Zdravím profíci. Potřebuji si poradit s touto havětí. Je už na mém notebooku dlouho, ale až teď jsem si udělal čas na to, se o to starat. Předem moc díky za pomoc.
Logfile of random's system information tool 1.09 (written by random/random)
Run by David at 2013-09-19 22:38:58
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 206 GB (44%) free of 464 GB
Total RAM: 4091 MB (35% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:39:05, on 19.9.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16576)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Users\David\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\Downloads\Google Chrome\SecurityCheck.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\notepad.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\David.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-search.com/?babsrc=HP ... 4&tsp=4947
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=desktop&s ... Terms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: everyflv - {66a284bf-7b0b-c59d-e041-a456d42c8ce3} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKCU\..\Run: [SynAcer] C:\Program Files\Synaptics\SynTP\SynAcer.exe
O4 - HKCU\..\Run: [SynAcer930] C:\Program Files\Synaptics\SynTP\SynAcer.exe
O4 - HKCU\..\Run: [Synaptics TouchPad Enhancements] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [HKCU] C:\Users\David\AppData\Roaming\system32\svchost.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe
O4 - HKCU\..\Run: [SpeedUpMyComputer] C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files (x86)\Get Styles\ct.htm (file missing)
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files (x86)\Get Styles\ct.htm (file missing)
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://192.168.2.250/AL/WinWebPush.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3845EC69-4C6D-44A1-9E6B-C308D37925CD}: NameServer = 93.153.117.1 93.153.117.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1B276ED-D10E-4B65-97D7-1EAF6F304ECF}: NameServer =
O17 - HKLM\System\CCS\Services\Tcpip\..\{FAEC28EA-3381-4B6F-A40E-5722505A56C9}: NameServer =
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/html - {574940E0-1B7A-4881-8FA3-1E809714B156} - (no file)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\nlssrv32.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: PostgreSQL Database Server (pgsql-8.0) - PostgreSQL Global Development Group - C:\Program Files (x86)\PostgreSQL\8.0\bin\pg_ctl.exe
O23 - Service: {4E8E2077-51FF-4F2E-83D1-0EF05E2AA007} (pkmqppiv) - Unknown owner - G:\pwdump\servpw.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-20001 (WMSVC) - Unknown owner - C:\Windows\system32\inetsrv\wmsvc.exe (file missing)
--
End of file - 16475 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Windows\system32\Dwm.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe"
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\LSI SoftModem\agr64svc.exe"
C:\Windows\system32\svchost.exe -k apphost
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe"
"C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe" -s DefaultInstance
C:\Windows\system32\svchost.exe -k ftpsvc
"C:\Program Files (x86)\Acer\Registration\GregHSRW.exe"
"C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe"
"C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe"
C:\Windows\SysWOW64\nlssrv32.exe
"C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe"
"C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe"
"C:\Program Files\Acer\Acer Updater\UpdaterService.exe"
C:\Windows\system32\svchost.exe -k iissvcs
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
WLIDSvcM.exe 3656
"C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe" /TUStart /pid:3480
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe" -s DefaultInstance
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Launch Manager\LManager.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Windows\system32\wuauclt.exe"
"C:\Users\David\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe"
"C:\Users\David\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler64.exe"
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
"C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" /PRODUCT:Reader /VERSION:9.0 /MODE:2
C:\Windows\SysWOW64\svchost.exe -k MbnExt
"C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe"
"C:\Windows\System32\dinotify.exe" pnpui.dll,SimplifiedDINotification
"taskhost.exe"
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="6972.0.1420350151\102638487" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,9,19 --disable-image-transport-surface --reduce-gpu-sandbox --gpu-vendor-id=0x1002 --gpu-device-id=0x9553 --gpu-driver-vendor="ATI Technologies Inc." --gpu-driver-version=8.632.0.0 --ignored=" --type=renderer " /prefetch:822062411
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="D3D11Experiment/Enabled/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Control0 pct:50a m29stable:r1/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_26/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="6972.1.1905420187\1453509454" /prefetch:673131151
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="D3D11Experiment/Enabled/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Control0 pct:50a m29stable:r1/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_26/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="6972.2.343244733\818248730" /prefetch:673131151
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="D3D11Experiment/Enabled/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Control0 pct:50a m29stable:r1/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_26/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="6972.4.1142809329\1901240858" /prefetch:673131151
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="D3D11Experiment/Enabled/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Control0 pct:50a m29stable:r1/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_26/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="6972.5.1303124851\1526684523" /prefetch:673131151
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="D3D11Experiment/Enabled/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Control0 pct:50a m29stable:r1/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_26/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="6972.6.431762316\620916862" /prefetch:673131151
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="D3D11Experiment/Enabled/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Control0 pct:50a m29stable:r1/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_26/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="6972.7.2113289091\673569604" /prefetch:673131151
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="D3D11Experiment/Enabled/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Control0 pct:50a m29stable:r1/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_26/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="6972.8.1523576403\1523590521" /prefetch:673131151
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="D3D11Experiment/Enabled/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Control0 pct:50a m29stable:r1/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_26/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="6972.9.820308963\159555173" /prefetch:673131151
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="D3D11Experiment/Enabled/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Control0 pct:50a m29stable:r1/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_26/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="6972.10.192507545\136772325" /prefetch:673131151
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="D3D11Experiment/Enabled/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Control0 pct:50a m29stable:r1/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_26/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="6972.11.310421857\105073401" /prefetch:673131151
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="D3D11Experiment/Enabled/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Control0 pct:50a m29stable:r1/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_26/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="6972.12.735527962\431152449" /prefetch:673131151
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="D3D11Experiment/Enabled/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Control0 pct:50a m29stable:r1/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_26/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="6972.13.1184390720\654678136" /prefetch:673131151
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /firstrun
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /firstrun
explorer.exe
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\David\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll" --lang=cs --channel="6972.91.2100803111\205244531" /prefetch:-390060480
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="6972.92.248507858\771691690" --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="D3D11Experiment/Enabled/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Control0 pct:50a m29stable:r1/ManualResetProfile/Enable/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/OutdatedInstallCheck/12WeeksOutdatedInstall/PasswordManagerOtherPossibleUsernames/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_26/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="6972.117.685757121\499892778" /prefetch:673131151
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="D3D11Experiment/Enabled/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Control0 pct:50a m29stable:r1/ManualResetProfile/Enable/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/OutdatedInstallCheck/12WeeksOutdatedInstall/PasswordManagerOtherPossibleUsernames/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_26/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="6972.168.324089997\613500548" /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe233_ Global\UsGthrCtrlFltPipeMssGthrPipe233 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="D3D11Experiment/Enabled/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Control0 pct:50a m29stable:r1/ManualResetProfile/Enable/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/OutdatedInstallCheck/12WeeksOutdatedInstall/PasswordManagerOtherPossibleUsernames/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_26/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="6972.215.352361466\1688401710" /prefetch:673131151
"C:\Users\David\Downloads\Google Chrome\SecurityCheck.exe"
cmd /c ""C:\Users\David\AppData\Local\Temp\RarSFX0\SecurityCheck\SecurityCheck.bat" "
\??\C:\Windows\system32\conhost.exe "-548229622-1913127182-986327426-1763320161253075144-230082694-355482956-2128383136
NOTEPAD checkup.txt
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="D3D11Experiment/Enabled/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Control0 pct:50a m29stable:r1/ManualResetProfile/Enable/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/OutdatedInstallCheck/12WeeksOutdatedInstall/PasswordManagerOtherPossibleUsernames/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_26/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="6972.218.1521602179\1625966804" /prefetch:673131151
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="D3D11Experiment/Enabled/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Control0 pct:50a m29stable:r1/ManualResetProfile/Enable/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/OutdatedInstallCheck/12WeeksOutdatedInstall/PasswordManagerOtherPossibleUsernames/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_26/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="6972.219.502468745\1275013777" /prefetch:673131151
"C:\Users\David\Downloads\Google Chrome\RSITx64.exe"
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4141285989-492110369-221055743-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4141285989-492110369-221055743-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4141285989-492110369-221055743-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4141285989-492110369-221055743-1000UA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\vl5ism4a.default
prefs.js - "browser.startup.homepage" - "http://search.babylon.com/?babsrc=HP_Prot"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18, {6236BA26-C117-4007-928C-DE0716C7FA96}:1.0.6, {fa7d31f1-b248-b46d-165e-23b740160387}:4.6.6.6, youtube2mp3@mondayx.de:1.0.7, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6, firebug@software.joehewitt.com:1.6.2, {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2, QipCounter@qip.ru:1.0, {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1, quickstores@quickstores.de:1.2.0, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, plugin2@gameplaylabs.com:2.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13, {b41cb5f0-2e52-11de-8c30-0800200c9a66}:2.1, iTunesFox@sjcmankimo.tw:0.3.2, operetta@firefox.theme:2.1.20100427, chromifox@altmusictv.com:3.6.5, cfxe@Triton:3.6.5"
prefs.js - "keyword.URL" - "http://search.sweetim.com/search.asp?sr ... 0.10005&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.168 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5]
"Description"=Office Live Update v1.5
"Path"=C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.168 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
C:\Program Files (x86)\Mozilla Firefox\extensions\
LG_LexFox_v2@lingea.com
quickstores@quickstores.de
{fa7d31f1-b248-b46d-165e-23b740160387}
C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
npwachk.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
babylon.xml
fcmdSrchdesktop.xml
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\vl5ism4a.default\extensions\
ffxtlbr@babylon.com
{8675f4b3-2f19-11ed-2d6b-0800600c0a19}
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\vl5ism4a.default\searchplugins\
babylon.xml
icqplugin.xml
qip-search.xml
Search.xml
sweetim.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-04-21 49440]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66a284bf-7b0b-c59d-e041-a456d42c8ce3}]
everyflv
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-06-24 463272]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-09-27 140752]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10 393600]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-06-24 171944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-06-05 186904]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-06-19 1808168]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-01-27 1281512]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20 444904]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SynAcer"=C:\Program Files\Synaptics\SynTP\SynAcer.exe [2009-06-19 160552]
"SynAcer930"=C:\Program Files\Synaptics\SynTP\SynAcer.exe [2009-06-19 160552]
"Synaptics TouchPad Enhancements"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-06-19 1808168]
"HKCU"=C:\Users\David\AppData\Roaming\system32\svchost.exe [2006-06-16 1169224]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-04-11 3672384]
"Badoo Desktop"=C:\ProgramData\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe [2012-12-24 1067232]
"SpeedUpMyComputer"=C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe [2013-07-22 2054776]
