Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

prosim o kontrolu, měl sem trojana

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
lalasso
Návštěvník
Návštěvník
Příspěvky: 24
Registrován: 13 lis 2006 20:21

prosim o kontrolu, měl sem trojana

#1 Příspěvek od lalasso »

Logfile of random's system information tool 1.08 (written by random/random)
Run by Vlaďoš at 2013-09-14 09:21:23
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 13 GB (17%) free of 77 GB
Total RAM: 4057 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:21:26, on 14.9.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal

Running processes:
C:\Program Files\Mouse\Amoumain.exe
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Vlaďoš\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\trend micro\Vlaďoš.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-search.com/?affID=119 ... BF487E0D48
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - (no file)
R3 - URLSearchHook: (no name) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: IMPI Helper - {17E113E6-CD0E-4045-B154-65F0E57959EF} - C:\Program Files\IMPI\Extension32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.94.193\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = ?
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files (x86)\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files (x86)\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files (x86)\Verdict Free\etnxp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~3\bitguard\261673~1.238\{c16c1~1\bitguard.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
O23 - Service: BitGuard - Unknown owner - C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
O23 - Service: DTSAudioService - DTS - C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: IMPI Updater - Unknown owner - C:\Program Files\IMPI\ExtensionUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8544 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe"
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
"C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe"
"C:\Program Files\IMPI\ExtensionUpdaterService.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORDTSUPTBT
"C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\Skdaemon.exe"
"C:\Program Files\Mouse\Amoumain.exe"
"C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe" /PROTECT
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Users\Vlaďoš\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" -quickstart
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files (x86)\\OpenOffice.org 3\\program"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
taskeng.exe {22382CD6-42E3-4EA8-B719-58FE2FB92678}
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
taskhost.exe $(Arg0)
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Vlaďoš\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\AmiUpdXp.job
C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
C:\Windows\tasks\ROC_JAN2013_TB_rmv.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17E113E6-CD0E-4045-B154-65F0E57959EF}]
IMPI - C:\Program Files\IMPI\Extension64.dll [2013-02-05 211456]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27 164312]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17E113E6-CD0E-4045-B154-65F0E57959EF}]
IMPI - C:\Program Files\IMPI\Extension32.dll [2013-02-05 167424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-07-29 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-07-29 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27 164312]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2012-11-09 6470760]
"RtHDVBg_DTS"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2012-11-09 1177232]
"Enhanced Performance Keyboard"=C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKDaemon.exe [2012-08-08 335360]
"WheelMouse"=C:\Program Files\Mouse\Amoumain.exe [2008-03-06 270336]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2013-07-18 1356240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-02-28 18642024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-11-10 500208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-03-14 3672640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files (x86)\QuickTime\QTTask.exe [2012-10-25 421888]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2012-11-09 43608]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"ASUSWebStorage"=C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.94.193\AsusWSPanel.exe [2011-04-11 734544]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]

C:\Users\Vlaďoš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Vlaďoš\AppData\Roaming\Dropbox\bin\Dropbox.exe
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2013-09-13 20:20:14 ----D---- C:\rsit
2013-09-13 20:20:14 ----D---- C:\Program Files\trend micro
2013-09-13 20:09:04 ----D---- C:\ProgramData\BitGuard
2013-09-13 00:19:37 ----SHD---- C:\Config.Msi
2013-09-12 23:33:53 ----D---- C:\Program Files (x86)\Microsoft Security Client
2013-09-12 23:33:48 ----D---- C:\Program Files\Microsoft Security Client
2013-09-12 21:43:20 ----SHD---- C:\found.001
2013-09-12 21:11:45 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2013-09-12 21:05:52 ----A---- C:\Windows\system32\drivers\sptd.sys
2013-09-12 21:05:18 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2013-09-12 20:32:48 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2013-09-12 20:25:10 ----D---- C:\Program Files (x86)\Microsoft.NET
2013-09-12 20:21:23 ----D---- C:\Users\Vlaďoš\AppData\Roaming\DAEMON Tools Ultra
2013-09-12 20:20:37 ----D---- C:\ProgramData\DAEMON Tools Ultra
2013-09-12 03:20:47 ----D---- C:\Windows\SYSWOW64\searchplugins
2013-09-12 03:20:47 ----D---- C:\Windows\SYSWOW64\Extensions
2013-09-12 03:04:45 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-09-12 03:04:45 ----A---- C:\Windows\system32\ieui.dll
2013-09-12 03:04:44 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2013-09-12 03:04:43 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-09-12 03:04:43 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2013-09-12 03:04:43 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-09-12 03:04:43 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2013-09-12 03:04:43 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 03:04:43 ----A---- C:\Windows\system32\iesysprep.dll
2013-09-12 03:04:43 ----A---- C:\Windows\system32\iesetup.dll
2013-09-12 03:04:43 ----A---- C:\Windows\system32\iertutil.dll
2013-09-12 03:04:43 ----A---- C:\Windows\system32\iernonce.dll
2013-09-12 03:04:43 ----A---- C:\Windows\system32\ie4uinit.exe
2013-09-12 03:04:42 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-09-12 03:04:41 ----A---- C:\Windows\system32\msfeeds.dll
2013-09-12 03:04:41 ----A---- C:\Windows\system32\jscript.dll
2013-09-12 03:04:40 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-09-12 03:04:39 ----A---- C:\Windows\system32\jscript9.dll
2013-09-12 03:04:38 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-09-12 03:04:37 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-09-12 03:04:36 ----A---- C:\Windows\system32\urlmon.dll
2013-09-12 03:04:35 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-09-12 03:04:35 ----A---- C:\Windows\system32\jsproxy.dll
2013-09-12 03:04:34 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-09-12 03:04:33 ----A---- C:\Windows\system32\wininet.dll
2013-09-12 03:04:32 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-09-12 03:04:32 ----A---- C:\Windows\system32\ieframe.dll
2013-09-12 03:04:28 ----A---- C:\Windows\system32\mshtml.dll
2013-09-12 03:04:24 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-09-11 22:20:46 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2013-09-11 22:20:45 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2013-09-11 22:20:45 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2013-09-11 22:20:45 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-09-11 22:20:45 ----A---- C:\Windows\system32\ntdll.dll
2013-09-11 22:20:45 ----A---- C:\Windows\system32\KernelBase.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 22:20:44 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 22:20:44 ----A---- C:\Windows\SYSWOW64\wow32.dll
2013-09-11 22:20:44 ----A---- C:\Windows\SYSWOW64\user.exe
2013-09-11 22:20:44 ----A---- C:\Windows\SYSWOW64\setup16.exe
2013-09-11 22:20:44 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2013-09-11 22:20:44 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2013-09-11 22:20:44 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2013-09-11 22:20:44 ----A---- C:\Windows\SYSWOW64\instnm.exe
2013-09-11 22:20:44 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2013-09-11 22:20:44 ----A---- C:\Windows\system32\wow64win.dll
2013-09-11 22:20:44 ----A---- C:\Windows\system32\wow64cpu.dll
2013-09-11 22:20:44 ----A---- C:\Windows\system32\wow64.dll
2013-09-11 22:20:44 ----A---- C:\Windows\system32\winsrv.dll
2013-09-11 22:20:44 ----A---- C:\Windows\system32\smss.exe
2013-09-11 22:20:44 ----A---- C:\Windows\system32\ntvdm64.dll
2013-09-11 22:20:44 ----A---- C:\Windows\system32\kernel32.dll
2013-09-11 22:20:44 ----A---- C:\Windows\system32\csrsrv.dll
2013-09-11 22:20:44 ----A---- C:\Windows\system32\conhost.exe
2013-09-11 22:20:44 ----A---- C:\Windows\system32\apisetschema.dll
2013-09-11 22:20:42 ----A---- C:\Windows\system32\win32k.sys
2013-09-11 22:20:40 ----A---- C:\Windows\system32\shell32.dll
2013-09-11 22:20:38 ----A---- C:\Windows\SYSWOW64\shell32.dll
2013-09-11 22:20:38 ----A---- C:\Windows\SYSWOW64\shdocvw.dll
2013-09-11 22:20:38 ----A---- C:\Windows\system32\shdocvw.dll
2013-09-11 19:02:46 ----A---- C:\Windows\system32\nvhdap64.dll
2013-09-11 19:02:46 ----A---- C:\Windows\system32\nvhdagenco6420103.dll
2013-09-11 19:02:46 ----A---- C:\Windows\system32\drivers\nvhda64v.sys
2013-09-11 19:02:43 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2013-09-11 19:02:43 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2013-09-11 19:02:43 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2013-09-11 19:02:43 ----A---- C:\Windows\SYSWOW64\nvoglshim32.dll
2013-09-11 19:02:43 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2013-09-11 19:02:43 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2013-09-11 19:02:43 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2013-09-11 19:02:43 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2013-09-11 19:02:43 ----A---- C:\Windows\system32\nvopencl.dll
2013-09-11 19:02:43 ----A---- C:\Windows\system32\nvoglv64.dll
2013-09-11 19:02:43 ----A---- C:\Windows\system32\nvoglshim64.dll
2013-09-11 19:02:43 ----A---- C:\Windows\system32\nvinitx.dll
2013-09-11 19:02:43 ----A---- C:\Windows\system32\NvIFR64.dll
2013-09-11 19:02:43 ----A---- C:\Windows\system32\NvFBC64.dll
2013-09-11 19:02:43 ----A---- C:\Windows\system32\nvdispgenco6432049.dll
2013-09-11 19:02:43 ----A---- C:\Windows\system32\nvdispco6432049.dll
2013-09-11 19:02:43 ----A---- C:\Windows\system32\nvd3dumx.dll
2013-09-11 19:02:43 ----A---- C:\Windows\system32\nvcuvid.dll
2013-09-11 19:02:43 ----A---- C:\Windows\system32\nvcuvenc.dll
2013-09-11 19:02:43 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2013-09-11 19:02:42 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2013-09-11 19:02:42 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2013-09-11 19:02:42 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2013-09-11 19:02:42 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2013-09-11 19:02:42 ----A---- C:\Windows\system32\nvcuda.dll
2013-09-11 19:02:42 ----A---- C:\Windows\system32\nvcompiler.dll
2013-08-21 20:21:37 ----D---- C:\ProgramData\FLEXnet
2013-08-21 19:36:18 ----D---- C:\Program Files\Common Files\Macrovision Shared
2013-08-21 19:34:26 ----D---- C:\Program Files\Common Files\Autodesk Shared
2013-08-21 19:32:38 ----A---- C:\Windows\SYSWOW64\D3DCompiler_41.dll
2013-08-21 19:32:38 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2013-08-21 19:32:37 ----A---- C:\Windows\SYSWOW64\d3dx10_41.dll
2013-08-21 19:32:37 ----A---- C:\Windows\system32\d3dx10_41.dll
2013-08-21 19:32:36 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2013-08-21 19:32:36 ----A---- C:\Windows\system32\D3DX9_41.dll
2013-08-21 19:32:19 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll
2013-08-21 19:32:19 ----A---- C:\Windows\system32\d3dx9_30.dll
2013-08-21 19:29:08 ----D---- C:\ProgramData\TEMP
2013-08-21 19:26:02 ----D---- C:\Users\Vlaďoš\AppData\Roaming\Autodesk
2013-08-21 19:26:02 ----D---- C:\ProgramData\Autodesk
2013-08-21 19:23:09 ----D---- C:\Program Files (x86)\Seznam.cz
2013-08-21 19:22:16 ----D---- C:\Users\Vlaďoš\AppData\Roaming\Seznam.cz
2013-08-21 19:17:58 ----D---- C:\Users\Vlaďoš\AppData\Roaming\DAEMON Tools Lite
2013-08-21 19:16:47 ----D---- C:\ProgramData\DAEMON Tools Lite
2013-08-15 21:30:52 ----D---- C:\Windows\system32\MRT
2013-08-15 20:29:14 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2013-08-15 20:29:14 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2013-08-15 20:29:14 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2013-08-15 20:29:14 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2013-08-15 20:29:14 ----A---- C:\Windows\system32\wintrust.dll
2013-08-15 20:29:14 ----A---- C:\Windows\system32\cryptsvc.dll
2013-08-15 20:29:14 ----A---- C:\Windows\system32\cryptnet.dll
2013-08-15 20:29:14 ----A---- C:\Windows\system32\crypt32.dll
2013-08-15 20:29:03 ----A---- C:\Windows\SYSWOW64\tzres.dll
2013-08-15 20:29:03 ----A---- C:\Windows\system32\tzres.dll
2013-08-15 20:29:01 ----A---- C:\Windows\system32\WMVDECOD.DLL
2013-08-15 20:29:00 ----A---- C:\Windows\SYSWOW64\WMVDECOD.DLL
2013-08-15 20:28:58 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2013-08-15 20:28:58 ----A---- C:\Windows\system32\rpcrt4.dll
2013-08-15 20:28:52 ----A---- C:\Windows\system32\drivers\tssecsrv.sys
2013-08-15 20:28:51 ----A---- C:\Windows\system32\drivers\tcpip.sys

