Policia SR - pocitac zablokovany

Zpráva

knox · #1 Příspěvek od **knox** » 20 dub 2013 13:47

Dobry den, viac krat spominany problem - pocitac zablokovany policiou SR, neslo s nim pohnut ani v safe mode...problem sa podarilo odstranit cez obnovu systemu - prosim o pomoc s vycistenim zbytkov havedi...

Logfile of random's system information tool 1.09 (written by random/random)
Run by samo at 2013-04-20 14:35:52
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 13 GB (9%) free of 143 GB
Total RAM: 2039 MB (64% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4233199993-1420483537-3798122799-1006Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4233199993-1420483537-3798122799-1006UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\samo\AppData\Roaming\Mozilla\Firefox\Profiles\t81o4yao.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://search.conduit.com/?ctid=CT17505 ... hSource=13"
prefs.js - "extensions.enabledItems" - "{e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6, toolbar@ask.com:3.15.2.23037, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:3.8.1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.27"
prefs.js - "keyword.URL" - "http://websearch.ask.com/redirect?clien ... YYYYSK&&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.6.602.180 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
np32dsw.dll
npnul32.dll
nppdf32.dll
ShockwavePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
answers.xml
creativecommons.xml
eBay.xml
google.xml
wikipedia.xml
yahoo.xml

C:\Users\samo\AppData\Roaming\Mozilla\Firefox\Profiles\t81o4yao.default\extensions\
toolbar@ask.com
{20a82645-c095-46ed-80e3-08825760534b}
{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}

C:\Users\samo\AppData\Roaming\Mozilla\Firefox\Profiles\t81o4yao.default\searchplugins\
askcom.xml
conduit.xml
mailru.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2011-08-30 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9BFBA68E-E21B-458E-AE12-FE85E903D2C1}]
AlterGeoBHO Class - C:\Program Files\AlterGeo\AlterGeo Magic Scanner\3.3.2.779\AlterGeo.BrowserPlugin.dll [2011-06-08 282656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-05-04 1519272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\prxtbBS_P.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\prxtbBS_P.dll [2011-05-09 176936]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-05-04 1519272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-09-12 129560]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-09-12 141848]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-09-12 154136]
"Monitor"=C:\Windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
""= []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2011-08-31 40368]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-29 937920]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2012-08-08 348664]
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2012-05-04 1561768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\samo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-26 136176]
"ICQ"=C:\Program Files\ICQ7M\ICQ.exe [2012-05-27 127040]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-29 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2011-08-31 40368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
C:\Program Files\Ask.com\Updater\Updater.exe [2012-05-04 1561768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2007-04-04 165784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Guard.Mail.ru.gui]
C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe /gui []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-06-05 71176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAgent]
C:\Users\samo\AppData\Roaming\Mail.Ru\Agent\MAgent.exe -CU []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-05-07 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-04-20 26192680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-01-12 827392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-11 317128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
oobefldr.dll,ShowWelcomeCenter []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Canon LBP2900 Status Window.lnk]
C:\WINDOWS\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE [2007-01-11 50848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]
C:\PROGRA~1\INTERV~1\DVDCHE~1\DVDCheck.exe [2007-05-23 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-08-24 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"vidc.dvsd"=mcdvd_32.dll
"VIDC.IV41"=IR41_32.AX

======List of files/folders created in the last 1 month======

2013-04-20 14:35:52 ----D---- C:\rsit
2013-04-20 14:35:52 ----D---- C:\Program Files\trend micro
2013-04-20 14:23:53 ----A---- C:\Windows\system32\FNTCACHE.DAT
2013-04-20 14:23:52 ----ASH---- C:\hiberfil.sys
2013-04-18 21:22:02 ----A---- C:\ProgramData\as98213.txt
2013-04-18 21:20:57 ----A---- C:\ProgramData\tbcoqe.dat
2013-04-10 20:53:55 ----A---- C:\Windows\system32\drivers\ntfs.sys
2013-04-10 20:53:51 ----A---- C:\Windows\system32\ntkrnlpa.exe
2013-04-10 20:53:50 ----A---- C:\Windows\system32\smss.exe
2013-04-10 20:53:50 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-04-10 20:53:50 ----A---- C:\Windows\system32\csrsrv.dll
2013-04-10 20:53:46 ----A---- C:\Windows\system32\mshtml.dll
2013-04-10 20:53:45 ----A---- C:\Windows\system32\ieframe.dll
2013-04-10 20:53:44 ----A---- C:\Windows\system32\urlmon.dll
2013-04-10 20:53:44 ----A---- C:\Windows\system32\mshtmled.dll
2013-04-10 20:53:44 ----A---- C:\Windows\system32\msfeeds.dll
2013-04-10 20:53:43 ----A---- C:\Windows\system32\wininet.dll
2013-04-10 20:53:43 ----A---- C:\Windows\system32\url.dll
2013-04-10 20:53:43 ----A---- C:\Windows\system32\mstime.dll
2013-04-10 20:53:43 ----A---- C:\Windows\system32\jsproxy.dll
2013-04-10 20:53:43 ----A---- C:\Windows\system32\ieui.dll
2013-04-10 20:53:43 ----A---- C:\Windows\system32\iertutil.dll
2013-04-10 20:53:43 ----A---- C:\Windows\system32\iepeers.dll
2013-04-10 20:53:42 ----A---- C:\Windows\system32\ieapfltr.dll
2013-04-10 20:53:07 ----A---- C:\Windows\system32\mstscax.dll
2013-04-10 20:53:03 ----A---- C:\Windows\system32\winsrv.dll
2013-04-10 20:52:59 ----A---- C:\Windows\system32\win32k.sys

======List of files/folders modified in the last 1 month======

2013-04-20 14:35:52 ----RD---- C:\Program Files
2013-04-20 14:35:37 ----D---- C:\Windows\Temp
2013-04-20 14:29:57 ----D---- C:\Windows\System32
2013-04-20 14:29:57 ----D---- C:\Windows\inf
2013-04-20 14:29:57 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-04-20 14:26:29 ----D---- C:\Users\samo\AppData\Roaming\ICQ
2013-04-20 14:23:47 ----D---- C:\Windows\system32\wbem
2013-04-20 14:23:47 ----D---- C:\WINDOWS
2013-04-20 14:23:12 ----D---- C:\Windows\system32\config
2013-04-20 14:23:03 ----D---- C:\Windows\Tasks
2013-04-20 14:23:03 ----D---- C:\Windows\system32\spool
2013-04-20 14:23:03 ----D---- C:\Windows\system32\Msdtc
2013-04-20 14:23:03 ----D---- C:\Windows\system32\catroot2
2013-04-20 14:23:02 ----D---- C:\Windows\registration
2013-04-20 14:21:08 ----SHD---- C:\System Volume Information
2013-04-19 18:08:35 ----HD---- C:\ProgramData
2013-04-19 17:37:46 ----D---- C:\Windows\Prefetch
2013-04-19 17:33:18 ----D---- C:\Windows\pss
2013-04-19 06:48:53 ----D---- C:\Windows\SoftwareDistribution
2013-04-19 06:41:42 ----D---- C:\Windows\system32\LogFiles
2013-04-17 00:40:17 ----D---- C:\Windows\Debug
2013-04-11 03:25:09 ----D---- C:\Windows\system32\drivers
2013-04-11 03:25:06 ----D---- C:\Windows\system32\migration
2013-04-11 03:25:06 ----D---- C:\Program Files\Internet Explorer
2013-04-11 03:08:56 ----D---- C:\Windows\winsxs
2013-04-11 03:02:31 ----A---- C:\Windows\system32\mrt.exe
2013-04-10 20:52:52 ----D---- C:\Windows\system32\catroot
2013-04-09 21:06:19 ----D---- C:\Users\samo\AppData\Roaming\Winamp
2013-04-06 15:45:55 ----D---- C:\Users\samo\AppData\Roaming\Skype
2013-04-06 08:03:08 ----D---- C:\Users\samo\AppData\Roaming\skypePM
2013-04-01 20:47:01 ----SHD---- C:\Windows\Installer
2013-04-01 20:46:55 ----D---- C:\Users\samo\AppData\Roaming\Mozilla

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2006-07-24 36528]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-05-02 682232]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2012-05-08 137928]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2011-10-19 36000]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2012-05-08 83392]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 8192]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 188416]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-10-31 165760]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-04-24 16768]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-12-07 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-12-07 207360]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-24 1899008]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-14 2222080]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-01-12 181432]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-12-07 659968]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S3 aq1onmn9;aq1onmn9; C:\Windows\system32\drivers\aq1onmn9.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-02-22 159232]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-24 1899008]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 PAC207;SoC PC-Camera; C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2006-11-02 41064]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2006-11-02 128104]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-06-05 61440]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [2006-05-03 135168]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-28 386560]
S2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2012-05-08 110032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Guard.Mail.ru;Guard.Mail.ru; C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-18 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-17 253656]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-18 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-27 145184]
S3 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-14 87840]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 73728]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2006-04-14 240416]

-----------------EOF-----------------

#2 Příspěvek od **Mc_Murphy** » 20 dub 2013 14:11

Zdravím.

Jako první stáhni AdwCleaner - http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulož jej nejlépe na Plochu.
Ukonči všechny programy!!
Spusť AdwCleaner.
Pokud používáš operační systém Windows Vista či Windows 7, klikni na AdwCleaner pravým myšítkem a dej Run As Administrator či Spustit jako správce.
Klikni na [Delete].
Proběhne scan a pak se objeví log, který bude případně uložen na systémovém disku jako C:\AdwCleaner [S1].txt - jeho obsah mi sem vlož.

knox · #3 Příspěvek od **knox** » 20 dub 2013 15:01

# AdwCleaner v2.200 - Log vytvorený 20/04/2013 o 15:57:13
# Aktualizované 02/04/2013 Xplode
# Operaený systém : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Uživateľ : samo - SAMO-PC
# Spustený systém : Normálny
# Spustené z : C:\Users\samo\Desktop\adwcleaner.exe
# Voľba [Vymaza?]