"GoogleDriveSync"=C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2013-06-27 20097696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20 444904]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [2009-08-01 128296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray]
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [2009-08-21 261888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-04-11 3672384]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Driver Tool]
C:\Program Files (x86)\Driver Tool\Driver Tool\DriverTool.exe /applicationMode:systemTray /showWelcome:false []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
C:\Users\David\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-23 138096]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\facemoods]
C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe /md I []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-01 135664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]
C:\Program Files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe [2011-11-23 692307]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe /WinStart []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe UNATTENDED []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
C:\Windows\PLFSetI.exe [2008-07-30 200704]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-06-21 19875944]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [2011-10-21 433872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxAutoRun]
C:\Program Files (x86)\WebcamMax\WebcamMax.exe -a []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files (x86)\Winamp\winampa.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2009-10-20 1082144]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
C:\Users\David\AppData\Local\Facebook\MESSEN~1\214631~1.0\FACEBO~1.EXE []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2009-08-27 1194504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\xchat\xchat.exe"="C:\Program Files (x86)\xchat\xchat.exe:*:Enabled:XChat IRC Client"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.reg - open - "regedit.exe" "%1"
.txt - open - C:\Windows\NOTEPAD.EXE %1
======List of files/folders created in the last 1 month======
2013-09-19 22:38:58 ----D---- C:\rsit
2013-09-19 22:38:58 ----D---- C:\Program Files\trend micro
2013-09-13 17:27:27 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe
2013-09-11 22:32:51 ----D---- C:\Program Files (x86)\Cok Software
======List of files/folders modified in the last 1 month======
2013-09-19 22:39:06 ----D---- C:\Windows\Prefetch
2013-09-19 22:38:58 ----RD---- C:\Program Files
2013-09-19 22:38:13 ----D---- C:\Windows\Temp
2013-09-19 21:23:06 ----A---- C:\Windows\ntbtlog.txt
2013-09-19 20:38:09 ----D---- C:\Windows\tracing
2013-09-19 11:26:14 ----D---- C:\Windows\system32\config
2013-09-18 10:16:31 ----D---- C:\Windows\System32
2013-09-18 10:16:31 ----D---- C:\Windows\inf
2013-09-18 10:16:31 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-09-18 10:00:30 ----RD---- C:\Program Files (x86)
2013-09-18 10:00:07 ----SHD---- C:\Windows\Installer
2013-09-18 10:00:07 ----SHD---- C:\Config.Msi
2013-09-18 09:59:58 ----D---- C:\Program Files (x86)\Google
2013-09-17 02:01:21 ----RSD---- C:\Windows\Fonts
2013-09-15 20:40:08 ----D---- C:\Users\David\AppData\Roaming\vlc
2013-09-13 17:28:05 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-09-13 17:27:27 ----D---- C:\Windows\SysWOW64
2013-09-12 23:55:08 ----D---- C:\Users\David\AppData\Roaming\Mozilla
2013-09-12 09:57:39 ----D---- C:\Windows\system32\drivers
2013-09-08 15:51:58 ----D---- C:\Windows\system32\Tasks
2013-08-22 18:05:38 ----SD---- C:\Users\David\AppData\Roaming\Microsoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-05 408600]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-01-20 230320]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-09-09 560184]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2012-03-07 28504]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-09 283200]
R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-04-07 1208320]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-02 6036480]
R3 DKbFltr;Dritek Keyboard Filter Driver (64-bit); C:\Windows\SysWOW64\Drivers\DKbFltr.sys [2009-03-26 25608]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2012-04-23 90112]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-06-08 2394216]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2011-05-09 425000]
R3 NETwNs64;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2011-11-01 8615936]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2009-05-06 18432]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-06-19 272432]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-25 11856]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2009-05-06 16896]
S3 androidusb;ADB Interface Driver; C:\Windows\System32\Drivers\androidusb.sys [2010-04-29 32768]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2009-06-10 1311232]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-10-02 98344]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2009-08-28 132648]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-08-28 21160]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 117248]
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 13952]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2012-01-03 13352]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys []
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2012-01-03 27176]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2012-09-25 33344]
S3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [2012-04-23 104448]
S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\Windows\system32\DRIVERS\ew_juextctrl.sys [2012-04-23 30720]
S3 huawei_wwanecm;huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [2012-04-23 238080]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
S3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20); C:\Windows\system32\DRIVERS\L1E62x64.sys [2009-06-20 54272]
S3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
S3 NETw5s64;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 64 Bit; C:\Windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-05-14 5435904]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-11-13 231968]
S3 RtsUIR;Realtek IR Driver; C:\Windows\system32\DRIVERS\Rts516xIR.sys []
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\Windows\system32\DRIVERS\s1018bus.sys [2009-03-25 113704]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 19496]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 153128]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 133160]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\Windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 34856]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s1018obex.sys [2009-03-25 128552]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\Windows\system32\DRIVERS\s1018unic.sys [2009-03-25 146472]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 USBCCID;USB Smart Card Reader; C:\Windows\system32\DRIVERS\usbccid.sys []
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2012-10-26 131416]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
S3 vncmirror;vncmirror; C:\Windows\system32\DRIVERS\vncmirror.sys [2009-07-25 4608]
S4 RsFx0103;RsFx0103 Driver; C:\Windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agr64svc.exe [2009-03-28 16896]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-07-02 203264]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-10-20 873248]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [2009-07-22 81920]
R2 ftpsvc;@%windir%\system32\inetsrv\ftpres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 Greg_Service;GRegService; C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-06-05 354840]
R2 MbnExt;Mobile Broadband Extension Service; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-01-27 22056]
R2 MWLService;MyWinLocker Service; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-07 311592]
R2 nlsX86cc;Nalpeiron Licensing Service; C:\Windows\syswow64\nlssrv32.exe [2011-01-21 64512]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 62720]
R2 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 157720]
R2 TeamViewer8;TeamViewer 8; C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-09-02 5071712]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-04-19 1401672]
R2 Updater Service;Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [2009-07-22 2736128]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 135664]
S2 MsDtsServer100;SQL Server Integration Services 10.0; C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2008-07-10 214040]
S2 MSSQLSERVER;SQL Server (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [2011-02-05 57917288]
S2 MSSQLServerOLAPService;SQL Server Analysis Services (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe [2009-03-30 43735400]
S2 pgsql-8.0;PostgreSQL Database Server; C:\Program Files (x86)\PostgreSQL\8.0\bin\pg_ctl.exe [2005-01-31 66335]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2009-03-30 2075480]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-06-21 162408]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-13 257416]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-12-25 654848]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 135664]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-10 136120]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-08-07 117144]
S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-07-10 34840]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 pkmqppiv;{4E8E2077-51FF-4F2E-83D1-0EF05E2AA007}; G:\pwdump\servpw.exe []
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
S3 SQLSERVERAGENT;SQL Server Agent (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S3 SwitchBoard;Adobe SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 TuneUp.Defrag;@C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-09-15 607048]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 61976]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
TrojanDownloader:Win32/Adload.DA
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
MinaschekDavid
- Návštěvník
- Příspěvky: 7
- Registrován: 19 zář 2013 21:36
TrojanDownloader:Win32/Adload.DA
Naposledy upravil(a) vyosek dne 19 zář 2013 22:14, celkem upraveno 1 x.
Důvod: log odstranen z code, zmenseno pismo, my nejsme slabozraci
Důvod: log odstranen z code, zmenseno pismo, my nejsme slabozraci
Re: TrojanDownloader:Win32/Adload.DA
Zdravim 
Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222
Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
- Ulozte nejlepe na plochu
- Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
- Probehne vytvoreni zalohy a nasledne prohledavani
- Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
- Ulozte nejlepe na plochu
- Ukoncete vsechny programy
- Kliknete na Scan a nasledne Clean
- Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222
- Provedte aktualizaci
- Provedte uplny sken - nic nemazte
- MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.-
MinaschekDavid
- Návštěvník
- Příspěvky: 7
- Registrován: 19 zář 2013 21:36
Re: TrojanDownloader:Win32/Adload.DA
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by David on p 20.09.2013 at 6:55:51,61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-4141285989-492110369-221055743-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\bho.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\shoppingreport2
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\shoppingreport2
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4141285989-492110369-221055743-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\shoppingreport2
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\facemoods.facemoodshlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\facemoods.facemoodshlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\facemoodssrv_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\facemoodssrv_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetim_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetim_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetpacksupdatemanager_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader68301_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader68301_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader68301_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader68301_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AC61C2D2-69D8-472E-BDA1-8891DBAE6F51}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}
~~~ Files
Successfully deleted: [File] "C:\Users\David\AppData\Roaming\microsoft\internet explorer\qipsearchbar.dll"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\David\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\David\appdata\locallow\shoppingreport2"
Successfully deleted: [Folder] "C:\Program Files (x86)\daemon tools toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\icq6toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\save"
Successfully deleted: [Folder] "C:\Program Files (x86)\shoppingreport2"
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{1B698D0D-9449-463E-BD68-617CFD5C4E6D}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{290D9512-6107-4748-8940-15E11E3BCA76}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{2932A05D-0260-43B9-A6E0-4FF8A5285A16}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{48ECB7EA-CF62-49EC-81E8-898F7DCF62A7}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{599881A7-2171-4786-AC45-24D91C256789}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{5CF0D373-7D74-4F4A-A652-35E454EE6DFC}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{71E1B9A4-4428-47DC-BAA4-56FDA3180B35}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{761DC422-A338-48E1-A514-BB053AE5D200}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{7D6A9407-37C4-44C3-8EDB-E4CAEFE66EAF}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{8B8763CF-F1BC-4CF9-982C-FC3EC0D19714}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{8FB434D3-EC34-40D7-A428-D6C886B6315E}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{A314F71A-9260-4111-A82A-997531B631D6}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{C3BFA737-8AF6-453C-9FF9-AF7AB9003198}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{D408CC6E-2D7B-438C-AA6B-45705567B2E8}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{E4C6E596-700D-4A0E-B734-CCF2EF7D9A3C}
~~~ FireFox
Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\vl5ism4a.default\user.js
Successfully deleted: [File] C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\vl5ism4a.default\extensions\{eee6c361-6118-11dc-9c72-001320c79847}.xpi
Successfully deleted: [File] C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\vl5ism4a.default\searchplugins\babylon.xml
Successfully deleted: [File] C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\vl5ism4a.default\searchplugins\qip-search.xml
Successfully deleted: [File] C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\vl5ism4a.default\searchplugins\search.xml
Successfully deleted: [File] C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\vl5ism4a.default\searchplugins\sweetim.xml
Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de"
Successfully deleted: [Folder] C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\vl5ism4a.default\sweetpackstoolbardata
Successfully deleted: [Folder] C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\vl5ism4a.default\extensions\ffxtlbr@babylon.com
