Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

skype se laguje podezření na vir

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Alex05
Návštěvník
Návštěvník
Příspěvky: 114
Registrován: 19 led 2013 00:21

skype se laguje podezření na vir

#1 Příspěvek od Alex05 »

Už jsem tu psal a pomáhali jste mi stím. Vypadalo to že se problém vyřešil ale jak vidím tak asi ne.
Dával jsem tu logy z MalwareBytes,RSIT,TFC viz "http://forum.viry.cz/viewtopic.php?f=13&t=134663"
a měl jsem udělat vlog z RogueKiller tak tady je mohli by jste se prosím nato podívat?

RogueKiller V8.7.11 [Dec 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Alík [Práva správce]
Mód : Kontrola -- Datum : 12/14/2013 15:51:05
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : cz.seznam.software.autoupdate ("C:\Users\Alík\AppData\Roaming\Seznam.cz\szninstall.exe" -c [7]) -> NALEZENO
[RUN][SUSP PATH] HKCU\[...]\Run : cz.seznam.software.szndesktop ("C:\Users\Alík\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [7]) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-2302441451-1502683710-4223808985-1003\[...]\Run : cz.seznam.software.autoupdate ("C:\Users\Alík\AppData\Roaming\Seznam.cz\szninstall.exe" -c [7]) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-2302441451-1502683710-4223808985-1003\[...]\Run : cz.seznam.software.szndesktop ("C:\Users\Alík\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [7]) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 2 ¤¤¤
[Alík][SUSP UNIC] Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk : C:\Users\Alík\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk @C:\PROGRA~2\MICROS~2\Office12\ONENOTEM.EXE /tsr [-][7] -> NALEZENO
[Martin][SUSP UNIC] Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk : C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk @C:\PROGRA~2\MICROS~2\Office12\ONENOTEM.EXE /tsr [-][7] -> NALEZENO

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG SP1654N ATA Device +++++
--- User ---
[MBR] a9f32074f4906ba27bef5c5c328101d3
[BSP] 332256962ba1d12569147d7100545688 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76951 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 157597650 | Size: 75673 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) SAMSUNG HD103UJ ATA Device +++++
--- User ---
[MBR] eb58829b08af7abea3141d07b5f1f9bd
[BSP] fc81760fa3e66e7cb332c1cb0ec8a230 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 95285 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 195350528 | Size: 858482 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_S_12142013_155105.txt >>
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119532
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: skype se laguje podezření na vir

#2 Příspěvek od Rudy »

Zdravím!
Zkuste tento postup: http://forum.viry.cz/viewtopic.php?f=24&t=132509 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Alex05
Návštěvník
Návštěvník
Příspěvky: 114
Registrován: 19 led 2013 00:21

Re: skype se laguje podezření na vir

#3 Příspěvek od Alex05 »

