C:\AdwCleaner[R1].txt - [15083 octets] ##########
Re: skype virus
Spustte znovu RogueKiller
- Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
- Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte
- Pak kliknete na Oprava Host a Zprava - otevre se log, ten sem vlozte
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
- Ulozte nejlepe na plochu
- Ukoncete vsechny programy
- Kliknete na Search
- Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: skype virus
rogue killer :
RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Operační systém: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : Pocitac [Práva správce]
Mód : Odebrat -- Datum : 10/07/2012 13:21:23
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 4 ¤¤¤
[TASK][PREVRUN] {9799DFA5-4D6A-48AE-BB11-1F5EDDC836EB} : C:\Windows\System32\pcalua.exe -a "C:\Users\Pocitac\Desktop\CSS-DIGITALZONE\!!! NAINSTALOVAT POSLEDNÍ !!!\CSSMasterServer.exe" -d "C:\Users\Pocitac\Desktop\CSS-DIGITALZONE\!!! NAINSTALOVAT POSLEDNÍ !!!" -> VYMAZÁNO
[HJ] HKLM\[...]\System : EnableLUA (0) -> NAHRAZENO (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
IRP[IRP_MJ_CREATE] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8545B1E8)
IRP[IRP_MJ_CLOSE] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8545B1E8)
IRP[IRP_MJ_DEVICE_CONTROL] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8545B1E8)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8545B1E8)
IRP[IRP_MJ_POWER] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8545B1E8)
IRP[IRP_MJ_SYSTEM_CONTROL] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8545B1E8)
IRP[IRP_MJ_PNP] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8545B1E8)
¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 etmaster.idsoftware.com
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD2500AAKS-00VYA0 ATA Device +++++
--- User ---
[MBR] f9fa06394f869b1579c5bd05f411543a
[BSP] fd5ffe920dd8335035f520bb53627ff8 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 150000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 307202048 | Size: 88473 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
adwcleaner :
# AdwCleaner v2.003 - Logfile created 10/07/2012 at 13:22:41
# Updated 23/09/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# User : Pocitac - SKLEENY
# Boot Mode : Normal
# Running from : C:\Users\Pocitac\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
File Found : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
File Found : C:\user.js
File Found : C:\Users\Pocitac\AppData\Roaming\Mozilla\Firefox\Profiles\k2cgf8ji.default\searchplugins\SweetIm.xml
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\SweetIM
Folder Found : C:\Program Files\Yontoo
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
Folder Found : C:\ProgramData\SweetIM
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Users\Pocitac\AppData\Local\APN
Folder Found : C:\Users\Pocitac\AppData\Local\Babylon
Folder Found : C:\Users\Pocitac\AppData\Local\Conduit
Folder Found : C:\Users\Pocitac\AppData\Local\TempDir
Folder Found : C:\Users\Pocitac\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Pocitac\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Pocitac\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Pocitac\AppData\LocalLow\Conduit
Folder Found : C:\Users\Pocitac\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\Pocitac\AppData\LocalLow\PriceGong
Folder Found : C:\Windows\Installer\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Folder Found : C:\Windows\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Babylon
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\facemoods.com
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownloader
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IM
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SweetIm
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BabylonToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C0CEA572-2978-4DFC-A672-8100FF0E276A}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonTC.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\BabyDict
Key Found : HKLM\SOFTWARE\Classes\BabyGloss
Key Found : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Key Found : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Key Found : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication
Key Found : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication.1
Key Found : HKLM\SOFTWARE\Classes\BabyOptFile
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45e2-857D-2A368FE749E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF390AA1-1E65-4825-B8E7-BE6B47BD56B8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Found : HKLM\SOFTWARE\Classes\sim-packages
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{0C2E529C-A82C-4AC6-8807-0B51F7AD7BB2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\facemoods.com
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownloader
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Found : HKLM\Software\SweetIm
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1005\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1005\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1005\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1005\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1005\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1005\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
***** [Internet Browsers] *****
-\\ Internet Explorer v7.0.6001.18000
[OK] Registry is clean.
-\\ Mozilla Firefox v9.0.1 (cs)
Profile name : default
File : C:\Users\Pocitac\AppData\Roaming\Mozilla\Firefox\Profiles\k2cgf8ji.default\prefs.js
Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "c47d53b800000000000000ff06391205");
Found : user_pref("extensions.BabylonToolbar_i.id", "c47d53b800000000000000ff06391205");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15459");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&babsrc=N[...]
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1718:03:47");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q=");
-\\ Google Chrome v22.0.1229.79
File : C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
-\\ Opera v11.52.1100.0
File : C:\Users\Pocitac\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [15153 octets] - [07/10/2012 11:37:25]
AdwCleaner[R2].txt - [15083 octets] - [07/10/2012 13:22:41]
########## EOF - C:\AdwCleaner[R2].txt - [15144 octets] ##########
RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Operační systém: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : Pocitac [Práva správce]
Mód : Odebrat -- Datum : 10/07/2012 13:21:23
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 4 ¤¤¤
[TASK][PREVRUN] {9799DFA5-4D6A-48AE-BB11-1F5EDDC836EB} : C:\Windows\System32\pcalua.exe -a "C:\Users\Pocitac\Desktop\CSS-DIGITALZONE\!!! NAINSTALOVAT POSLEDNÍ !!!\CSSMasterServer.exe" -d "C:\Users\Pocitac\Desktop\CSS-DIGITALZONE\!!! NAINSTALOVAT POSLEDNÍ !!!" -> VYMAZÁNO
[HJ] HKLM\[...]\System : EnableLUA (0) -> NAHRAZENO (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
IRP[IRP_MJ_CREATE] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8545B1E8)
IRP[IRP_MJ_CLOSE] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8545B1E8)
IRP[IRP_MJ_DEVICE_CONTROL] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8545B1E8)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8545B1E8)
IRP[IRP_MJ_POWER] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8545B1E8)
IRP[IRP_MJ_SYSTEM_CONTROL] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8545B1E8)
IRP[IRP_MJ_PNP] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8545B1E8)
¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 etmaster.idsoftware.com
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD2500AAKS-00VYA0 ATA Device +++++
--- User ---
[MBR] f9fa06394f869b1579c5bd05f411543a
[BSP] fd5ffe920dd8335035f520bb53627ff8 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 150000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 307202048 | Size: 88473 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
adwcleaner :
# AdwCleaner v2.003 - Logfile created 10/07/2012 at 13:22:41
# Updated 23/09/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# User : Pocitac - SKLEENY
# Boot Mode : Normal
# Running from : C:\Users\Pocitac\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
File Found : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
File Found : C:\user.js
File Found : C:\Users\Pocitac\AppData\Roaming\Mozilla\Firefox\Profiles\k2cgf8ji.default\searchplugins\SweetIm.xml
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\SweetIM
Folder Found : C:\Program Files\Yontoo
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
Folder Found : C:\ProgramData\SweetIM
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Users\Pocitac\AppData\Local\APN
Folder Found : C:\Users\Pocitac\AppData\Local\Babylon
Folder Found : C:\Users\Pocitac\AppData\Local\Conduit
Folder Found : C:\Users\Pocitac\AppData\Local\TempDir
Folder Found : C:\Users\Pocitac\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Pocitac\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Pocitac\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Pocitac\AppData\LocalLow\Conduit
Folder Found : C:\Users\Pocitac\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\Pocitac\AppData\LocalLow\PriceGong
Folder Found : C:\Windows\Installer\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Folder Found : C:\Windows\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Babylon
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\facemoods.com
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownloader
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IM
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SweetIm
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BabylonToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C0CEA572-2978-4DFC-A672-8100FF0E276A}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonTC.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\BabyDict
Key Found : HKLM\SOFTWARE\Classes\BabyGloss
Key Found : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Key Found : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Key Found : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication
Key Found : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication.1
Key Found : HKLM\SOFTWARE\Classes\BabyOptFile
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45e2-857D-2A368FE749E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF390AA1-1E65-4825-B8E7-BE6B47BD56B8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Found : HKLM\SOFTWARE\Classes\sim-packages
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{0C2E529C-A82C-4AC6-8807-0B51F7AD7BB2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\facemoods.com
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownloader
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Found : HKLM\Software\SweetIm
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1005\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1005\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1005\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1005\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1005\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Key Found : HKU\S-1-5-21-27934734-3223811039-417756276-1005\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
***** [Internet Browsers] *****
-\\ Internet Explorer v7.0.6001.18000
[OK] Registry is clean.
-\\ Mozilla Firefox v9.0.1 (cs)
Profile name : default
File : C:\Users\Pocitac\AppData\Roaming\Mozilla\Firefox\Profiles\k2cgf8ji.default\prefs.js
Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "c47d53b800000000000000ff06391205");
Found : user_pref("extensions.BabylonToolbar_i.id", "c47d53b800000000000000ff06391205");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15459");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&babsrc=N[...]
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1718:03:47");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q=");
-\\ Google Chrome v22.0.1229.79
File : C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
-\\ Opera v11.52.1100.0
File : C:\Users\Pocitac\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [15153 octets] - [07/10/2012 11:37:25]
AdwCleaner[R2].txt - [15083 octets] - [07/10/2012 13:22:41]
########## EOF - C:\AdwCleaner[R2].txt - [15144 octets] ##########
Re: skype virus
takže už ten vir nemám?