Successfully deleted the following from C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\vl5ism4a.default\prefs.js
user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
user_pref("browser.search.order.1", "Search the web (Babylon)");
user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?babsrc=HP_Prot");
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.babExt", "");
user_pref("extensions.BabylonToolbar.babTrack", "affID=111434");
user_pref("extensions.BabylonToolbar.bbDpng", 19);
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.dfltSrch", true);
user_pref("extensions.BabylonToolbar.hmpg", true);
user_pref("extensions.BabylonToolbar.id", "a436648800000000000000262d51a1f2");
user_pref("extensions.BabylonToolbar.instlDay", "15410");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?AF=111434&babsrc=adbartrp&mntrId=a436648800000000000000262d51a1f2&q=");
user_pref("extensions.BabylonToolbar.lastDP", 19);
user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1719:03:29");
user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "22.0");
user_pref("extensions.BabylonToolbar.newTab", true);
user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.propectorlck", 115512935);
user_pref("extensions.BabylonToolbar.prtkDS", 1);
user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.ptch_0717", true);
user_pref("extensions.BabylonToolbar.smplGrp", "tzb");
user_pref("extensions.BabylonToolbar.srcExt", "ss");
user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1719:03:29");
user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111434");
user_pref("extensions.BabylonToolbar_i.hardId", "a436648800000000000000262d51a1f2");
user_pref("extensions.BabylonToolbar_i.id", "a436648800000000000000262d51a1f2");
user_pref("extensions.BabylonToolbar_i.instlDay", "15410");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1719:03:29");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
user_pref("extensions.facemoods.aflt", "_#desktop");
user_pref("extensions.facemoods.firstRun", false);
user_pref("extensions.facemoods.lastActv", "19");
user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&crg=3.1010000.10005&q=");
user_pref("sweetim.toolbar.cargo", "3.1010000.10005");
user_pref("sweetim.toolbar.dialogs.0.enable", "true");
user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
user_pref("sweetim.toolbar.dialogs.0.height", "335");
user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.html");
user_pref("sweetim.toolbar.dialogs.0.width", "761");
user_pref("sweetim.toolbar.dialogs.1.enable", "true");
user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
user_pref("sweetim.toolbar.dialogs.1.height", "300");
user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
user_pref("sweetim.toolbar.dialogs.1.width", "500");
user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube
user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
user_pref("sweetim.toolbar.mode.debug", "false");
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Search the web (Babylon)");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Search the web (Babylon)");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.babylon.com/?babsrc=HP_Prot");
user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q=");
user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(http://www.|apps.)?facebook\\.com.*");
user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
user_pref("sweetim.toolbar.scripts.0.enable", "true");
user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "false");
user_pref("sweetim.toolbar.scripts.1.callback", "");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "");
user_pref("sweetim.toolbar.scripts.1.elementid", "id_predict_include_script");
user_pref("sweetim.toolbar.scripts.1.enable", "false");
user_pref("sweetim.toolbar.scripts.1.id", "id_script_prad");
user_pref("sweetim.toolbar.scripts.1.url", "hxxp://cdn1.predictad.com/scripts/publishers/sweetim/predictadme.js");
user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://sear
user_pref("sweetim.toolbar.search.history.capacity", "10");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");
user_pref("sweetim.toolbar.searchguard.enable", "true");
user_pref("sweetim.toolbar.simapp_id", "{615CE928-0B05-11E2-8188-00262D51A1F2}");
user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10005&barid={615CE928-0B05-11E2-8188-00262D51A1F2}");
Emptied folder: C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\vl5ism4a.default\minidumps [5 files]
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on p 20.09.2013 at 7:03:45,71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v3.004 - Report created 20/09/2013 at 08:10:11
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : David - DAW3
# Running from : C:\Users\David\Downloads\Google Chrome\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
Folder Deleted : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\vl5ism4a.default\Conduit
File Deleted : C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
File Deleted : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\vl5ism4a.default\searchplugins\icqplugin.xml
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ocphobfcfafpclibolpjdafgaffkaoci
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping [{DB38E21A-0133-419d-92AD-ECDFD5244D6D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping [{EB620C54-E229-4942-87CE-E717109FC8C6}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{65C994A2-C65A-4A20-BA92-AADAFC0DCE49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{14CD42DD-ABCD-3586-DCAB-40E3693E3737}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Key Deleted : HKCU\Software\GamePlayLabs
Key Deleted : HKCU\Software\wscontb
Key Deleted : HKCU\Software\AppDataLow\HavingFunOnline
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16576
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
-\\ Mozilla Firefox v22.0 (cs)
[ File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\vl5ism4a.default\prefs.js ]
Line Deleted : user_pref("extensions.enabledAddons", "ffxtlbr%40babylon.com:1.2.0,%7B6236BA26-C117-4007-928C-DE0716C7FA96%7D:1.0.14,%7B8675f4b3-2f19-11ed-2d6b-1823600c0a19%7D:1.0.3,%7B972ce4c6-7e08-4474-a285-3208198[...]
Line Deleted : user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18,{6236BA26-C117-4007-928C-DE0716C7FA96}:1.0.6,{fa7d31f1-b248-b46d-165e-23b740160387}:4.6.6.6,youtube2mp3@mondayx.de:1[...]
Line Deleted : user_pref("extensions.plugin2@gameplaylabs.com.fr", "1303010472");
Line Deleted : user_pref("extensions.plugin2@gameplaylabs.com.ranonce", true);
Line Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_/", "1303763656");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.fr", "1300656646");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_/", "1300656647");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_dealsplugin.com/", "1300656647");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_facebook.com", "1300656647");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_h", "1301437470");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_hxxp", "1300656647");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_hxxp://www.facebook.com/plugins/like.php?href= ... plugin.com", "1300656647");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_iqquizgame.com/", "1300656647");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_play-ga.me/", "1300656647");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_revealmycrush.com/", "1300656647");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_unlock-this.com/browserplugin", "1300656647");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_unlock-this.com/plugin", "1300656647");
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Deleted : user_pref("icqtoolbar.allowSendURL", false);
Line Deleted : user_pref("icqtoolbar.engineVerified", true);
Line Deleted : user_pref("icqtoolbar.geolastmodified", 1278872477);
Line Deleted : user_pref("icqtoolbar.hiddenElements", "itb_options");
Line Deleted : user_pref("icqtoolbar.history", "pot%C3%A9||howdy||TI%20SENTO||niobov%C3%BD%20kondenz%C3%A1tor||niobov%C3%BD%20kondez%C3%A1tor||avx||n%C4%9Bkdy||curva%20pit%C3%AD||curva%20logo||curva%20drink||curva||[...]
Line Deleted : user_pref("icqtoolbar.icqgeo", 42);
Line Deleted : user_pref("icqtoolbar.installTime", "1278872477");
Line Deleted : user_pref("icqtoolbar.installsource", "1");
Line Deleted : user_pref("icqtoolbar.newtab_state", "0");
Line Deleted : user_pref("icqtoolbar.numberOfSearches", 0);
Line Deleted : user_pref("icqtoolbar.previousFFVersion", "3.6.6");
Line Deleted : user_pref("icqtoolbar.skip_default_search", "no");
Line Deleted : user_pref("icqtoolbar.suggestions", false);
Line Deleted : user_pref("icqtoolbar.uniqueID", "127868288412786828301278872477236");
Line Deleted : user_pref("icqtoolbar.usageStatstTimestamp", 1278958897);
Line Deleted : user_pref("icqtoolbar.version", "2.0.0.4");
Line Deleted : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Line Deleted : user_pref("icqtoolbar.xmlLanguage", "cs");
Line Deleted : user_pref("quickstores.toolbar.affid", "2013");
Line Deleted : user_pref("quickstores.toolbar.guid", "{C14C0A2B-9AF8-6C14-CC25-83EBA69F64EB}");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(http://www.|apps.)?facebook\\.com.*");
Line Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
-\\ Google Chrome v
[ File : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [7589 octets] - [20/09/2013 08:09:25]
AdwCleaner[S0].txt - [7425 octets] - [20/09/2013 08:10:11]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7485 octets] ##########
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
http://www.malwarebytes.org
Verze: v2013.09.20.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
David :: DAW3 [administrátor]
Ochrana: Povolena
20.9.2013 8:21:58
MBAM-log-2013-09-20 (18-34-14).txt
Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 864484
Uplynulý čas: 10 hodin, 10 minut, 27 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66a284bf-7b0b-c59d-e041-a456d42c8ce3} (Adware.AdRotator) -> Nebyla provedena žádná instrukce.
HKCR\CLSID\{66a284bf-7b0b-c59d-e041-a456d42c8ce3} (Adware.AdRotator) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{66A284BF-7B0B-C59D-E041-A456D42C8CE3} (Adware.AdRotator) -> Nebyla provedena žádná instrukce.
Nalezené hodnoty v registru: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HKCU (Trojan.Agent) -> Data: C:\Users\David\AppData\Roaming\system32\svchost.exe -> Nebyla provedena žádná instrukce.
Nalezené datové položky v registru: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Špatný: ("regedit.exe" "%1") Dobrý: (regedit.exe "%1") -> Nebyla provedena žádná instrukce.
Nalezené složky: 56
C:\Users\David\AppData\Roaming\dclogs (Stolen.Data) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465 (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\brick (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\buildings (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\building_template (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\composite (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\concrete (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\cs_assault (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\cs_havana (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\cs_italy (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\dev (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\de_aztec (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\de_cbble (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\de_chateau (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\de_dust (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\de_nuke (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\de_piranesi (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\de_prodigy (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\de_tides (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\de_train (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\effects (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\ground (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\metal (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\hostages (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\player (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\player\ct_gign (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\player\ct_gsg9 (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\player\ct_sas (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\player\ct_urban (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\player\hgitems (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\player\hgitems\hats (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\player\hgitems\weapons (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\player\hgmodels (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\player\hgmodels\hg_ctsupporter (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\player\hgmodels\hg_ctsupporter2 (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\player\hgmodels\hg_tsupporter (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\player\hgmodels\hg_tsupporter2 (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\player\t_arctic (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\player\t_guerilla (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\player\t_leet (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\player\t_phoenix (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\nature (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\particle (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\plaster (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\props (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\skybox (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\stone (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\sun (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\temp (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\tile (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\vgui (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\vgui\logos (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\wood (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\Bargain Buddy (Adware.Bargain.Buddy) -> Nebyla provedena žádná instrukce.
Nalezené soubory: 10
C:\GAMES FILES\Counter-Strike Source\VHCSS.exe (Trojan.Agent.Gen) -> Nebyla provedena žádná instrukce.
C:\GAMES FILES\Valve\WH.CS.1.6.exe (Spyware.OnlineGames) -> Nebyla provedena žádná instrukce.
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D84LER98\tonebytes_4929[1].exe (PUP.Optional.InstallMonetizer.A) -> Nebyla provedena žádná instrukce.
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIR7705O\DeltaTB[1].exe (PUP.Optional.Babylon.A) -> Nebyla provedena žádná instrukce.
C:\Users\David\Documents\Programy\ESET Smart Security 4 - crack\ESET Smart Security 4 - crack\ESET Antivirus License Finder (MiNODLogin) 3.7.5.1.exe (Riskware.KG) -> Nebyla provedena žádná instrukce.
C:\Users\David\AppData\Roaming\dclogs\2012-09-17-2.dc (Stolen.Data) -> Nebyla provedena žádná instrukce.
C:\Users\David\AppData\Roaming\dclogs\2012-09-18-3.dc (Stolen.Data) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\Counter-Strike Source Hack Installer.exe (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\csshacklauncher.exe (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\Bargain Buddy\uninst.exe (Adware.Bargain.Buddy) -> Nebyla provedena žádná instrukce.