***** [Služby] *****

***** [Súbory / Adresáre] *****

Adresár Vymazané : C:\Program Files\Ask.com
Adresár Vymazané : C:\Program Files\BS_Player
Adresár Vymazané : C:\Program Files\Conduit
Adresár Vymazané : C:\Users\samo\AppData\Local\Conduit
Adresár Vymazané : C:\Users\samo\AppData\Local\PackageAware
Adresár Vymazané : C:\Users\samo\AppData\LocalLow\AskToolbar
Adresár Vymazané : C:\Users\samo\AppData\LocalLow\BS_Player
Adresár Vymazané : C:\Users\samo\AppData\LocalLow\Conduit
Adresár Vymazané : C:\Users\samo\AppData\Roaming\Mozilla\Firefox\Profiles\t81o4yao.default\ConduitCommon
Adresár Vymazané : C:\Users\samo\AppData\Roaming\Mozilla\Firefox\Profiles\t81o4yao.default\CT1750559
Adresár Vymazané : C:\Users\samo\AppData\Roaming\Mozilla\Firefox\Profiles\t81o4yao.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
Adresár Vymazané : C:\Users\samo\AppData\Roaming\Mozilla\Firefox\Profiles\t81o4yao.default\extensions\toolbar@ask.com
Adresár Vymazané : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Súbor Vymazané : C:\Program Files\Mozilla Firefox\.autoreg
Súbor Vymazané : C:\Users\samo\AppData\Roaming\Mozilla\Firefox\Profiles\t81o4yao.default\searchplugins\Askcom.xml
Súbor Vymazané : C:\Users\samo\AppData\Roaming\Mozilla\Firefox\Profiles\t81o4yao.default\searchplugins\Conduit.xml

***** [Registre] *****

Hodnota Vymazané : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Hodnota Vymazané : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Hodnota Vymazané : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Hodnota Vymazané : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Hodnota Vymazané : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Hodnota Vymazané : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Hodnota Vymazané : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Hodnota Vymazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Kľúe Vymazané : HKCU\Software\APN
Kľúe Vymazané : HKCU\Software\AppDataLow\AskToolbarInfo
Kľúe Vymazané : HKCU\Software\AppDataLow\Software\AskToolbar
Kľúe Vymazané : HKCU\Software\AppDataLow\Software\BS_Player
Kľúe Vymazané : HKCU\Software\AppDataLow\Software\Conduit
Kľúe Vymazané : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Kľúe Vymazané : HKCU\Software\AppDataLow\Toolbar
Kľúe Vymazané : HKCU\Software\Ask.com
Kľúe Vymazané : HKCU\Software\Conduit
Kľúe Vymazané : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Kľúe Vymazané : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Kľúe Vymazané : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Kľúe Vymazané : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Kľúe Vymazané : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Kľúe Vymazané : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BS_Player Toolbar
Kľúe Vymazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Kľúe Vymazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Kľúe Vymazané : HKLM\Software\APN
Kľúe Vymazané : HKLM\Software\AskToolbar
Kľúe Vymazané : HKLM\Software\BS_Player
Kľúe Vymazané : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Kľúe Vymazané : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Kľúe Vymazané : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Kľúe Vymazané : HKLM\SOFTWARE\Classes\CLSID\{055DD326-956C-4827-9467-A172509E81B3}
Kľúe Vymazané : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Kľúe Vymazané : HKLM\SOFTWARE\Classes\CLSID\{91F3F80B-707C-4652-B1B9-FB44D446BF57}
Kľúe Vymazané : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Kľúe Vymazané : HKLM\SOFTWARE\Classes\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Kľúe Vymazané : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Kľúe Vymazané : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Kľúe Vymazané : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Kľúe Vymazané : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Kľúe Vymazané : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Kľúe Vymazané : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Kľúe Vymazané : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Kľúe Vymazané : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Kľúe Vymazané : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Kľúe Vymazané : HKLM\SOFTWARE\Classes\S
Kľúe Vymazané : HKLM\SOFTWARE\Classes\Toolbar.CT1750559
Kľúe Vymazané : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Kľúe Vymazané : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Kľúe Vymazané : HKLM\Software\Conduit
Kľúe Vymazané : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Kľúe Vymazané : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ACA294D5-8A83-4C37-9137-D53A36025C4E}
Kľúe Vymazané : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB68B552-0720-4103-A51B-F555518EF86D}
Kľúe Vymazané : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Kľúe Vymazané : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Kľúe Vymazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Kľúe Vymazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Kľúe Vymazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{055DD326-956C-4827-9467-A172509E81B3}
Kľúe Vymazané : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Kľúe Vymazané : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Kľúe Vymazané : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Kľúe Vymazané : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Kľúe Vymazané : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Kľúe Vymazané : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Kľúe Vymazané : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Kľúe Vymazané : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Kľúe Vymazané : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Kľúe Vymazané : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Kľúe Vymazané : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Kľúe Vymazané : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Kľúe Vymazané : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Kľúe Vymazané : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Kľúe Vymazané : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Kľúe Vymazané : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Kľúe Vymazané : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Kľúe Vymazané : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Kľúe Vymazané : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Kľúe Vymazané : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Kľúe Vymazané : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Kľúe Vymazané : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Kľúe Vymazané : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Kľúe Vymazané : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Kľúe Vymazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Kľúe Vymazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BS_Player Toolbar
Kľúe Vymazané : HKLM\SOFTWARE\Software

***** [Internetové prehliadaee] *****

-\\ Internet Explorer v7.0.6002.18005

Zamenené : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559 --> hxxp://www.google.com

-\\ Mozilla Firefox v3.6.27 (en-US)

Súbor : C:\Users\samo\AppData\Roaming\Mozilla\Firefox\Profiles\t81o4yao.default\prefs.js