Re: skype virus
Jeste tam toho hodne je, nebojte, zatocime s tim Spustte znovu AdwCleaner
- Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
- Kliknete na Delete
- PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: skype virus
Log:
# AdwCleaner v2.003 - Logfile created 10/07/2012 at 19:32:23
# Updated 23/09/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# User : Pocitac - SKLEENY
# Boot Mode : Normal
# Running from : C:\Users\Pocitac\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
File Deleted : C:\user.js
File Deleted : C:\Users\Pocitac\AppData\Roaming\Mozilla\Firefox\Profiles\k2cgf8ji.default\searchplugins\SweetIm.xml
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\Pocitac\AppData\Local\APN
Folder Deleted : C:\Users\Pocitac\AppData\Local\Babylon
Folder Deleted : C:\Users\Pocitac\AppData\Local\Conduit
Folder Deleted : C:\Users\Pocitac\AppData\Local\TempDir
Folder Deleted : C:\Users\Pocitac\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Pocitac\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Pocitac\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Pocitac\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Pocitac\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\Pocitac\AppData\LocalLow\PriceGong
Folder Deleted : C:\Windows\Installer\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Folder Deleted : C:\Windows\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Babylon
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\facemoods.com
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownloader
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IM
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C0CEA572-2978-4DFC-A672-8100FF0E276A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonTC.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\BabyDict
Key Deleted : HKLM\SOFTWARE\Classes\BabyGloss
Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Key Deleted : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication
Key Deleted : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication.1
Key Deleted : HKLM\SOFTWARE\Classes\BabyOptFile
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45e2-857D-2A368FE749E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF390AA1-1E65-4825-B8E7-BE6B47BD56B8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0C2E529C-A82C-4AC6-8807-0B51F7AD7BB2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\facemoods.com
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownloader
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Deleted : HKLM\Software\SweetIm
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
***** [Internet Browsers] *****
-\\ Internet Explorer v7.0.6001.18000
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
-\\ Mozilla Firefox v9.0.1 (cs)
Profile name : default
File : C:\Users\Pocitac\AppData\Roaming\Mozilla\Firefox\Profiles\k2cgf8ji.default\prefs.js
C:\Users\Pocitac\AppData\Roaming\Mozilla\Firefox\Profiles\k2cgf8ji.default\user.js ... Deleted !
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "c47d53b800000000000000ff06391205");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "c47d53b800000000000000ff06391205");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15459");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&babsrc=N[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1718:03:47");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q=");
-\\ Google Chrome v22.0.1229.79
File : C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
-\\ Opera v11.52.1100.0
File : C:\Users\Pocitac\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [15153 octets] - [07/10/2012 11:37:25]
AdwCleaner[R2].txt - [15214 octets] - [07/10/2012 13:22:41]
AdwCleaner[S1].txt - [14411 octets] - [07/10/2012 19:32:23]
########## EOF - C:\AdwCleaner[S1].txt - [14472 octets] ##########
# AdwCleaner v2.003 - Logfile created 10/07/2012 at 19:32:23
# Updated 23/09/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# User : Pocitac - SKLEENY
# Boot Mode : Normal
# Running from : C:\Users\Pocitac\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
File Deleted : C:\user.js
File Deleted : C:\Users\Pocitac\AppData\Roaming\Mozilla\Firefox\Profiles\k2cgf8ji.default\searchplugins\SweetIm.xml
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\Pocitac\AppData\Local\APN
Folder Deleted : C:\Users\Pocitac\AppData\Local\Babylon
Folder Deleted : C:\Users\Pocitac\AppData\Local\Conduit
Folder Deleted : C:\Users\Pocitac\AppData\Local\TempDir
Folder Deleted : C:\Users\Pocitac\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Pocitac\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Pocitac\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Pocitac\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Pocitac\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\Pocitac\AppData\LocalLow\PriceGong
Folder Deleted : C:\Windows\Installer\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Folder Deleted : C:\Windows\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Babylon
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\facemoods.com
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownloader
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IM
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C0CEA572-2978-4DFC-A672-8100FF0E276A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonTC.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\BabyDict
Key Deleted : HKLM\SOFTWARE\Classes\BabyGloss
Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Key Deleted : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication
Key Deleted : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication.1
Key Deleted : HKLM\SOFTWARE\Classes\BabyOptFile
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45e2-857D-2A368FE749E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF390AA1-1E65-4825-B8E7-BE6B47BD56B8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0C2E529C-A82C-4AC6-8807-0B51F7AD7BB2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\facemoods.com
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownloader
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Deleted : HKLM\Software\SweetIm
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
***** [Internet Browsers] *****
-\\ Internet Explorer v7.0.6001.18000
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
-\\ Mozilla Firefox v9.0.1 (cs)
Profile name : default
File : C:\Users\Pocitac\AppData\Roaming\Mozilla\Firefox\Profiles\k2cgf8ji.default\prefs.js
C:\Users\Pocitac\AppData\Roaming\Mozilla\Firefox\Profiles\k2cgf8ji.default\user.js ... Deleted !
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "c47d53b800000000000000ff06391205");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "c47d53b800000000000000ff06391205");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15459");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&babsrc=N[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1718:03:47");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q=");
-\\ Google Chrome v22.0.1229.79
File : C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
-\\ Opera v11.52.1100.0
File : C:\Users\Pocitac\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [15153 octets] - [07/10/2012 11:37:25]
AdwCleaner[R2].txt - [15214 octets] - [07/10/2012 13:22:41]
AdwCleaner[S1].txt - [14411 octets] - [07/10/2012 19:32:23]
########## EOF - C:\AdwCleaner[S1].txt - [14472 octets] ##########
Re: skype virus
Poprosim o log z DDS
- Stahnete DDS odsud http://download.bleepingcomputer.com/sUBs/Beta/dds.exe a ulozte na plochu
- Spustte a kliknete na Start
- Po chvili vyskoci log, ten rad uvidim
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: skype virus
to attach.txt mám taky spustit? u DDS
Re: skype virus
Dejte mi sem dds.txt a pak pokracujte ComboFixem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: skype virus
tady je DDS DDS (Ver_2011-09-30.01) - NTFS_x86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 10.5.1
Run by Pocitac at 19:50:09 on 2012-10-07
#Option MBR scan is disabled.
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2047.867 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\ET Master Server Proxy Service\ETMSProxy.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\system32\PnkBstrA.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Pocitac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pocitac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pocitac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pocitac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Users\Pocitac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\taskeng.exe
C:\Users\Pocitac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uWindow Title = Windows Internet Explorer
uProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com;*.local
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uURLSearchHooks: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - <orphaned>
mURLSearchHooks: {855F3B16-6D32-4fe6-8A56-BBB695989046} - <orphaned>
mURLSearchHooks: <No Name>: - LocalServer32 - <no file>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.391.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Clownfish] <no file>
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
uPolicies-Explorer: NoDriveAutoRun = dword:3
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:3
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\icq7.7\ICQ.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/update ... 0.31.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.16.0.cab
TCP: Interfaces\{97105642-3447-4E0E-AF20-6EA2D5D336F8} : DHCPNameServer = 10.67.24.1
TCP: Interfaces\{9E72792D-B5A9-4CA2-8DAA-501D0EAC599E} : DHCPNameServer = 94.74.192.252 94.74.192.244
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\eBoost.sys [2009-5-20 125544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-30 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-16 355632]
R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2012-7-10 35560]
R2 602XML Updater;602Updater;c:\program files\common files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-1-16 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-1-16 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-8-2 44808]
R2 ET Master Server Proxy;ET Master Server Proxy Service;c:\et master server proxy service\ETMSProxy.exe [2012-1-21 9728]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-8-29 1385896]
R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2012-10-6 547696]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe [2012-10-6 388464]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-8-28 47640]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-9-7 1258856]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 52\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-8-30 382312]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2011-12-14 2984832]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\drivers\nlndis.sys [2011-3-21 5230088]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-9-17 149352]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-7-1 34896]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\alcohol soft\alcohol 52\AxAutoMntSrv.exe [2012-1-5 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-16 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 250288]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012-9-3 112128]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-16 136176]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\drivers\nlndis.sys [2011-3-21 5230088]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2012-6-5 104792]
S3 WinRing0_1_2_0;WinRing0_1_2_0;d:\game booster 3\driver\WinRing0.sys [2012-10-3 14416]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S4 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
S4 EBOOSTRSVC;eBoostr Service;d:\eboostr\ebstrsvc.exe --> d:\eboostr\EBstrSvc.exe [?]
S4 Guard.Mail.ru;Guard.Mail.ru;c:\program files\guard-icq\GuardICQ.exe [2012-2-6 1564368]
S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\program files\hi-rez studios\hipatchservice.exe --> d:\program files\hi-rez studios\HiPatchService.exe [?]
.
=============== Created Last 30 ================
.