======List of files/folders modified in the last 1 months======

2013-09-14 09:19:18 ----D---- C:\Users\Vlaďoš\AppData\Roaming\Skype
2013-09-14 09:18:18 ----D---- C:\Users\Vlaďoš\AppData\Roaming\Dropbox
2013-09-13 22:21:26 ----SHD---- C:\System Volume Information
2013-09-13 21:42:54 ----D---- C:\Windows\system32\config
2013-09-13 21:42:50 ----D---- C:\Windows\winsxs
2013-09-13 21:32:48 ----SHD---- C:\Windows\Installer
2013-09-13 21:32:10 ----D---- C:\Program Files (x86)\EVIDENCEOSOB
2013-09-13 21:30:43 ----RD---- C:\Program Files (x86)
2013-09-13 21:30:25 ----D---- C:\ProgramData\Tarma Installer
2013-09-13 21:30:23 ----D---- C:\Windows\Temp
2013-09-13 21:30:04 ----D---- C:\ProgramData\DivX
2013-09-13 21:30:02 ----D---- C:\Program Files (x86)\Common Files
2013-09-13 21:30:00 ----D---- C:\Program Files (x86)\DivX
2013-09-13 21:29:54 ----D---- C:\Program Files\DivX
2013-09-13 21:29:46 ----D---- C:\Windows\SysWOW64
2013-09-13 21:28:17 ----D---- C:\Windows\system32\Tasks
2013-09-13 21:28:02 ----RD---- C:\Program Files
2013-09-13 21:28:02 ----D---- C:\Windows\System32
2013-09-13 20:59:51 ----D---- C:\Windows\system32\DriverStore
2013-09-13 20:59:51 ----D---- C:\Windows\system32\catroot
2013-09-13 20:59:50 ----D---- C:\Windows\inf
2013-09-13 20:59:49 ----D---- C:\Program Files\Common Files
2013-09-13 20:56:15 ----D---- C:\Windows\Panther
2013-09-13 20:56:14 ----D---- C:\Windows\Logs
2013-09-13 20:56:14 ----D---- C:\Windows\debug
2013-09-13 20:56:14 ----D---- C:\Windows
2013-09-13 20:44:13 ----D---- C:\ProgramData\NVIDIA
2013-09-13 20:42:52 ----HD---- C:\ProgramData
2013-09-13 20:33:39 ----D---- C:\Windows\system32\drivers
2013-09-13 04:36:36 ----RSD---- C:\Windows\assembly
2013-09-13 04:36:36 ----D---- C:\Windows\Microsoft.NET
2013-09-13 04:05:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-09-13 00:32:56 ----D---- C:\Program Files\NVIDIA Corporation
2013-09-13 00:32:56 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2013-09-13 00:32:55 ----HD---- C:\Windows\system32\GroupPolicyUsers
2013-09-13 00:15:00 ----D---- C:\Windows\system32\NDF
2013-09-12 23:45:51 ----D---- C:\Windows\Tasks
2013-09-12 23:33:53 ----SD---- C:\ProgramData\Microsoft
2013-09-12 23:19:41 ----RSD---- C:\Windows\Fonts
2013-09-12 23:19:39 ----D---- C:\Windows\Downloaded Program Files
2013-09-12 23:16:16 ----D---- C:\Users\Vlaďoš\AppData\Roaming\uTorrent
2013-09-12 22:17:28 ----D---- C:\Windows\SYSWOW64\drivers
2013-09-12 21:24:18 ----SD---- C:\Users\Vlaďoš\AppData\Roaming\Microsoft
2013-09-12 21:19:45 ----D---- C:\Windows\Prefetch
2013-09-12 21:17:54 ----SHD---- C:\$Recycle.Bin
2013-09-12 21:17:51 ----RD---- C:\Users
2013-09-12 21:16:55 ----HD---- C:\Windows\system32\GroupPolicy
2013-09-12 20:33:43 ----D---- C:\Windows\SYSWOW64\cs-CZ
2013-09-12 20:33:43 ----D---- C:\Windows\system32\cs-CZ
2013-09-12 20:25:12 ----D---- C:\Windows\SYSWOW64\en-US
2013-09-12 20:25:12 ----D---- C:\Windows\system32\en-US
2013-09-12 03:20:52 ----D---- C:\Program Files (x86)\Internet Explorer
2013-09-12 03:20:51 ----D---- C:\Program Files\Internet Explorer
2013-09-12 03:20:49 ----D---- C:\Windows\AppPatch
2013-09-12 03:05:10 ----D---- C:\Windows\system32\catroot2
2013-09-12 03:01:31 ----A---- C:\Windows\system32\MRT.exe
2013-09-11 19:40:53 ----D---- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-11 19:40:24 ----DC---- C:\Windows\system32\DRVSTORE
2013-08-21 21:19:11 ----D---- C:\Users\Vlaďoš\AppData\Roaming\Sonant
2013-08-18 10:27:22 ----D---- C:\Program Files (x86)\Mozilla Thunderbird

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2011-03-04 78976]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2011-03-04 38528]
R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2012-11-09 120408]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-06-18 247216]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-09-12 564824]
R1 Amfilter;Compatible Mouse Filter Driver; C:\Windows\system32\DRIVERS\Amfltx64.sys [2007-10-15 12288]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2012-11-11 13440]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-09-12 283200]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-18 139616]
R3 Amusbprt;USB HID-compliant Mouse Driver; C:\Windows\system32\DRIVERS\Amusbx64.sys [2008-02-13 17920]
R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2011-09-14 129000]
R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2011-09-14 394216]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-11-09 4052496]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-02-25 194848]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232]
S3 a3pjkaj1;a3pjkaj1; C:\Windows\system32\drivers\a3pjkaj1.sys []
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-09-28 53760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]
R2 asHmComSvc;ASUS HM Com Service; C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2012-11-11 915584]
R2 BitGuard;BitGuard; C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [2013-09-13 3029472]
R2 DTSAudioService;DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [2012-11-09 210024]
R2 IMPI Updater;IMPI Updater; C:\Program Files\IMPI\ExtensionUpdaterService.exe [2013-02-05 185856]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-07-18 23816]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-06-21 884512]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-06-21 413472]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-07-18 366600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-08-21 1436424]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2008-01-01 117656]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-11-10 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: prosim o kontrolu, měl sem trojana

#2 Příspěvek od vyosek »

Zdravim :)

:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
:arrow: Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222
  • Provedte aktualizaci
  • Provedte uplny sken - nic nemazte :!:
  • MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
lalasso
Návštěvník
Návštěvník
Příspěvky: 24
Registrován: 13 lis 2006 20:21

Re: prosim o kontrolu, měl sem trojana

#3 Příspěvek od lalasso »