Vymazané : user_pref("CT1750559..clientLogIsEnabled", true);
Vymazané : user_pref("CT1750559..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Vymazané : user_pref("CT1750559..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Vymazané : user_pref("CT1750559.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Vymazané : user_pref("CT1750559.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Vymazané : user_pref("CT1750559.AppTrackingLastCheckTime", "Thu Aug 30 2012 22:11:51 GMT+0200");
Vymazané : user_pref("CT1750559.BrowserCompStateIsOpen_129495727276863004", true);
Vymazané : user_pref("CT1750559.BrowserCompStateIsOpen_129502713039250930", true);
Vymazané : user_pref("CT1750559.BrowserCompStateIsOpen_129544988592463877", true);
Vymazané : user_pref("CT1750559.BrowserCompStateIsOpen_129634080503807015", true);
Vymazané : user_pref("CT1750559.CTID", "CT1750559");
Vymazané : user_pref("CT1750559.CurrentServerDate", "6-4-2013");
Vymazané : user_pref("CT1750559.DSChangedManually", false);
Vymazané : user_pref("CT1750559.DSInstall", true);
Vymazané : user_pref("CT1750559.DSProtectChoice", true);
Vymazané : user_pref("CT1750559.DSProtectCount", 5);
Vymazané : user_pref("CT1750559.DialogsAlignMode", "LTR");
Vymazané : user_pref("CT1750559.DialogsGetterLastCheckTime", "Sat Apr 06 2013 00:40:03 GMT+0200");
Vymazané : user_pref("CT1750559.DownloadReferralCookieData", "");
Vymazané : user_pref("CT1750559.FirstServerDate", "22-3-2012");
Vymazané : user_pref("CT1750559.FirstTime", true);
Vymazané : user_pref("CT1750559.FirstTimeFF3", true);
Vymazané : user_pref("CT1750559.FixPageNotFoundErrors", true);
Vymazané : user_pref("CT1750559.GroupingServerCheckInterval", 1440);
Vymazané : user_pref("CT1750559.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Vymazané : user_pref("CT1750559.HPInstall", true);
Vymazané : user_pref("CT1750559.HasUserGlobalKeys", true);
Vymazané : user_pref("CT1750559.HomePageProtectorEnabled", true);
Vymazané : user_pref("CT1750559.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=[...]
Vymazané : user_pref("CT1750559.Initialize", true);
Vymazané : user_pref("CT1750559.InitializeCommonPrefs", true);
Vymazané : user_pref("CT1750559.InstallationAndCookieDataSentCount", 3);
Vymazané : user_pref("CT1750559.InstallationId", "CT1750559_bs_player.exe");
Vymazané : user_pref("CT1750559.InstallationType", "ConduitXPEIntegration");
Vymazané : user_pref("CT1750559.InstalledDate", "Thu Mar 22 2012 21:25:12 GMT+0100");
Vymazané : user_pref("CT1750559.InvalidateCache", false);
Vymazané : user_pref("CT1750559.IsAlertDBUpdated", true);
Vymazané : user_pref("CT1750559.IsGrouping", false);
Vymazané : user_pref("CT1750559.IsInitSetupIni", true);
Vymazané : user_pref("CT1750559.IsMulticommunity", false);
Vymazané : user_pref("CT1750559.IsOpenThankYouPage", false);
Vymazané : user_pref("CT1750559.IsOpenUninstallPage", false);
Vymazané : user_pref("CT1750559.IsProtectorsInit", true);
Vymazané : user_pref("CT1750559.LanguagePackLastCheckTime", "Fri Apr 12 2013 21:45:59 GMT+0200");
Vymazané : user_pref("CT1750559.LanguagePackReloadIntervalMM", 1440);
Vymazané : user_pref("CT1750559.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Vymazané : user_pref("CT1750559.LastLogin_3.8.1.0", "Fri Apr 12 2013 21:46:06 GMT+0200");
Vymazané : user_pref("CT1750559.LatestVersion", "3.18.0.7");
Vymazané : user_pref("CT1750559.Locale", "en-us");
Vymazané : user_pref("CT1750559.MCDetectTooltipHeight", "83");
Vymazané : user_pref("CT1750559.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Vymazané : user_pref("CT1750559.MCDetectTooltipWidth", "295");
Vymazané : user_pref("CT1750559.MyStuffEnabledAtInstallation", true);
Vymazané : user_pref("CT1750559.OriginalFirstVersion", "3.8.1.0");
Vymazané : user_pref("CT1750559.RadioIsPodcast", false);
Vymazané : user_pref("CT1750559.RadioLastCheckTime", "Fri Apr 12 2013 21:45:48 GMT+0200");
Vymazané : user_pref("CT1750559.RadioLastUpdateIPServer", "3");
Vymazané : user_pref("CT1750559.RadioLastUpdateServer", "128929877726170000");
Vymazané : user_pref("CT1750559.RadioMediaID", "11237206");
Vymazané : user_pref("CT1750559.RadioMediaType", "Media Player");
Vymazané : user_pref("CT1750559.RadioMenuSelectedID", "EBRadioMenu_CT175055911237206");
Vymazané : user_pref("CT1750559.RadioShrinkedFromSetup", false);
Vymazané : user_pref("CT1750559.RadioStationName", "1.FM%20Dance");
Vymazané : user_pref("CT1750559.RadioStationURL", "hxxp://dance.1.fm/energydance128k?MSWMExt=.asf");
Vymazané : user_pref("CT1750559.SavedHomepage", "hxxp://google.com");
Vymazané : user_pref("CT1750559.SearchCaption", "BS Player Customized Web Search");
Vymazané : user_pref("CT1750559.SearchEngineBeforeUnload", "BS Player Customized Web Search");
Vymazané : user_pref("CT1750559.SearchFromAddressBarIsInit", true);
Vymazané : user_pref("CT1750559.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT175[...]
Vymazané : user_pref("CT1750559.SearchInNewTabEnabled", true);
Vymazané : user_pref("CT1750559.SearchInNewTabIntervalMM", 1440);
Vymazané : user_pref("CT1750559.SearchInNewTabLastCheckTime", "Fri Apr 12 2013 21:45:47 GMT+0200");
Vymazané : user_pref("CT1750559.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Vymazané : user_pref("CT1750559.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Vymazané : user_pref("CT1750559.SearchProtectorEnabled", false);
Vymazané : user_pref("CT1750559.SearchProtectorToolbarDisabled", false);
Vymazané : user_pref("CT1750559.SendProtectorDataViaLogin", true);
Vymazané : user_pref("CT1750559.ServiceMapLastCheckTime", "Fri Apr 12 2013 21:45:58 GMT+0200");
Vymazané : user_pref("CT1750559.SettingsLastCheckTime", "Fri Apr 12 2013 21:45:46 GMT+0200");
Vymazané : user_pref("CT1750559.SettingsLastUpdate", "1365149542");
Vymazané : user_pref("CT1750559.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13");
Vymazané : user_pref("CT1750559.ThirdPartyComponentsInterval", 504);
Vymazané : user_pref("CT1750559.ThirdPartyComponentsLastCheck", "Sat Apr 06 2013 00:40:01 GMT+0200");
Vymazané : user_pref("CT1750559.ThirdPartyComponentsLastUpdate", "1331805997");
Vymazané : user_pref("CT1750559.ToolbarShrinkedFromSetup", false);
Vymazané : user_pref("CT1750559.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1750559");
Vymazané : user_pref("CT1750559.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Vymazané : user_pref("CT1750559.UserID", "UN58261264207104029");
Vymazané : user_pref("CT1750559.WeatherNetwork", "");
Vymazané : user_pref("CT1750559.WeatherPollDate", "Fri Apr 12 2013 21:45:49 GMT+0200");
Vymazané : user_pref("CT1750559.WeatherUnit", "C");
Vymazané : user_pref("CT1750559.alertChannelId", "31130");
Vymazané : user_pref("CT1750559.backendstorage.amazonnew_all", "323632393538312C323730323637312C3230383237312C3[...]
Vymazané : user_pref("CT1750559.backendstorage.appbuttondisablenull", "30");
Vymazané : user_pref("CT1750559.backendstorage.twitter_v1.8.0_twitter_app_open_t_f", "66616C7365");
Vymazané : user_pref("CT1750559.backendstorage.twitter_v1.9.0_twitter_app_open_t_f", "66616C7365");
Vymazané : user_pref("CT1750559.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Vymazané : user_pref("CT1750559.globalFirstTimeInfoLastCheckTime", "Sat Apr 06 2013 00:40:07 GMT+0200");
Vymazané : user_pref("CT1750559.homepageProtectorEnableByLogin", true);
Vymazané : user_pref("CT1750559.initDone", true);
Vymazané : user_pref("CT1750559.isAppTrackingManagerOn", false);
Vymazané : user_pref("CT1750559.isFirstRadioInstallation", false);
Vymazané : user_pref("CT1750559.myStuffEnabled", true);
Vymazané : user_pref("CT1750559.myStuffPublihserMinWidth", 400);
Vymazané : user_pref("CT1750559.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Vymazané : user_pref("CT1750559.myStuffServiceIntervalMM", 1440);
Vymazané : user_pref("CT1750559.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Vymazané : user_pref("CT1750559.oldAppsList", "128515954179600320,128520273115419467,111,129646277731078772,128[...]
Vymazané : user_pref("CT1750559.revertSettingsEnabled", true);
Vymazané : user_pref("CT1750559.searchProtectorDialogDelayInSec", 10);
Vymazané : user_pref("CT1750559.searchProtectorEnableByLogin", true);
Vymazané : user_pref("CT1750559.testingCtid", "");
Vymazané : user_pref("CT1750559.toolbarAppMetaDataLastCheckTime", "Fri Apr 12 2013 21:46:00 GMT+0200");
Vymazané : user_pref("CT1750559.toolbarContextMenuLastCheckTime", "Sat Apr 06 2013 00:40:03 GMT+0200");
Vymazané : user_pref("CT1750559.usagesFlag", 2);
Vymazané : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT1750559&Search[...]
Vymazané : user_pref("CommunityToolbar.ConduitSearchList", "BS Player Customized Web Search");
Vymazané : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1750559/CT1750559[...]
Vymazané : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/31130/30609/SK", "\"0\"");
Vymazané : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1750559", [...]
Vymazané : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Vymazané : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Vymazané : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Vymazané : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Vymazané : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Vymazané : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Vymazané : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1750559",[...]
Vymazané : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Vymazané : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\samo\\AppData\\Roaming\\Mozilla\\Fi[...]
Vymazané : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");
Vymazané : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://websearch.ask.com/redirect?client[...]
Vymazané : user_pref("CommunityToolbar.ToolbarsList", "CT1750559");
Vymazané : user_pref("CommunityToolbar.ToolbarsList2", "CT1750559");
Vymazané : user_pref("CommunityToolbar.ToolbarsList4", "CT1750559");
Vymazané : user_pref("CommunityToolbar.globalUserId", "eae0e037-c295-4b65-b84d-061a67bacb6d");
Vymazané : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Vymazané : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Vymazané : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1750559");
Vymazané : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Apr 06 2013 00:40:0[...]
Vymazané : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Vymazané : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Apr 12 2013 21:45:55 GMT+020[...]
Vymazané : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Vymazané : user_pref("CommunityToolbar.notifications.locale", "");
Vymazané : user_pref("CommunityToolbar.notifications.loginIntervalMin", 0);
Vymazané : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Apr 12 2013 21:45:47 GMT+0200");
Vymazané : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "");
Vymazané : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Vymazané : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Vymazané : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Vymazané : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Vymazané : user_pref("CommunityToolbar.notifications.userId", "4f69d55c-ad9c-4d98-a781-97edebdc219a");
Vymazané : user_pref("CommunityToolbar.originalHomepage", "hxxp://google.com");
Vymazané : user_pref("CommunityToolbar.originalSearchEngine", "Ask.com");
Vymazané : user_pref("browser.search.defaultengine", "Ask.com");
Vymazané : user_pref("browser.search.defaultenginename", "Ask.com");
Vymazané : user_pref("browser.search.defaultthis.engineName", "BS Player Customized Web Search");
Vymazané : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&Sea[...]
Vymazané : user_pref("browser.search.order.1", "Ask.com");
Vymazané : user_pref("browser.search.selectedEngine", "Ask.com");
Vymazané : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13");
Vymazané : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
Vymazané : user_pref("extensions.asktb.abar-war-timeout", "4000");
Vymazané : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Vymazané : user_pref("extensions.asktb.cbid", "H3");
Vymazané : user_pref("extensions.asktb.config-updated", false);
Vymazané : user_pref("extensions.asktb.crumb", "2011.01.02+14.59.58-toolbar004iad-SK-QnJhdGlzbGF2YSxTbG92YWtpYQ[...]
Vymazané : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://eu.ask.com/web?qsrc={qsrc}&o={o}&l={l[...]
Vymazané : user_pref("extensions.asktb.displaybehavior", "");
Vymazané : user_pref("extensions.asktb.displaytext", "");
Vymazané : user_pref("extensions.asktb.dtid", "YYYYYYYYSK");
Vymazané : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", true);
Vymazané : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://websearch.ask.com/redirect?client=ff&s[...]
Vymazané : user_pref("extensions.asktb.first-launch-url", "hxxp://www.csfd.cz/film/309955-ptaci-paparazzi/galer[...]
Vymazané : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Vymazané : user_pref("extensions.asktb.l", "dis");
Vymazané : user_pref("extensions.asktb.last-config-req", "1339695858284");
Vymazané : user_pref("extensions.asktb.last-v", "3.14.1.100013");
Vymazané : user_pref("extensions.asktb.locale", "en_EU");
Vymazané : user_pref("extensions.asktb.lstation", "");
Vymazané : user_pref("extensions.asktb.new-tab-enabled", true);
Vymazané : user_pref("extensions.asktb.o", "15851");
Vymazané : user_pref("extensions.asktb.pstate", "");
Vymazané : user_pref("extensions.asktb.qsrc", "2871");
Vymazané : user_pref("extensions.asktb.search-suggestions-enabled", true);
Vymazané : user_pref("extensions.asktb.silent-upgrade", true);
Vymazané : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
Vymazané : user_pref("extensions.asktb.socialmini-first", true);
Vymazané : user_pref("extensions.asktb.socialmini-interval", "1200000");
Vymazané : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Vymazané : user_pref("extensions.asktb.socialmini-max-items", "30");
Vymazané : user_pref("extensions.asktb.socialmini-native-on", true);
Vymazané : user_pref("extensions.asktb.socialmini-speed", "5000");
Vymazané : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Vymazané : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=PTV2&o=15851&locale=[...]

-\\ Google Chrome v26.0.1410.64

Súbor : C:\Users\samo\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Súbor je eistý.

-\\ Opera v12.14.1738.0

Súbor : C:\Users\samo\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Súbor je eistý.

*************************

AdwCleaner[S1].txt - [26860 octets] - [20/04/2013 15:57:13]

########## EOF - C:\AdwCleaner[S1].txt - [26921 octets] ##########

#4 Příspěvek od **Mc_Murphy** » 20 dub 2013 16:43

Výborně, veliká spousta sajrajtů a zbytečností smazána, jedeme dál.

Stáhni RogueKiller - http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ulož jej nejlépe na Plochu.
Ukonči všechny programy!
Spusť RogueKiller. Pokud používáš operační systém Windows Vista či Windows 7, klikni na jeho ikonu pravým myšítkem a dej Run As Administrator či Spustit jako správce.
Počkej, než program dokončí Prescan.
Potom klikni na tlačítko [Prohledat] a počkej, až prohlídka proběhne.
Klikni na tlačítko [Zpráva] - otevře se log, ten mi sem vlož.
Detailní postup včetně obrázků najdeš zde: http://forum.viry.cz/viewtopic.php?f=24&t=120452

katzoh · #5 Příspěvek od **katzoh** » 20 dub 2013 19:50

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operačný systém : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spustené v : Normálny režim
Užívateľ : samo [Práva Správcu]
Režim : Kontrola -- Dátum : 04/20/2013 20:42:47
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy : 0 ¤¤¤

¤¤¤ Záznamy Registrov : 3 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=) -> NÁJDENÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NÁJDENÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NÁJDENÉ

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤

¤¤¤ Ovládač : [NAHRATÉ] ¤¤¤
SSDT[75] : NtCreateSection @ 0x82064FA5 -> HOOKED (Unknown @ 0x8A03457E)
SSDT[276] : NtRequestWaitReplyPort @ 0x82077142 -> HOOKED (Unknown @ 0x8A034588)
SSDT[289] : NtSetContextThread @ 0x820C625F -> HOOKED (Unknown @ 0x8A034583)
SSDT[314] : NtSetSecurityObject @ 0x81FF3027 -> HOOKED (Unknown @ 0x8A03458D)
SSDT[332] : NtSystemDebugControl @ 0x8202BEF1 -> HOOKED (Unknown @ 0x8A034592)
SSDT[334] : NtTerminateProcess @ 0x82024173 -> HOOKED (Unknown @ 0x8A03451F)
S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8A0345A6)
S_SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8A0345AB)

¤¤¤ Vonkajšie Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT

¤¤¤ Súbor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHZ2160BH G2 ATA Device +++++
--- User ---
[MBR] e05856589e8ec509b731f2cfd90ab0b7
[BSP] c648bf222bc057dcfc69875180bb5e3c : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 143119 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 293109760 | Size: 7913 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 309323776 | Size: 1589 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: JetFlash Transcend 4GB USB Device +++++
--- User ---
[MBR] 4198b1db41663b612b519a541ede86e6
[BSP] 4b8b702b557e3455c4e0f1b634afd5c4 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 256 | Size: 3839 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončené : << RKreport[1]_S_04202013_02d2042.txt >>
RKreport[1]_S_04202013_02d2042.txt

#6 Příspěvek od **Mc_Murphy** » 20 dub 2013 20:03

Co to je za nick? Máš tu dva nicky?!

katzoh · #7 Příspěvek od **katzoh** » 20 dub 2013 22:03

Prepac nevyznam sa do PC. Zacal to riesit kamarat a uz odisiel, tak pokracujem ja...

knox · #8 Příspěvek od **knox** » 21 dub 2013 07:19

Je to tak...sorry za menší chaos.