2012-10-05 22:41:58 -------- d-----w- c:\program files\REVisionEffects
2012-10-05 22:27:57 -------- d-----w- c:\users\pocitac\appdata\roaming\Image-Line
2012-10-05 20:09:34 -------- d-----w- c:\programdata\Hotspot Shield
2012-10-05 20:09:26 -------- d-----w- c:\program files\Hotspot Shield
2012-10-04 16:49:50 -------- d-----w- c:\users\pocitac\appdata\roaming\wargaming.net
2012-10-03 16:45:36 -------- d-----w- c:\users\pocitac\appdata\local\Razer
2012-10-02 13:54:12 -------- d-----w- c:\users\pocitac\appdata\roaming\.techniclauncher
2012-10-01 17:40:15 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-09-29 09:14:37 130208 ------r- c:\windows\bwUnin-8.1.1.87-8876480SL.exe
2012-09-29 09:14:30 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2012-09-29 09:14:30 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2012-09-29 09:14:30 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2012-09-29 09:14:30 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2012-09-29 09:14:30 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2012-09-29 09:14:29 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2012-09-29 09:14:29 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2012-09-29 09:11:55 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2012-09-29 09:11:51 84496 ----a-w- c:\windows\system32\KemXML.dll
2012-09-29 09:11:51 170512 ----a-w- c:\windows\system32\kemutb.dll
2012-09-29 09:11:51 145936 ----a-w- c:\windows\system32\KemUtil.dll
2012-09-29 09:11:51 117264 ----a-w- c:\windows\system32\KemWnd.dll
2012-09-26 15:14:12 -------- d-----w- c:\users\pocitac\appdata\roaming\SPORE
2012-09-26 14:46:26 -------- d-----w- C:\Spore
2012-09-23 07:19:43 -------- d-----w- C:\videa
2012-09-22 19:41:42 189472 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-09-22 19:41:42 189472 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-09-22 15:57:37 -------- d-----w- c:\users\pocitac\appdata\roaming\LolClient
2012-09-22 13:56:55 -------- d-----w- C:\Battlefield 2
2012-09-22 10:49:44 -------- d-----w- C:\LoL
2012-09-19 15:36:27 -------- d--h--w- c:\windows\PIF
2012-09-17 15:10:38 -------- d-----w- c:\users\pocitac\appdata\local\IW4M
2012-09-17 13:58:26 -------- d-----w- C:\temp
2012-09-17 13:55:22 28008 ----a-w- c:\windows\system32\nvhdap32.dll
2012-09-17 13:55:22 149352 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2012-09-17 13:55:21 6109032 ----a-w- c:\windows\system32\nvopencl.dll
2012-09-17 13:55:20 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-09-17 13:55:20 19828584 ----a-w- c:\windows\system32\nvoglv32.dll
2012-09-17 13:55:20 12465512 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-09-17 13:55:20 10790760 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-09-17 13:55:19 7626088 ----a-w- c:\windows\system32\nvcuda.dll
2012-09-17 13:55:18 2573672 ----a-w- c:\windows\system32\nvcuvid.dll
2012-09-17 13:55:18 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-09-17 13:55:18 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-09-16 16:32:05 -------- d-----w- C:\Rockstar Games
2012-09-16 09:32:05 -------- d-----w- c:\users\pocitac\appdata\roaming\Kalydo
2012-09-11 14:38:41 -------- d-----w- c:\users\pocitac\appdata\roaming\Need for Speed World
2012-09-07 22:29:32 -------- d-----w- c:\windows\system32\RTCOM
2012-09-07 21:55:26 645992 ----a-w- c:\windows\system32\nvvsvc.exe
2012-09-07 21:55:26 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-09-07 21:55:26 3963240 ----a-w- c:\windows\system32\nvcpl.dll
2012-09-07 21:55:26 2836840 ----a-w- c:\windows\system32\nvsvc.dll
2012-09-07 21:55:26 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-09-07 21:52:15 884072 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2012-09-07 21:52:14 2422120 ----a-w- c:\windows\system32\nvapi.dll
.
==================== Find3M ====================
.
2012-09-27 15:37:45 138168 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-09-27 15:36:08 189472 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-09-21 19:51:09 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-21 19:51:09 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-07 22:28:27 319456 ----a-w- c:\windows\DIFxAPI.dll
2012-09-01 09:24:23 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-08-30 19:13:00 15291752 ----a-w- c:\windows\system32\nvd3dum.dll
2012-08-30 19:13:00 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-08-30 15:57:54 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-08-30 08:40:14 429416 ----a-w- c:\windows\system32\nvStreaming.exe
2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13:14 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
2012-08-10 16:28:04 2829 ----a-w- c:\windows\War3Unin.pif
2012-08-10 16:28:04 126976 ----a-w- c:\windows\War3Unin.exe
2012-07-10 02:48:18 35560 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
.
============= FINISH: 19:50:51,83 ===============
a teď du na combofix
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 10.5.1
Run by Pocitac at 19:50:09 on 2012-10-07
#Option MBR scan is disabled.
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2047.867 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\ET Master Server Proxy Service\ETMSProxy.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\system32\PnkBstrA.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Pocitac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pocitac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pocitac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pocitac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Users\Pocitac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\taskeng.exe
C:\Users\Pocitac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uWindow Title = Windows Internet Explorer
uProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com;*.local
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uURLSearchHooks: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - <orphaned>
mURLSearchHooks: {855F3B16-6D32-4fe6-8A56-BBB695989046} - <orphaned>
mURLSearchHooks: <No Name>: - LocalServer32 - <no file>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.391.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Clownfish] <no file>
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
uPolicies-Explorer: NoDriveAutoRun = dword:3
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:3
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\icq7.7\ICQ.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/update ... 0.31.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.16.0.cab
TCP: Interfaces\{97105642-3447-4E0E-AF20-6EA2D5D336F8} : DHCPNameServer = 10.67.24.1
TCP: Interfaces\{9E72792D-B5A9-4CA2-8DAA-501D0EAC599E} : DHCPNameServer = 94.74.192.252 94.74.192.244
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\eBoost.sys [2009-5-20 125544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-30 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-16 355632]
R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2012-7-10 35560]
R2 602XML Updater;602Updater;c:\program files\common files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-1-16 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-1-16 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-8-2 44808]
R2 ET Master Server Proxy;ET Master Server Proxy Service;c:\et master server proxy service\ETMSProxy.exe [2012-1-21 9728]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-8-29 1385896]
R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2012-10-6 547696]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe [2012-10-6 388464]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-8-28 47640]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-9-7 1258856]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 52\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-8-30 382312]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2011-12-14 2984832]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\drivers\nlndis.sys [2011-3-21 5230088]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-9-17 149352]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-7-1 34896]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\alcohol soft\alcohol 52\AxAutoMntSrv.exe [2012-1-5 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-16 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 250288]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012-9-3 112128]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-16 136176]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\drivers\nlndis.sys [2011-3-21 5230088]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2012-6-5 104792]
S3 WinRing0_1_2_0;WinRing0_1_2_0;d:\game booster 3\driver\WinRing0.sys [2012-10-3 14416]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S4 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
S4 EBOOSTRSVC;eBoostr Service;d:\eboostr\ebstrsvc.exe --> d:\eboostr\EBstrSvc.exe [?]
S4 Guard.Mail.ru;Guard.Mail.ru;c:\program files\guard-icq\GuardICQ.exe [2012-2-6 1564368]
S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\program files\hi-rez studios\hipatchservice.exe --> d:\program files\hi-rez studios\HiPatchService.exe [?]
.
=============== Created Last 30 ================
.
2012-10-05 22:41:58 -------- d-----w- c:\program files\REVisionEffects
2012-10-05 22:27:57 -------- d-----w- c:\users\pocitac\appdata\roaming\Image-Line
2012-10-05 20:09:34 -------- d-----w- c:\programdata\Hotspot Shield
2012-10-05 20:09:26 -------- d-----w- c:\program files\Hotspot Shield
2012-10-04 16:49:50 -------- d-----w- c:\users\pocitac\appdata\roaming\wargaming.net
2012-10-03 16:45:36 -------- d-----w- c:\users\pocitac\appdata\local\Razer
2012-10-02 13:54:12 -------- d-----w- c:\users\pocitac\appdata\roaming\.techniclauncher
2012-10-01 17:40:15 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-09-29 09:14:37 130208 ------r- c:\windows\bwUnin-8.1.1.87-8876480SL.exe
2012-09-29 09:14:30 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2012-09-29 09:14:30 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2012-09-29 09:14:30 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2012-09-29 09:14:30 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2012-09-29 09:14:30 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2012-09-29 09:14:29 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2012-09-29 09:14:29 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2012-09-29 09:11:55 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2012-09-29 09:11:51 84496 ----a-w- c:\windows\system32\KemXML.dll
2012-09-29 09:11:51 170512 ----a-w- c:\windows\system32\kemutb.dll
2012-09-29 09:11:51 145936 ----a-w- c:\windows\system32\KemUtil.dll
2012-09-29 09:11:51 117264 ----a-w- c:\windows\system32\KemWnd.dll
2012-09-26 15:14:12 -------- d-----w- c:\users\pocitac\appdata\roaming\SPORE
2012-09-26 14:46:26 -------- d-----w- C:\Spore
2012-09-23 07:19:43 -------- d-----w- C:\videa
2012-09-22 19:41:42 189472 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-09-22 19:41:42 189472 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-09-22 15:57:37 -------- d-----w- c:\users\pocitac\appdata\roaming\LolClient
2012-09-22 13:56:55 -------- d-----w- C:\Battlefield 2
2012-09-22 10:49:44 -------- d-----w- C:\LoL
2012-09-19 15:36:27 -------- d--h--w- c:\windows\PIF
2012-09-17 15:10:38 -------- d-----w- c:\users\pocitac\appdata\local\IW4M
2012-09-17 13:58:26 -------- d-----w- C:\temp
2012-09-17 13:55:22 28008 ----a-w- c:\windows\system32\nvhdap32.dll
2012-09-17 13:55:22 149352 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2012-09-17 13:55:21 6109032 ----a-w- c:\windows\system32\nvopencl.dll
2012-09-17 13:55:20 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-09-17 13:55:20 19828584 ----a-w- c:\windows\system32\nvoglv32.dll
2012-09-17 13:55:20 12465512 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-09-17 13:55:20 10790760 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-09-17 13:55:19 7626088 ----a-w- c:\windows\system32\nvcuda.dll
2012-09-17 13:55:18 2573672 ----a-w- c:\windows\system32\nvcuvid.dll
2012-09-17 13:55:18 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-09-17 13:55:18 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-09-16 16:32:05 -------- d-----w- C:\Rockstar Games
2012-09-16 09:32:05 -------- d-----w- c:\users\pocitac\appdata\roaming\Kalydo
2012-09-11 14:38:41 -------- d-----w- c:\users\pocitac\appdata\roaming\Need for Speed World
2012-09-07 22:29:32 -------- d-----w- c:\windows\system32\RTCOM
2012-09-07 21:55:26 645992 ----a-w- c:\windows\system32\nvvsvc.exe
2012-09-07 21:55:26 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-09-07 21:55:26 3963240 ----a-w- c:\windows\system32\nvcpl.dll
2012-09-07 21:55:26 2836840 ----a-w- c:\windows\system32\nvsvc.dll
2012-09-07 21:55:26 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-09-07 21:52:15 884072 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2012-09-07 21:52:14 2422120 ----a-w- c:\windows\system32\nvapi.dll
.