# AdwCleaner v3.003 - Report created 14/09/2013 at 16:55:20
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Vlaďoš - VLAĎOŠ-PC
# Running from : C:\Users\Vlaďoš\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\FTDownloader.com
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Users\Vlaďoš\AppData\Local\Conduit
Folder Deleted : C:\Users\Vlaďoš\AppData\Local\PutLockerDownloader
Folder Deleted : C:\Users\Vlaďoš\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Vlaďoš\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Vlaďoš\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Vlaďoš\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Vlaďoš\AppData\Roaming\file scout
Folder Deleted : C:\Users\Vlaďoš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
Folder Deleted : C:\Users\Blanička\AppData\Local\VideoDownloadConverter_4z
Folder Deleted : C:\Users\Blanička\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Blanička\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\A\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Blanička\AppData\Roaming\Mozilla\Firefox\Profiles\p6jqxl5c.default\SweetPacksToolbarData
Folder Deleted : C:\Users\Blanička\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn
Folder Deleted : C:\Users\Blanička\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Users\Blanička\AppData\Roaming\Mozilla\Firefox\Profiles\p6jqxl5c.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Deleted : C:\Users\VLAO~1\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Vlaďoš\AppData\Roaming\Mozilla\Firefox\Profiles\n9xnsl29.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Blanička\AppData\Roaming\Mozilla\Firefox\Profiles\p6jqxl5c.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Vlaďoš\AppData\Roaming\Mozilla\Firefox\Profiles\n9xnsl29.default\bprotector_prefs.js
File Deleted : C:\Users\Blanička\AppData\Roaming\Mozilla\Firefox\Profiles\p6jqxl5c.default\bprotector_prefs.js
File Deleted : C:\Users\Vlaďoš\AppData\Roaming\Mozilla\Firefox\Profiles\n9xnsl29.default\searchplugins\Askcom.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Vlaďoš\AppData\Roaming\Mozilla\Firefox\Profiles\n9xnsl29.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Blanička\AppData\Roaming\Mozilla\Firefox\Profiles\p6jqxl5c.default\searchplugins\BrowserProtect.xml
File Deleted : C:\Users\Vlaďoš\AppData\Roaming\Mozilla\Firefox\Profiles\n9xnsl29.default\searchplugins\my-web-search.xml
File Deleted : C:\Users\Blanička\AppData\Roaming\Mozilla\Firefox\Profiles\p6jqxl5c.default\searchplugins\my-web-search.xml
File Deleted : C:\Users\Vlaďoš\AppData\Roaming\Mozilla\Firefox\Profiles\n9xnsl29.default\searchplugins\SweetIm.xml
File Deleted : C:\Users\Blanička\AppData\Roaming\Mozilla\Firefox\Profiles\p6jqxl5c.default\searchplugins\SweetIm.xml
File Deleted : C:\Users\Vlaďoš\AppData\Roaming\Mozilla\Firefox\Profiles\n9xnsl29.default\user.js
File Deleted : C:\Users\Blanička\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Vlaďoš\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\Blanička\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
File Deleted : C:\Windows\System32\Tasks\AmiUpdXp

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\FTDownloader
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FTDownloader_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FTDownloader_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKCU\Software\a2dc8bb035b917
Key Deleted : HKLM\SOFTWARE\a2dc8bb035b917
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1750559
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2481032
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v23.0.1 (cs)

[ File : C:\Users\Vlaďoš\AppData\Roaming\Mozilla\Firefox\Profiles\n9xnsl29.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://www2.delta-search.com/?affID=119777&tt=gc_&babsrc=NT_ss&mntrId=A42B10BF487E0D48");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Delta Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www2.delta-search.com/?affID=119777&tt=gc_&babsrc=HP_ss&mntrId=A42B10BF487E0D48");
Line Deleted : user_pref("CT1750559_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1362791507164,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT2481032_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1353737068522,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "SweetIM Search");
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.sweetim.com/search.asp?src=2&barid={38B28639-529E-11E2-81D2-10BF487E0D48}&q=");
Line Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "Seznam");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=C80CB469-5BB0-4CB5-9698-DD04B79A2A3C&n=77fc4425&p2=^HJ^xdm007^YY^cz&si=COyxsb3HsbUCFQpZ3godx[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2013021221");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "^HJ^xdm007^YY^cz");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "COyxsb3HsbUCFQpZ3godxT0ADQ");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "C80CB469-5BB0-4CB5-9698-DD04B79A2A3C");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1361126231319");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.searchHistory", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "10001");
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "videodownloadconverter@mindspark.com");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN29545224910489554&UM=UM_ID&q=");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13&CUI=UN29545224910489554");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT1750559");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=C80CB469-5BB0-4CB5-9698-DD04B79A2A3C&n=77fc4425&ind=2013021221&p2=^HJ^xdm007^YY^cz[...]
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Seznam");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2481032&SearchSource=13&CUI=SB_CUI");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481032&SearchSource=2&q=");
Line Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10005&barid={38B28639-529E-11E2-81D2-10BF487E0D48}");

[ File : C:\Users\Blanička\AppData\Roaming\Mozilla\Firefox\Profiles\p6jqxl5c.default\prefs.js ]

Line Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\15.5.0.2");
Line Deleted : user_pref("avg.install.userHPSettings", "hxxp://www2.delta-search.com/?affID=119777&tt=gc_&babsrc=HP_ss&mntrId=A42B10BF487E0D48");
Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
Line Deleted : user_pref("browser.newtab.url", "hxxp://www2.delta-search.com/?affID=119777&tt=gc_&babsrc=NT_ss&mntrId=A42B10BF487E0D48");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Delta Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www2.delta-search.com/?affID=119777&tt=gc_&babsrc=HP_ss&mntrId=A42B10BF487E0D48");
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=C80CB469-5BB0-4CB5-9698-DD04B79A2A3C&n=77fc4427&ind=2013021223&p2=^HJ^xdm007^YY[...]
Line Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=C80CB469-5BB0-4CB5-9698-DD04B79A2A3C&n=77fc4427&ind=2013021223&p2=^HJ^xdm007^YY^cz&si=[...]
Line Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "Seznam");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=C80CB469-5BB0-4CB5-9698-DD04B79A2A3C&n=77fc4427&p2=^HJ^xdm007^YY^cz&si=COyxsb3HsbUCFQpZ3godx[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2013021223");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "^HJ^xdm007^YY^cz");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "COyxsb3HsbUCFQpZ3godxT0ADQ");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "C80CB469-5BB0-4CB5-9698-DD04B79A2A3C");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1361039856004");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.searchHistory", "PYehrát");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "10001");
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "videodownloadconverter@mindspark.com");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com");
Line Deleted : user_pref("sweetim.toolbar.cargo", "3.1010000.10005");
Line Deleted : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.cda.returnValue", "hide");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote ... crg=$cargo;");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Line Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube.com/.*|.*.yahoo.com/.*|.[...]
Line Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Line Deleted : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Line Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Line Deleted : user_pref("sweetim.toolbar.newtab.created", "true");
Line Deleted : user_pref("sweetim.toolbar.newtab.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.newtab.url", "about:newtab");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolba ... crg=$cargo;");
Line Deleted : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.callback", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
Line Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
Line Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Line Deleted : user_pref("sweetim.toolbar.simapp_id", "{38B28639-529E-11E2-81D2-10BF487E0D48}");
Line Deleted : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Line Deleted : user_pref("sweetim.toolbar.version", "1.9.0.0");
Line Deleted : user_pref("sweetim.toolbar.Visibility.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Line Deleted : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");

-\\ Google Chrome v

[ File : C:\Users\Vlaďoš\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

[ File : C:\Users\Blanička\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [26391 octets] - [14/09/2013 16:51:40]
AdwCleaner[S0].txt - [25974 octets] - [14/09/2013 16:55:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [26035 octets] ##########





ZDE VÝSLEDEK Z MBAM


Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.09.14.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Vlaďoš :: VLAĎOŠ-PC [administrátor]

Ochrana: Povolena

14.9.2013 17:06:07
MBAM-log-2013-09-14 (20-52-14).txt

Typ: Kompletní kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 533245
Uplynulý čas: 1 hodin, 38 minut,

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 3
HKLM\SYSTEM\CurrentControlSet\Services\BitGuard (PUP.Optional.PerformerSoft.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 1
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {38B28639-529E-11E2-81D2-10BF487E0D48} -> Nebyla provedena žádná instrukce.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 12
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (PUP.Optional.PerformerSoft.A) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe.vir (PUP.Optional.Tarma.A) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Users\Vlaďoš\AppData\Roaming\file scout\filescout.exe.vir (PUP.Optional.FileScout.A) -> Nebyla provedena žádná instrukce.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (PUP.Optional.PerformerSoft.A) -> Nebyla provedena žádná instrukce.
C:\Users\Vlaďoš\AppData\Local\Application Data\Bundled software uninstaller\bi_client.exe (PUP.Optional.Somoto.A) -> Nebyla provedena žádná instrukce.
C:\Users\Vlaďoš\AppData\Local\Temp\9F4B.tmp (PUP.Optional.PerformerSoft.A) -> Nebyla provedena žádná instrukce.
C:\Users\Vlaďoš\AppData\Local\Temp\nsr1088.tmp (PUP.Optional.Somoto.A) -> Nebyla provedena žádná instrukce.
C:\Users\Vlaďoš\AppData\Local\Temp\nswE956.tmp\DTLite.exe (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Users\Vlaďoš\Downloads\DAEMONToolsUltra110-0103.exe (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Users\Vlaďoš\Downloads\DTLite-setup.exe (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Users\Vlaďoš\Downloads\Jillian Michaels Killer Buns .exe (PUP.Optional.Installex) -> Nebyla provedena žádná instrukce.
C:\Users\Vlaďoš\Downloads\Jillian_Michaels_Killer_Buns_.exe (PUP.BundleInstaller.DW) -> Nebyla provedena žádná instrukce.