#9 Příspěvek od **Mc_Murphy** » 21 dub 2013 10:08

OK, vysvětleno, ale choďte mi sem jen jeden, ať v tom není chaos.

Takže provedeme opravy.

Ukonči všechny programy!
Spusť RogueKiller. Pokud používáš operační systém Windows Vista či Windows 7, klikni na jeho ikonu pravým myšítkem a dej Run As Administrator či Spustit jako správce.
Počkej, než program dokončí Prescan.
Zvol možnost [Prohledat] a počkej, až prohlídka proběhne.
V záložce Registry nech všechny nálezy označeny.
Klikni na tlačítko [Smazat] a následně na [Zpráva] - otevře se log, ten mi sem vlož.
Pak ještě klikni na tlačítko [Oprava Proxy] a potom opět na [Zpráva] - otevře se další log, který mi sem také vlož.

katzoh · #10 Příspěvek od **katzoh** » 21 dub 2013 19:31

Report po zmazani (omylom som to zavrel, vymazal som 2 subory. toto je report po dalsom prehladani):
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operačný systém : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spustené v : Normálny režim
Užívateľ : samo [Práva Správcu]
Režim : Kontrola -- Dátum : 04/21/2013 20:24:22
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy : 0 ¤¤¤

¤¤¤ Záznamy Registrov : 1 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=) -> NÁJDENÉ

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤

¤¤¤ Ovládač : [NAHRATÉ] ¤¤¤
SSDT[75] : NtCreateSection @ 0x82064FA5 -> HOOKED (Unknown @ 0x8A03457E)
SSDT[276] : NtRequestWaitReplyPort @ 0x82077142 -> HOOKED (Unknown @ 0x8A034588)
SSDT[289] : NtSetContextThread @ 0x820C625F -> HOOKED (Unknown @ 0x8A034583)
SSDT[314] : NtSetSecurityObject @ 0x81FF3027 -> HOOKED (Unknown @ 0x8A03458D)
SSDT[332] : NtSystemDebugControl @ 0x8202BEF1 -> HOOKED (Unknown @ 0x8A034592)
SSDT[334] : NtTerminateProcess @ 0x82024173 -> HOOKED (Unknown @ 0x8A03451F)
S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8A0345A6)
S_SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8A0345AB)

¤¤¤ Vonkajšie Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT

¤¤¤ Súbor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHZ2160BH G2 ATA Device +++++
--- User ---
[MBR] e05856589e8ec509b731f2cfd90ab0b7
[BSP] c648bf222bc057dcfc69875180bb5e3c : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 143119 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 293109760 | Size: 7913 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 309323776 | Size: 1589 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: JetFlash Transcend 4GB USB Device +++++
--- User ---
[MBR] 4198b1db41663b612b519a541ede86e6
[BSP] 4b8b702b557e3455c4e0f1b634afd5c4 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 256 | Size: 3839 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončené : << RKreport[3]_S_04212013_02d2024.txt >>
RKreport[1]_S_04202013_02d2042.txt ; RKreport[2]_D_04202013_02d2048.txt ; RKreport[3]_S_04212013_02d2024.txt

Report po oprave proxy:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operačný systém : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spustené v : Normálny režim
Užívateľ : samo [Práva Správcu]
Režim : Oprava Proxy -- Dátum : 04/21/2013 20:25:22
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy : 0 ¤¤¤

¤¤¤ Záznamy Registrov : 1 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=) -> VYMAZANÉ

¤¤¤ Ovládač : [NAHRATÉ] ¤¤¤

¤¤¤ Vonkajšie Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT

Dokončené : << RKreport[4]_PR_04212013_02d2025.txt >>
RKreport[1]_S_04202013_02d2042.txt ; RKreport[2]_D_04202013_02d2048.txt ; RKreport[3]_po smazani.txt ; RKreport[3]_S_04212013_02d2024.txt ; RKreport[4]_PR_04212013_02d2025.txt

#11 Příspěvek od **Mc_Murphy** » 22 dub 2013 13:56

OK, tak jedem dál. Teď to bude složitější, tak si postup pečlivě pročti, případně poznamenej na papír, ať to nezvoráš.

Stáhni RKill z tohoto odkazu - http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havěť blokuje, použij jeden z následujících (i ty přejmenované):
- RKill EXE - http://download.bleepingcomputer.com/grinler/rkill.exe
  RKill iExplore.exe - http://download.bleepingcomputer.com/gr ... xplore.exe
  RKill uSeRiNiT.exe - http://download.bleepingcomputer.com/gr ... eRiNiT.exe
  RKill WiNlOgOn.exe - http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Utilitu ulož nejlépe na Plochu a ukonči všechny aplikace (jinak to RKill udělá za Tebe)!
Spusť dvojklikem - program proběhne téměř okamžitě a ukončí i svou činnost.
RKill ukončí všechny nesystémové procesy - tedy i procesy, pod kterými běží havěť.
Na Ploše vznikne log RKill.txt - ten mi sem vlož.
TEĎ NERESTARTUJ PC - přišel bys o účinek RKillu!!

PROSÍM, ČTI NÁVOD DŮKLADNĚ - TATO UTILITA MÁ VELKOU SCHOPNOST MAZAT A JE NUTNÉ JI APLIKOVAT JEN NA DOPORUČENÍ RÁDCE TOHOTO FÓRA, JINAK TI MŮŽE JÍT SYSTÉM DO KYTEK

Stáhni a ulož na Plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypni všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary apod.
Vypni všechny běžící aplikace - ICQ, Skype, browsery, prostě všechny programy, ať běží pouze ComboFix.
Pokud máš operační systém Windows XP, spusť pod účtem Správce/Administrator.
Pokud máš operační systém Windows Vista či Windows 7, klikni na ComboFix pravým myšítkem a dej Run As Administrator či Spustit jako správce.
Ihned po startu se zobrazí stránka s licenčním ujednáním - pokračuj kliknutím na [Ano].
Pokud Ti ComboFix nabídne instalaci Konzoly pro zotavení, tak souhlas.
Dále postupuj dle pokynů. Během scanu nech PC naprosto v klidu - nespouštěj žádné aplikace a neklikej do zobrazujícího se okna!
Scan by měl trvat cca 10 min, ale pokud bude PC hodne zaneseno, může se čas samozřejmě prodloužit.
Po dokončení scanu a případném restartu ComboFix zobrazí log, který případně najdeš v C:\ComboFix.txt. Jeho obsah mi sem vlož.
Detailní postup včetně obrázků najdeš zde: http://www.bleepingcomputer.com/combofi ... t-combofix

katzoh · #12 Příspěvek od **katzoh** » 22 dub 2013 17:15

ahoj, posielam log z rkill:
Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/22/2013 05:49:25 PM in x86 mode.
Windows Version: Windows Vista (TM) Home Basic Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost

Program finished at: 04/22/2013 05:49:52 PM
Execution time: 0 hours(s), 0 minute(s), and 26 seconds(s)

a log z combofix:

ComboFix 13-04-22.01 - samo . 04. 2013 17:54:53.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.421.1051.18.2039.1166 [GMT 2:00]
Running from: c:\users\samo\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\explorer
c:\program files\explorer\AddressParser\AddressParserConfiguration.xml
c:\program files\explorer\AddressParser\parser_andorra.xml
c:\program files\explorer\AddressParser\parser_austria.xml
c:\program files\explorer\AddressParser\parser_belgium.xml
c:\program files\explorer\AddressParser\parser_canada.xml
c:\program files\explorer\AddressParser\parser_denmark.xml
c:\program files\explorer\AddressParser\parser_france.xml
c:\program files\explorer\AddressParser\parser_germany.xml
c:\program files\explorer\AddressParser\parser_ireland.xml
c:\program files\explorer\AddressParser\parser_italy.xml
c:\program files\explorer\AddressParser\parser_liechtenstein.xml
c:\program files\explorer\AddressParser\parser_luxembourg.xml
c:\program files\explorer\AddressParser\parser_monaco.xml
c:\program files\explorer\AddressParser\parser_netherlands.xml
c:\program files\explorer\AddressParser\parser_norway.xml
c:\program files\explorer\AddressParser\parser_portugal.xml
c:\program files\explorer\AddressParser\parser_spain.xml
c:\program files\explorer\AddressParser\parser_sweden.xml
c:\program files\explorer\AddressParser\parser_switzerland.xml
c:\program files\explorer\AddressParser\parser_uk.xml
c:\program files\explorer\AddressParser\parser_usa.xml
c:\program files\explorer\basemaps\basemaps.de.xml
c:\program files\explorer\basemaps\basemaps.es.xml
c:\program files\explorer\basemaps\basemaps.fr.xml
c:\program files\explorer\basemaps\basemaps.ja-jp.xml
c:\program files\explorer\basemaps\basemaps.xml
c:\program files\explorer\basemaps\basemaps.zh-CN.xml
c:\program files\explorer\basemaps\Server\basemap0.nmf
c:\program files\explorer\basemaps\Server\basemap0.png
c:\program files\explorer\basemaps\Server\basemap1.nmf
c:\program files\explorer\basemaps\Server\basemap1.png
c:\program files\explorer\basemaps\Server\basemap10.nmf
c:\program files\explorer\basemaps\Server\basemap10.png
c:\program files\explorer\basemaps\Server\basemap11.nmf
c:\program files\explorer\basemaps\Server\basemap11.png
c:\program files\explorer\basemaps\Server\basemap2.nmf
c:\program files\explorer\basemaps\Server\basemap2.png
c:\program files\explorer\basemaps\Server\basemap3.nmf
c:\program files\explorer\basemaps\Server\basemap3.png
c:\program files\explorer\basemaps\Server\basemap4.nmf
c:\program files\explorer\basemaps\Server\basemap4.png
c:\program files\explorer\basemaps\Server\basemap5.nmf
c:\program files\explorer\basemaps\Server\basemap5.png
c:\program files\explorer\basemaps\Server\basemap6.nmf
c:\program files\explorer\basemaps\Server\basemap6.png
c:\program files\explorer\basemaps\Server\basemap7.nmf
c:\program files\explorer\basemaps\Server\basemap7.png
c:\program files\explorer\basemaps\Server\basemap8.nmf
c:\program files\explorer\basemaps\Server\basemap8.png
c:\program files\explorer\basemaps\Server\basemap9.nmf
c:\program files\explorer\basemaps\Server\basemap9.png
c:\program files\explorer\basemaps\Server\basemaps.de.xml
c:\program files\explorer\basemaps\Server\basemaps.es.xml
c:\program files\explorer\basemaps\Server\basemaps.fr.xml
c:\program files\explorer\basemaps\Server\basemaps.ja-jp.xml
c:\program files\explorer\basemaps\Server\basemaps.xml
c:\program files\explorer\basemaps\Server\basemaps.zh-CN.xml
c:\program files\explorer\bin\3dAnalystUtil.dll
c:\program files\explorer\bin\3DSymbols.dll
c:\program files\explorer\bin\3DSymbolsLib.dll
c:\program files\explorer\bin\AfCore.dll
c:\program files\explorer\bin\AfUtil.dll
c:\program files\explorer\bin\AGSClient.dll
c:\program files\explorer\bin\aibase.dll
c:\program files\explorer\bin\aifeat.dll
c:\program files\explorer\bin\AISClient.dll
c:\program files\explorer\bin\AISGlobalLib.dll
c:\program files\explorer\bin\aishape.dll
c:\program files\explorer\bin\Animation.dll
c:\program files\explorer\bin\AnnoLayer.dll
c:\program files\explorer\bin\Annotation.dll
c:\program files\explorer\bin\AnnotationLib.dll
c:\program files\explorer\bin\AoInitializer.dll
c:\program files\explorer\bin\AppInitializerLib.dll
c:\program files\explorer\bin\ApplicationConfigurationManager.exe
c:\program files\explorer\bin\ArcGISExplorer.ISCConfig
c:\program files\explorer\bin\atl71.dll
c:\program files\explorer\bin\BasemapLayer.dll
c:\program files\explorer\bin\BasicRasterPicture.dll
c:\program files\explorer\bin\BGLAPI.dll
c:\program files\explorer\bin\BGLAPILib.dll
c:\program files\explorer\bin\BGLFontEngine.dll
c:\program files\explorer\bin\BGLGeometricEffects.dll
c:\program files\explorer\bin\BGLGeomChestLib.dll
c:\program files\explorer\bin\BGLImageCoders.dll
c:\program files\explorer\bin\BGLRasterizerLib.dll
c:\program files\explorer\bin\BGLRasterizerSW.dll
c:\program files\explorer\bin\BGLSymbols.dll
c:\program files\explorer\bin\BGLSymbolsLib.dll
c:\program files\explorer\bin\BGLToGDIHelper.dll
c:\program files\explorer\bin\bin.zreg
c:\program files\explorer\bin\CadastralFabric.dll
c:\program files\explorer\bin\CadastralFabricLayer.dll
c:\program files\explorer\bin\CadEngine.dll
c:\program files\explorer\bin\CadFDB.dll
c:\program files\explorer\bin\CadLayer.dll
c:\program files\explorer\bin\CadWorkspaceFactory.dll
c:\program files\explorer\bin\CacheRasterDB.dll
c:\program files\explorer\bin\Camera.dll
c:\program files\explorer\bin\CartoControlsLib.dll
c:\program files\explorer\bin\CartoConverter.dll
c:\program files\explorer\bin\CartoXLib.dll
c:\program files\explorer\bin\CIM.dll
c:\program files\explorer\bin\CIMLib.dll
c:\program files\explorer\bin\Color.dll
c:\program files\explorer\bin\ComplexSymbols.dll
c:\program files\explorer\bin\CompressedDataFile.dll
c:\program files\explorer\bin\Configuration\CATID\esri.catid.ecfg
c:\program files\explorer\bin\Configuration\CLSID\esri.clsid.ecfg
c:\program files\explorer\bin\DADFLib.dll
c:\program files\explorer\bin\DaeFile.dll
c:\program files\explorer\bin\DataConverterLib.dll
c:\program files\explorer\bin\dbghelp.dll
c:\program files\explorer\bin\de\ApplicationConfigurationManager.resources.dll
c:\program files\explorer\bin\de\DADFRes.dll
c:\program files\explorer\bin\de\ESRI.ArcGISExplorer.Application.resources.dll
c:\program files\explorer\bin\de\ESRI.ArcGISExplorer.MapCenter.resources.dll
c:\program files\explorer\bin\de\ESRI.ArcGISExplorer.resources.dll
c:\program files\explorer\bin\de\ResToolkitPro.dll
c:\program files\explorer\bin\DECoreLib.dll
c:\program files\explorer\bin\DFORRT.DLL
c:\program files\explorer\bin\Display.dll
c:\program files\explorer\bin\DisplayFeedback.dll
c:\program files\explorer\bin\DisplayGraph.dll
c:\program files\explorer\bin\DisplayLib.dll
c:\program files\explorer\bin\DistributedGeodbLib.dll
c:\program files\explorer\bin\DynamicDisplay.dll
c:\program files\explorer\bin\e3.config.xml
c:\program files\explorer\bin\E3.exe
c:\program files\explorer\bin\E3.exe.config
c:\program files\explorer\bin\E3Control.dll
c:\program files\explorer\bin\E3EmailHelper.exe
c:\program files\explorer\bin\EngineGraphics.dll
c:\program files\explorer\bin\EnginePackager.dll
c:\program files\explorer\bin\es\ApplicationConfigurationManager.resources.dll
c:\program files\explorer\bin\es\DADFRes.dll
c:\program files\explorer\bin\es\ESRI.ArcGISExplorer.Application.resources.dll
c:\program files\explorer\bin\es\ESRI.ArcGISExplorer.MapCenter.resources.dll
c:\program files\explorer\bin\es\ESRI.ArcGISExplorer.resources.dll
c:\program files\explorer\bin\es\ResToolkitPro.dll
c:\program files\explorer\bin\ESRI.ArcGIS.Utilities.Compression.dll
c:\program files\explorer\bin\ESRI.ArcGISExplorer.Application.dll
c:\program files\explorer\bin\ESRI.ArcGISExplorer.dll
c:\program files\explorer\bin\ESRI.ArcGISExplorer.MapCenter.dll
c:\program files\explorer\bin\ESRI.DADF.Core.dll
c:\program files\explorer\bin\ESRI.DADF.dll
c:\program files\explorer\bin\esrizip.exe
c:\program files\explorer\bin\Export.dll
c:\program files\explorer\bin\ExtTopoEngine.dll
c:\program files\explorer\bin\FdaCore.dll
c:\program files\explorer\bin\FdaCoreLib.dll
c:\program files\explorer\bin\FdaRel.dll
c:\program files\explorer\bin\FeatureDataConverter.dll
c:\program files\explorer\bin\FeatureDataElements.dll
c:\program files\explorer\bin\FeatureLayer.dll
c:\program files\explorer\bin\FeatureLayerLib.dll
c:\program files\explorer\bin\FgdbRasterDB.dll
c:\program files\explorer\bin\FgdbUtilLib.dll
c:\program files\explorer\bin\FileDataElements.dll
c:\program files\explorer\bin\FileDBCoreLib.dll
c:\program files\explorer\bin\FileGDB.dll
c:\program files\explorer\bin\FileGDBWorkspaceFactory.dll
c:\program files\explorer\bin\fr\ApplicationConfigurationManager.resources.dll
c:\program files\explorer\bin\fr\DADFRes.dll
c:\program files\explorer\bin\fr\ESRI.ArcGISExplorer.Application.resources.dll
c:\program files\explorer\bin\fr\ESRI.ArcGISExplorer.MapCenter.resources.dll
c:\program files\explorer\bin\fr\ESRI.ArcGISExplorer.resources.dll
c:\program files\explorer\bin\fr\ResToolkitPro.dll
c:\program files\explorer\bin\FunctionRasterDB.dll
c:\program files\explorer\bin\gdal16.dll
c:\program files\explorer\bin\GdalRasterDB.dll
c:\program files\explorer\bin\GdbCatalog.dll
c:\program files\explorer\bin\GdbCore.dll
c:\program files\explorer\bin\GdbCoreLib.dll
c:\program files\explorer\bin\GdbNet.dll
c:\program files\explorer\bin\GdbTopo.dll
c:\program files\explorer\bin\GeoDataExtraction.dll
c:\program files\explorer\bin\GeoDataServer.dll
c:\program files\explorer\bin\GeoDataTransfer.dll
c:\program files\explorer\bin\Geometry.dll
c:\program files\explorer\bin\GeoprocessingLib.dll
c:\program files\explorer\bin\GeoProcessor.dll
c:\program files\explorer\bin\GeoRSSPlugin.dll
c:\program files\explorer\bin\glew32.dll
c:\program files\explorer\bin\Globe.dll
c:\program files\explorer\bin\GlobeCamera.dll
c:\program files\explorer\bin\GlobeClient.dll
c:\program files\explorer\bin\GlobeCoreLib.dll
c:\program files\explorer\bin\GlobeDisplay.dll
c:\program files\explorer\bin\GlobeLayers.dll
c:\program files\explorer\bin\GlobeServer.dll
c:\program files\explorer\bin\GlobeServerLayer.dll
c:\program files\explorer\bin\GlobeViewerCoreLib.dll
c:\program files\explorer\bin\GPClient.dll
c:\program files\explorer\bin\GpObjects.dll
c:\program files\explorer\bin\GpPythonCore.dll
c:\program files\explorer\bin\GPRasterFunctions.dll
c:\program files\explorer\bin\GraphicElements.dll
c:\program files\explorer\bin\hd420m.dll
c:\program files\explorer\bin\hdf5dll.dll
c:\program files\explorer\bin\hm420m.dll
c:\program files\explorer\bin\icudt40.dll
c:\program files\explorer\bin\icuin40.dll
c:\program files\explorer\bin\icuio40.dll
c:\program files\explorer\bin\icule40.dll
c:\program files\explorer\bin\icuuc40.dll
c:\program files\explorer\bin\ImageAccessLib.dll
c:\program files\explorer\bin\ImageClient.dll
c:\program files\explorer\bin\ImageServer.dll
c:\program files\explorer\bin\ImageServerLayer.dll
c:\program files\explorer\bin\IMSConnector.dll
c:\program files\explorer\bin\ImsFDB.dll
c:\program files\explorer\bin\IMSLayer.dll
c:\program files\explorer\bin\IMSLayerLib.dll
c:\program files\explorer\bin\IMSServiceLib.dll
c:\program files\explorer\bin\ImsWorkspaceFactory.dll
c:\program files\explorer\bin\InMemoryWorkspaceFactory.dll
c:\program files\explorer\bin\InputDevice3Dx.dll
c:\program files\explorer\bin\ja-JP\ApplicationConfigurationManager.resources.dll
c:\program files\explorer\bin\ja-JP\DADFRes.dll
c:\program files\explorer\bin\ja-JP\ESRI.ArcGISExplorer.Application.resources.dll
c:\program files\explorer\bin\ja-JP\ESRI.ArcGISExplorer.MapCenter.resources.dll
c:\program files\explorer\bin\ja-JP\ESRI.ArcGISExplorer.resources.dll
c:\program files\explorer\bin\ja-JP\ResToolkitPro.dll
c:\program files\explorer\bin\kdu61.dll
c:\program files\explorer\bin\KmlLayer.dll
c:\program files\explorer\bin\LabelPlacement.dll
c:\program files\explorer\bin\Layer.dll
c:\program files\explorer\bin\LayerLib.dll
c:\program files\explorer\bin\lcms117lib.dll
c:\program files\explorer\bin\libcollada14dom21.dll
c:\program files\explorer\bin\libcurl.dll
c:\program files\explorer\bin\lti_dsdk_dll.dll
c:\program files\explorer\bin\Map.dll
c:\program files\explorer\bin\MapClient.dll
c:\program files\explorer\bin\MapDB.dll
c:\program files\explorer\bin\MapElements.dll
c:\program files\explorer\bin\MaplexEngineLib.dll
c:\program files\explorer\bin\MapLib.dll
c:\program files\explorer\bin\MappingCore.dll
c:\program files\explorer\bin\MappingCoreLib.dll
c:\program files\explorer\bin\MappingServicesLib.dll
c:\program files\explorer\bin\MapServer.dll
c:\program files\explorer\bin\MapServerLayer.dll
c:\program files\explorer\bin\Marker3DFile.dll
c:\program files\explorer\bin\MessageSupport.dll
c:\program files\explorer\bin\Microsoft.VC90.ATL\atl90.dll
c:\program files\explorer\bin\Microsoft.VC90.ATL\Microsoft.VC90.ATL.manifest
c:\program files\explorer\bin\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
c:\program files\explorer\bin\Microsoft.VC90.CRT\msvcm90.dll
c:\program files\explorer\bin\Microsoft.VC90.CRT\msvcp90.dll
c:\program files\explorer\bin\Microsoft.VC90.CRT\msvcr90.dll
c:\program files\explorer\bin\Microsoft.VC90.MFC\mfc90.dll
c:\program files\explorer\bin\Microsoft.VC90.MFC\mfc90u.dll
c:\program files\explorer\bin\Microsoft.VC90.MFC\mfcm90.dll
c:\program files\explorer\bin\Microsoft.VC90.MFC\mfcm90u.dll
c:\program files\explorer\bin\Microsoft.VC90.MFC\Microsoft.VC90.MFC.manifest
c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90DEU.dll
c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90ENU.dll
c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90ESN.dll
c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90ESP.dll
c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90FRA.dll
c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90CHS.dll
c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90CHT.dll
c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90ITA.dll
c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90JPN.dll
c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90KOR.dll