==================== Find3M ====================
.
2012-09-27 15:37:45 138168 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-09-27 15:36:08 189472 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-09-21 19:51:09 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-21 19:51:09 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-07 22:28:27 319456 ----a-w- c:\windows\DIFxAPI.dll
2012-09-01 09:24:23 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-08-30 19:13:00 15291752 ----a-w- c:\windows\system32\nvd3dum.dll
2012-08-30 19:13:00 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-08-30 15:57:54 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-08-30 08:40:14 429416 ----a-w- c:\windows\system32\nvStreaming.exe
2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13:14 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
2012-08-10 16:28:04 2829 ----a-w- c:\windows\War3Unin.pif
2012-08-10 16:28:04 126976 ----a-w- c:\windows\War3Unin.exe
2012-07-10 02:48:18 35560 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
.
============= FINISH: 19:50:51,83 ===============
a teď du na combofix
Re: skype virus
Combofix hotov Log:
ComboFix 12-10-04.02 - Pocitac 07.10.2012 19:55:19.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2047.1230 [GMT 2:00]
Spuštěný z: c:\users\Pocitac\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-07 do 2012-10-07 )))))))))))))))))))))))))))))))
.
.
2012-10-07 18:05 . 2012-10-07 18:05 -------- d-----w- c:\users\Pocitac\AppData\Local\temp
2012-10-07 18:05 . 2012-10-07 18:05 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-10-07 18:05 . 2012-10-07 18:05 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-10-07 18:05 . 2012-10-07 18:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-05 22:41 . 2012-10-05 22:41 -------- d-----w- c:\program files\REVisionEffects
2012-10-05 22:27 . 2012-10-05 22:27 -------- d-----w- c:\users\Pocitac\AppData\Roaming\Image-Line
2012-10-05 20:09 . 2012-10-05 20:09 -------- d-----w- c:\programdata\Hotspot Shield
2012-10-05 20:09 . 2012-10-06 13:29 -------- d-----w- c:\program files\Hotspot Shield
2012-10-04 16:49 . 2012-10-04 19:09 -------- d-----w- c:\users\Pocitac\AppData\Roaming\wargaming.net
2012-10-03 16:45 . 2012-10-03 16:45 -------- d-----w- c:\users\Pocitac\AppData\Local\Razer
2012-10-03 16:44 . 2012-10-03 16:44 -------- d-----w- c:\programdata\Razer
2012-10-02 13:54 . 2012-10-02 13:54 -------- d-----w- c:\users\Pocitac\AppData\Roaming\.techniclauncher
2012-10-01 17:44 . 2012-10-01 17:44 -------- d-----w- c:\program files\Microsoft Works
2012-10-01 17:40 . 2012-10-01 17:40 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-09-29 09:15 . 2012-09-29 09:15 -------- d-----w- c:\users\Pocitac\AppData\Roaming\Logitech
2012-09-29 09:14 . 2012-09-29 09:14 130208 ------r- c:\windows\bwUnin-8.1.1.87-8876480SL.exe
2012-09-29 09:14 . 2003-11-10 16:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2012-09-29 09:14 . 2003-11-10 16:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2012-09-29 09:10 . 2012-09-29 09:10 -------- d-----w- c:\programdata\LogiShrd
2012-09-26 15:14 . 2012-09-26 15:15 -------- d-----w- c:\users\Pocitac\AppData\Roaming\SPORE
2012-09-26 14:46 . 2012-09-26 15:04 -------- d-----w- C:\Spore
2012-09-23 07:19 . 2012-10-05 21:17 -------- d-----w- C:\videa
2012-09-22 19:41 . 2012-09-27 15:36 189472 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-09-22 19:41 . 2012-09-22 19:42 189472 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-09-22 15:57 . 2012-09-22 15:57 -------- d-----w- c:\users\Pocitac\AppData\Roaming\LolClient
2012-09-22 13:56 . 2012-09-22 14:42 -------- d-----w- C:\Battlefield 2
2012-09-22 11:09 . 2012-09-22 11:09 -------- d-----w- c:\program files\Common Files\Skype
2012-09-22 10:49 . 2012-09-22 10:49 -------- d-----w- C:\LoL
2012-09-19 15:36 . 2012-09-19 15:36 -------- d--h--w- c:\windows\PIF
2012-09-17 15:10 . 2012-10-06 20:54 -------- d-----w- c:\users\Pocitac\AppData\Local\IW4M
2012-09-17 13:58 . 2012-09-17 13:58 -------- d-----w- C:\temp
2012-09-17 13:55 . 2012-07-03 15:25 28008 ----a-w- c:\windows\system32\nvhdap32.dll
2012-09-17 13:55 . 2012-07-03 15:25 149352 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2012-09-17 13:55 . 2012-08-30 19:13 6109032 ----a-w- c:\windows\system32\nvopencl.dll
2012-09-17 13:55 . 2012-08-30 19:13 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-09-17 13:55 . 2012-08-30 19:13 19828584 ----a-w- c:\windows\system32\nvoglv32.dll
2012-09-17 13:55 . 2012-08-30 19:13 12465512 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-09-17 13:55 . 2012-08-30 19:13 10790760 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-09-17 13:55 . 2012-08-30 19:13 7626088 ----a-w- c:\windows\system32\nvcuda.dll
2012-09-17 13:55 . 2012-08-30 19:13 2573672 ----a-w- c:\windows\system32\nvcuvid.dll
2012-09-17 13:55 . 2012-08-30 19:13 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-09-17 13:55 . 2012-08-30 19:13 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-09-16 16:32 . 2012-09-26 17:19 -------- d-----w- C:\Rockstar Games
2012-09-16 09:32 . 2012-09-16 09:32 -------- d-----w- c:\users\Pocitac\AppData\Roaming\Kalydo
2012-09-11 14:38 . 2012-09-11 14:38 -------- d-----w- c:\users\Pocitac\AppData\Roaming\Need for Speed World
2012-09-07 22:29 . 2012-09-07 22:29 -------- d-----w- c:\windows\system32\RTCOM
2012-09-07 21:56 . 2012-09-07 22:07 -------- d-----w- c:\users\UpdatusUser
2012-09-07 21:55 . 2012-10-07 17:35 -------- d-----w- c:\programdata\NVIDIA
2012-09-07 21:55 . 2012-08-30 15:57 645992 ----a-w- c:\windows\system32\nvvsvc.exe
2012-09-07 21:55 . 2012-08-30 15:57 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-09-07 21:55 . 2012-08-30 15:57 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-09-07 21:55 . 2012-08-30 15:57 3963240 ----a-w- c:\windows\system32\nvcpl.dll
2012-09-07 21:55 . 2012-08-30 15:57 2836840 ----a-w- c:\windows\system32\nvsvc.dll
2012-09-07 21:52 . 2012-07-03 07:37 884072 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2012-09-07 21:52 . 2012-08-30 19:13 2422120 ----a-w- c:\windows\system32\nvapi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-27 15:37 . 2011-02-08 13:54 138168 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-09-27 15:36 . 2011-02-08 14:00 189472 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-09-21 19:51 . 2012-03-30 11:06 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 19:51 . 2011-10-28 13:34 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 22:28 . 2011-01-29 10:18 319456 ----a-w- c:\windows\DIFxAPI.dll
2012-09-01 09:24 . 2011-08-27 10:15 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-08-30 19:13 . 2012-02-09 20:43 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-08-30 19:13 . 2010-10-08 01:18 15291752 ----a-w- c:\windows\system32\nvd3dum.dll
2012-08-30 15:57 . 2010-10-08 09:00 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-08-30 08:40 . 2012-08-30 08:40 429416 ----a-w- c:\windows\system32\nvStreaming.exe
2012-08-21 09:13 . 2011-06-30 14:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2011-01-16 16:27 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2011-01-16 16:27 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2011-01-16 16:27 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2011-01-16 16:27 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2011-01-16 16:27 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2011-01-16 16:27 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2011-01-16 16:27 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-10 16:28 . 2011-05-19 19:55 2829 ----a-w- c:\windows\War3Unin.pif
2012-08-10 16:28 . 2011-05-19 19:55 126976 ----a-w- c:\windows\War3Unin.exe
2012-08-01 22:51 . 2012-08-24 23:55 7023536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13EF02FA-28EC-4BB2-91FB-B856F06B5A0A}\mpengine.dll
2012-07-10 02:48 . 2012-07-10 02:48 35560 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"Clownfish"="" [BU]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-08-21 4282728]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-10-09 273528]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2012-9-29 91440]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2012-9-29 805392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^eBoostr Control Panel.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\eBoostr Control Panel.lnk
backup=c:\windows\pss\eBoostr Control Panel.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk]
backup=c:\windows\pss\GamePark klient 2.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Pocitac^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
backup=c:\windows\pss\hamachi.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 04:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2012-03-09 14:26 1073312 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
2008-07-22 12:53 77824 ----a-w- c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 19:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-04-11 09:54 3672384 ----a-w- d:\daemon tools lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-03-28 21:11 3325952 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN]
2012-03-15 08:15 347008 ----a-w- c:\programdata\GameXN\GameXNGO.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN (news)]
2012-03-15 08:15 347008 ----a-w- c:\programdata\GameXN\GameXNGO.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN (update)]
2012-03-15 08:15 347008 ----a-w- c:\programdata\GameXN\GameXNGO.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-18 05:52 136176 ----atw- c:\users\Pocitac\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2012-02-06 18:38 127040 ----a-w- c:\program files\ICQ7.7\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 03:09 421736 ----a-w- c:\itunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-08-29 10:03 1996200 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OscarEditor]
2010-07-22 12:18 2636800 ----a-w- c:\program files\OSCAR Editor X7\OscarEditor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2012-06-03 14:51 3089488 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2012-06-11 09:28 10996368 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\steam\Steam.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-10-09 15:04 273528 ----a-w- c:\program files\real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-05-11 07:35 880496 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 19:51]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-16 16:27]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-16 16:27]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-27934734-3223811039-417756276-1000Core.job
- c:\users\Pocitac\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-03 05:52]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-27934734-3223811039-417756276-1000UA.job
- c:\users\Pocitac\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-03 05:52]
.