(konec)
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: prosim o kontrolu, měl sem trojana

#4 Příspěvek od vyosek »

:arrow: Nalezy MBAMu smazte

:arrow: Dejte log z FRSTL http://forum.viry.cz/viewtopic.php?f=30&t=132520
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
lalasso
Návštěvník
Návštěvník
Příspěvky: 24
Registrován: 13 lis 2006 20:21

Re: prosim o kontrolu, měl sem trojana

#5 Příspěvek od lalasso »

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-09-2013 04
Ran by Vlaďoš (administrator) on VLAĎOŠ-PC on 14-09-2013 21:25:52
Running from C:\Users\Vlaďoš\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
() C:\Program Files\IMPI\ExtensionUpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\Skdaemon.exe
() C:\Program Files\Mouse\Amoumain.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Vlaďoš\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6470760 2012-11-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1177232 2012-11-09] (Realtek Semiconductor)
HKLM\...\Run: [Enhanced Performance Keyboard] - C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKDaemon.exe [335360 2012-08-08] (LITE-ON TECHNOLOGY CORP.)
HKLM\...\Run: [WheelMouse] - C:\Program Files\Mouse\Amoumain.exe [270336 2008-03-06] ()
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-07-18] (Microsoft Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: {90aa0cc0-1bde-11e3-9197-806e6f6e6963} - G:\Setup.exe
MountPoints2: {90aa0e19-1bde-11e3-9197-10bf487e0d48} - H:\Setup.exe
MountPoints2: {9c6a3edb-1bd4-11e3-917e-10bf487e0d48} - H:\Setup.exe
MountPoints2: {adc31c1d-2966-11e2-ac05-806e6f6e6963} - E:\.\Bin\ASSETUP.exe
MountPoints2: {e908c8e1-0a82-11e3-b1b6-10bf487e0d48} - G:\Setup.exe
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [43608 2012-11-09] ()
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.94.193\AsusWSPanel.exe [734544 2011-04-11] (ecareme)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\A\...\Run: [cz.seznam.software.szndesktop] - C:\Users\A\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\A\...\Run: [cz.seznam.software.autoupdate] - C:\Users\A\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\A\...\Policies\system: [LogonHoursAction] 2
HKU\A\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Blanička\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKU\Blanička\...\Run: [cz.seznam.software.szndesktop] - C:\Users\Blanička\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\Blanička\...\Run: [cz.seznam.software.autoupdate] - C:\Users\Blanička\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\Blanička\...\Policies\system: [LogonHoursAction] 2
HKU\Blanička\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\UpdatusUser\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKU\UpdatusUser\...\Run: [ROC_JAN2013_TB] - "C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe" /PROMPT /CMPID=JAN2013_TB
HKU\UpdatusUser\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
AppInit_DLLs-x32: c:\progra~3\bitguard\261673~1.238\{c16c1~1\bitguard.dll [2700768 2013-09-13] ()
Startup: C:\Users\Blanička\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Vlaďoš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Vlaďoš\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Vlaďoš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

URLSearchHook: (No Name) - {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - No File
URLSearchHook: (No Name) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - No File
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKCU - {2A762C8B-8E5F-4816-AB59-15357E554346} URL = http://websearch.ask.com/redirect?clien ... E70A39E2F3
SearchScopes: HKCU - {607D29E7-4D68-4596-A685-2CA5DDF68BF8} URL = http://search.conduit.com/ResultsExt.as ... =CT2481032
SearchScopes: HKCU - {B2811534-67E0-4839-969D-113420EB6B2C} URL = http://search.conduit.com/ResultsExt.as ... =CT1750559
SearchScopes: HKCU - {CC1B7BF2-EB28-404A-9102-C3F4344DF604} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
BHO: IMPI - {17E113E6-CD0E-4045-B154-65F0E57959EF} - C:\Program Files\IMPI\Extension64.dll ()
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: IMPI - {17E113E6-CD0E-4045-B154-65F0E57959EF} - C:\Program Files\IMPI\Extension32.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKCU - No Name - {124D001A-BDCB-472F-AA59-BBE7E4BC3204} - No File
Toolbar: HKCU - No Name - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Vlaďoš\AppData\Roaming\Mozilla\Firefox\Profiles\n9xnsl29.default
FF DefaultSearchEngine: Seznam
FF SelectedSearchEngine: Seznam
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Vlaďoš\AppData\Roaming\Mozilla\Firefox\Profiles\n9xnsl29.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Vlaďoš\AppData\Roaming\Mozilla\Firefox\Profiles\n9xnsl29.default\searchplugins\bs-player-customized-web-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Adblock Plus - C:\Users\Vlaďoš\AppData\Roaming\Mozilla\Firefox\Profiles\n9xnsl29.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF Extension: ftdownloader3 - C:\Users\Vlaďoš\AppData\Roaming\Mozilla\Firefox\Profiles\n9xnsl29.default\Extensions\ftdownloader3@ftdownloader.com.xpi
FF Extension: No Name - C:\Users\Vlaďoš\AppData\Roaming\Mozilla\Firefox\Profiles\n9xnsl29.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{17E113E6-CD0E-4045-B154-65F0E57959EF}] - C:\Program Files\IMPI\Firefox
FF Extension: IMPI - C:\Program Files\IMPI\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF HKLM-x32\...\Firefox\Extensions: [{17E113E6-CD0E-4045-B154-65F0E57959EF}] - C:\Program Files\IMPI\Firefox
FF Extension: IMPI - C:\Program Files\IMPI\Firefox