c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\Microsoft.VC90.MFCLOC.manifest
c:\program files\explorer\bin\Microsoft.VC90.OPENMP\Microsoft.VC90.OpenMP.manifest
c:\program files\explorer\bin\Microsoft.VC90.OPENMP\vcomp90.dll
c:\program files\explorer\bin\MosaicDB.dll
c:\program files\explorer\bin\msvcp71.dll
c:\program files\explorer\bin\msvcr71.dll
c:\program files\explorer\bin\Navigation.dll
c:\program files\explorer\bin\NetEngine80.dll
c:\program files\explorer\bin\Network.dll
c:\program files\explorer\bin\NetworkAnalystSolvers.dll
c:\program files\explorer\bin\NetworkDataset.dll
c:\program files\explorer\bin\OGCClient.dll
c:\program files\explorer\bin\OutputLib.dll
c:\program files\explorer\bin\PageLayout.dll
c:\program files\explorer\bin\pe.dll
c:\program files\explorer\bin\PlugInDataSource.dll
c:\program files\explorer\bin\PlugInWorkspaceFactory.dll
c:\program files\explorer\bin\PrintOut.dll
c:\program files\explorer\bin\RasterAnalysisUtilLib.dll
c:\program files\explorer\bin\RasterCatalog.dll
c:\program files\explorer\bin\RasterCoreLib.dll
c:\program files\explorer\bin\RasterDB.dll
c:\program files\explorer\bin\RasterEngine.dll
c:\program files\explorer\bin\RasterFormats.dat
c:\program files\explorer\bin\RasterGraphicElements.dll
c:\program files\explorer\bin\RasterIO.dll
c:\program files\explorer\bin\RasterLayer.dll
c:\program files\explorer\bin\RasterRenderer.dll
c:\program files\explorer\bin\RasterWorkspaceFactory.dll
c:\program files\explorer\bin\Renderers.dll
c:\program files\explorer\bin\RepresentationDB.dll
c:\program files\explorer\bin\RepresentationEffects.dll
c:\program files\explorer\bin\RepresentationLayer.dll
c:\program files\explorer\bin\RepresentationLib.dll
c:\program files\explorer\bin\RepresentationSymbols.dll
c:\program files\explorer\bin\SceneFilters.dll
c:\program files\explorer\bin\SceneGraph.dll
c:\program files\explorer\bin\sdcdbx.dll
c:\program files\explorer\bin\SDCPlugIn.dll
c:\program files\explorer\bin\sde.dll
c:\program files\explorer\bin\SdeFDB.dll
c:\program files\explorer\bin\SdeRasterDB.dll
c:\program files\explorer\bin\sdesetup.dll
c:\program files\explorer\bin\SdeWorkspaceFactory.dll
c:\program files\explorer\bin\ServerStyleGallery.dll
c:\program files\explorer\bin\sg.dll
c:\program files\explorer\bin\ShapefileFDB.dll
c:\program files\explorer\bin\ShapefileWorkspaceFactory.dll
c:\program files\explorer\bin\SimpleDataConverter.dll
c:\program files\explorer\bin\StyleGalleryClasses.dll
c:\program files\explorer\bin\SystemUIUtil.dll
c:\program files\explorer\bin\Terrain.dll
c:\program files\explorer\bin\TerrainLayer.dll
c:\program files\explorer\bin\TextureCookerService.exe
c:\program files\explorer\bin\TinDb.dll
c:\program files\explorer\bin\TinEngine.dll
c:\program files\explorer\bin\TinLayer.dll
c:\program files\explorer\bin\TinRenderer.dll
c:\program files\explorer\bin\TinWorkspaceFactory.dll
c:\program files\explorer\bin\ViewerCoreLib.dll
c:\program files\explorer\bin\VpfFDB.dll
c:\program files\explorer\bin\VpfWorkspaceFactory.dll
c:\program files\explorer\bin\WebServices.dll
c:\program files\explorer\bin\WMSLayer.dll
c:\program files\explorer\bin\xerces-c_2_7.dll
c:\program files\explorer\bin\XmlSupport.dat
c:\program files\explorer\bin\XMLSupport.dll
c:\program files\explorer\bin\zh-CN\applicationconfigurationmanager.resources.dll
c:\program files\explorer\bin\zh-CN\DADFRes.dll
c:\program files\explorer\bin\zh-CN\ESRI.ArcGISExplorer.Application.resources.dll
c:\program files\explorer\bin\zh-CN\ESRI.ArcGISExplorer.MapCenter.resources.dll
c:\program files\explorer\bin\zh-CN\ESRI.ArcGISExplorer.resources.dll
c:\program files\explorer\bin\zh-CN\ResToolkitPro.dll
c:\program files\explorer\bin\zlib1.dll
c:\program files\explorer\bin\zlibwapi.dll
c:\program files\explorer\ColorProfiles\esriGray22.icc
c:\program files\explorer\ColorProfiles\Lab2Lab.icm
c:\program files\explorer\ColorProfiles\sRGB_IEC61966-2-1_noBPC.icc
c:\program files\explorer\ColorProfiles\USWebCoatedSWOP.icc
c:\program files\explorer\ColorProfiles\Xyz2Xyz.icm
c:\program files\explorer\com\com.zreg
c:\program files\explorer\com\esriE3.olb
c:\program files\explorer\license\ExplorerEnglishLicense.pdf
c:\program files\explorer\license\ExplorerFrenchLicense.pdf
c:\program files\explorer\license\ExplorerGermanLicense.pdf
c:\program files\explorer\license\ExplorerJapaneseLicense.pdf
c:\program files\explorer\license\ExplorerSimplChineseLicense.pdf
c:\program files\explorer\license\ExplorerSpanishLicense.pdf
c:\program files\explorer\PackageTemplates\ArcGISExplorer.stylesheet
c:\program files\explorer\PackageTemplates\Package931.template
c:\program files\explorer\pedata\gdaldata\coordinate_axis.csv
c:\program files\explorer\pedata\gdaldata\cubewerx_extra.wkt
c:\program files\explorer\pedata\gdaldata\ecw_cs.dat
c:\program files\explorer\pedata\gdaldata\ellipsoid.csv
c:\program files\explorer\pedata\gdaldata\epsg.wkt
c:\program files\explorer\pedata\gdaldata\esri_extra.wkt
c:\program files\explorer\pedata\gdaldata\gcs.csv
c:\program files\explorer\pedata\gdaldata\gdal_datum.csv
c:\program files\explorer\pedata\gdaldata\gdalicon.png
c:\program files\explorer\pedata\gdaldata\pcs.csv
c:\program files\explorer\pedata\gdaldata\prime_meridian.csv
c:\program files\explorer\pedata\gdaldata\projop_wparm.csv
c:\program files\explorer\pedata\gdaldata\s57attributes.csv
c:\program files\explorer\pedata\gdaldata\s57expectedinput.csv
c:\program files\explorer\pedata\gdaldata\s57objectclasses.csv
c:\program files\explorer\pedata\gdaldata\seed_2d.dgn
c:\program files\explorer\pedata\gdaldata\seed_3d.dgn
c:\program files\explorer\pedata\gdaldata\stateplane.csv
c:\program files\explorer\pedata\gdaldata\unit_of_measure.csv
c:\program files\explorer\plugins\explorerCore.ecfg
c:\program files\explorer\schemas\ExplorerAddIn.xsd
c:\program files\explorer\schemas\ExplorerGeometry.xsd
c:\program files\explorer\schemas\NmfDocument.xsd
c:\program files\explorer\Styles\default.css
c:\program files\explorer\Styles\Directions\GreenFlag16.png
c:\program files\explorer\Styles\Directions\CheckeredFlag16.png
c:\program files\explorer\Styles\Directions\Print16.png
c:\program files\explorer\Styles\ExplorerColors.de.xml
c:\program files\explorer\Styles\ExplorerColors.es.xml
c:\program files\explorer\Styles\ExplorerColors.fr.xml
c:\program files\explorer\Styles\ExplorerColors.ja-JP.xml
c:\program files\explorer\Styles\ExplorerColors.xml
c:\program files\explorer\Styles\ExplorerColors.zh-CN.xml
c:\program files\explorer\Styles\ExplorerSymbols.de.xml
c:\program files\explorer\Styles\ExplorerSymbols.es.xml
c:\program files\explorer\Styles\ExplorerSymbols.fr.xml
c:\program files\explorer\Styles\ExplorerSymbols.ja-JP.xml
c:\program files\explorer\Styles\ExplorerSymbols.xml
c:\program files\explorer\Styles\ExplorerSymbols.zh-CN.xml
c:\program files\explorer\Styles\kml.css
c:\program files\explorer\Styles\KMLIcons\american-flag.png
c:\program files\explorer\Styles\KMLIcons\arrow.png
c:\program files\explorer\Styles\KMLIcons\asian-flag.png
c:\program files\explorer\Styles\KMLIcons\auto-service.png
c:\program files\explorer\Styles\KMLIcons\auto.png
c:\program files\explorer\Styles\KMLIcons\bang.png
c:\program files\explorer\Styles\KMLIcons\bars.png
c:\program files\explorer\Styles\KMLIcons\building.png
c:\program files\explorer\Styles\KMLIcons\coffee_house_16.png
c:\program files\explorer\Styles\KMLIcons\crosshair.png
c:\program files\explorer\Styles\KMLIcons\dining.png
c:\program files\explorer\Styles\KMLIcons\dining_16.png
c:\program files\explorer\Styles\KMLIcons\dot.png
c:\program files\explorer\Styles\KMLIcons\fast-food.png
c:\program files\explorer\Styles\KMLIcons\four-dollars.png
c:\program files\explorer\Styles\KMLIcons\french-flag.png
c:\program files\explorer\Styles\KMLIcons\hand.png
c:\program files\explorer\Styles\KMLIcons\high_res_places.png
c:\program files\explorer\Styles\KMLIcons\highway_16.png
c:\program files\explorer\Styles\KMLIcons\italian-flag.png
c:\program files\explorer\Styles\KMLIcons\large_traffic_count_16.png
c:\program files\explorer\Styles\KMLIcons\mexican-flag.png
c:\program files\explorer\Styles\KMLIcons\misc_dining.png
c:\program files\explorer\Styles\KMLIcons\note.png
c:\program files\explorer\Styles\KMLIcons\one-dollar.png
c:\program files\explorer\Styles\KMLIcons\palette-2.png
c:\program files\explorer\Styles\KMLIcons\palette-3.png
c:\program files\explorer\Styles\KMLIcons\palette-4.png
c:\program files\explorer\Styles\KMLIcons\palette-5.png
c:\program files\explorer\Styles\KMLIcons\parks.png
c:\program files\explorer\Styles\KMLIcons\recreation.png
c:\program files\explorer\Styles\KMLIcons\search.png
c:\program files\explorer\Styles\KMLIcons\school_16.png
c:\program files\explorer\Styles\KMLIcons\streamed_layer.png
c:\program files\explorer\Styles\KMLIcons\streamed_layers.png
c:\program files\explorer\Styles\KMLIcons\terrain_16.png
c:\program files\explorer\Styles\KMLIcons\three-dollars.png
c:\program files\explorer\Styles\KMLIcons\transportation.png
c:\program files\explorer\Styles\KMLIcons\two-dollars.png
c:\program files\explorer\Styles\KMLIcons\webcam_16.png
c:\program files\explorer\Styles\SlideTitleStyles.de.xml
c:\program files\explorer\Styles\SlideTitleStyles.es.xml
c:\program files\explorer\Styles\SlideTitleStyles.fr.xml
c:\program files\explorer\Styles\SlideTitleStyles.ja-JP.xml
c:\program files\explorer\Styles\SlideTitleStyles.xml
c:\program files\explorer\Styles\SlideTitleStyles.zh-CN.xml
c:\program files\explorer\Styles\StyleSheet.xsl
c:\program files\explorer\Styles\SymbolImages\Civic\ATM.png
c:\program files\explorer\Styles\SymbolImages\Civic\Bank.png
c:\program files\explorer\Styles\SymbolImages\Civic\Bell.png
c:\program files\explorer\Styles\SymbolImages\Civic\Cemetery.png
c:\program files\explorer\Styles\SymbolImages\Civic\City.png
c:\program files\explorer\Styles\SymbolImages\Civic\Clue.png
c:\program files\explorer\Styles\SymbolImages\Civic\Crowd.png
c:\program files\explorer\Styles\SymbolImages\Civic\GhostTown.png
c:\program files\explorer\Styles\SymbolImages\Civic\Horn.png
c:\program files\explorer\Styles\SymbolImages\Civic\Housing.png
c:\program files\explorer\Styles\SymbolImages\Civic\MailPost.png
c:\program files\explorer\Styles\SymbolImages\Civic\Office.png
c:\program files\explorer\Styles\SymbolImages\Civic\Radioactive.png
c:\program files\explorer\Styles\SymbolImages\Civic\School.png
c:\program files\explorer\Styles\SymbolImages\Civic\StarsStripes.png
c:\program files\explorer\Styles\SymbolImages\Flag\GreenFlag.png
c:\program files\explorer\Styles\SymbolImages\Flag\CheckeredFlag.png
c:\program files\explorer\Styles\SymbolImages\Flag\RedFlag.png
c:\program files\explorer\Styles\SymbolImages\Flag\WhiteFlag.png
c:\program files\explorer\Styles\SymbolImages\Flag\YellowFlag.png
c:\program files\explorer\Styles\SymbolImages\Health\AidStation.png
c:\program files\explorer\Styles\SymbolImages\Health\Ambulance.png
c:\program files\explorer\Styles\SymbolImages\Health\Doctor.png
c:\program files\explorer\Styles\SymbolImages\Health\Health.png
c:\program files\explorer\Styles\SymbolImages\Health\Hospital.png
c:\program files\explorer\Styles\SymbolImages\Health\Pharmacy.png
c:\program files\explorer\Styles\SymbolImages\Marine\AmberBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\BlackBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\BlueBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\BoatsKeepOut.png
c:\program files\explorer\Styles\SymbolImages\Marine\ControlledArea.png
c:\program files\explorer\Styles\SymbolImages\Marine\Danger.png
c:\program files\explorer\Styles\SymbolImages\Marine\DiverDown.png
c:\program files\explorer\Styles\SymbolImages\Marine\GreenBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\GreenDiamondDaymark.png
c:\program files\explorer\Styles\SymbolImages\Marine\GreenRedBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\GreenSquareDaymark.png
c:\program files\explorer\Styles\SymbolImages\Marine\GreenWhiteBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\OrangeBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\PersonOverboard.png
c:\program files\explorer\Styles\SymbolImages\Marine\RadioBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\RedBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\RedDiamondDaymark.png
c:\program files\explorer\Styles\SymbolImages\Marine\RedGreenBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\RedSquareDaymark.png
c:\program files\explorer\Styles\SymbolImages\Marine\RedTriangleDaymark.png
c:\program files\explorer\Styles\SymbolImages\Marine\RedWhiteBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\SkullandCrossbones.png
c:\program files\explorer\Styles\SymbolImages\Marine\UnderwaterOperations.png
c:\program files\explorer\Styles\SymbolImages\Marine\VioletBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\WhiteBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\WhiteDiamondDaymark.png
c:\program files\explorer\Styles\SymbolImages\Marine\WhiteGreenBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\WhiteRedBeacon.png
c:\program files\explorer\Styles\SymbolImages\Marine\Wreck.png
c:\program files\explorer\Styles\SymbolImages\Placemark\ArrowYellow.png
c:\program files\explorer\Styles\SymbolImages\Placemark\Capital1.png
c:\program files\explorer\Styles\SymbolImages\Placemark\Capital2.png
c:\program files\explorer\Styles\SymbolImages\Placemark\CircleX.png
c:\program files\explorer\Styles\SymbolImages\Placemark\CrossHair.png
c:\program files\explorer\Styles\SymbolImages\Placemark\Populated1.png
c:\program files\explorer\Styles\SymbolImages\Placemark\Populated2.png
c:\program files\explorer\Styles\SymbolImages\Placemark\Populated3.png
c:\program files\explorer\Styles\SymbolImages\Placemark\Populated4.png
c:\program files\explorer\Styles\SymbolImages\Placemark\Populated5.png
c:\program files\explorer\Styles\SymbolImages\Placemark\Populated6.png
c:\program files\explorer\Styles\SymbolImages\Placemark\Populated7.png