2012-10-07 c:\windows\Tasks\ReclaimerUpdateFiles_Pocitac.job
- c:\users\Pocitac\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-22 11:03]
.
2012-10-07 c:\windows\Tasks\ReclaimerUpdateXML_Pocitac.job
- c:\users\Pocitac\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-22 11:03]
.
2012-10-07 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Pocitac.job
- c:\users\Pocitac\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-22 11:03]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com;*.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
WebBrowser-{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - (no file)
MSConfigStartUp-LogMeIn GUI - d:\logmein\x86\LogMeInSystray.exe
MSConfigStartUp-MSIAfterburner - c:\msi afterburner\MSIAfterburnerWrapper.exe
MSConfigStartUp-NetLimiter - d:\netlimiter 3\NLClientApp.exe
MSConfigStartUp-OpwareSE4 - d:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe
AddRemove-4Story_CZ_is1 - c:\4story_cz\unins000.exe
AddRemove-5513-1208-7298-9440-2 - c:\jdownloader\JDUninstall.exe
AddRemove-Afterburner - c:\msi afterburner\uninstall.exe
AddRemove-ARMA 2 REINFORCEMENTS - d:\arma 2\UnInstall_OA.exe
AddRemove-BattlEye A2 Free - d:\arma 2 freebattleye\UnInstallBE.exe
AddRemove-BattlEye for OA - c:\arma 2 coexpansion\BattlEye\UnInstallBE.exe
AddRemove-Call of Duty Modern Warfare 2_is1 - d:\modern warfare 2\unins000.exe
AddRemove-Drakensang Online - c:\program files\Drakensang Online\Uninstall.exe
AddRemove-eBoostr 1 - d:\eboostr\uninstall.exe
AddRemove-Fallout New Vegas_is1 - d:\fallout new vegas\unins000.exe
AddRemove-Hidden & Dangerous 2 Patch - d:\hidden & dangerous 2\\patch-uninst.exe
AddRemove-Mozilla Firefox 9.0.1 (x86 cs) - c:\mozilla firefox\uninstall\helper.exe
AddRemove-MTA:SA 1.3 - d:\mtasa\Uninstall.exe
AddRemove-PrecisionX - d:\evga precision x\uninstall.exe
AddRemove-rFactor - d:\rfactor\Uninstall.exe
AddRemove-RivaTuner - c:\rivatuner v2.24 msi master overclocking arena 2009 edition\uninstall.exe
AddRemove-Saints Row The Third_is1 - c:\saints row the third\unins000.exe
AddRemove-Steam App 1840 - c:\steam\steam.exe
AddRemove-Steam App 218 - c:\steam\steam.exe
AddRemove-Usbfix - c:\usbfix\Un-UsbFix.exe
AddRemove-Video Card Stability Test - c:\video card stability test\uninstall.exe
AddRemove-ZModeler - c:\users\Pocitac\Desktop\ZModeler\zmuninst.exe
AddRemove-ZModeler ver 2.2.2 (Build 964)_is1 - c:\users\Pocitac\Desktop\ZModeler\unins000.exe
AddRemove-{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1 - c:\msi kombustor (dx11)\unins000.exe
AddRemove-{1EAC1D02-C6AC-4FA6-9A44-96258C37C813}_is1 - d:\world_of_warplanes\unins000.exe
AddRemove-{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1 - d:\need for speed world\unins000.exe
AddRemove-{909F8EBC-EC7F-48FF-0085-475D818F0F31} - d:\need for speed underground 2\EAUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-07 20:05
Windows 6.0.6001 Service Pack 1 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-27934734-3223811039-417756276-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C2B3D5CC-AFA5-011C-48B4-7E96BE851FA5}*]
"jabjkleacfdmckleggch"=hex:66,61,63,63,69,6e,6b,64,6e,70,6c,68,00,00
"pajhnoggmnfbfmkmljfpicpdgjfpkdgo"=hex:65,61,63,63,6a,6e,61,65,67,6e,00,68
"habjkleacfdmckle"=hex:6e,62,63,63,63,6f,62,64,68,70,6d,65,6d,6d,6c,6f,68,69,
68,6b,6c,66,65,68,6e,63,6b,6f,6b,66,67,69,68,70,61,61,6a,6f,69,67,62,65,66,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3704)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\eappcfg.dll
.
Celkový čas: 2012-10-07 20:07:37
ComboFix-quarantined-files.txt 2012-10-07 18:07
ComboFix2.txt 2012-08-16 10:49
.
Před spuštěním: Volných bajtů: 28 955 570 176
Po spuštění: Volných bajtů: 32 474 501 120
.
- - End Of File - - 40E42B078A072D6DD1B7DD0B3F3C0FB4
ComboFix 12-10-04.02 - Pocitac 07.10.2012 19:55:19.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2047.1230 [GMT 2:00]
Spuštěný z: c:\users\Pocitac\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-07 do 2012-10-07 )))))))))))))))))))))))))))))))
.
.
2012-10-07 18:05 . 2012-10-07 18:05 -------- d-----w- c:\users\Pocitac\AppData\Local\temp
2012-10-07 18:05 . 2012-10-07 18:05 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-10-07 18:05 . 2012-10-07 18:05 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-10-07 18:05 . 2012-10-07 18:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-05 22:41 . 2012-10-05 22:41 -------- d-----w- c:\program files\REVisionEffects
2012-10-05 22:27 . 2012-10-05 22:27 -------- d-----w- c:\users\Pocitac\AppData\Roaming\Image-Line
2012-10-05 20:09 . 2012-10-05 20:09 -------- d-----w- c:\programdata\Hotspot Shield
2012-10-05 20:09 . 2012-10-06 13:29 -------- d-----w- c:\program files\Hotspot Shield
2012-10-04 16:49 . 2012-10-04 19:09 -------- d-----w- c:\users\Pocitac\AppData\Roaming\wargaming.net
2012-10-03 16:45 . 2012-10-03 16:45 -------- d-----w- c:\users\Pocitac\AppData\Local\Razer
2012-10-03 16:44 . 2012-10-03 16:44 -------- d-----w- c:\programdata\Razer
2012-10-02 13:54 . 2012-10-02 13:54 -------- d-----w- c:\users\Pocitac\AppData\Roaming\.techniclauncher
2012-10-01 17:44 . 2012-10-01 17:44 -------- d-----w- c:\program files\Microsoft Works
2012-10-01 17:40 . 2012-10-01 17:40 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-09-29 09:15 . 2012-09-29 09:15 -------- d-----w- c:\users\Pocitac\AppData\Roaming\Logitech
2012-09-29 09:14 . 2012-09-29 09:14 130208 ------r- c:\windows\bwUnin-8.1.1.87-8876480SL.exe
2012-09-29 09:14 . 2003-11-10 16:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2012-09-29 09:14 . 2003-11-10 16:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2012-09-29 09:10 . 2012-09-29 09:10 -------- d-----w- c:\programdata\LogiShrd
2012-09-26 15:14 . 2012-09-26 15:15 -------- d-----w- c:\users\Pocitac\AppData\Roaming\SPORE
2012-09-26 14:46 . 2012-09-26 15:04 -------- d-----w- C:\Spore
2012-09-23 07:19 . 2012-10-05 21:17 -------- d-----w- C:\videa
2012-09-22 19:41 . 2012-09-27 15:36 189472 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-09-22 19:41 . 2012-09-22 19:42 189472 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-09-22 15:57 . 2012-09-22 15:57 -------- d-----w- c:\users\Pocitac\AppData\Roaming\LolClient
2012-09-22 13:56 . 2012-09-22 14:42 -------- d-----w- C:\Battlefield 2
2012-09-22 11:09 . 2012-09-22 11:09 -------- d-----w- c:\program files\Common Files\Skype
2012-09-22 10:49 . 2012-09-22 10:49 -------- d-----w- C:\LoL
2012-09-19 15:36 . 2012-09-19 15:36 -------- d--h--w- c:\windows\PIF
2012-09-17 15:10 . 2012-10-06 20:54 -------- d-----w- c:\users\Pocitac\AppData\Local\IW4M
2012-09-17 13:58 . 2012-09-17 13:58 -------- d-----w- C:\temp
2012-09-17 13:55 . 2012-07-03 15:25 28008 ----a-w- c:\windows\system32\nvhdap32.dll
2012-09-17 13:55 . 2012-07-03 15:25 149352 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2012-09-17 13:55 . 2012-08-30 19:13 6109032 ----a-w- c:\windows\system32\nvopencl.dll
2012-09-17 13:55 . 2012-08-30 19:13 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-09-17 13:55 . 2012-08-30 19:13 19828584 ----a-w- c:\windows\system32\nvoglv32.dll
2012-09-17 13:55 . 2012-08-30 19:13 12465512 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-09-17 13:55 . 2012-08-30 19:13 10790760 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-09-17 13:55 . 2012-08-30 19:13 7626088 ----a-w- c:\windows\system32\nvcuda.dll
2012-09-17 13:55 . 2012-08-30 19:13 2573672 ----a-w- c:\windows\system32\nvcuvid.dll
2012-09-17 13:55 . 2012-08-30 19:13 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-09-17 13:55 . 2012-08-30 19:13 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-09-16 16:32 . 2012-09-26 17:19 -------- d-----w- C:\Rockstar Games
2012-09-16 09:32 . 2012-09-16 09:32 -------- d-----w- c:\users\Pocitac\AppData\Roaming\Kalydo
2012-09-11 14:38 . 2012-09-11 14:38 -------- d-----w- c:\users\Pocitac\AppData\Roaming\Need for Speed World
2012-09-07 22:29 . 2012-09-07 22:29 -------- d-----w- c:\windows\system32\RTCOM
2012-09-07 21:56 . 2012-09-07 22:07 -------- d-----w- c:\users\UpdatusUser
2012-09-07 21:55 . 2012-10-07 17:35 -------- d-----w- c:\programdata\NVIDIA
2012-09-07 21:55 . 2012-08-30 15:57 645992 ----a-w- c:\windows\system32\nvvsvc.exe
2012-09-07 21:55 . 2012-08-30 15:57 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-09-07 21:55 . 2012-08-30 15:57 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-09-07 21:55 . 2012-08-30 15:57 3963240 ----a-w- c:\windows\system32\nvcpl.dll
2012-09-07 21:55 . 2012-08-30 15:57 2836840 ----a-w- c:\windows\system32\nvsvc.dll