(konec)
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by David on p 20.09.2013 at 6:55:51,61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-4141285989-492110369-221055743-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\bho.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\shoppingreport2
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\shoppingreport2
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4141285989-492110369-221055743-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\shoppingreport2
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\facemoods.facemoodshlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\facemoods.facemoodshlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\facemoodssrv_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\facemoodssrv_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetim_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetim_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetpacksupdatemanager_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader68301_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader68301_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader68301_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader68301_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AC61C2D2-69D8-472E-BDA1-8891DBAE6F51}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}
~~~ Files
Successfully deleted: [File] "C:\Users\David\AppData\Roaming\microsoft\internet explorer\qipsearchbar.dll"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\David\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\David\appdata\locallow\shoppingreport2"
Successfully deleted: [Folder] "C:\Program Files (x86)\daemon tools toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\icq6toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\save"
Successfully deleted: [Folder] "C:\Program Files (x86)\shoppingreport2"
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{1B698D0D-9449-463E-BD68-617CFD5C4E6D}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{290D9512-6107-4748-8940-15E11E3BCA76}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{2932A05D-0260-43B9-A6E0-4FF8A5285A16}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{48ECB7EA-CF62-49EC-81E8-898F7DCF62A7}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{599881A7-2171-4786-AC45-24D91C256789}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{5CF0D373-7D74-4F4A-A652-35E454EE6DFC}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{71E1B9A4-4428-47DC-BAA4-56FDA3180B35}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{761DC422-A338-48E1-A514-BB053AE5D200}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{7D6A9407-37C4-44C3-8EDB-E4CAEFE66EAF}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{8B8763CF-F1BC-4CF9-982C-FC3EC0D19714}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{8FB434D3-EC34-40D7-A428-D6C886B6315E}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{A314F71A-9260-4111-A82A-997531B631D6}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{C3BFA737-8AF6-453C-9FF9-AF7AB9003198}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{D408CC6E-2D7B-438C-AA6B-45705567B2E8}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{E4C6E596-700D-4A0E-B734-CCF2EF7D9A3C}
~~~ FireFox
Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\vl5ism4a.default\user.js
Successfully deleted: [File] C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\vl5ism4a.default\extensions\{eee6c361-6118-11dc-9c72-001320c79847}.xpi
Successfully deleted: [File] C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\vl5ism4a.default\searchplugins\babylon.xml
Successfully deleted: [File] C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\vl5ism4a.default\searchplugins\qip-search.xml
Successfully deleted: [File] C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\vl5ism4a.default\searchplugins\search.xml
Successfully deleted: [File] C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\vl5ism4a.default\searchplugins\sweetim.xml
Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de"
Successfully deleted: [Folder] C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\vl5ism4a.default\sweetpackstoolbardata
Successfully deleted: [Folder] C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\vl5ism4a.default\extensions\ffxtlbr@babylon.com
Successfully deleted the following from C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\vl5ism4a.default\prefs.js
user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
user_pref("browser.search.order.1", "Search the web (Babylon)");
user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?babsrc=HP_Prot");
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.babExt", "");
user_pref("extensions.BabylonToolbar.babTrack", "affID=111434");
user_pref("extensions.BabylonToolbar.bbDpng", 19);
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.dfltSrch", true);
user_pref("extensions.BabylonToolbar.hmpg", true);
user_pref("extensions.BabylonToolbar.id", "a436648800000000000000262d51a1f2");
user_pref("extensions.BabylonToolbar.instlDay", "15410");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?AF=111434&babsrc=adbartrp&mntrId=a436648800000000000000262d51a1f2&q=");
user_pref("extensions.BabylonToolbar.lastDP", 19);
user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1719:03:29");
user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "22.0");
user_pref("extensions.BabylonToolbar.newTab", true);
user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.propectorlck", 115512935);
user_pref("extensions.BabylonToolbar.prtkDS", 1);
user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.ptch_0717", true);
user_pref("extensions.BabylonToolbar.smplGrp", "tzb");
user_pref("extensions.BabylonToolbar.srcExt", "ss");
user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1719:03:29");
user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111434");
user_pref("extensions.BabylonToolbar_i.hardId", "a436648800000000000000262d51a1f2");
user_pref("extensions.BabylonToolbar_i.id", "a436648800000000000000262d51a1f2");
user_pref("extensions.BabylonToolbar_i.instlDay", "15410");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1719:03:29");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
user_pref("extensions.facemoods.aflt", "_#desktop");
user_pref("extensions.facemoods.firstRun", false);
user_pref("extensions.facemoods.lastActv", "19");
user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&crg=3.1010000.10005&q=");
user_pref("sweetim.toolbar.cargo", "3.1010000.10005");
user_pref("sweetim.toolbar.dialogs.0.enable", "true");
user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
user_pref("sweetim.toolbar.dialogs.0.height", "335");
user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.html");
user_pref("sweetim.toolbar.dialogs.0.width", "761");
user_pref("sweetim.toolbar.dialogs.1.enable", "true");
user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
user_pref("sweetim.toolbar.dialogs.1.height", "300");
user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
user_pref("sweetim.toolbar.dialogs.1.width", "500");
user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube
user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
user_pref("sweetim.toolbar.mode.debug", "false");
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Search the web (Babylon)");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Search the web (Babylon)");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.babylon.com/?babsrc=HP_Prot");
user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q=");
user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(http://www.|apps.)?facebook\\.com.*");
user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
user_pref("sweetim.toolbar.scripts.0.enable", "true");
user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "false");
user_pref("sweetim.toolbar.scripts.1.callback", "");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "");
user_pref("sweetim.toolbar.scripts.1.elementid", "id_predict_include_script");
user_pref("sweetim.toolbar.scripts.1.enable", "false");
user_pref("sweetim.toolbar.scripts.1.id", "id_script_prad");
user_pref("sweetim.toolbar.scripts.1.url", "hxxp://cdn1.predictad.com/scripts/publishers/sweetim/predictadme.js");
user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://sear
user_pref("sweetim.toolbar.search.history.capacity", "10");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");
user_pref("sweetim.toolbar.searchguard.enable", "true");
user_pref("sweetim.toolbar.simapp_id", "{615CE928-0B05-11E2-8188-00262D51A1F2}");
user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10005&barid={615CE928-0B05-11E2-8188-00262D51A1F2}");
Emptied folder: C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\vl5ism4a.default\minidumps [5 files]
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on p 20.09.2013 at 7:03:45,71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v3.004 - Report created 20/09/2013 at 08:10:11
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : David - DAW3
# Running from : C:\Users\David\Downloads\Google Chrome\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
Folder Deleted : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\vl5ism4a.default\Conduit
File Deleted : C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
File Deleted : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\vl5ism4a.default\searchplugins\icqplugin.xml
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ocphobfcfafpclibolpjdafgaffkaoci
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping [{DB38E21A-0133-419d-92AD-ECDFD5244D6D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping [{EB620C54-E229-4942-87CE-E717109FC8C6}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{65C994A2-C65A-4A20-BA92-AADAFC0DCE49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{14CD42DD-ABCD-3586-DCAB-40E3693E3737}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Key Deleted : HKCU\Software\GamePlayLabs
Key Deleted : HKCU\Software\wscontb
Key Deleted : HKCU\Software\AppDataLow\HavingFunOnline
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16576
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
-\\ Mozilla Firefox v22.0 (cs)
[ File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\vl5ism4a.default\prefs.js ]
Line Deleted : user_pref("extensions.enabledAddons", "ffxtlbr%40babylon.com:1.2.0,%7B6236BA26-C117-4007-928C-DE0716C7FA96%7D:1.0.14,%7B8675f4b3-2f19-11ed-2d6b-1823600c0a19%7D:1.0.3,%7B972ce4c6-7e08-4474-a285-3208198[...]
Line Deleted : user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18,{6236BA26-C117-4007-928C-DE0716C7FA96}:1.0.6,{fa7d31f1-b248-b46d-165e-23b740160387}:4.6.6.6,youtube2mp3@mondayx.de:1[...]
Line Deleted : user_pref("extensions.plugin2@gameplaylabs.com.fr", "1303010472");
Line Deleted : user_pref("extensions.plugin2@gameplaylabs.com.ranonce", true);
Line Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_/", "1303763656");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.fr", "1300656646");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_/", "1300656647");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_dealsplugin.com/", "1300656647");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_facebook.com", "1300656647");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_h", "1301437470");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_hxxp", "1300656647");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_hxxp://www.facebook.com/plugins/like.php?href= ... plugin.com", "1300656647");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_iqquizgame.com/", "1300656647");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_play-ga.me/", "1300656647");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_revealmycrush.com/", "1300656647");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_unlock-this.com/browserplugin", "1300656647");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_unlock-this.com/plugin", "1300656647");
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Deleted : user_pref("icqtoolbar.allowSendURL", false);
Line Deleted : user_pref("icqtoolbar.engineVerified", true);
Line Deleted : user_pref("icqtoolbar.geolastmodified", 1278872477);
Line Deleted : user_pref("icqtoolbar.hiddenElements", "itb_options");
Line Deleted : user_pref("icqtoolbar.history", "pot%C3%A9||howdy||TI%20SENTO||niobov%C3%BD%20kondenz%C3%A1tor||niobov%C3%BD%20kondez%C3%A1tor||avx||n%C4%9Bkdy||curva%20pit%C3%AD||curva%20logo||curva%20drink||curva||[...]
Line Deleted : user_pref("icqtoolbar.icqgeo", 42);
Line Deleted : user_pref("icqtoolbar.installTime", "1278872477");
Line Deleted : user_pref("icqtoolbar.installsource", "1");
Line Deleted : user_pref("icqtoolbar.newtab_state", "0");
Line Deleted : user_pref("icqtoolbar.numberOfSearches", 0);
Line Deleted : user_pref("icqtoolbar.previousFFVersion", "3.6.6");
Line Deleted : user_pref("icqtoolbar.skip_default_search", "no");
Line Deleted : user_pref("icqtoolbar.suggestions", false);
Line Deleted : user_pref("icqtoolbar.uniqueID", "127868288412786828301278872477236");
Line Deleted : user_pref("icqtoolbar.usageStatstTimestamp", 1278958897);
Line Deleted : user_pref("icqtoolbar.version", "2.0.0.4");
Line Deleted : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Line Deleted : user_pref("icqtoolbar.xmlLanguage", "cs");
Line Deleted : user_pref("quickstores.toolbar.affid", "2013");
Line Deleted : user_pref("quickstores.toolbar.guid", "{C14C0A2B-9AF8-6C14-CC25-83EBA69F64EB}");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(http://www.|apps.)?facebook\\.com.*");
Line Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
-\\ Google Chrome v
[ File : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [7589 octets] - [20/09/2013 08:09:25]
AdwCleaner[S0].txt - [7425 octets] - [20/09/2013 08:10:11]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7485 octets] ##########
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
http://www.malwarebytes.org
Verze: v2013.09.20.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
David :: DAW3 [administrátor]
Ochrana: Povolena
20.9.2013 8:21:58
MBAM-log-2013-09-20 (18-34-14).txt
Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 864484
Uplynulý čas: 10 hodin, 10 minut, 27 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66a284bf-7b0b-c59d-e041-a456d42c8ce3} (Adware.AdRotator) -> Nebyla provedena žádná instrukce.
HKCR\CLSID\{66a284bf-7b0b-c59d-e041-a456d42c8ce3} (Adware.AdRotator) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{66A284BF-7B0B-C59D-E041-A456D42C8CE3} (Adware.AdRotator) -> Nebyla provedena žádná instrukce.
Nalezené hodnoty v registru: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HKCU (Trojan.Agent) -> Data: C:\Users\David\AppData\Roaming\system32\svchost.exe -> Nebyla provedena žádná instrukce.