Chrome:
=======
CHR Extension: (IMPI) - C:\Users\VLAO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeinlpefandfngbdmdgjgepebkjap\2.0.0.429_0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [915584 2012-11-11] ()
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 2012-11-09] (DTS)
R2 IMPI Updater; C:\Program Files\IMPI\ExtensionUpdaterService.exe [185856 2013-02-05] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 Amfilter; C:\Windows\System32\DRIVERS\Amfltx64.sys [12288 2007-10-15] ((Standard mouse types))
R3 Amusbprt; C:\Windows\System32\DRIVERS\Amusbx64.sys [17920 2008-02-13] (A4Tech Co.,Ltd.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2012-11-11] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2012-11-11] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-09-12] (DT Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-09-12] (Duplex Secure Ltd.)
U3 a4kypbf0; C:\Windows\System32\Drivers\a4kypbf0.sys [0 ] (Advanced Micro Devices)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-14 21:25 - 2013-09-14 21:25 - 00000000 ____D C:\Users\Vlaďoš\AppData\Local\qb043957.A4
2013-09-14 21:25 - 2013-09-14 21:25 - 00000000 ____D C:\FRST
2013-09-14 21:25 - 2013-09-13 21:11 - 01950312 _____ (Farbar) C:\Users\Vlaďoš\Desktop\FRST64.exe
2013-09-14 17:03 - 2013-09-14 17:03 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-14 17:03 - 2013-09-14 17:03 - 00000000 ____D C:\Users\Vlaďoš\AppData\Roaming\Malwarebytes
2013-09-14 17:03 - 2013-09-14 17:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-14 17:03 - 2013-09-14 17:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-14 17:03 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-14 16:57 - 2013-09-14 21:20 - 00000112 _____ C:\Windows\setupact.log
2013-09-14 16:57 - 2013-09-14 16:57 - 00000000 _____ C:\Windows\setuperr.log
2013-09-14 16:56 - 2013-09-14 21:20 - 00003736 _____ C:\Windows\PFRO.log
2013-09-14 16:51 - 2013-09-14 16:55 - 00000000 ____D C:\AdwCleaner
2013-09-14 16:46 - 2013-09-14 16:46 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Vlaďoš\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-14 16:46 - 2013-09-14 16:46 - 00000000 ____D C:\Users\Vlaďoš\AppData\Local\avgchrome
2013-09-14 16:44 - 2013-09-14 16:45 - 01037278 _____ C:\Users\Vlaďoš\Desktop\adwcleaner.exe
2013-09-13 20:32 - 2013-09-13 20:42 - 00546045 _____ C:\Users\Vlaďoš\Downloads\avgremover.log
2013-09-13 20:31 - 2013-09-13 20:32 - 03222280 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Vlaďoš\Downloads\avg_remover_stf_x64_2013_2706.exe
2013-09-13 20:20 - 2013-09-14 09:21 - 00000000 ____D C:\Program Files\trend micro
2013-09-13 20:20 - 2013-09-13 20:20 - 00000000 ____D C:\rsit
2013-09-13 20:18 - 2013-09-13 20:18 - 00832273 _____ C:\Users\Vlaďoš\Downloads\RSITx64.exe
2013-09-13 20:09 - 2013-09-14 16:56 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard
2013-09-13 20:09 - 2013-09-13 20:09 - 00000000 ____D C:\Users\Vlaďoš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-09-13 20:09 - 2013-09-13 20:09 - 00000000 ____D C:\ProgramData\BitGuard
2013-09-12 23:35 - 2013-09-12 23:35 - 00001912 _____ C:\Windows\epplauncher.mif
2013-09-12 23:33 - 2013-09-12 23:33 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-12 23:33 - 2013-09-12 23:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-09-12 23:14 - 2013-09-12 23:14 - 13838016 _____ (Microsoft Corporation) C:\Users\Vlaďoš\Downloads\mseinstall.exe
2013-09-12 22:16 - 2013-09-12 22:16 - 00003544 ____N C:\bootsqm.dat
2013-09-12 21:43 - 2013-09-12 21:43 - 00000000 __SHD C:\found.001
2013-09-12 21:19 - 2013-09-12 21:19 - 00000000 ____D C:\Users\A\Desktop\keygen
2013-09-12 21:18 - 2013-09-12 21:19 - 00000000 ____D C:\Users\A\AppData\Roaming\Seznam.cz
2013-09-12 21:18 - 2013-09-12 21:18 - 00001397 _____ C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-12 21:18 - 2013-09-12 21:18 - 00000000 ___RD C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-12 21:18 - 2013-09-12 21:18 - 00000000 ___RD C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 21:18 - 2013-09-12 21:18 - 00000000 ____D C:\Users\A\AppData\Roaming\ASUS WebStorage
2013-09-12 21:18 - 2013-09-12 21:18 - 00000000 ____D C:\Users\A\AppData\Roaming\Apple Computer
2013-09-12 21:18 - 2013-09-12 21:18 - 00000000 ____D C:\Users\A\AppData\Roaming\Adobe
2013-09-12 21:18 - 2013-09-12 21:18 - 00000000 ____D C:\Users\A\AppData\Local\Adobe
2013-09-12 21:17 - 2013-09-12 21:18 - 00000000 ____D C:\Users\A
2013-09-12 21:17 - 2013-09-12 21:17 - 00000644 __RSH C:\Users\A\ntuser.pol
2013-09-12 21:17 - 2013-09-12 21:17 - 00000020 ___SH C:\Users\A\ntuser.ini
2013-09-12 21:17 - 2013-09-12 21:17 - 00000000 _SHDL C:\Users\A\Šablony
2013-09-12 21:17 - 2013-09-12 21:17 - 00000000 _SHDL C:\Users\A\Soubory cookie
2013-09-12 21:17 - 2013-09-12 21:17 - 00000000 _SHDL C:\Users\A\Poslední
2013-09-12 21:17 - 2013-09-12 21:17 - 00000000 _SHDL C:\Users\A\Okolní tiskárny
2013-09-12 21:17 - 2013-09-12 21:17 - 00000000 _SHDL C:\Users\A\Okolní síť
2013-09-12 21:17 - 2013-09-12 21:17 - 00000000 _SHDL C:\Users\A\Nabídka Start
2013-09-12 21:17 - 2013-09-12 21:17 - 00000000 _SHDL C:\Users\A\Dokumenty
2013-09-12 21:17 - 2013-09-12 21:17 - 00000000 _SHDL C:\Users\A\Documents\Obrázky
2013-09-12 21:17 - 2013-09-12 21:17 - 00000000 _SHDL C:\Users\A\Documents\Hudba
2013-09-12 21:17 - 2013-09-12 21:17 - 00000000 _SHDL C:\Users\A\Documents\Filmy
2013-09-12 21:17 - 2013-09-12 21:17 - 00000000 _SHDL C:\Users\A\Data aplikací
2013-09-12 21:17 - 2013-09-12 21:17 - 00000000 _SHDL C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2013-09-12 21:17 - 2013-09-12 21:17 - 00000000 _SHDL C:\Users\A\AppData\Local\Data aplikací
2013-09-12 21:17 - 2013-09-12 21:17 - 00000000 ____D C:\Users\A\AppData\Local\VirtualStore
2013-09-12 21:17 - 2012-12-09 23:30 - 00000000 ____D C:\Users\A\AppData\Roaming\TuneUp Software
2013-09-12 21:17 - 2012-11-10 13:32 - 00000000 ____D C:\Users\A\AppData\Roaming\Macromedia
2013-09-12 21:17 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-09-12 21:17 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-09-12 21:16 - 2013-09-12 21:16 - 00000644 __RSH C:\Users\Vlaďoš\ntuser.pol
2013-09-12 21:16 - 2013-09-12 21:16 - 00000644 __RSH C:\Users\Blanička\ntuser.pol
2013-09-12 21:11 - 2013-09-12 21:11 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-09-12 21:05 - 2013-09-12 21:11 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-09-12 21:05 - 2013-09-12 21:05 - 00564824 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2013-09-12 21:05 - 2013-09-12 21:05 - 00001954 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-09-12 20:32 - 2013-09-13 04:05 - 01555016 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-12 20:21 - 2013-09-12 20:38 - 00000000 ____D C:\Users\Vlaďoš\AppData\Roaming\DAEMON Tools Ultra
2013-09-12 20:20 - 2013-09-12 20:20 - 00000000 ____D C:\ProgramData\DAEMON Tools Ultra
2013-09-12 03:20 - 2013-09-12 03:20 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-09-12 03:20 - 2013-09-12 03:20 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-09-12 03:04 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 03:04 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 03:04 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 03:04 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 03:04 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 03:04 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 03:04 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 03:04 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 03:04 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 03:04 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 03:04 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 03:04 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 03:04 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 03:04 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 03:04 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 03:04 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 03:04 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 03:04 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 03:04 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 03:04 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 03:04 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 03:04 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 03:04 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 03:04 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 03:04 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 03:04 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 03:04 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 03:04 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 03:04 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 03:04 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 03:04 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-11 22:20 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 22:20 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-11 22:20 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-11 22:20 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-11 22:20 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-11 22:20 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-11 22:20 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 22:20 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-11 22:20 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 22:20 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 22:20 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 22:20 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 22:20 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 22:20 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 22:20 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 22:20 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 22:20 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 22:20 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 22:20 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 22:20 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 22:20 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 22:20 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 22:20 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 22:20 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 22:20 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 22:20 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 22:20 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 22:20 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 22:20 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 22:20 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 22:20 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-11 19:06 - 2013-09-11 19:06 - 00000000 ____D C:\Users\Vlaďoš\AppData\Local\Apple Computer
2013-09-11 19:02 - 2013-06-21 14:06 - 27781920 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-09-11 19:02 - 2013-06-21 14:06 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-09-11 19:02 - 2013-06-21 14:06 - 21102368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-09-11 19:02 - 2013-06-21 14:06 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-09-11 19:02 - 2013-06-21 14:06 - 15144928 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-09-11 19:02 - 2013-06-21 14:06 - 11235104 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-09-11 19:02 - 2013-06-21 14:06 - 09239344 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-09-11 19:02 - 2013-06-21 14:06 - 07687592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-09-11 19:02 - 2013-06-21 14:06 - 07641832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-09-11 19:02 - 2013-06-21 14:06 - 06324360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-09-11 19:02 - 2013-06-21 14:06 - 02953504 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-09-11 19:02 - 2013-06-21 14:06 - 02777888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-09-11 19:02 - 2013-06-21 14:06 - 02597856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-09-11 19:02 - 2013-06-21 14:06 - 02363680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-09-11 19:02 - 2013-06-21 14:06 - 02002720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-09-11 19:02 - 2013-06-21 14:06 - 01832224 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432049.dll
2013-09-11 19:02 - 2013-06-21 14:06 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432049.dll
2013-09-11 19:02 - 2013-06-21 14:06 - 00925648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-09-11 19:02 - 2013-06-21 14:06 - 00572704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-09-11 19:02 - 2013-06-21 14:06 - 00570656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-09-11 19:02 - 2013-06-21 14:06 - 00467232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-09-11 19:02 - 2013-06-21 14:06 - 00465184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-09-11 19:02 - 2013-06-21 14:06 - 00266448 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-09-11 19:02 - 2013-06-21 14:06 - 00218592 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-09-11 19:02 - 2013-06-21 14:06 - 00214448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-09-11 19:02 - 2013-06-21 14:06 - 00181488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-09-11 19:02 - 2013-02-25 07:27 - 00194848 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2013-09-11 19:02 - 2013-02-25 07:27 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2013-09-11 19:02 - 2013-01-29 10:35 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2013-09-11 18:51 - 2013-09-11 18:55 - 229594432 _____ (NVIDIA Corporation) C:\Users\Vlaďoš\Downloads\320.49-desktop-win8-win7-winvista-64bit-international-whql.exe