2012-09-07 21:52 . 2012-07-03 07:37 884072 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2012-09-07 21:52 . 2012-08-30 19:13 2422120 ----a-w- c:\windows\system32\nvapi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-27 15:37 . 2011-02-08 13:54 138168 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-09-27 15:36 . 2011-02-08 14:00 189472 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-09-21 19:51 . 2012-03-30 11:06 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 19:51 . 2011-10-28 13:34 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 22:28 . 2011-01-29 10:18 319456 ----a-w- c:\windows\DIFxAPI.dll
2012-09-01 09:24 . 2011-08-27 10:15 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-08-30 19:13 . 2012-02-09 20:43 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-08-30 19:13 . 2010-10-08 01:18 15291752 ----a-w- c:\windows\system32\nvd3dum.dll
2012-08-30 15:57 . 2010-10-08 09:00 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-08-30 08:40 . 2012-08-30 08:40 429416 ----a-w- c:\windows\system32\nvStreaming.exe
2012-08-21 09:13 . 2011-06-30 14:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2011-01-16 16:27 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2011-01-16 16:27 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2011-01-16 16:27 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2011-01-16 16:27 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2011-01-16 16:27 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2011-01-16 16:27 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2011-01-16 16:27 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-10 16:28 . 2011-05-19 19:55 2829 ----a-w- c:\windows\War3Unin.pif
2012-08-10 16:28 . 2011-05-19 19:55 126976 ----a-w- c:\windows\War3Unin.exe
2012-08-01 22:51 . 2012-08-24 23:55 7023536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13EF02FA-28EC-4BB2-91FB-B856F06B5A0A}\mpengine.dll
2012-07-10 02:48 . 2012-07-10 02:48 35560 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"Clownfish"="" [BU]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-08-21 4282728]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-10-09 273528]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2012-9-29 91440]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2012-9-29 805392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^eBoostr Control Panel.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\eBoostr Control Panel.lnk
backup=c:\windows\pss\eBoostr Control Panel.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk]
backup=c:\windows\pss\GamePark klient 2.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Pocitac^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
backup=c:\windows\pss\hamachi.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 04:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2012-03-09 14:26 1073312 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
2008-07-22 12:53 77824 ----a-w- c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 19:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-04-11 09:54 3672384 ----a-w- d:\daemon tools lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-03-28 21:11 3325952 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN]
2012-03-15 08:15 347008 ----a-w- c:\programdata\GameXN\GameXNGO.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN (news)]
2012-03-15 08:15 347008 ----a-w- c:\programdata\GameXN\GameXNGO.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN (update)]
2012-03-15 08:15 347008 ----a-w- c:\programdata\GameXN\GameXNGO.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-18 05:52 136176 ----atw- c:\users\Pocitac\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2012-02-06 18:38 127040 ----a-w- c:\program files\ICQ7.7\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 03:09 421736 ----a-w- c:\itunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-08-29 10:03 1996200 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OscarEditor]
2010-07-22 12:18 2636800 ----a-w- c:\program files\OSCAR Editor X7\OscarEditor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2012-06-03 14:51 3089488 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2012-06-11 09:28 10996368 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\steam\Steam.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-10-09 15:04 273528 ----a-w- c:\program files\real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-05-11 07:35 880496 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 19:51]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-16 16:27]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-16 16:27]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-27934734-3223811039-417756276-1000Core.job
- c:\users\Pocitac\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-03 05:52]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-27934734-3223811039-417756276-1000UA.job
- c:\users\Pocitac\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-03 05:52]
.
2012-10-07 c:\windows\Tasks\ReclaimerUpdateFiles_Pocitac.job
- c:\users\Pocitac\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-22 11:03]
.
2012-10-07 c:\windows\Tasks\ReclaimerUpdateXML_Pocitac.job
- c:\users\Pocitac\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-22 11:03]
.
2012-10-07 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Pocitac.job
- c:\users\Pocitac\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-22 11:03]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com;*.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
WebBrowser-{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - (no file)
MSConfigStartUp-LogMeIn GUI - d:\logmein\x86\LogMeInSystray.exe
MSConfigStartUp-MSIAfterburner - c:\msi afterburner\MSIAfterburnerWrapper.exe
MSConfigStartUp-NetLimiter - d:\netlimiter 3\NLClientApp.exe
MSConfigStartUp-OpwareSE4 - d:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe
AddRemove-4Story_CZ_is1 - c:\4story_cz\unins000.exe
AddRemove-5513-1208-7298-9440-2 - c:\jdownloader\JDUninstall.exe
AddRemove-Afterburner - c:\msi afterburner\uninstall.exe
AddRemove-ARMA 2 REINFORCEMENTS - d:\arma 2\UnInstall_OA.exe
AddRemove-BattlEye A2 Free - d:\arma 2 freebattleye\UnInstallBE.exe
AddRemove-BattlEye for OA - c:\arma 2 coexpansion\BattlEye\UnInstallBE.exe
AddRemove-Call of Duty Modern Warfare 2_is1 - d:\modern warfare 2\unins000.exe
AddRemove-Drakensang Online - c:\program files\Drakensang Online\Uninstall.exe
AddRemove-eBoostr 1 - d:\eboostr\uninstall.exe
AddRemove-Fallout New Vegas_is1 - d:\fallout new vegas\unins000.exe
AddRemove-Hidden & Dangerous 2 Patch - d:\hidden & dangerous 2\\patch-uninst.exe
AddRemove-Mozilla Firefox 9.0.1 (x86 cs) - c:\mozilla firefox\uninstall\helper.exe
AddRemove-MTA:SA 1.3 - d:\mtasa\Uninstall.exe
AddRemove-PrecisionX - d:\evga precision x\uninstall.exe
AddRemove-rFactor - d:\rfactor\Uninstall.exe
AddRemove-RivaTuner - c:\rivatuner v2.24 msi master overclocking arena 2009 edition\uninstall.exe
AddRemove-Saints Row The Third_is1 - c:\saints row the third\unins000.exe
AddRemove-Steam App 1840 - c:\steam\steam.exe
AddRemove-Steam App 218 - c:\steam\steam.exe
AddRemove-Usbfix - c:\usbfix\Un-UsbFix.exe
AddRemove-Video Card Stability Test - c:\video card stability test\uninstall.exe
AddRemove-ZModeler - c:\users\Pocitac\Desktop\ZModeler\zmuninst.exe
AddRemove-ZModeler ver 2.2.2 (Build 964)_is1 - c:\users\Pocitac\Desktop\ZModeler\unins000.exe
AddRemove-{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1 - c:\msi kombustor (dx11)\unins000.exe
AddRemove-{1EAC1D02-C6AC-4FA6-9A44-96258C37C813}_is1 - d:\world_of_warplanes\unins000.exe
AddRemove-{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1 - d:\need for speed world\unins000.exe
AddRemove-{909F8EBC-EC7F-48FF-0085-475D818F0F31} - d:\need for speed underground 2\EAUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-07 20:05
Windows 6.0.6001 Service Pack 1 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-27934734-3223811039-417756276-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C2B3D5CC-AFA5-011C-48B4-7E96BE851FA5}*]
"jabjkleacfdmckleggch"=hex:66,61,63,63,69,6e,6b,64,6e,70,6c,68,00,00
"pajhnoggmnfbfmkmljfpicpdgjfpkdgo"=hex:65,61,63,63,6a,6e,61,65,67,6e,00,68
"habjkleacfdmckle"=hex:6e,62,63,63,63,6f,62,64,68,70,6d,65,6d,6d,6c,6f,68,69,
68,6b,6c,66,65,68,6e,63,6b,6f,6b,66,67,69,68,70,61,61,6a,6f,69,67,62,65,66,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3704)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\eappcfg.dll
.
Celkový čas: 2012-10-07 20:07:37
ComboFix-quarantined-files.txt 2012-10-07 18:07
ComboFix2.txt 2012-08-16 10:49
.
Před spuštěním: Volných bajtů: 28 955 570 176
Po spuštění: Volných bajtů: 32 474 501 120
.