Nalezené datové položky v registru: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Špatný: ("regedit.exe" "%1") Dobrý: (regedit.exe "%1") -> Nebyla provedena žádná instrukce.
Nalezené složky: 56
C:\Users\David\AppData\Roaming\dclogs (Stolen.Data) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465 (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\brick (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\buildings (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\building_template (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\composite (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\concrete (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\cs_assault (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\cs_havana (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\cs_italy (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\dev (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\de_aztec (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\de_cbble (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\de_chateau (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\de_dust (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\de_nuke (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\de_piranesi (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\de_prodigy (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\de_tides (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\de_train (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\effects (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\ground (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\metal (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\hostages (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\player (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\player\ct_gign (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\player\ct_gsg9 (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\player\ct_sas (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\player\ct_urban (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\player\hgitems (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\player\hgitems\hats (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\player\hgitems\weapons (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\player\hgmodels (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\player\hgmodels\hg_ctsupporter (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\player\hgmodels\hg_ctsupporter2 (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\player\hgmodels\hg_tsupporter (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\player\hgmodels\hg_tsupporter2 (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\player\t_arctic (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\player\t_guerilla (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\player\t_leet (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\models\player\t_phoenix (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\nature (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\particle (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\plaster (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\props (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\skybox (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\stone (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\sun (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\temp (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\tile (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\vgui (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\vgui\logos (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\materials\wood (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\Bargain Buddy (Adware.Bargain.Buddy) -> Nebyla provedena žádná instrukce.
Nalezené soubory: 10
C:\GAMES FILES\Counter-Strike Source\VHCSS.exe (Trojan.Agent.Gen) -> Nebyla provedena žádná instrukce.
C:\GAMES FILES\Valve\WH.CS.1.6.exe (Spyware.OnlineGames) -> Nebyla provedena žádná instrukce.
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D84LER98\tonebytes_4929[1].exe (PUP.Optional.InstallMonetizer.A) -> Nebyla provedena žádná instrukce.
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIR7705O\DeltaTB[1].exe (PUP.Optional.Babylon.A) -> Nebyla provedena žádná instrukce.
C:\Users\David\Documents\Programy\ESET Smart Security 4 - crack\ESET Smart Security 4 - crack\ESET Antivirus License Finder (MiNODLogin) 3.7.5.1.exe (Riskware.KG) -> Nebyla provedena žádná instrukce.
C:\Users\David\AppData\Roaming\dclogs\2012-09-17-2.dc (Stolen.Data) -> Nebyla provedena žádná instrukce.
C:\Users\David\AppData\Roaming\dclogs\2012-09-18-3.dc (Stolen.Data) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\Counter-Strike Source Hack Installer.exe (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\ProgramData\192837465\csshacklauncher.exe (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\Bargain Buddy\uninst.exe (Adware.Bargain.Buddy) -> Nebyla provedena žádná instrukce.
(konec)
Re: TrojanDownloader:Win32/Adload.DA
Nalezy MBAMu smazte, objevi se log, ten rad uvidim Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
- Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe
Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe
Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe - Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
- Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
- RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
- Na plose vznikne log Rkill.txt ten mi sem vlozte
- Ted nerestartujte PC - prisli byste o ucinek RKillu
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
MinaschekDavid
- Návštěvník
- Příspěvky: 7
- Registrován: 19 zář 2013 21:36
Re: TrojanDownloader:Win32/Adload.DA
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org
Verze: v2013.09.20.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
David :: DAW3 [administrátor]
Ochrana: Povolena
20.9.2013 8:21:58
mbam-log-2013-09-20 (08-21-58).txt
Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 864484
Uplynulý čas: 10 hodin, 10 minut, 27 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66a284bf-7b0b-c59d-e041-a456d42c8ce3} (Adware.AdRotator) -> Přesun do karantény a smazání se zdařilo.
HKCR\CLSID\{66a284bf-7b0b-c59d-e041-a456d42c8ce3} (Adware.AdRotator) -> Přesun do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{66A284BF-7B0B-C59D-E041-A456D42C8CE3} (Adware.AdRotator) -> Přesun do karantény a smazání se zdařilo.
Nalezené hodnoty v registru: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HKCU (Trojan.Agent) -> Data: C:\Users\David\AppData\Roaming\system32\svchost.exe -> Přesun do karantény a smazání se zdařilo.
Nalezené datové položky v registru: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Špatný: ("regedit.exe" "%1") Dobrý: (regedit.exe "%1") -> Přesun do karantény a opravení se zdařilo.
Nalezené složky: 56
C:\Users\David\AppData\Roaming\dclogs (Stolen.Data) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465 (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\brick (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\buildings (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\building_template (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\composite (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\concrete (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\cs_assault (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\cs_havana (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\cs_italy (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\dev (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\de_aztec (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\de_cbble (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\de_chateau (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\de_dust (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\de_nuke (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\de_piranesi (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\de_prodigy (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\de_tides (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\de_train (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\effects (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\ground (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\metal (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\hostages (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\player (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\player\ct_gign (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\player\ct_gsg9 (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\player\ct_sas (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\player\ct_urban (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\player\hgitems (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\player\hgitems\hats (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\player\hgitems\weapons (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\player\hgmodels (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\player\hgmodels\hg_ctsupporter (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\player\hgmodels\hg_ctsupporter2 (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\player\hgmodels\hg_tsupporter (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\player\hgmodels\hg_tsupporter2 (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\player\t_arctic (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\player\t_guerilla (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\player\t_leet (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\player\t_phoenix (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\nature (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\particle (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\plaster (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\props (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\skybox (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\stone (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\sun (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\temp (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\tile (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\vgui (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\vgui\logos (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\wood (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files (x86)\Bargain Buddy (Adware.Bargain.Buddy) -> Přesun do karantény a smazání se zdařilo.
Nalezené soubory: 10
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D84LER98\tonebytes_4929[1].exe (PUP.Optional.InstallMonetizer.A) -> Nebyla provedena žádná instrukce.
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIR7705O\DeltaTB[1].exe (PUP.Optional.Babylon.A) -> Nebyla provedena žádná instrukce.
C:\GAMES FILES\Counter-Strike Source\VHCSS.exe (Trojan.Agent.Gen) -> Přesun do karantény a smazání se zdařilo.
C:\GAMES FILES\Valve\WH.CS.1.6.exe (Spyware.OnlineGames) -> Přesun do karantény a smazání se zdařilo.
C:\Users\David\Documents\Programy\ESET Smart Security 4 - crack\ESET Smart Security 4 - crack\ESET Antivirus License Finder (MiNODLogin) 3.7.5.1.exe (Riskware.KG) -> Přesun do karantény a smazání se zdařilo.
C:\Users\David\AppData\Roaming\dclogs\2012-09-17-2.dc (Stolen.Data) -> Přesun do karantény a smazání se zdařilo.
C:\Users\David\AppData\Roaming\dclogs\2012-09-18-3.dc (Stolen.Data) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\Counter-Strike Source Hack Installer.exe (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\csshacklauncher.exe (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files (x86)\Bargain Buddy\uninst.exe (Adware.Bargain.Buddy) -> Přesun do karantény a smazání se zdařilo.
(konec)
www.malwarebytes.org
Verze: v2013.09.20.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
David :: DAW3 [administrátor]
Ochrana: Povolena
20.9.2013 8:21:58
mbam-log-2013-09-20 (08-21-58).txt
Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 864484
Uplynulý čas: 10 hodin, 10 minut, 27 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66a284bf-7b0b-c59d-e041-a456d42c8ce3} (Adware.AdRotator) -> Přesun do karantény a smazání se zdařilo.
HKCR\CLSID\{66a284bf-7b0b-c59d-e041-a456d42c8ce3} (Adware.AdRotator) -> Přesun do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{66A284BF-7B0B-C59D-E041-A456D42C8CE3} (Adware.AdRotator) -> Přesun do karantény a smazání se zdařilo.
Nalezené hodnoty v registru: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HKCU (Trojan.Agent) -> Data: C:\Users\David\AppData\Roaming\system32\svchost.exe -> Přesun do karantény a smazání se zdařilo.
Nalezené datové položky v registru: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Špatný: ("regedit.exe" "%1") Dobrý: (regedit.exe "%1") -> Přesun do karantény a opravení se zdařilo.
Nalezené složky: 56
C:\Users\David\AppData\Roaming\dclogs (Stolen.Data) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465 (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\brick (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\buildings (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\building_template (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\composite (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\concrete (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\cs_assault (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\cs_havana (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\cs_italy (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\dev (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\de_aztec (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\de_cbble (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\de_chateau (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\de_dust (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\de_nuke (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\de_piranesi (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\de_prodigy (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\de_tides (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\de_train (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\effects (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\ground (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\metal (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\hostages (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\player (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\player\ct_gign (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\player\ct_gsg9 (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\player\ct_sas (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\player\ct_urban (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\player\hgitems (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\player\hgitems\hats (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\player\hgitems\weapons (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\player\hgmodels (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\player\hgmodels\hg_ctsupporter (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\player\hgmodels\hg_ctsupporter2 (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\player\hgmodels\hg_tsupporter (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\player\hgmodels\hg_tsupporter2 (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\player\t_arctic (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\player\t_guerilla (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\player\t_leet (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\models\player\t_phoenix (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\nature (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\particle (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\plaster (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\props (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\skybox (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\stone (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\sun (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\temp (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\tile (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\vgui (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\vgui\logos (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\materials\wood (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files (x86)\Bargain Buddy (Adware.Bargain.Buddy) -> Přesun do karantény a smazání se zdařilo.
Nalezené soubory: 10
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D84LER98\tonebytes_4929[1].exe (PUP.Optional.InstallMonetizer.A) -> Nebyla provedena žádná instrukce.
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIR7705O\DeltaTB[1].exe (PUP.Optional.Babylon.A) -> Nebyla provedena žádná instrukce.
C:\GAMES FILES\Counter-Strike Source\VHCSS.exe (Trojan.Agent.Gen) -> Přesun do karantény a smazání se zdařilo.
C:\GAMES FILES\Valve\WH.CS.1.6.exe (Spyware.OnlineGames) -> Přesun do karantény a smazání se zdařilo.
C:\Users\David\Documents\Programy\ESET Smart Security 4 - crack\ESET Smart Security 4 - crack\ESET Antivirus License Finder (MiNODLogin) 3.7.5.1.exe (Riskware.KG) -> Přesun do karantény a smazání se zdařilo.
C:\Users\David\AppData\Roaming\dclogs\2012-09-17-2.dc (Stolen.Data) -> Přesun do karantény a smazání se zdařilo.
C:\Users\David\AppData\Roaming\dclogs\2012-09-18-3.dc (Stolen.Data) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\Counter-Strike Source Hack Installer.exe (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\192837465\csshacklauncher.exe (Rogue.Multiple) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files (x86)\Bargain Buddy\uninst.exe (Adware.Bargain.Buddy) -> Přesun do karantény a smazání se zdařilo.
(konec)
-
MinaschekDavid
- Návštěvník
- Příspěvky: 7
- Registrován: 19 zář 2013 21:36
Re: TrojanDownloader:Win32/Adload.DA
Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 09/21/2013 01:27:42 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Windows\SysWOW64\nlssrv32.exe (PID: 2568) [WD-HEUR]
1 proccess terminated!