2013-08-21 21:23 - 2013-09-14 19:05 - 00000000 ____D C:\Users\Blanička\AppData\Roaming\Seznam.cz
2013-08-21 20:21 - 2013-08-21 20:21 - 00000000 ____D C:\ProgramData\FLEXnet
2013-08-21 19:36 - 2013-08-21 19:36 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2013-08-21 19:35 - 2013-08-21 19:35 - 00002032 _____ C:\Users\Public\Desktop\AutoCAD 2011 - česky.lnk
2013-08-21 19:34 - 2013-09-12 23:27 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2013-08-21 19:34 - 2013-08-21 19:34 - 00000000 ____D C:\Users\Vlaďoš\AppData\Local\Autodesk
2013-08-21 19:32 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2013-08-21 19:32 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-08-21 19:32 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2013-08-21 19:32 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2013-08-21 19:32 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2013-08-21 19:32 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2013-08-21 19:32 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2013-08-21 19:32 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2013-08-21 19:26 - 2013-09-12 23:19 - 00000000 ____D C:\ProgramData\Autodesk
2013-08-21 19:26 - 2013-08-21 20:22 - 00000000 ____D C:\Users\Vlaďoš\AppData\Roaming\Autodesk
2013-08-21 19:23 - 2013-08-21 19:23 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2013-08-21 19:22 - 2013-09-11 19:04 - 00000000 ____D C:\Users\Vlaďoš\AppData\Roaming\Seznam.cz
2013-08-21 19:18 - 2013-08-21 19:18 - 00000000 ____D C:\Users\Vlaďoš\Desktop\autocad
2013-08-21 19:17 - 2013-09-13 20:56 - 00000000 ____D C:\Users\Vlaďoš\AppData\Roaming\DAEMON Tools Lite
2013-08-21 19:16 - 2013-08-21 19:23 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-08-15 21:30 - 2013-09-12 03:04 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 20:29 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 20:29 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 20:29 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 20:29 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 20:29 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 20:29 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 20:29 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 20:29 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 20:29 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 20:29 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 20:29 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 20:29 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 20:28 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 20:28 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 20:28 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 20:28 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-14 21:25 - 2013-09-14 21:25 - 00000000 ____D C:\Users\Vlaďoš\AppData\Local\qb043957.A4
2013-09-14 21:25 - 2013-09-14 21:25 - 00000000 ____D C:\FRST
2013-09-14 21:24 - 2012-11-08 07:47 - 01869025 _____ C:\Windows\WindowsUpdate.log
2013-09-14 21:23 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-14 21:23 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-14 21:22 - 2013-04-27 18:14 - 00000000 ____D C:\Users\Vlaďoš\AppData\Roaming\Dropbox
2013-09-14 21:21 - 2013-06-03 08:46 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-09-14 21:21 - 2013-01-08 20:16 - 00000354 _____ C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2013-09-14 21:20 - 2013-09-14 16:57 - 00000112 _____ C:\Windows\setupact.log
2013-09-14 21:20 - 2013-09-14 16:56 - 00003736 _____ C:\Windows\PFRO.log
2013-09-14 21:20 - 2012-11-09 06:31 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-14 21:20 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-14 19:45 - 2012-12-03 12:21 - 00000000 ____D C:\Users\Blanička\AppData\Roaming\Skype
2013-09-14 19:05 - 2013-08-21 21:23 - 00000000 ____D C:\Users\Blanička\AppData\Roaming\Seznam.cz
2013-09-14 19:03 - 2012-11-14 17:25 - 00000000 ____D C:\Users\Vlaďoš\AppData\Roaming\Skype
2013-09-14 17:03 - 2013-09-14 17:03 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-14 17:03 - 2013-09-14 17:03 - 00000000 ____D C:\Users\Vlaďoš\AppData\Roaming\Malwarebytes
2013-09-14 17:03 - 2013-09-14 17:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-14 17:03 - 2013-09-14 17:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-14 16:57 - 2013-09-14 16:57 - 00000000 _____ C:\Windows\setuperr.log
2013-09-14 16:56 - 2013-09-13 20:09 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard
2013-09-14 16:55 - 2013-09-14 16:51 - 00000000 ____D C:\AdwCleaner
2013-09-14 16:47 - 2013-02-12 20:42 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-09-14 16:46 - 2013-09-14 16:46 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Vlaďoš\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-14 16:46 - 2013-09-14 16:46 - 00000000 ____D C:\Users\Vlaďoš\AppData\Local\avgchrome
2013-09-14 16:46 - 2012-11-14 17:24 - 00000000 ____D C:\ProgramData\Skype
2013-09-14 16:45 - 2013-09-14 16:44 - 01037278 _____ C:\Users\Vlaďoš\Desktop\adwcleaner.exe
2013-09-14 09:21 - 2013-09-13 20:20 - 00000000 ____D C:\Program Files\trend micro
2013-09-13 21:32 - 2013-06-23 21:41 - 00000000 ____D C:\Program Files (x86)\EVIDENCEOSOB
2013-09-13 21:30 - 2013-01-01 22:13 - 00000000 ____D C:\Program Files (x86)\DivX
2013-09-13 21:30 - 2013-01-01 22:12 - 00000000 ____D C:\ProgramData\DivX
2013-09-13 21:29 - 2013-01-01 22:16 - 00000000 ____D C:\Program Files\DivX
2013-09-13 21:11 - 2013-09-14 21:25 - 01950312 _____ (Farbar) C:\Users\Vlaďoš\Desktop\FRST64.exe
2013-09-13 20:56 - 2013-08-21 19:17 - 00000000 ____D C:\Users\Vlaďoš\AppData\Roaming\DAEMON Tools Lite
2013-09-13 20:56 - 2012-11-21 23:01 - 00000000 ____D C:\Users\Vlaďoš\AppData\Local\CrashDumps
2013-09-13 20:56 - 2012-11-08 07:32 - 00000000 ____D C:\Windows\Panther
2013-09-13 20:42 - 2013-09-13 20:32 - 00546045 _____ C:\Users\Vlaďoš\Downloads\avgremover.log
2013-09-13 20:32 - 2013-09-13 20:31 - 03222280 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Vlaďoš\Downloads\avg_remover_stf_x64_2013_2706.exe
2013-09-13 20:20 - 2013-09-13 20:20 - 00000000 ____D C:\rsit
2013-09-13 20:18 - 2013-09-13 20:18 - 00832273 _____ C:\Users\Vlaďoš\Downloads\RSITx64.exe
2013-09-13 20:09 - 2013-09-13 20:09 - 00000000 ____D C:\Users\Vlaďoš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-09-13 20:09 - 2013-09-13 20:09 - 00000000 ____D C:\ProgramData\BitGuard
2013-09-13 16:34 - 2012-11-14 20:34 - 00063520 _____ C:\Users\Blanička\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-13 04:05 - 2013-09-12 20:32 - 01555016 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-13 04:05 - 2009-07-14 17:18 - 00666238 _____ C:\Windows\system32\perfh005.dat
2013-09-13 04:05 - 2009-07-14 17:18 - 00139934 _____ C:\Windows\system32\perfc005.dat
2013-09-13 04:05 - 2009-07-14 07:13 - 01555016 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-13 00:32 - 2012-11-09 06:31 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-09-13 00:32 - 2012-11-09 06:29 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-09-13 00:28 - 2012-11-11 13:43 - 00000000 ____D C:\Users\Blanička
2013-09-13 00:15 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-12 23:35 - 2013-09-12 23:35 - 00001912 _____ C:\Windows\epplauncher.mif
2013-09-12 23:35 - 2012-11-10 14:10 - 00063520 _____ C:\Users\Vlaďoš\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-12 23:33 - 2013-09-12 23:33 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-12 23:33 - 2013-09-12 23:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-09-12 23:30 - 2009-07-14 06:45 - 04849208 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 23:27 - 2013-08-21 19:34 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2013-09-12 23:19 - 2013-08-21 19:26 - 00000000 ____D C:\ProgramData\Autodesk
2013-09-12 23:16 - 2012-12-31 17:57 - 00000000 ____D C:\Users\Vlaďoš\AppData\Roaming\uTorrent
2013-09-12 23:14 - 2013-09-12 23:14 - 13838016 _____ (Microsoft Corporation) C:\Users\Vlaďoš\Downloads\mseinstall.exe
2013-09-12 22:16 - 2013-09-12 22:16 - 00003544 ____N C:\bootsqm.dat
2013-09-12 21:43 - 2013-09-12 21:43 - 00000000 __SHD C:\found.001
2013-09-12 21:19 - 2013-09-12 21:19 - 00000000 ____D C:\Users\A\Desktop\keygen
2013-09-12 21:19 - 2013-09-12 21:18 - 00000000 ____D C:\Users\A\AppData\Roaming\Seznam.cz
2013-09-12 21:18 - 2013-09-12 21:18 - 00001397 _____ C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-12 21:18 - 2013-09-12 21:18 - 00000000 ___RD C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-12 21:18 - 2013-09-12 21:18 - 00000000 ___RD C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 21:18 - 2013-09-12 21:18 - 00000000 ____D C:\Users\A\AppData\Roaming\ASUS WebStorage
2013-09-12 21:18 - 2013-09-12 21:18 - 00000000 ____D C:\Users\A\AppData\Roaming\Apple Computer
2013-09-12 21:18 - 2013-09-12 21:18 - 00000000 ____D C:\Users\A\AppData\Roaming\Adobe
2013-09-12 21:18 - 2013-09-12 21:18 - 00000000 ____D C:\Users\A\AppData\Local\Adobe
2013-09-12 21:18 - 2013-09-12 21:17 - 00000000 ____D C:\Users\A
2013-09-12 21:17 - 2013-09-12 21:17 - 00000644 __RSH C:\Users\A\ntuser.pol
2013-09-12 21:17 - 2013-09-12 21:17 - 00000020 ___SH C:\Users\A\ntuser.ini
2013-09-12 21:17 - 2013-09-12 21:17 - 00000000 _SHDL C:\Users\A\Šablony
2013-09-12 21:17 - 2013-09-12 21:17 - 00000000 _SHDL C:\Users\A\Soubory cookie
2013-09-12 21:17 - 2013-09-12 21:17 - 00000000 _SHDL C:\Users\A\Poslední
2013-09-12 21:17 - 2013-09-12 21:17 - 00000000 _SHDL C:\Users\A\Okolní tiskárny
2013-09-12 21:17 - 2013-09-12 21:17 - 00000000 _SHDL C:\Users\A\Okolní síť
2013-09-12 21:17 - 2013-09-12 21:17 - 00000000 _SHDL C:\Users\A\Nabídka Start
2013-09-12 21:17 - 2013-09-12 21:17 - 00000000 _SHDL C:\Users\A\Dokumenty
2013-09-12 21:17 - 2013-09-12 21:17 - 00000000 _SHDL C:\Users\A\Documents\Obrázky
2013-09-12 21:17 - 2013-09-12 21:17 - 00000000 _SHDL C:\Users\A\Documents\Hudba
2013-09-12 21:17 - 2013-09-12 21:17 - 00000000 _SHDL C:\Users\A\Documents\Filmy
2013-09-12 21:17 - 2013-09-12 21:17 - 00000000 _SHDL C:\Users\A\Data aplikací
2013-09-12 21:17 - 2013-09-12 21:17 - 00000000 _SHDL C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2013-09-12 21:17 - 2013-09-12 21:17 - 00000000 _SHDL C:\Users\A\AppData\Local\Data aplikací
2013-09-12 21:17 - 2013-09-12 21:17 - 00000000 ____D C:\Users\A\AppData\Local\VirtualStore
2013-09-12 21:16 - 2013-09-12 21:16 - 00000644 __RSH C:\Users\Vlaďoš\ntuser.pol
2013-09-12 21:16 - 2013-09-12 21:16 - 00000644 __RSH C:\Users\Blanička\ntuser.pol
2013-09-12 21:16 - 2012-11-08 07:47 - 00000000 ____D C:\Users\Vlaďoš
2013-09-12 21:16 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-09-12 21:13 - 2012-11-11 13:43 - 00000000 ___RD C:\Users\Blanička\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-12 21:13 - 2012-11-11 13:43 - 00000000 ___RD C:\Users\Blanička\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 21:11 - 2013-09-12 21:11 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-09-12 21:11 - 2013-09-12 21:05 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-09-12 21:05 - 2013-09-12 21:05 - 00564824 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2013-09-12 21:05 - 2013-09-12 21:05 - 00001954 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-09-12 20:38 - 2013-09-12 20:21 - 00000000 ____D C:\Users\Vlaďoš\AppData\Roaming\DAEMON Tools Ultra
2013-09-12 20:20 - 2013-09-12 20:20 - 00000000 ____D C:\ProgramData\DAEMON Tools Ultra
2013-09-12 20:05 - 2012-11-08 07:47 - 00000000 ___RD C:\Users\Vlaďoš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-12 20:05 - 2012-11-08 07:47 - 00000000 ___RD C:\Users\Vlaďoš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 03:20 - 2013-09-12 03:20 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-09-12 03:20 - 2013-09-12 03:20 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-09-12 03:04 - 2013-08-15 21:30 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 03:01 - 2012-11-12 00:00 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 19:40 - 2012-12-25 08:45 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-11 19:06 - 2013-09-11 19:06 - 00000000 ____D C:\Users\Vlaďoš\AppData\Local\Apple Computer
2013-09-11 19:04 - 2013-08-21 19:22 - 00000000 ____D C:\Users\Vlaďoš\AppData\Roaming\Seznam.cz
2013-09-11 18:55 - 2013-09-11 18:51 - 229594432 _____ (NVIDIA Corporation) C:\Users\Vlaďoš\Downloads\320.49-desktop-win8-win7-winvista-64bit-international-whql.exe
2013-08-21 21:23 - 2012-12-18 21:46 - 00000000 ____D C:\Users\Blanička\AppData\Roaming\Sonant
2013-08-21 21:19 - 2013-01-09 18:18 - 00000000 ____D C:\Users\Vlaďoš\AppData\Roaming\Sonant
2013-08-21 20:22 - 2013-08-21 19:26 - 00000000 ____D C:\Users\Vlaďoš\AppData\Roaming\Autodesk
2013-08-21 20:21 - 2013-08-21 20:21 - 00000000 ____D C:\ProgramData\FLEXnet
2013-08-21 19:36 - 2013-08-21 19:36 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2013-08-21 19:35 - 2013-08-21 19:35 - 00002032 _____ C:\Users\Public\Desktop\AutoCAD 2011 - česky.lnk
2013-08-21 19:34 - 2013-08-21 19:34 - 00000000 ____D C:\Users\Vlaďoš\AppData\Local\Autodesk
2013-08-21 19:23 - 2013-08-21 19:23 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2013-08-21 19:23 - 2013-08-21 19:16 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-08-21 19:18 - 2013-08-21 19:18 - 00000000 ____D C:\Users\Vlaďoš\Desktop\autocad
2013-08-18 10:27 - 2013-08-12 05:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