- - End Of File - - 40E42B078A072D6DD1B7DD0B3F3C0FB4
Re: skype virus
Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: DDS:: uProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com;*.local uURLSearchHooks: <No Name>: - LocalServer32 - <no file> uURLSearchHooks: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - <orphaned> mURLSearchHooks: {855F3B16-6D32-4fe6-8A56-BBB695989046} - <orphaned> mURLSearchHooks: <No Name>: - LocalServer32 - <no file> mRun: [TkBellExe] Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"=- [-HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk] [-HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] [-HKLM\~\startupfolder\C:^Users^Pocitac^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN (news)] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN (update)] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OscarEditor] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid] RegNull:: [HKEY_USERS\S-1-5-21-27934734-3223811039-417756276-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C2B3D5CC-AFA5-011C-48B4-7E96BE851FA5}*] RegLock:: [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] File:: C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-27934734-3223811039-417756276-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-27934734-3223811039-417756276-1000UA.job C:\Windows\tasks\ReclaimerUpdateFiles_Pocitac.job C:\Windows\tasks\ReclaimerUpdateXML_Pocitac.job C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Pocitac.job ClearJavaCache:: Reboot::- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: skype virus
log z combofixu ComboFix 12-10-04.02 - Pocitac 08.10.2012 15:13:55.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2047.964 [GMT 2:00]
Spuštěný z: c:\users\Pocitac\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Pocitac\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\tasks\Adobe Flash Player Updater.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-27934734-3223811039-417756276-1000Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-27934734-3223811039-417756276-1000UA.job"
"c:\windows\tasks\ReclaimerUpdateFiles_Pocitac.job"
"c:\windows\tasks\ReclaimerUpdateXML_Pocitac.job"
"c:\windows\tasks\RNUpgradeHelperLogonPrompt_Pocitac.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-08 do 2012-10-08 )))))))))))))))))))))))))))))))
.
.
2012-10-08 13:23 . 2012-10-08 13:26 -------- d-----w- c:\users\Pocitac\AppData\Local\temp
2012-10-08 13:23 . 2012-10-08 13:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-08 13:23 . 2012-10-08 13:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-10-08 13:23 . 2012-10-08 13:23 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-10-08 13:23 . 2012-10-08 13:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-05 22:41 . 2012-10-05 22:41 -------- d-----w- c:\program files\REVisionEffects
2012-10-05 22:27 . 2012-10-05 22:27 -------- d-----w- c:\users\Pocitac\AppData\Roaming\Image-Line
2012-10-05 20:09 . 2012-10-05 20:09 -------- d-----w- c:\programdata\Hotspot Shield
2012-10-05 20:09 . 2012-10-06 13:29 -------- d-----w- c:\program files\Hotspot Shield
2012-10-04 16:49 . 2012-10-04 19:09 -------- d-----w- c:\users\Pocitac\AppData\Roaming\wargaming.net
2012-10-03 16:45 . 2012-10-03 16:45 -------- d-----w- c:\users\Pocitac\AppData\Local\Razer
2012-10-03 16:44 . 2012-10-03 16:44 -------- d-----w- c:\programdata\Razer
2012-10-02 13:54 . 2012-10-02 13:54 -------- d-----w- c:\users\Pocitac\AppData\Roaming\.techniclauncher
2012-10-01 17:44 . 2012-10-01 17:44 -------- d-----w- c:\program files\Microsoft Works
2012-10-01 17:40 . 2012-10-01 17:40 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-09-29 09:15 . 2012-09-29 09:15 -------- d-----w- c:\users\Pocitac\AppData\Roaming\Logitech
2012-09-29 09:14 . 2012-09-29 09:14 130208 ------r- c:\windows\bwUnin-8.1.1.87-8876480SL.exe
2012-09-29 09:14 . 2003-11-10 16:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2012-09-29 09:14 . 2003-11-10 16:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2012-09-29 09:10 . 2012-09-29 09:10 -------- d-----w- c:\programdata\LogiShrd
2012-09-26 15:14 . 2012-09-26 15:15 -------- d-----w- c:\users\Pocitac\AppData\Roaming\SPORE
2012-09-26 14:46 . 2012-09-26 15:04 -------- d-----w- C:\Spore
2012-09-23 07:19 . 2012-10-05 21:17 -------- d-----w- C:\videa
2012-09-22 19:41 . 2012-09-27 15:36 189472 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-09-22 19:41 . 2012-09-22 19:42 189472 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-09-22 15:57 . 2012-09-22 15:57 -------- d-----w- c:\users\Pocitac\AppData\Roaming\LolClient
2012-09-22 13:56 . 2012-09-22 14:42 -------- d-----w- C:\Battlefield 2
2012-09-22 11:09 . 2012-09-22 11:09 -------- d-----w- c:\program files\Common Files\Skype
2012-09-22 10:49 . 2012-09-22 10:49 -------- d-----w- C:\LoL
2012-09-19 15:36 . 2012-09-19 15:36 -------- d--h--w- c:\windows\PIF
2012-09-17 15:10 . 2012-10-06 20:54 -------- d-----w- c:\users\Pocitac\AppData\Local\IW4M
2012-09-17 13:58 . 2012-09-17 13:58 -------- d-----w- C:\temp
2012-09-17 13:55 . 2012-07-03 15:25 28008 ----a-w- c:\windows\system32\nvhdap32.dll
2012-09-17 13:55 . 2012-07-03 15:25 149352 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2012-09-17 13:55 . 2012-08-30 19:13 6109032 ----a-w- c:\windows\system32\nvopencl.dll
2012-09-17 13:55 . 2012-08-30 19:13 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-09-17 13:55 . 2012-08-30 19:13 19828584 ----a-w- c:\windows\system32\nvoglv32.dll
2012-09-17 13:55 . 2012-08-30 19:13 12465512 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-09-17 13:55 . 2012-08-30 19:13 10790760 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-09-17 13:55 . 2012-08-30 19:13 7626088 ----a-w- c:\windows\system32\nvcuda.dll
2012-09-17 13:55 . 2012-08-30 19:13 2573672 ----a-w- c:\windows\system32\nvcuvid.dll
2012-09-17 13:55 . 2012-08-30 19:13 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-09-17 13:55 . 2012-08-30 19:13 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-09-16 16:32 . 2012-09-26 17:19 -------- d-----w- C:\Rockstar Games
2012-09-16 09:32 . 2012-09-16 09:32 -------- d-----w- c:\users\Pocitac\AppData\Roaming\Kalydo
2012-09-11 14:38 . 2012-09-11 14:38 -------- d-----w- c:\users\Pocitac\AppData\Roaming\Need for Speed World
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-27 15:37 . 2011-02-08 13:54 138168 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-09-27 15:36 . 2011-02-08 14:00 189472 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-09-21 19:51 . 2012-03-30 11:06 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 19:51 . 2011-10-28 13:34 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 22:28 . 2011-01-29 10:18 319456 ----a-w- c:\windows\DIFxAPI.dll
2012-09-01 09:24 . 2011-08-27 10:15 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-08-30 19:13 . 2012-09-07 21:52 2422120 ----a-w- c:\windows\system32\nvapi.dll
2012-08-30 19:13 . 2012-02-09 20:43 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-08-30 19:13 . 2010-10-08 01:18 15291752 ----a-w- c:\windows\system32\nvd3dum.dll
2012-08-30 15:57 . 2012-09-07 21:55 645992 ----a-w- c:\windows\system32\nvvsvc.exe
2012-08-30 15:57 . 2012-09-07 21:55 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-08-30 15:57 . 2012-09-07 21:55 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-08-30 15:57 . 2010-10-08 09:00 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-08-30 15:57 . 2012-09-07 21:55 3963240 ----a-w- c:\windows\system32\nvcpl.dll
2012-08-30 15:57 . 2012-09-07 21:55 2836840 ----a-w- c:\windows\system32\nvsvc.dll
2012-08-30 08:40 . 2012-08-30 08:40 429416 ----a-w- c:\windows\system32\nvStreaming.exe
2012-08-21 09:13 . 2011-06-30 14:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2011-01-16 16:27 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2011-01-16 16:27 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2011-01-16 16:27 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2011-01-16 16:27 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2011-01-16 16:27 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2011-01-16 16:27 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2011-01-16 16:27 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-10 16:28 . 2011-05-19 19:55 2829 ----a-w- c:\windows\War3Unin.pif
2012-08-10 16:28 . 2011-05-19 19:55 126976 ----a-w- c:\windows\War3Unin.exe
2012-08-01 22:51 . 2012-08-24 23:55 7023536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13EF02FA-28EC-4BB2-91FB-B856F06B5A0A}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"Clownfish"="" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-08-21 4282728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2012-9-29 91440]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2012-9-29 805392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^eBoostr Control Panel.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\eBoostr Control Panel.lnk
backup=c:\windows\pss\eBoostr Control Panel.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
2008-07-22 12:53 77824 ----a-w- c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 19:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2012-06-11 09:28 10996368 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 19:51]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-16 16:27]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-16 16:27]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-27934734-3223811039-417756276-1000Core.job
- c:\users\Pocitac\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-03 05:52]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-27934734-3223811039-417756276-1000UA.job
- c:\users\Pocitac\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-03 05:52]
.
2012-10-07 c:\windows\Tasks\ReclaimerUpdateFiles_Pocitac.job
- c:\users\Pocitac\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-22 11:03]
.
2012-10-07 c:\windows\Tasks\ReclaimerUpdateXML_Pocitac.job
- c:\users\Pocitac\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-22 11:03]
.
2012-10-08 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Pocitac.job
- c:\users\Pocitac\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-22 11:03]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com;*.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-08 15:26
Windows 6.0.6001 Service Pack 1 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3740)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\et master server proxy service\ETMSProxy.exe
c:\program files\LogMeIn Hamachi\hamachi-2.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Hotspot Shield\bin\hsswd.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\program files\TeamViewer\Version7\TeamViewer_Service.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
.