Checking Registry for malware related settings:
* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]
Backup Registry file created at:
C:\Users\David\Desktop\rkill\rkill-09-21-2013-01-27-50.reg
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKCU\SOFTWARE\Classes\.exe "@" exists and is set to exefile!
* HKCU\SOFTWARE\Classes\.exe has been deleted!
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 125.252.224.90
127.0.0.1 125.252.224.91
20 out of 21 HOSTS entries shown.
Please review HOSTS file for further entries.
Program finished at: 09/21/2013 01:29:35 AM
Execution time: 0 hours(s), 1 minute(s), and 53 seconds(s)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 09/21/2013 01:27:42 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Windows\SysWOW64\nlssrv32.exe (PID: 2568) [WD-HEUR]
1 proccess terminated!
Checking Registry for malware related settings:
* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]
Backup Registry file created at:
C:\Users\David\Desktop\rkill\rkill-09-21-2013-01-27-50.reg
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKCU\SOFTWARE\Classes\.exe "@" exists and is set to exefile!
* HKCU\SOFTWARE\Classes\.exe has been deleted!
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 125.252.224.90
127.0.0.1 125.252.224.91
20 out of 21 HOSTS entries shown.
Please review HOSTS file for further entries.
Program finished at: 09/21/2013 01:29:35 AM
Execution time: 0 hours(s), 1 minute(s), and 53 seconds(s)
-
MinaschekDavid
- Návštěvník
- Příspěvky: 7
- Registrován: 19 zář 2013 21:36
Re: TrojanDownloader:Win32/Adload.DA
ComboFix 13-09-19.01 - David 21.09.2013 1:39.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4091.1781 [GMT 2:00]
Spuštěný z: c:\users\David\Downloads\Google Chrome\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
* Vytvořen nový Bod Obnovení
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\program files (x86)\SiL
c:\programdata\044AD2FA9E.sys
c:\users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\David\AppData\Local\Temp\_MEI33722\_ctypes.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\_elementtree.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\_hashlib.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\_multiprocessing.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\_socket.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\_ssl.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\msvcp100.dll
c:\users\David\AppData\Local\Temp\_MEI33722\msvcr100.dll
c:\users\David\AppData\Local\Temp\_MEI33722\pyexpat.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\pysqlite2._sqlite.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\python27.dll
c:\users\David\AppData\Local\Temp\_MEI33722\pythoncom27.dll
c:\users\David\AppData\Local\Temp\_MEI33722\PyWinTypes27.dll
c:\users\David\AppData\Local\Temp\_MEI33722\select.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\unicodedata.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\win32api.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\win32com.shell.shell.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\win32crypt.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\win32event.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\win32file.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\win32inet.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\win32pdh.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\win32process.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\win32profile.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\win32security.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\win32ts.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\windows._cacheinvalidation.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\wx._controls_.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\wx._core_.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\wx._gdi_.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\wx._html2.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\wx._misc_.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\wx._windows_.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\wx._wizard.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\wxbase294u_net_vc90.dll
c:\users\David\AppData\Local\Temp\_MEI33722\wxbase294u_vc90.dll
c:\users\David\AppData\Local\Temp\_MEI33722\wxmsw294u_adv_vc90.dll
c:\users\David\AppData\Local\Temp\_MEI33722\wxmsw294u_core_vc90.dll
c:\users\David\AppData\Local\Temp\_MEI33722\wxmsw294u_html_vc90.dll
c:\users\David\AppData\Local\Temp\_MEI33722\wxmsw294u_webview_vc90.dll
c:\users\David\AppData\Roaming\.#
c:\users\David\AppData\Roaming\Davidlog.dat
c:\users\David\AppData\Roaming\system32
c:\windows\SysWow64\msvcsv60.dll
c:\windows\SysWow64\SET85CF.tmp
c:\windows\SysWow64\SET979B.tmp
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-20 do 2013-09-20 )))))))))))))))))))))))))))))))
.
.
2013-09-20 16:02 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{28759227-A87B-464C-B2F3-AFA6DE226C70}\mpengine.dll
2013-09-20 06:20 . 2013-09-20 06:20 -------- d-----w- c:\users\David\AppData\Roaming\Malwarebytes
2013-09-20 06:20 . 2013-09-20 06:20 -------- d-----w- c:\programdata\Malwarebytes
2013-09-20 06:19 . 2013-09-20 06:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-20 06:19 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-20 06:19 . 2013-09-20 06:19 -------- d-----w- c:\users\David\AppData\Local\Programs
2013-09-20 06:09 . 2013-09-20 06:10 -------- d-----w- C:\AdwCleaner
2013-09-20 04:55 . 2013-09-20 04:55 -------- d-----w- c:\windows\ERUNT
2013-09-19 20:38 . 2013-09-19 20:39 -------- d-----w- C:\rsit
2013-09-19 20:38 . 2013-09-19 20:39 -------- d-----w- c:\program files\trend micro
2013-09-19 09:15 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-11 20:32 . 2013-09-11 20:32 -------- d-----w- c:\program files (x86)\Cok Software
2013-09-05 22:51 . 2013-09-05 22:50 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C608DD3-5E88-412C-9564-E23FA20C3AB0}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-20 15:49 . 2012-05-11 20:58 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-20 15:49 . 2011-09-11 18:57 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-22 16:04 . 2013-04-24 08:09 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-07-18 11:40 . 2013-07-18 11:23 16 ----a-w- c:\users\David\AppData\Roaming\msregsvv.dll
2013-06-24 09:18 . 2013-06-24 09:18 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-24 09:18 . 2012-04-30 16:13 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-06-24 09:18 . 2011-03-19 12:55 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynAcer"="c:\program files\Synaptics\SynTP\SynAcer.exe" [2009-06-19 160552]
"SynAcer930"="c:\program files\Synaptics\SynTP\SynAcer.exe" [2009-06-19 160552]
"Synaptics TouchPad Enhancements"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-19 1808168]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
"Badoo Desktop"="c:\programdata\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe" [2012-12-24 1067232]
"SpeedUpMyComputer"="c:\program files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe" [2013-07-22 2054776]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-27 1194504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
.
2;2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe;c:\program files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe;c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [x]
R3 NETw5s64;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 pkmqppiv;{4E8E2077-51FF-4F2E-83D1-0EF05E2AA007};g:\pwdump\servpw.exe;g:\pwdump\servpw.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1018unic.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WMSVC;Služba webové správy;c:\windows\system32\inetsrv\wmsvc.exe;c:\windows\SYSNATIVE\inetsrv\wmsvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswKbd;aswKbd; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [x]
S2 ftpsvc;Služba Microsoft FTP Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MbnExt;Mobile Broadband Extension Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [x]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe;c:\windows\SYSNATIVE\nlssrv32.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
MbnExt REG_MULTI_SZ MbnExt
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-11 15:49]
.
2013-09-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4141285989-492110369-221055743-1000Core.job
- c:\users\David\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-19 13:25]
.
2013-09-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4141285989-492110369-221055743-1000UA.job
- c:\users\David\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-19 13:25]
.
2013-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 13:39]
.
2013-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 13:39]
.
2013-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4141285989-492110369-221055743-1000Core.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-01 20:50]
.
2013-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4141285989-492110369-221055743-1000UA.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-01 20:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.100.252
TCP: Interfaces\{3845EC69-4C6D-44A1-9E6B-C308D37925CD}: NameServer = 93.153.117.1 93.153.117.33
DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} - hxxp://192.168.2.250/AL/WinWebPush.cab
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\vl5ism4a.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: network.proxy.ftp - 192.168.3.1
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 192.168.3.1
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 192.168.3.1
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 192.168.3.1
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-ophcrack - g:\ophcrack\uninst.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4141285989-492110369-221055743-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D3727C3B-98E4-3E09-1FBA-28833E880073}*]
"hagmbahbonjmpdnf"=hex:6b,61,6a,63,63,66,6a,65,6a,61,66,61,6a,66,69,64,6c,61,
6f,66,63,61,00,00
"iaemlniomfpjlpknci"=hex:63,61,6e,70,62,66,00,00
"iailljimghjhncfece"=hex:6a,61,65,63,6d,68,64,68,70,62,70,70,64,69,69,61,6d,70,
6b,69,00,00
.
[HKEY_USERS\S-1-5-21-4141285989-492110369-221055743-1000\Software\SecuROM\License information*]
"datasecu"=hex:8f,89,f4,01,ad,ac,43,51,40,d8,b2,db,e4,09,8b,b6,bb,13,86,64,45,
2e,0a,35,1d,13,6a,b0,98,cf,4a,53,ea,e6,40,54,70,37,5b,3f,d9,46,62,c0,4e,ee,\
"rkeysecu"=hex:71,f9,d5,97,46,87,46,33,dc,be,f5,6b,a3,5f,6c,31
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0018\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0019\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0020\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0021\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0022\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0023\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\windows\SysWOW64\nlssrv32.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Celkový čas: 2013-09-21 02:03:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-09-21 00:03
.
Před spuštěním: Volných bajtů: 215 514 292 224
Po spuštění: Volných bajtů: 215 486 947 328
.
- - End Of File - - A9A97DD72D002A0FC3EE5FD35DB66D72
5C616939100B85E558DA92B899A0FC36
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4091.1781 [GMT 2:00]
Spuštěný z: c:\users\David\Downloads\Google Chrome\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
* Vytvořen nový Bod Obnovení
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\program files (x86)\SiL
c:\programdata\044AD2FA9E.sys
c:\users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\David\AppData\Local\Temp\_MEI33722\_ctypes.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\_elementtree.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\_hashlib.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\_multiprocessing.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\_socket.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\_ssl.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\msvcp100.dll
c:\users\David\AppData\Local\Temp\_MEI33722\msvcr100.dll
c:\users\David\AppData\Local\Temp\_MEI33722\pyexpat.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\pysqlite2._sqlite.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\python27.dll
c:\users\David\AppData\Local\Temp\_MEI33722\pythoncom27.dll
c:\users\David\AppData\Local\Temp\_MEI33722\PyWinTypes27.dll
c:\users\David\AppData\Local\Temp\_MEI33722\select.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\unicodedata.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\win32api.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\win32com.shell.shell.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\win32crypt.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\win32event.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\win32file.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\win32inet.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\win32pdh.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\win32process.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\win32profile.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\win32security.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\win32ts.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\windows._cacheinvalidation.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\wx._controls_.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\wx._core_.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\wx._gdi_.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\wx._html2.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\wx._misc_.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\wx._windows_.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\wx._wizard.pyd
c:\users\David\AppData\Local\Temp\_MEI33722\wxbase294u_net_vc90.dll
c:\users\David\AppData\Local\Temp\_MEI33722\wxbase294u_vc90.dll
c:\users\David\AppData\Local\Temp\_MEI33722\wxmsw294u_adv_vc90.dll
c:\users\David\AppData\Local\Temp\_MEI33722\wxmsw294u_core_vc90.dll
c:\users\David\AppData\Local\Temp\_MEI33722\wxmsw294u_html_vc90.dll
c:\users\David\AppData\Local\Temp\_MEI33722\wxmsw294u_webview_vc90.dll
c:\users\David\AppData\Roaming\.#
c:\users\David\AppData\Roaming\Davidlog.dat
c:\users\David\AppData\Roaming\system32
c:\windows\SysWow64\msvcsv60.dll
c:\windows\SysWow64\SET85CF.tmp
c:\windows\SysWow64\SET979B.tmp
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-20 do 2013-09-20 )))))))))))))))))))))))))))))))
.