c:\program files\explorer\Styles\SymbolImages\Placemark\Star.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\AmusementPark.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Bar.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Camera.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\CameraWeb.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\CellPhone.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Coffee.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Dam.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\DepartmentStore.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Dining.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\DrinkingWater.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\FastFood.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\FitnessCenter.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Forest.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Globe.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Information.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\InformationQuestion.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\LandLine.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Light.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\LiveShow.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Mine.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\MovieTheater.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Museum.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\News.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Note.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\OilWell.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Pizza.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Pub.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Question.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\RealEstate.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Reservoir.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Restroom.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Shopping.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Shower.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Stadium.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\TowerShort.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\TowerTall.png
c:\program files\explorer\Styles\SymbolImages\Points of Interest\Zoo.png
c:\program files\explorer\Styles\SymbolImages\Public Safety\Burglary.png
c:\program files\explorer\Styles\SymbolImages\Public Safety\FireFighter.png
c:\program files\explorer\Styles\SymbolImages\Public Safety\FireStation.png
c:\program files\explorer\Styles\SymbolImages\Public Safety\FireTruck.png
c:\program files\explorer\Styles\SymbolImages\Public Safety\Homicide.png
c:\program files\explorer\Styles\SymbolImages\Public Safety\Police.png
c:\program files\explorer\Styles\SymbolImages\Public Safety\PoliceCar.png
c:\program files\explorer\Styles\SymbolImages\Public Safety\PoliceOfficer.png
c:\program files\explorer\Styles\SymbolImages\Public Safety\PoliceStation.png
c:\program files\explorer\Styles\SymbolImages\Public Safety\Theft.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\BlackPushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\BluePushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\BrownPushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\GrayPushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\GreenPushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\LightBluePushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\OrangePushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\PinkPushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\PurplePushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\RedPushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\SpringGreenPushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\WhitePushpin.png
c:\program files\explorer\Styles\SymbolImages\Pushpin\YellowPushpin.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Beach.png
c:\program files\explorer\Styles\SymbolImages\Recreation\BoatLaunch.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Bowling.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Camping.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Deer.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Fishing.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Geocache.png
c:\program files\explorer\Styles\SymbolImages\Recreation\GeocacheFound.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Gliding.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Golf.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Hiking.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Mountain.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Park.png
c:\program files\explorer\Styles\SymbolImages\Recreation\RestArea.png
c:\program files\explorer\Styles\SymbolImages\Recreation\RVPark.png
c:\program files\explorer\Styles\SymbolImages\Recreation\SkyDiving.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Sports.png
c:\program files\explorer\Styles\SymbolImages\Recreation\Swimming.png
c:\program files\explorer\Styles\SymbolImages\Recreation\TrackBack.png
c:\program files\explorer\Styles\SymbolImages\Recreation\WaterSkiing.png
c:\program files\explorer\Styles\SymbolImages\Sphere\BlueSphere.png
c:\program files\explorer\Styles\SymbolImages\Sphere\GreenSphere.png
c:\program files\explorer\Styles\SymbolImages\Sphere\OrangeSphere.png
c:\program files\explorer\Styles\SymbolImages\Sphere\PurpleSphere.png
c:\program files\explorer\Styles\SymbolImages\Sphere\RedSphere.png
c:\program files\explorer\Styles\SymbolImages\Sphere\YellowSphere.png
c:\program files\explorer\Styles\SymbolImages\Square\BlackWaypoint.png
c:\program files\explorer\Styles\SymbolImages\Square\BlueWaypoint.png
c:\program files\explorer\Styles\SymbolImages\Square\WhiteWaypoint.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\BlackStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\BlueStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\BrownStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\GrayStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\GreenStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\LightBlueStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\OrangeStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\PinkStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\PurpleStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\RedStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\SpringGreenStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\WhiteStickpin.png
c:\program files\explorer\Styles\SymbolImages\Stickpin\YellowStickpin.png
c:\program files\explorer\Styles\SymbolImages\Transparent\Transparent.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Airplane.png
c:\program files\explorer\Styles\SymbolImages\Transportation\AirStrip.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Breakdown.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Bus.png
c:\program files\explorer\Styles\SymbolImages\Transportation\CarGreenBack.png
c:\program files\explorer\Styles\SymbolImages\Transportation\CarGreenFront.png
c:\program files\explorer\Styles\SymbolImages\Transportation\CarRedBack.png
c:\program files\explorer\Styles\SymbolImages\Transportation\CarRedFront.png
c:\program files\explorer\Styles\SymbolImages\Transportation\CarRental.png
c:\program files\explorer\Styles\SymbolImages\Transportation\CarRepair.png
c:\program files\explorer\Styles\SymbolImages\Transportation\CarYellowBack.png
c:\program files\explorer\Styles\SymbolImages\Transportation\CarYellowFront.png
c:\program files\explorer\Styles\SymbolImages\Transportation\ConvenienceStore.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Crossing.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Fuel.png
c:\program files\explorer\Styles\SymbolImages\Transportation\HelicopterGreen.png
c:\program files\explorer\Styles\SymbolImages\Transportation\HelicopterRed.png
c:\program files\explorer\Styles\SymbolImages\Transportation\HelicopterYellow.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Landingpad.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Lodging.png
c:\program files\explorer\Styles\SymbolImages\Transportation\MileMarker.png
c:\program files\explorer\Styles\SymbolImages\Transportation\MountainPass.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Overpass.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Parking.png
c:\program files\explorer\Styles\SymbolImages\Transportation\PrivateField.png
c:\program files\explorer\Styles\SymbolImages\Transportation\RoadClosure.png
c:\program files\explorer\Styles\SymbolImages\Transportation\RoadWork.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Sailing.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Scales.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Seaplane.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Tank.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Toll.png
c:\program files\explorer\Styles\SymbolImages\Transportation\TrafficAccident.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Tunnel.png
c:\program files\explorer\Styles\SymbolImages\Transportation\Ultralight.png
c:\program files\explorer\Styles\SymbolImages\Transportation\WarningRed.png
c:\program files\explorer\Styles\SymbolImages\Transportation\WarningYellow.png
c:\program files\explorer\Styles\SymbolImages\Transportation\YellowSemiTractor.png
c:\program files\explorer\Styles\SymbolImages\Weather\Cloudy.png
c:\program files\explorer\Styles\SymbolImages\Weather\HeatAdvisory.png
c:\program files\explorer\Styles\SymbolImages\Weather\Lightning.png
c:\program files\explorer\Styles\SymbolImages\Weather\PartlySunny.png
c:\program files\explorer\Styles\SymbolImages\Weather\Rain.png
c:\program files\explorer\Styles\SymbolImages\Weather\Snow.png
c:\program files\explorer\Styles\SymbolImages\Weather\Sunny.png
c:\program files\explorer\Styles\Template.ncfg
c:\program files\explorer\TilingSchemes\ArcGIS_Online_Bing_Maps_Google_Maps.xml
c:\program files\explorer\TilingSchemes\GoogleMapsVersions.xml
c:\program files\explorer\TilingSchemes\Yahoo.xml
c:\programdata\eqocbt.pad
c:\programdata\tbcoqe.dat
c:\users\samo\Documents\~WRD3452.tmp
c:\users\samo\Documents\~WRL0003.tmp
c:\users\samo\Documents\~WRL0556.tmp
c:\users\samo\Documents\~WRL1355.tmp
c:\users\samo\Documents\~WRL1590.tmp
c:\users\samo\Documents\~WRL2191.tmp
c:\users\samo\Documents\~WRL2842.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2013-03-22 to 2013-04-22 )))))))))))))))))))))))))))))))
.
.
2013-04-22 16:04 . 2013-04-22 16:04 -------- d-----w- c:\users\samo\AppData\Local\temp
2013-04-22 16:04 . 2013-04-22 16:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-20 12:35 . 2013-04-20 12:35 -------- d-----w- C:\rsit
2013-04-20 12:35 . 2013-04-20 12:35 -------- d-----w- c:\program files\trend micro
2013-04-17 16:21 . 2013-04-21 18:25 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1EF0A413-DCA7-449B-8CB9-EF3AAAB6561C}\offreg.dll
2013-04-16 16:30 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1EF0A413-DCA7-449B-8CB9-EF3AAAB6561C}\mpengine.dll
2013-04-10 18:52 . 2013-03-05 01:40 2049024 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-17 19:37 . 2012-04-25 19:16 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-17 19:37 . 2011-07-14 14:38 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-11 23:10 . 2010-04-30 09:29 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-02-12 01:57 . 2013-03-20 20:06 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{9BFBA68E-E21B-458E-AE12-FE85E903D2C1}]
2011-06-08 18:04 282656 ----a-w- c:\program files\AlterGeo\AlterGeo Magic Scanner\3.3.2.779\AlterGeo.BrowserPlugin.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7M\ICQ.exe" [2012-05-27 127040]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-12 129560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-12 141848]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-12 154136]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Canon LBP2900 Status Window.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP2900 Status Window.lnk
backup=c:\windows\pss\Canon LBP2900 Status Window.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 19:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-04-03 22:29 165784 ----a-w- c:\program files\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2007-06-05 17:12 71176 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 07:11 49152 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-05-07 17:47 159744 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-20 11:14 26192680 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-01-12 13:36 827392 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-11 00:12 317128 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 01:01 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 19:38]
.
2013-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-18 16:01]
.
2013-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-18 16:01]
.
2013-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4233199993-1420483537-3798122799-1006Core.job
- c:\users\samo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-26 10:06]
.
2013-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4233199993-1420483537-3798122799-1006UA.job
- c:\users\samo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-26 10:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SK_SK&c=74&bd=smb&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 10.10.10.1 192.168.1.1
FF - ProfilePath - c:\users\samo\AppData\Roaming\Mozilla\Firefox\Profiles\t81o4yao.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Guard.Mail.ru - c:\program files\Mail.Ru\Guard\GuardMailRu.exe
MSConfigStartUp-MAgent - c:\users\samo\AppData\Roaming\Mail.Ru\Agent\MAgent.exe
AddRemove-Guard.Mail.ru - c:\program files\Mail.Ru\Guard\GuardMailRu.exe
AddRemove-{50897E53-4A8B-4C0C-81C0-DCFA6893C753} - c:\users\samo\AppData\Local\{19435D74-3065-47BF-9D09-F83C525CD68E}\Hide The IP 2009.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-22 18:04
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-04-22 18:06:21
ComboFix-quarantined-files.txt 2013-04-22 16:06
.
Pre-Run: 13 695 827 968 bytes free
Post-Run: 13 653 839 872 bytes free
.
- - End Of File - - 44EFAA3FDD7ACA707CBFCD78CF143365