**************************************************************************
.
Celkový čas: 2012-10-08 15:29:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-08 13:29
ComboFix2.txt 2012-10-07 18:07
ComboFix3.txt 2012-08-16 10:49
.
Před spuštěním: Volných bajtů: 33 248 006 144
Po spuštění: Volných bajtů: 33 108 721 664
.
- - End Of File - - 46082B77EC74AB40851C7BD5E908F6A2
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2047.964 [GMT 2:00]
Spuštěný z: c:\users\Pocitac\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Pocitac\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\tasks\Adobe Flash Player Updater.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-27934734-3223811039-417756276-1000Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-27934734-3223811039-417756276-1000UA.job"
"c:\windows\tasks\ReclaimerUpdateFiles_Pocitac.job"
"c:\windows\tasks\ReclaimerUpdateXML_Pocitac.job"
"c:\windows\tasks\RNUpgradeHelperLogonPrompt_Pocitac.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-08 do 2012-10-08 )))))))))))))))))))))))))))))))
.
.
2012-10-08 13:23 . 2012-10-08 13:26 -------- d-----w- c:\users\Pocitac\AppData\Local\temp
2012-10-08 13:23 . 2012-10-08 13:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-08 13:23 . 2012-10-08 13:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-10-08 13:23 . 2012-10-08 13:23 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-10-08 13:23 . 2012-10-08 13:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-05 22:41 . 2012-10-05 22:41 -------- d-----w- c:\program files\REVisionEffects
2012-10-05 22:27 . 2012-10-05 22:27 -------- d-----w- c:\users\Pocitac\AppData\Roaming\Image-Line
2012-10-05 20:09 . 2012-10-05 20:09 -------- d-----w- c:\programdata\Hotspot Shield
2012-10-05 20:09 . 2012-10-06 13:29 -------- d-----w- c:\program files\Hotspot Shield
2012-10-04 16:49 . 2012-10-04 19:09 -------- d-----w- c:\users\Pocitac\AppData\Roaming\wargaming.net
2012-10-03 16:45 . 2012-10-03 16:45 -------- d-----w- c:\users\Pocitac\AppData\Local\Razer
2012-10-03 16:44 . 2012-10-03 16:44 -------- d-----w- c:\programdata\Razer
2012-10-02 13:54 . 2012-10-02 13:54 -------- d-----w- c:\users\Pocitac\AppData\Roaming\.techniclauncher
2012-10-01 17:44 . 2012-10-01 17:44 -------- d-----w- c:\program files\Microsoft Works
2012-10-01 17:40 . 2012-10-01 17:40 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-09-29 09:15 . 2012-09-29 09:15 -------- d-----w- c:\users\Pocitac\AppData\Roaming\Logitech
2012-09-29 09:14 . 2012-09-29 09:14 130208 ------r- c:\windows\bwUnin-8.1.1.87-8876480SL.exe
2012-09-29 09:14 . 2003-11-10 16:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2012-09-29 09:14 . 2003-11-10 16:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2012-09-29 09:10 . 2012-09-29 09:10 -------- d-----w- c:\programdata\LogiShrd
2012-09-26 15:14 . 2012-09-26 15:15 -------- d-----w- c:\users\Pocitac\AppData\Roaming\SPORE
2012-09-26 14:46 . 2012-09-26 15:04 -------- d-----w- C:\Spore
2012-09-23 07:19 . 2012-10-05 21:17 -------- d-----w- C:\videa
2012-09-22 19:41 . 2012-09-27 15:36 189472 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-09-22 19:41 . 2012-09-22 19:42 189472 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-09-22 15:57 . 2012-09-22 15:57 -------- d-----w- c:\users\Pocitac\AppData\Roaming\LolClient
2012-09-22 13:56 . 2012-09-22 14:42 -------- d-----w- C:\Battlefield 2
2012-09-22 11:09 . 2012-09-22 11:09 -------- d-----w- c:\program files\Common Files\Skype
2012-09-22 10:49 . 2012-09-22 10:49 -------- d-----w- C:\LoL
2012-09-19 15:36 . 2012-09-19 15:36 -------- d--h--w- c:\windows\PIF
2012-09-17 15:10 . 2012-10-06 20:54 -------- d-----w- c:\users\Pocitac\AppData\Local\IW4M
2012-09-17 13:58 . 2012-09-17 13:58 -------- d-----w- C:\temp
2012-09-17 13:55 . 2012-07-03 15:25 28008 ----a-w- c:\windows\system32\nvhdap32.dll
2012-09-17 13:55 . 2012-07-03 15:25 149352 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2012-09-17 13:55 . 2012-08-30 19:13 6109032 ----a-w- c:\windows\system32\nvopencl.dll
2012-09-17 13:55 . 2012-08-30 19:13 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-09-17 13:55 . 2012-08-30 19:13 19828584 ----a-w- c:\windows\system32\nvoglv32.dll
2012-09-17 13:55 . 2012-08-30 19:13 12465512 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-09-17 13:55 . 2012-08-30 19:13 10790760 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-09-17 13:55 . 2012-08-30 19:13 7626088 ----a-w- c:\windows\system32\nvcuda.dll
2012-09-17 13:55 . 2012-08-30 19:13 2573672 ----a-w- c:\windows\system32\nvcuvid.dll
2012-09-17 13:55 . 2012-08-30 19:13 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-09-17 13:55 . 2012-08-30 19:13 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-09-16 16:32 . 2012-09-26 17:19 -------- d-----w- C:\Rockstar Games
2012-09-16 09:32 . 2012-09-16 09:32 -------- d-----w- c:\users\Pocitac\AppData\Roaming\Kalydo
2012-09-11 14:38 . 2012-09-11 14:38 -------- d-----w- c:\users\Pocitac\AppData\Roaming\Need for Speed World
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-27 15:37 . 2011-02-08 13:54 138168 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-09-27 15:36 . 2011-02-08 14:00 189472 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-09-21 19:51 . 2012-03-30 11:06 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 19:51 . 2011-10-28 13:34 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 22:28 . 2011-01-29 10:18 319456 ----a-w- c:\windows\DIFxAPI.dll
2012-09-01 09:24 . 2011-08-27 10:15 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-08-30 19:13 . 2012-09-07 21:52 2422120 ----a-w- c:\windows\system32\nvapi.dll
2012-08-30 19:13 . 2012-02-09 20:43 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-08-30 19:13 . 2010-10-08 01:18 15291752 ----a-w- c:\windows\system32\nvd3dum.dll
2012-08-30 15:57 . 2012-09-07 21:55 645992 ----a-w- c:\windows\system32\nvvsvc.exe
2012-08-30 15:57 . 2012-09-07 21:55 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-08-30 15:57 . 2012-09-07 21:55 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-08-30 15:57 . 2010-10-08 09:00 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-08-30 15:57 . 2012-09-07 21:55 3963240 ----a-w- c:\windows\system32\nvcpl.dll
2012-08-30 15:57 . 2012-09-07 21:55 2836840 ----a-w- c:\windows\system32\nvsvc.dll
2012-08-30 08:40 . 2012-08-30 08:40 429416 ----a-w- c:\windows\system32\nvStreaming.exe
2012-08-21 09:13 . 2011-06-30 14:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2011-01-16 16:27 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2011-01-16 16:27 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2011-01-16 16:27 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2011-01-16 16:27 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2011-01-16 16:27 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2011-01-16 16:27 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2011-01-16 16:27 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-10 16:28 . 2011-05-19 19:55 2829 ----a-w- c:\windows\War3Unin.pif
2012-08-10 16:28 . 2011-05-19 19:55 126976 ----a-w- c:\windows\War3Unin.exe
2012-08-01 22:51 . 2012-08-24 23:55 7023536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13EF02FA-28EC-4BB2-91FB-B856F06B5A0A}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"Clownfish"="" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-08-21 4282728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2012-9-29 91440]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2012-9-29 805392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^eBoostr Control Panel.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\eBoostr Control Panel.lnk
backup=c:\windows\pss\eBoostr Control Panel.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
2008-07-22 12:53 77824 ----a-w- c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 19:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2012-06-11 09:28 10996368 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 19:51]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-16 16:27]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-16 16:27]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-27934734-3223811039-417756276-1000Core.job
- c:\users\Pocitac\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-03 05:52]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-27934734-3223811039-417756276-1000UA.job
- c:\users\Pocitac\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-03 05:52]
.
2012-10-07 c:\windows\Tasks\ReclaimerUpdateFiles_Pocitac.job
- c:\users\Pocitac\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-22 11:03]
.
2012-10-07 c:\windows\Tasks\ReclaimerUpdateXML_Pocitac.job
- c:\users\Pocitac\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-22 11:03]
.
2012-10-08 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Pocitac.job
- c:\users\Pocitac\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-22 11:03]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com;*.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-08 15:26
Windows 6.0.6001 Service Pack 1 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3740)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\et master server proxy service\ETMSProxy.exe
c:\program files\LogMeIn Hamachi\hamachi-2.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Hotspot Shield\bin\hsswd.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\program files\TeamViewer\Version7\TeamViewer_Service.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
.
**************************************************************************
.
Celkový čas: 2012-10-08 15:29:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-08 13:29
ComboFix2.txt 2012-10-07 18:07
ComboFix3.txt 2012-08-16 10:49
.
Před spuštěním: Volných bajtů: 33 248 006 144
Po spuštění: Volných bajtů: 33 108 721 664
.
- - End Of File - - 46082B77EC74AB40851C7BD5E908F6A2
Přispějete na provoz fóra?