.
2013-09-20 16:02 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{28759227-A87B-464C-B2F3-AFA6DE226C70}\mpengine.dll
2013-09-20 06:20 . 2013-09-20 06:20 -------- d-----w- c:\users\David\AppData\Roaming\Malwarebytes
2013-09-20 06:20 . 2013-09-20 06:20 -------- d-----w- c:\programdata\Malwarebytes
2013-09-20 06:19 . 2013-09-20 06:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-20 06:19 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-20 06:19 . 2013-09-20 06:19 -------- d-----w- c:\users\David\AppData\Local\Programs
2013-09-20 06:09 . 2013-09-20 06:10 -------- d-----w- C:\AdwCleaner
2013-09-20 04:55 . 2013-09-20 04:55 -------- d-----w- c:\windows\ERUNT
2013-09-19 20:38 . 2013-09-19 20:39 -------- d-----w- C:\rsit
2013-09-19 20:38 . 2013-09-19 20:39 -------- d-----w- c:\program files\trend micro
2013-09-19 09:15 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-11 20:32 . 2013-09-11 20:32 -------- d-----w- c:\program files (x86)\Cok Software
2013-09-05 22:51 . 2013-09-05 22:50 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C608DD3-5E88-412C-9564-E23FA20C3AB0}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-20 15:49 . 2012-05-11 20:58 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-20 15:49 . 2011-09-11 18:57 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-22 16:04 . 2013-04-24 08:09 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-07-18 11:40 . 2013-07-18 11:23 16 ----a-w- c:\users\David\AppData\Roaming\msregsvv.dll
2013-06-24 09:18 . 2013-06-24 09:18 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-24 09:18 . 2012-04-30 16:13 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-06-24 09:18 . 2011-03-19 12:55 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynAcer"="c:\program files\Synaptics\SynTP\SynAcer.exe" [2009-06-19 160552]
"SynAcer930"="c:\program files\Synaptics\SynTP\SynAcer.exe" [2009-06-19 160552]
"Synaptics TouchPad Enhancements"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-19 1808168]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
"Badoo Desktop"="c:\programdata\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe" [2012-12-24 1067232]
"SpeedUpMyComputer"="c:\program files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe" [2013-07-22 2054776]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-27 1194504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
.
2;2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe;c:\program files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe;c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [x]
R3 NETw5s64;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 pkmqppiv;{4E8E2077-51FF-4F2E-83D1-0EF05E2AA007};g:\pwdump\servpw.exe;g:\pwdump\servpw.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1018unic.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WMSVC;Služba webové správy;c:\windows\system32\inetsrv\wmsvc.exe;c:\windows\SYSNATIVE\inetsrv\wmsvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswKbd;aswKbd; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [x]
S2 ftpsvc;Služba Microsoft FTP Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MbnExt;Mobile Broadband Extension Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [x]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe;c:\windows\SYSNATIVE\nlssrv32.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
MbnExt REG_MULTI_SZ MbnExt
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-11 15:49]
.
2013-09-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4141285989-492110369-221055743-1000Core.job
- c:\users\David\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-19 13:25]
.
2013-09-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4141285989-492110369-221055743-1000UA.job
- c:\users\David\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-19 13:25]
.
2013-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 13:39]
.
2013-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 13:39]
.
2013-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4141285989-492110369-221055743-1000Core.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-01 20:50]
.
2013-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4141285989-492110369-221055743-1000UA.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-01 20:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.100.252
TCP: Interfaces\{3845EC69-4C6D-44A1-9E6B-C308D37925CD}: NameServer = 93.153.117.1 93.153.117.33
DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} - hxxp://192.168.2.250/AL/WinWebPush.cab
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\vl5ism4a.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: network.proxy.ftp - 192.168.3.1
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 192.168.3.1
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 192.168.3.1
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 192.168.3.1
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-ophcrack - g:\ophcrack\uninst.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4141285989-492110369-221055743-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D3727C3B-98E4-3E09-1FBA-28833E880073}*]
"hagmbahbonjmpdnf"=hex:6b,61,6a,63,63,66,6a,65,6a,61,66,61,6a,66,69,64,6c,61,
6f,66,63,61,00,00
"iaemlniomfpjlpknci"=hex:63,61,6e,70,62,66,00,00
"iailljimghjhncfece"=hex:6a,61,65,63,6d,68,64,68,70,62,70,70,64,69,69,61,6d,70,
6b,69,00,00
.
[HKEY_USERS\S-1-5-21-4141285989-492110369-221055743-1000\Software\SecuROM\License information*]
"datasecu"=hex:8f,89,f4,01,ad,ac,43,51,40,d8,b2,db,e4,09,8b,b6,bb,13,86,64,45,
2e,0a,35,1d,13,6a,b0,98,cf,4a,53,ea,e6,40,54,70,37,5b,3f,d9,46,62,c0,4e,ee,\
"rkeysecu"=hex:71,f9,d5,97,46,87,46,33,dc,be,f5,6b,a3,5f,6c,31
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0018\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0019\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0020\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0021\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0022\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0023\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\windows\SysWOW64\nlssrv32.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Celkový čas: 2013-09-21 02:03:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-09-21 00:03
.
Před spuštěním: Volných bajtů: 215 514 292 224
Po spuštění: Volných bajtů: 215 486 947 328
.
- - End Of File - - A9A97DD72D002A0FC3EE5FD35DB66D72
5C616939100B85E558DA92B899A0FC36
Re: TrojanDownloader:Win32/Adload.DA
Stahnete Farbar Service Scanner http://download.bleepingcomputer.com/farbar/FSS.exe
- Ulozte nejlepe na Plochu
- U vsech polozek udelejte zatrzitko (tim je oznacite pro skenovani)
- Kliknete na Scan
- Po dokonceni skenu se objevi log FSS.txt ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
MinaschekDavid
- Návštěvník
- Příspěvky: 7
- Registrován: 19 zář 2013 21:36
Re: TrojanDownloader:Win32/Adload.DA
Farbar Service Scanner Version: 13-09-2013
Ran by David (administrator) on 22-09-2013 at 00:32:55
Running from "C:\Users\David\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
Ran by David (administrator) on 22-09-2013 at 00:32:55
Running from "C:\Users\David\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
Re: TrojanDownloader:Win32/Adload.DA
Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"=- "SpeedUpMyComputer"=- [-HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] Folder:: c:\program files (x86)\SmartTweak\SpeedUpMyComputer Firefox:: FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\vl5ism4a.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: network.proxy.ftp - 192.168.3.1 FF - prefs.js: network.proxy.ftp_port - 3128 FF - prefs.js: network.proxy.http - 192.168.3.1 FF - prefs.js: network.proxy.http_port - 3128 FF - prefs.js: network.proxy.socks - 192.168.3.1 FF - prefs.js: network.proxy.socks_port - 3128 FF - prefs.js: network.proxy.ssl - 192.168.3.1 FF - prefs.js: network.proxy.ssl_port - 3128 FF - prefs.js: network.proxy.type - 0 RegLock:: [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] RegNull:: [HKEY_USERS\S-1-5-21-4141285989-492110369-221055743-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D3727C3B-98E4-3E09-1FBA-28833E880073}*] [HKEY_USERS\S-1-5-21-4141285989-492110369-221055743-1000\Software\SecuROM\License information*] [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] ClearJavaCache:: Reboot::- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
MinaschekDavid
- Návštěvník
- Příspěvky: 7
- Registrován: 19 zář 2013 21:36
Re: TrojanDownloader:Win32/Adload.DA
ComboFix 13-09-19.01 - David 22.09.2013 16:58:50.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4091.1974 [GMT 2:00]
Spuštěný z: c:\users\David\Downloads\Google Chrome\ComboFix.exe
Použité ovládací přepínače :: c:\users\David\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
* Vytvořen nový Bod Obnovení
.
ADS - Windows: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SmartTweak\SpeedUpMyComputer
c:\program files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe
c:\program files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.url
c:\program files (x86)\SmartTweak\SpeedUpMyComputer\uninst.exe
c:\users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\David\AppData\Local\Temp\_MEI45642\_ctypes.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\_elementtree.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\_hashlib.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\_multiprocessing.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\_socket.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\_ssl.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\msvcp100.dll
c:\users\David\AppData\Local\Temp\_MEI45642\msvcr100.dll
c:\users\David\AppData\Local\Temp\_MEI45642\pyexpat.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\pysqlite2._sqlite.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\python27.dll
c:\users\David\AppData\Local\Temp\_MEI45642\pythoncom27.dll
c:\users\David\AppData\Local\Temp\_MEI45642\PyWinTypes27.dll
c:\users\David\AppData\Local\Temp\_MEI45642\select.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\unicodedata.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\win32api.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\win32com.shell.shell.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\win32crypt.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\win32event.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\win32file.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\win32inet.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\win32pdh.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\win32process.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\win32profile.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\win32security.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\win32ts.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\windows._cacheinvalidation.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\wx._controls_.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\wx._core_.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\wx._gdi_.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\wx._html2.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\wx._misc_.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\wx._windows_.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\wx._wizard.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\wxbase294u_net_vc90.dll
c:\users\David\AppData\Local\Temp\_MEI45642\wxbase294u_vc90.dll
c:\users\David\AppData\Local\Temp\_MEI45642\wxmsw294u_adv_vc90.dll
c:\users\David\AppData\Local\Temp\_MEI45642\wxmsw294u_core_vc90.dll
c:\users\David\AppData\Local\Temp\_MEI45642\wxmsw294u_html_vc90.dll
c:\users\David\AppData\Local\Temp\_MEI45642\wxmsw294u_webview_vc90.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-22 do 2013-09-22 )))))))))))))))))))))))))))))))
.
.