Some content of TEMP:
====================
C:\Users\Blanička\AppData\Local\Temp\~5F3C.exe
C:\Users\Blanička\AppData\Local\Temp\~E7EC.exe
C:\Users\Vlaďoš\AppData\Local\Temp\bitool.dll
C:\Users\Vlaďoš\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\Vlaďoš\AppData\Local\Temp\Quarantine.exe
C:\Users\Vlaďoš\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Vlaďoš\AppData\Local\Temp\uninst1.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit



==================== Alternate Data Streams (whitelisted) ====

AlternateDataStreams: C:\Users\Vlaďoš\Local Settings:kUNrSmDpp3Fu3YvUdu
AlternateDataStreams: C:\Users\Vlaďoš\AppData\Local:kUNrSmDpp3Fu3YvUdu
AlternateDataStreams: C:\Users\Vlaďoš\AppData\Local\Data aplikací:kUNrSmDpp3Fu3YvUdu

==================== Loaded Modules (whitelisted) ============

2013-02-26 00:32 - 2013-06-21 14:06 - 15920536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-04-24 19:59 - 2013-04-24 19:59 - 00164016 _____ (Dropbox, Inc.) C:\Users\Vlaďoš\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-12-02 21:56 - 2012-11-09 06:27 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2012-12-02 21:56 - 2012-11-09 06:27 - 03611752 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2008-10-22 01:20 - 2008-10-22 01:20 - 00138240 _____ (LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKUtil.DLL
2007-02-09 00:10 - 2007-02-09 00:10 - 00060928 _____ (LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKHidKbd.dll
2006-12-05 00:40 - 2006-12-05 00:40 - 00059904 _____ (LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\skosd.dll
2006-08-07 21:11 - 2006-08-07 21:11 - 00072192 _____ (LITE-ON Corp.) C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\skhooks.dll
2011-02-06 16:08 - 2007-04-19 16:56 - 00094208 _____ () C:\Program Files\Mouse\Amoures.dll
2013-06-21 09:53 - 2013-06-21 09:53 - 00088680 ____R (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.dll
2013-04-24 19:59 - 2013-04-24 19:59 - 00130736 _____ (Dropbox, Inc.) C:\Users\Vlaďoš\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
2012-11-14 01:32 - 2012-11-14 01:32 - 03558400 _____ (wxWidgets development team) C:\Users\Vlaďoš\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\Vlaďoš\AppData\Roaming\Dropbox\bin\libcef.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 09956864 _____ (The ICU Project) C:\Users\Vlaďoš\AppData\Roaming\Dropbox\bin\icudt.dll
2010-06-07 13:19 - 2012-11-11 13:39 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2013-04-11 23:18 - 2008-01-01 08:57 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Scheduled Tasks (whitelisted) ===========

Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{3A1EE4EC-C514-43B7-9B41-F53B48A92E14}.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe

==================== Supplementary Scan (All) ================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager
"C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
"C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [x]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000005
"ConsentPromptBehaviorUser"=dword:00000003
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000001
"EnableSecureUIAPaths"=dword:00000001
"EnableUIADesktopToggle"=dword:00000000
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"scforceoption"=dword:00000000
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"FilterAdministratorToken"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=dword:00000001
"NoActiveDesktopChanges"=dword:00000001
"ForceActiveDesktopOn"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=dword:00000001
"AntiVirusOverride"=dword:00000000
"AntiSpywareOverride"=dword:00000000
"FirewallOverride"=dword:00000000

AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.msadpcm"="msadp32.acm"
"midimapper"="midimap.dll"
"wavemapper"="msacm32.drv"
"VIDC.UYVY"="msyuv.dll"
"VIDC.YUY2"="msyuv.dll"
"VIDC.YVYU"="msyuv.dll"
"VIDC.IYUV"="iyuv_32.dll"
"vidc.i420"="iyuv_32.dll"
"VIDC.YVU9"="tsbyuv.dll"
"msacm.l3acm"="C:\\Windows\\System32\\l3codeca.acm"
"wave5"="wdmaud.drv"
"midi5"="wdmaud.drv"
"mixer5"="wdmaud.drv"
"aux1"="wdmaud.drv"
"MSVideo8"="VfWWDM32.dll"
"wave6"="wdmaud.drv"
"midi6"="wdmaud.drv"
"mixer6"="wdmaud.drv"
"aux2"="wdmaud.drv"
"wave7"="wdmaud.drv"
"midi7"="wdmaud.drv"
"mixer7"="wdmaud.drv"
"aux3"="wdmaud.drv"
"wave"="wdmaud.drv"
"midi"="wdmaud.drv"
"mixer"="wdmaud.drv"
"aux"="wdmaud.drv"
"wave8"="wdmaud.drv"
"midi8"="wdmaud.drv"
"mixer8"="wdmaud.drv"
"aux4"="wdmaud.drv"
"wave9"="wdmaud.drv"
"midi9"="wdmaud.drv"
"mixer9"="wdmaud.drv"
"aux5"="wdmaud.drv"
"aux6"="wdmaud.drv"
"aux7"="wdmaud.drv"
"aux8"="wdmaud.drv"
"wave4"="wdmaud.drv"
"midi4"="wdmaud.drv"
"mixer4"="wdmaud.drv"
"wave1"="wdmaud.drv"
"midi1"="wdmaud.drv"
"mixer1"="wdmaud.drv"
"wave2"="wdmaud.drv"
"midi2"="wdmaud.drv"
"mixer2"="wdmaud.drv"
"wave3"="wdmaud.drv"
"midi3"="wdmaud.drv"
"mixer3"="wdmaud.drv"


==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:75.04 GB) (Free:13.99 GB) NTFS
Drive d: (Nový svazek) (Fixed) (Total:390.62 GB) (Free:140.68 GB) NTFS

Available physical RAM: 2161.44 MB
Total physical RAM: 4057.36 MB
Percentage of memory in use: 46%

==================== MBR and Partition Table =================

Folder Size 2.0.0.0 (x32 Version: 2.0.0.0)
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 31753174)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=75 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=391 GB) - (Type=07 NTFS)

LastRegBack: 2013-04-20 00:06

==================== End Of Log ==============================
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: prosim o kontrolu, měl sem trojana

#6 Příspěvek od vyosek »

:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    Start
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
MountPoints2: {90aa0cc0-1bde-11e3-9197-806e6f6e6963} - G:\Setup.exe
MountPoints2: {90aa0e19-1bde-11e3-9197-10bf487e0d48} - H:\Setup.exe
MountPoints2: {9c6a3edb-1bd4-11e3-917e-10bf487e0d48} - H:\Setup.exe
MountPoints2: {adc31c1d-2966-11e2-ac05-806e6f6e6963} - E:\.\Bin\ASSETUP.exe
MountPoints2: {e908c8e1-0a82-11e3-b1b6-10bf487e0d48} - G:\Setup.exe
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKU\A\...\Run: [cz.seznam.software.szndesktop] - C:\Users\A\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\A\...\Run: [cz.seznam.software.autoupdate] - C:\Users\A\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\Blanička\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKU\Blanička\...\Run: [cz.seznam.software.szndesktop] - C:\Users\Blanička\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\Blanička\...\Run: [cz.seznam.software.autoupdate] - C:\Users\Blanička\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\UpdatusUser\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKU\UpdatusUser\...\Run: [ROC_JAN2013_TB] - "C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe" /PROMPT /CMPID=JAN2013_TB
HKU\UpdatusUser\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
Startup: C:\Users\Blanička\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
Startup: C:\Users\Vlaďoš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk

URLSearchHook: (No Name) - {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - No File
URLSearchHook: (No Name) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - No File
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKCU - {2A762C8B-8E5F-4816-AB59-15357E554346} URL = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=en_EU&apn_ptnrs=U3&apn_dtid=OSJ000YYCZ&apn_uid=38FBC383-D0EA-4465-BC9E-7A67BED322E9&apn_sauid=1B351D76-E553-42E2-AFA8-7BE70A39E2F3
SearchScopes: HKCU - {607D29E7-4D68-4596-A685-2CA5DDF68BF8} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481032
SearchScopes: HKCU - {B2811534-67E0-4839-969D-113420EB6B2C} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559
SearchScopes: HKCU - {CC1B7BF2-EB28-404A-9102-C3F4344DF604} URL = http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415
BHO: IMPI - {17E113E6-CD0E-4045-B154-65F0E57959EF} - C:\Program Files\IMPI\Extension64.dll ()
BHO-x32: IMPI - {17E113E6-CD0E-4045-B154-65F0E57959EF} - C:\Program Files\IMPI\Extension32.dll ()
Toolbar: HKCU - No Name - {124D001A-BDCB-472F-AA59-BBE7E4BC3204} - No File
Toolbar: HKCU - No Name - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File

FF SearchPlugin: C:\Users\Vlaďoš\AppData\Roaming\Mozilla\Firefox\Profiles\n9xnsl29.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Vlaďoš\AppData\Roaming\Mozilla\Firefox\Profiles\n9xnsl29.default\searchplugins\bs-player-customized-web-search.xml

CHR Extension: (IMPI) - C:\Users\VLAO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeinlpefandfngbdmdgjgepebkjap\2.0.0.429_0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

2013-09-13 20:31 - 2013-09-13 20:32 - 03222280 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Vlaďoš\Downloads\avg_remover_stf_x64_2013_2706.exe
2013-09-12 21:19 - 2013-09-12 21:19 - 00000000 ____D C:\Users\A\Desktop\keygen

AlternateDataStreams: C:\Users\Vlaďoš\Local Settings:kUNrSmDpp3Fu3YvUdu
AlternateDataStreams: C:\Users\Vlaďoš\AppData\Local:kUNrSmDpp3Fu3YvUdu
AlternateDataStreams: C:\Users\Vlaďoš\AppData\Local\Data aplikací:kUNrSmDpp3Fu3YvUdu

Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{3A1EE4EC-C514-43B7-9B41-F53B48A92E14}.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task" /f

C:\Program Files (x86)\AVG Secure Search

Hosts:
CMD: shutdown /r /f /t 2
End
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny fixlist vedle FRST
:arrow: Spustte znovu FRST.exe
  • Kliknete na Fix
  • Probehne oprava a vytvori log Fixlog.txt
:arrow: Restart PC a dejte mi sem fixlog.txt
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
lalasso
Návštěvník
Návštěvník
Příspěvky: 24
Registrován: 13 lis 2006 20:21

Re: prosim o kontrolu, měl sem trojana

#7 Příspěvek od lalasso »

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-09-2013 04
Ran by Vlaďoš at 2013-09-14 22:02:41 Run:1
Running from C:\Users\Vlaďoš\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
MountPoints2: {90aa0cc0-1bde-11e3-9197-806e6f6e6963} - G:\Setup.exe
MountPoints2: {90aa0e19-1bde-11e3-9197-10bf487e0d48} - H:\Setup.exe
MountPoints2: {9c6a3edb-1bd4-11e3-917e-10bf487e0d48} - H:\Setup.exe
MountPoints2: {adc31c1d-2966-11e2-ac05-806e6f6e6963} - E:\.\Bin\ASSETUP.exe
MountPoints2: {e908c8e1-0a82-11e3-b1b6-10bf487e0d48} - G:\Setup.exe
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKU\A\...\Run: [cz.seznam.software.szndesktop] - C:\Users\A\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\A\...\Run: [cz.seznam.software.autoupdate] - C:\Users\A\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\Blanička\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKU\Blanička\...\Run: [cz.seznam.software.szndesktop] - C:\Users\Blanička\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\Blanička\...\Run: [cz.seznam.software.autoupdate] - C:\Users\Blanička\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\UpdatusUser\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKU\UpdatusUser\...\Run: [ROC_JAN2013_TB] - "C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe" /PROMPT /CMPID=JAN2013_TB
HKU\UpdatusUser\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
Startup: C:\Users\Blanička\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
Startup: C:\Users\Vlaďoš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk

URLSearchHook: (No Name) - {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - No File
URLSearchHook: (No Name) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - No File
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKCU - {2A762C8B-8E5F-4816-AB59-15357E554346} URL = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=en_EU&apn_ptnrs=U3&apn_dtid=OSJ000YYCZ&apn_uid=38FBC383-D0EA-4465-BC9E-7A67BED322E9&apn_sauid=1B351D76-E553-42E2-AFA8-7BE70A39E2F3
SearchScopes: HKCU - {607D29E7-4D68-4596-A685-2CA5DDF68BF8} URL = http://search.conduit.com/ResultsExt.as ... =CT2481032
SearchScopes: HKCU - {B2811534-67E0-4839-969D-113420EB6B2C} URL = http://search.conduit.com/ResultsExt.as ... =CT1750559
SearchScopes: HKCU - {CC1B7BF2-EB28-404A-9102-C3F4344DF604} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
BHO: IMPI - {17E113E6-CD0E-4045-B154-65F0E57959EF} - C:\Program Files\IMPI\Extension64.dll ()
BHO-x32: IMPI - {17E113E6-CD0E-4045-B154-65F0E57959EF} - C:\Program Files\IMPI\Extension32.dll ()
Toolbar: HKCU - No Name - {124D001A-BDCB-472F-AA59-BBE7E4BC3204} - No File
Toolbar: HKCU - No Name - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File

FF SearchPlugin: C:\Users\Vlaďoš\AppData\Roaming\Mozilla\Firefox\Profiles\n9xnsl29.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Vlaďoš\AppData\Roaming\Mozilla\Firefox\Profiles\n9xnsl29.default\searchplugins\bs-player-customized-web-search.xml

CHR Extension: (IMPI) - C:\Users\VLAO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeinlpefandfngbdmdgjgepebkjap\2.0.0.429_0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

2013-09-13 20:31 - 2013-09-13 20:32 - 03222280 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Vlaďoš\Downloads\avg_remover_stf_x64_2013_2706.exe
2013-09-12 21:19 - 2013-09-12 21:19 - 00000000 ____D C:\Users\A\Desktop\keygen

AlternateDataStreams: C:\Users\Vlaďoš\Local Settings:kUNrSmDpp3Fu3YvUdu
AlternateDataStreams: C:\Users\Vlaďoš\AppData\Local:kUNrSmDpp3Fu3YvUdu
AlternateDataStreams: C:\Users\Vlaďoš\AppData\Local\Data aplikací:kUNrSmDpp3Fu3YvUdu

Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{3A1EE4EC-C514-43B7-9B41-F53B48A92E14}.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task" /f

C:\Program Files (x86)\AVG Secure Search

Hosts:
CMD: shutdown /r /f /t 2
End
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90aa0cc0-1bde-11e3-9197-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{90aa0cc0-1bde-11e3-9197-806e6f6e6963} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90aa0e19-1bde-11e3-9197-10bf487e0d48} => Key deleted successfully.
HKCR\CLSID\{90aa0e19-1bde-11e3-9197-10bf487e0d48} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c6a3edb-1bd4-11e3-917e-10bf487e0d48} => Key deleted successfully.
HKCR\CLSID\{9c6a3edb-1bd4-11e3-917e-10bf487e0d48} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{adc31c1d-2966-11e2-ac05-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{adc31c1d-2966-11e2-ac05-806e6f6e6963} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e908c8e1-0a82-11e3-b1b6-10bf487e0d48} => Key deleted successfully.
HKCR\CLSID\{e908c8e1-0a82-11e3-b1b6-10bf487e0d48} => Key not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SwitchBoard => Value deleted successfully.
HKU\A\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.szndesktop => Value deleted successfully.
HKU\A\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => Value deleted successfully.
HKU\Blanička\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => Value deleted successfully.
HKU\Blanička\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.szndesktop => Value deleted successfully.
HKU\Blanička\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => Value deleted successfully.
HKU\UpdatusUser\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => Value deleted successfully.
HKU\UpdatusUser\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_JAN2013_TB => Value deleted successfully.
HKU\UpdatusUser\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_JUNE2013_TB => Value deleted successfully.
C:\Users\Blanička\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk => Moved successfully.
C:\Users\Vlaďoš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{124d001a-bdcb-472f-aa59-bbe7e4bc3204} => Value deleted successfully.
HKCR\CLSID\{124d001a-bdcb-472f-aa59-bbe7e4bc3204} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} => Value deleted successfully.
HKCR\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2A762C8B-8E5F-4816-AB59-15357E554346} => Key deleted successfully.
HKCR\CLSID\{2A762C8B-8E5F-4816-AB59-15357E554346} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{607D29E7-4D68-4596-A685-2CA5DDF68BF8} => Key deleted successfully.
HKCR\CLSID\{607D29E7-4D68-4596-A685-2CA5DDF68BF8} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B2811534-67E0-4839-969D-113420EB6B2C} => Key deleted successfully.
HKCR\CLSID\{B2811534-67E0-4839-969D-113420EB6B2C} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC1B7BF2-EB28-404A-9102-C3F4344DF604} => Key deleted successfully.
HKCR\CLSID\{CC1B7BF2-EB28-404A-9102-C3F4344DF604} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17E113E6-CD0E-4045-B154-65F0E57959EF} => Key deleted successfully.
HKCR\CLSID\{17E113E6-CD0E-4045-B154-65F0E57959EF} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17E113E6-CD0E-4045-B154-65F0E57959EF} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{17E113E6-CD0E-4045-B154-65F0E57959EF} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{124D001A-BDCB-472F-AA59-BBE7E4BC3204} => Value deleted successfully.
HKCR\CLSID\{124D001A-BDCB-472F-AA59-BBE7E4BC3204} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} => Value deleted successfully.
HKCR\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} => Key not found.
C:\Users\Vlaďoš\AppData\Roaming\Mozilla\Firefox\Profiles\n9xnsl29.default\searchplugins\babylon.xml => Moved successfully.
C:\Users\Vlaďoš\AppData\Roaming\Mozilla\Firefox\Profiles\n9xnsl29.default\searchplugins\bs-player-customized-web-search.xml => Moved successfully.
C:\Users\VLAO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeinlpefandfngbdmdgjgepebkjap => Moved successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\Users\Vlaďoš\Downloads\avg_remover_stf_x64_2013_2706.exe => Moved successfully.
C:\Users\A\Desktop\keygen => Moved successfully.
"C:\Users\Vlaďoš\Local Settings" => ":kUNrSmDpp3Fu3YvUdu" ADS not found.
C:\Users\Vlaďoš\AppData\Local => ":kUNrSmDpp3Fu3YvUdu" ADS removed successfully.
"C:\Users\Vlaďoš\AppData\Local\Data aplikací" => ":kUNrSmDpp3Fu3YvUdu" ADS not found.
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => Moved successfully.
C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => Moved successfully.

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========

"C:\Program Files (x86)\AVG Secure Search" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r /f /t 2 =========


========= End of CMD: =========


==== End of Fixlog ====
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: prosim o kontrolu, měl sem trojana

#8 Příspěvek od vyosek »

Jak se chova PC :???:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
lalasso
Návštěvník
Návštěvník
Příspěvky: 24
Registrován: 13 lis 2006 20:21

Re: prosim o kontrolu, měl sem trojana

#9 Příspěvek od lalasso »

řekl bych standardně, možná je méně svižný, než by mohlo být, ale to je asi běžnej jev.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: prosim o kontrolu, měl sem trojana

#10 Příspěvek od vyosek »

Tak jeste uklidime :James008:

:arrow: T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

:arrow: A pokud nejsou problemy ci dotazy, je to z me strany vse :|
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
lalasso
Návštěvník
Návštěvník
Příspěvky: 24
Registrován: 13 lis 2006 20:21

Re: prosim o kontrolu, měl sem trojana

#11 Příspěvek od lalasso »

Díky moc!, udělám to
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: prosim o kontrolu, měl sem trojana

#12 Příspěvek od vyosek »

Nemate zac, rad jsem pomohl :worship: Zase nekdy Obrázek

A na zaklade Pravidla o zamykani temat :lock:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Zamčeno

Zpět na „Preventivní kontroly logů“