diky

#13 Příspěvek od **Mc_Murphy** » 22 dub 2013 17:30

Pokud jsi tak ještě neučinil, přesuň ComboFix na Plochu.

Otevři si Poznámkový blok (Start >> Spustit... (nebo Win+R) >> do okénka napiš notepad >> stiskni [Enter]).
Zkopíruj do něj tento script (pouze zelená písmenka v bílém poli!):

Kód: Vybrat vše

KillAll::

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{9BFBA68E-E21B-458E-AE12-FE85E903D2C1}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"=-
"WMPNSCFG"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"=-
"IgfxTray"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]

File::
c:\program files\AlterGeo\AlterGeo Magic Scanner\3.3.2.779\AlterGeo.BrowserPlugin.dll
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4233199993-1420483537-3798122799-1006Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4233199993-1420483537-3798122799-1006UA.job

DDS::
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

ClearJavaCache::

AtJob::

Reboot::

Ulož vytvořený TXT jako CFScript.txt
Přetáhni vytvořený CFScript.txt nad ComboFix a pusť (viz obrázek).
Po aplikaci scriptu (a případném restartu PC) na Tebe vyskočí log. Jeho obsah mi sem vlož.

Může se stát, že po aplikaci scriptu nenaběhnou Windows. V tom případě restartuj PC, hned při náběhu mačkej klávesu F8 a zvol Poslední známou konfiguraci.

katzoh · #14 Příspěvek od **katzoh** » 22 dub 2013 19:30

dakujem. po restarte nabehol windows a vyskocilo varovanie (zlty trojuholnik s vykricnikom): Kos na jednotke C:/ je poskodeny. Chcete vyprazdnik kos na tejto jednotke? Moznosti su ano/nie. Neviem co mam dat..

katzoh · #15 Příspěvek od **katzoh** » 22 dub 2013 19:46

nakoniec vyskocil log:

ComboFix 13-04-22.01 - samo . 04. 2013 20:17:16.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.421.1051.18.2039.1057 [GMT 2:00]
Running from: c:\users\samo\Desktop\ComboFix.exe
Command switches used :: c:\users\samo\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\AlterGeo\AlterGeo Magic Scanner\3.3.2.779\AlterGeo.BrowserPlugin.dll"
"c:\windows\tasks\Adobe Flash Player Updater.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4233199993-1420483537-3798122799-1006Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4233199993-1420483537-3798122799-1006UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AlterGeo\AlterGeo Magic Scanner\3.3.2.779\AlterGeo.BrowserPlugin.dll
c:\windows\tasks\Adobe Flash Player Updater.job
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4233199993-1420483537-3798122799-1006Core.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4233199993-1420483537-3798122799-1006UA.job
.
.
((((((((((((((((((((((((( Files Created from 2013-03-22 to 2013-04-22 )))))))))))))))))))))))))))))))
.
.
2013-04-22 18:25 . 2013-04-22 18:28 -------- d-----w- c:\users\samo\AppData\Local\temp
2013-04-20 12:35 . 2013-04-20 12:35 -------- d-----w- C:\rsit
2013-04-20 12:35 . 2013-04-20 12:35 -------- d-----w- c:\program files\trend micro
2013-04-16 16:30 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1EF0A413-DCA7-449B-8CB9-EF3AAAB6561C}\mpengine.dll
2013-04-10 18:52 . 2013-03-05 01:40 2049024 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-17 19:37 . 2012-04-25 19:16 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-17 19:37 . 2011-07-14 14:38 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-11 23:10 . 2010-04-30 09:29 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-02-12 01:57 . 2013-03-20 20:06 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-12 154136]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Canon LBP2900 Status Window.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP2900 Status Window.lnk
backup=c:\windows\pss\Canon LBP2900 Status Window.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 01:01 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 10.10.10.1 192.168.1.1
FF - ProfilePath - c:\users\samo\AppData\Roaming\Mozilla\Firefox\Profiles\t81o4yao.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-22 20:28
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\system32\CNAB4RPK.EXE
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\servicing\TrustedInstaller.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2013-04-22 20:33:51 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-22 18:33
ComboFix2.txt 2013-04-22 16:06
.
Pre-Run: 13 676 523 520 bytes free
Post-Run: 13 651 181 568 bytes free
.
- - End Of File - - D09B167434B41007602581D6C3070A9D

VIRY.CZ

Policia SR - pocitac zablokovany

Policia SR - pocitac zablokovany

Re: Policia SR - pocitac zablokovany

Re: Policia SR - pocitac zablokovany

Re: Policia SR - pocitac zablokovany

Re: Policia SR - pocitac zablokovany

Re: Policia SR - pocitac zablokovany

Re: Policia SR - pocitac zablokovany

Re: Policia SR - pocitac zablokovany

Re: Policia SR - pocitac zablokovany

Re: Policia SR - pocitac zablokovany

Re: Policia SR - pocitac zablokovany

Re: Policia SR - pocitac zablokovany

Re: Policia SR - pocitac zablokovany

Re: Policia SR - pocitac zablokovany

Re: Policia SR - pocitac zablokovany