2013-09-22 15:11 . 2013-09-22 15:11 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-09-22 15:11 . 2013-09-22 15:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-21 23:16 . 2013-09-21 23:19 -------- d-----w- c:\windows\system32\MRT
2013-09-21 23:01 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64B4D677-7FC3-40C6-BFF6-086CDA864B59}\mpengine.dll
2013-09-21 22:44 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-09-21 22:44 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-09-21 22:42 . 2013-08-02 01:59 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-09-21 22:40 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-09-21 22:40 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-09-21 00:53 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-21 00:03 . 2013-09-22 15:16 -------- d-----w- c:\users\David\AppData\Local\temp
2013-09-20 06:20 . 2013-09-20 06:20 -------- d-----w- c:\users\David\AppData\Roaming\Malwarebytes
2013-09-20 06:20 . 2013-09-20 06:20 -------- d-----w- c:\programdata\Malwarebytes
2013-09-20 06:19 . 2013-09-20 06:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-20 06:19 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-20 06:19 . 2013-09-20 06:19 -------- d-----w- c:\users\David\AppData\Local\Programs
2013-09-20 06:09 . 2013-09-20 06:10 -------- d-----w- C:\AdwCleaner
2013-09-20 04:55 . 2013-09-20 04:55 -------- d-----w- c:\windows\ERUNT
2013-09-19 20:38 . 2013-09-19 20:39 -------- d-----w- C:\rsit
2013-09-19 20:38 . 2013-09-19 20:39 -------- d-----w- c:\program files\trend micro
2013-09-11 20:32 . 2013-09-11 20:32 -------- d-----w- c:\program files (x86)\Cok Software
2013-09-05 22:51 . 2013-09-05 22:50 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C608DD3-5E88-412C-9564-E23FA20C3AB0}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-20 15:49 . 2012-05-11 20:58 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-20 15:49 . 2011-09-11 18:57 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-01 15:08 . 2009-12-25 02:32 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-22 16:04 . 2013-04-24 08:09 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-02 01:48 . 2013-09-21 22:42 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-18 11:40 . 2013-07-18 11:23 16 ----a-w- c:\users\David\AppData\Roaming\msregsvv.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynAcer"="c:\program files\Synaptics\SynTP\SynAcer.exe" [2009-06-19 160552]
"SynAcer930"="c:\program files\Synaptics\SynTP\SynAcer.exe" [2009-06-19 160552]
"Synaptics TouchPad Enhancements"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-19 1808168]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-27 1194504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe;c:\program files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe;c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [x]
R3 NETw5s64;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 pkmqppiv;{4E8E2077-51FF-4F2E-83D1-0EF05E2AA007};g:\pwdump\servpw.exe;g:\pwdump\servpw.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1018unic.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WMSVC;Služba webové správy;c:\windows\system32\inetsrv\wmsvc.exe;c:\windows\SYSNATIVE\inetsrv\wmsvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswKbd;aswKbd; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [x]
S2 ftpsvc;Služba Microsoft FTP Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
S2 MbnExt;Mobile Broadband Extension Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [x]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe;c:\windows\SYSNATIVE\nlssrv32.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
MbnExt REG_MULTI_SZ MbnExt
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-11 15:49]
.
2013-09-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4141285989-492110369-221055743-1000Core.job
- c:\users\David\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-19 13:25]
.
2013-09-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4141285989-492110369-221055743-1000UA.job
- c:\users\David\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-19 13:25]
.
2013-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 13:39]
.
2013-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 13:39]
.
2013-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4141285989-492110369-221055743-1000Core.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-01 20:50]
.
2013-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4141285989-492110369-221055743-1000UA.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-01 20:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.100.252
TCP: Interfaces\{3845EC69-4C6D-44A1-9E6B-C308D37925CD}: NameServer = 93.153.117.1 93.153.117.33
DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} - hxxp://192.168.2.250/AL/WinWebPush.cab
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\vl5ism4a.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-ophcrack - g:\ophcrack\uninst.exe
AddRemove-SpeedUpMyComputer - c:\program files (x86)\SmartTweak\SpeedUpMyComputer\uninst.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\windows\SysWOW64\nlssrv32.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Celkový čas: 2013-09-22 17:25:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-09-22 15:25
ComboFix2.txt 2013-09-21 00:03
.
Před spuštěním: Volných bajtů: 212 798 955 520
Po spuštění: Volných bajtů: 213 082 533 888
.
- - End Of File - - 0B5F800DD9D3D5DB08EA72A6B0B435EF
5C616939100B85E558DA92B899A0FC36
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4091.1974 [GMT 2:00]
Spuštěný z: c:\users\David\Downloads\Google Chrome\ComboFix.exe
Použité ovládací přepínače :: c:\users\David\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
* Vytvořen nový Bod Obnovení
.
ADS - Windows: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SmartTweak\SpeedUpMyComputer
c:\program files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe
c:\program files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.url
c:\program files (x86)\SmartTweak\SpeedUpMyComputer\uninst.exe
c:\users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\David\AppData\Local\Temp\_MEI45642\_ctypes.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\_elementtree.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\_hashlib.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\_multiprocessing.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\_socket.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\_ssl.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\msvcp100.dll
c:\users\David\AppData\Local\Temp\_MEI45642\msvcr100.dll
c:\users\David\AppData\Local\Temp\_MEI45642\pyexpat.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\pysqlite2._sqlite.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\python27.dll
c:\users\David\AppData\Local\Temp\_MEI45642\pythoncom27.dll
c:\users\David\AppData\Local\Temp\_MEI45642\PyWinTypes27.dll
c:\users\David\AppData\Local\Temp\_MEI45642\select.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\unicodedata.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\win32api.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\win32com.shell.shell.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\win32crypt.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\win32event.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\win32file.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\win32inet.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\win32pdh.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\win32process.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\win32profile.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\win32security.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\win32ts.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\windows._cacheinvalidation.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\wx._controls_.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\wx._core_.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\wx._gdi_.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\wx._html2.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\wx._misc_.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\wx._windows_.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\wx._wizard.pyd
c:\users\David\AppData\Local\Temp\_MEI45642\wxbase294u_net_vc90.dll
c:\users\David\AppData\Local\Temp\_MEI45642\wxbase294u_vc90.dll
c:\users\David\AppData\Local\Temp\_MEI45642\wxmsw294u_adv_vc90.dll
c:\users\David\AppData\Local\Temp\_MEI45642\wxmsw294u_core_vc90.dll
c:\users\David\AppData\Local\Temp\_MEI45642\wxmsw294u_html_vc90.dll
c:\users\David\AppData\Local\Temp\_MEI45642\wxmsw294u_webview_vc90.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-22 do 2013-09-22 )))))))))))))))))))))))))))))))
.
.
2013-09-22 15:11 . 2013-09-22 15:11 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-09-22 15:11 . 2013-09-22 15:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-21 23:16 . 2013-09-21 23:19 -------- d-----w- c:\windows\system32\MRT
2013-09-21 23:01 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64B4D677-7FC3-40C6-BFF6-086CDA864B59}\mpengine.dll
2013-09-21 22:44 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-09-21 22:44 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-09-21 22:42 . 2013-08-02 01:59 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-09-21 22:40 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-09-21 22:40 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-09-21 00:53 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-21 00:03 . 2013-09-22 15:16 -------- d-----w- c:\users\David\AppData\Local\temp
2013-09-20 06:20 . 2013-09-20 06:20 -------- d-----w- c:\users\David\AppData\Roaming\Malwarebytes
2013-09-20 06:20 . 2013-09-20 06:20 -------- d-----w- c:\programdata\Malwarebytes
2013-09-20 06:19 . 2013-09-20 06:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-20 06:19 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-20 06:19 . 2013-09-20 06:19 -------- d-----w- c:\users\David\AppData\Local\Programs
2013-09-20 06:09 . 2013-09-20 06:10 -------- d-----w- C:\AdwCleaner
2013-09-20 04:55 . 2013-09-20 04:55 -------- d-----w- c:\windows\ERUNT
2013-09-19 20:38 . 2013-09-19 20:39 -------- d-----w- C:\rsit
2013-09-19 20:38 . 2013-09-19 20:39 -------- d-----w- c:\program files\trend micro
2013-09-11 20:32 . 2013-09-11 20:32 -------- d-----w- c:\program files (x86)\Cok Software
2013-09-05 22:51 . 2013-09-05 22:50 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C608DD3-5E88-412C-9564-E23FA20C3AB0}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-20 15:49 . 2012-05-11 20:58 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-20 15:49 . 2011-09-11 18:57 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-01 15:08 . 2009-12-25 02:32 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-22 16:04 . 2013-04-24 08:09 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-02 01:48 . 2013-09-21 22:42 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-18 11:40 . 2013-07-18 11:23 16 ----a-w- c:\users\David\AppData\Roaming\msregsvv.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynAcer"="c:\program files\Synaptics\SynTP\SynAcer.exe" [2009-06-19 160552]
"SynAcer930"="c:\program files\Synaptics\SynTP\SynAcer.exe" [2009-06-19 160552]
"Synaptics TouchPad Enhancements"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-19 1808168]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-27 1194504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe;c:\program files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe;c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [x]
R3 NETw5s64;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 pkmqppiv;{4E8E2077-51FF-4F2E-83D1-0EF05E2AA007};g:\pwdump\servpw.exe;g:\pwdump\servpw.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1018unic.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WMSVC;Služba webové správy;c:\windows\system32\inetsrv\wmsvc.exe;c:\windows\SYSNATIVE\inetsrv\wmsvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswKbd;aswKbd; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [x]
S2 ftpsvc;Služba Microsoft FTP Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
S2 MbnExt;Mobile Broadband Extension Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [x]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe;c:\windows\SYSNATIVE\nlssrv32.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
MbnExt REG_MULTI_SZ MbnExt
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-11 15:49]
.
2013-09-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4141285989-492110369-221055743-1000Core.job
- c:\users\David\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-19 13:25]
.
2013-09-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4141285989-492110369-221055743-1000UA.job
- c:\users\David\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-19 13:25]
.
2013-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 13:39]
.
2013-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 13:39]
.
2013-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4141285989-492110369-221055743-1000Core.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-01 20:50]
.
2013-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4141285989-492110369-221055743-1000UA.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-01 20:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.100.252
TCP: Interfaces\{3845EC69-4C6D-44A1-9E6B-C308D37925CD}: NameServer = 93.153.117.1 93.153.117.33
DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} - hxxp://192.168.2.250/AL/WinWebPush.cab
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\vl5ism4a.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-ophcrack - g:\ophcrack\uninst.exe
AddRemove-SpeedUpMyComputer - c:\program files (x86)\SmartTweak\SpeedUpMyComputer\uninst.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\windows\SysWOW64\nlssrv32.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Celkový čas: 2013-09-22 17:25:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-09-22 15:25
ComboFix2.txt 2013-09-21 00:03
.
Před spuštěním: Volných bajtů: 212 798 955 520
Po spuštění: Volných bajtů: 213 082 533 888
.
- - End Of File - - 0B5F800DD9D3D5DB08EA72A6B0B435EF
5C616939100B85E558DA92B899A0FC36
Re: TrojanDownloader:Win32/Adload.DA
Tak jeste uklidime 
Odinstalujte Combofix
T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
OTC http://oldtimer.geekstogo.com/OTC.exe
TFC http://oldtimer.geekstogo.com/TFC.exe
Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič
A pokud nejsou problemy ci dotazy, je to z me strany vse 
Odinstalujte Combofix
- Prejmenujte ComboFix na Uninstall
- Spustte jej
- Tohle smaze Combofix a jeho slozky
T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
- Stahnete a spustte
- Pro potvrzeni volby mackejte A, Enter
- Po pouziti utilitu smazte
- Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
OTC http://oldtimer.geekstogo.com/OTC.exe
- Stahnete a spustte
- Kliknete na CleanUp a potvrdte YES
- Program uklidi a restartuje PC
TFC http://oldtimer.geekstogo.com/TFC.exe
- Stahnete a spustte
- Kliknete na Start a potvrdte OK
- Program uklidi a restartuje pc
- Po pouziti utilitu smazte
Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478Panel čistič
- Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
- dejte Hledej problémy
- nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
- postup opakujte dokud nebude bez problemu - vetsinou cca 3x
- Zde muzete odinstalovat nepotrebne programy
A pokud nejsou problemy ci dotazy, je to z me strany vse "Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?