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2013 01
Ran by Alík (administrator) on MARTIN-PC on 14-12-2013 17:15:42
Running from C:\Users\Alík\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
() C:\Folding@HomeCPU\4\Fah.exe
(Hi-Rez Studios) D:\sims 3-2\HiPatchService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Program Files (x86)\MyPublicWiFi\PublicWiFiService.exe
(Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Tablet Driver) C:\Windows\System32\drivers\WTSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Tablet Driver) C:\Windows\SysWOW64\WTClient.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(PandoraTV) C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(forum.viry.cz) C:\Users\Alík\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9642528 2009-12-03] (Realtek Semiconductor)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKCU\...\Run: [Core Temp] - C:\Program Files (x86)\CoreTemp64\Core Temp.exe [472592 2009-08-05] ()
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [385024 2009-12-14] (AMD)
HKCU\...\Run: [Facebook Update] - C:\Users\Alík\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-06-25] (Facebook Inc.)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1823656 2013-12-11] (Valve Corporation)
HKCU\...\Run: [cz.seznam.software.autoupdate] - C:\Users\Alík\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKCU\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [3551576 2013-11-21] (Electronic Arts)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17344176 2012-06-05] (Skype Technologies S.A.)
HKCU\...\Run: [cz.seznam.software.szndesktop] - C:\Users\Alík\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\Run: [ATICustomerCare] - C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [307200 2009-06-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [WTClient] - C:\Windows\\SysWOW64\WTClient.exe [40960 2007-04-11] (Tablet Driver)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C-
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\Guest\...\Run: [EA Core] - C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent
HKU\Guest\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd)
HKU\Guest\...\Run: [Core Temp] - C:\Program Files (x86)\CoreTemp64\Core Temp.exe [472592 2009-08-05] ()
HKU\Guest\...\Run: [PSPHost] - C:\Program Files (x86)\PSPHost\\PSPHost.exe
HKU\Guest\...\Run: [HKCU] - C:\Users\Guest\AppData\Roaming\install\server.exe
HKU\Guest\...\Run: [AARC] - C:\Users\Guest\Desktop\Documents\System\winsystem.exe
HKU\Guest\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1823656 2013-12-11] (Valve Corporation)
HKU\Guest\...\Run: [ICQ] - ~"D:\programi duležite\ICQ6.5\ICQ.exe" silent
HKU\Guest\...\Run: [ISUSPM] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-10] (Macrovision Corporation)
HKU\Guest\...\Run: [ISUSPM Startup] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-10] (Macrovision Corporation)
HKU\Guest\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17344176 2012-06-05] (Skype Technologies S.A.)
HKU\Guest\...\Run: [LG LinkAir] - [x]
HKU\Guest\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [385024 2009-12-14] (AMD)
HKU\Guest\...\Run: [cz.seznam.software.szndesktop] - C:\Users\Guest\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\Guest\...\Run: [cz.seznam.software.autoupdate] - C:\Users\Guest\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\Guest\...\Policies\system: [LogonHoursAction] 2
HKU\Guest\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Guest\...\Policies\system: [DisableLockWorkstation] 0
HKU\Guest\...\Policies\system: [DisableChangePassword] 0
HKU\Martin\...\Run: [Core Temp] - C:\Program Files (x86)\CoreTemp64\Core Temp.exe [472592 2009-08-05] ()
HKU\Martin\...\Run: [ISUSPM Startup] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-10] (Macrovision Corporation)
HKU\Martin\...\Run: [ISUSPM] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-10] (Macrovision Corporation)
HKU\Martin\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd)
HKU\Martin\...\Run: [LG LinkAir] - [x]
HKU\Martin\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1823656 2013-12-11] (Valve Corporation)
HKU\Martin\...\Run: [Google Update] - "C:\Users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\Martin\...\Run: [ICQ] - ~"C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4
HKU\Martin\...\Run: [KiesHelper] - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [937360 2011-12-27] (Samsung)
HKU\Martin\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17344176 2012-06-05] (Skype Technologies S.A.)
HKU\Martin\...\Run: [BitTorrent] - "G:\e\BitTorrent.exe" /MINIMIZED
HKU\Martin\...\Run: [Grid] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe [380928 2009-12-14] ()
HKU\Martin\...\Run: [GameTracker] - C:\Program Files (x86)\GameTracker\GTLite.exe
HKU\Martin\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [385024 2009-12-14] (AMD)
HKU\Martin\...\Policies\system: [DisableLockWorkstation] 0
HKU\Martin\...\Policies\system: [DisableChangePassword] 0
HKU\Martin\...\Policies\system: [LogonHoursAction] 2
HKU\Martin\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Alík\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=UP97&ocid=UP97DHP
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC94D5EAC6C97CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = cs
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - F780142E33B740098AF8F68F376D8CB0 URL = http://mystart.incredibar.com/mb201/?se ... ccJnK&i=26
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {06B786C3-0E79-435B-A5F5-81A93AEF261C} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_13415
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.dalesearch.com/?q={searchTer ... 0&tsp=5040
SearchScopes: HKCU - {25477387-2310-45df-933D-E9416D3D0303} URL = http://eis.esnips.com/page/search_provi ... earchTerms}
SearchScopes: HKCU - {2D4BF3CB-7C6E-41C8-8C44-C29CB38C7242} URL = http://search.seznam.cz/?q={searchTerms ... arch_13415
SearchScopes: HKCU - {42168F92-DA71-42E6-BC7F-132EAC1F1899} URL = http://www.google.com/cse?cx=partner-pu ... lle.com%2F <===== ATTENTION
SearchScopes: HKCU - {43E78011-72D3-4C6F-A694-109EC301E7EF} URL = http://www.google.cz/search?q={searchTe ... {startPage}
SearchScopes: HKCU - {46DD86A6-8A09-4CC4-ACCE-DA3AC1AF71A8} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
SearchScopes: HKCU - {4DB1453A-6F37-4068-ABD7-4A7F454B6F93} URL = http://www.mapy.cz/?query={searchTerms} ... arch_13415
SearchScopes: HKCU - {508B5133-1F37-4954-B49E-D4BB1D860B4E} URL = http://search.yahoo.com/search?ei=utf-8 ... earchTerms}
SearchScopes: HKCU - {75203F0A-B00C-4FE7-9572-93776BF5AA75} URL = http://cs.wikipedia.org/w/index.php?tit ... earchTerms}
SearchScopes: HKCU - {8E7F0D41-3E84-4F48-AADA-0F04948719E2} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
SearchScopes: HKCU - {A4B62637-C1B3-4CAA-A0C4-AE5F1DF4373D} URL = http://www.novinky.cz/hledej?w={searchT ... arch_13415
SearchScopes: HKCU - {A95F62C3-807A-4650-A96A-48EFF1E0B324} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_13415
SearchScopes: HKCU - {B0712185-99B6-47C8-8C7E-DAEDA62917ED} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
SearchScopes: HKCU - {B8CF604A-0A03-4C47-A6E8-4CA56B9AB145} URL = http://search.yahoo.com/search?ei=utf-8 ... earchTerms}
SearchScopes: HKCU - {D1CE821D-9688-46B3-8391-311F5DF087CF} URL = http://encyklopedie.seznam.cz/search?q= ... arch_13415
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HistoryTriggerBHO Class - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)
BHO-x32: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll ()
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll ()
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll ()
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Alík\AppData\Roaming\Mozilla\Firefox\Profiles\f18me2ah.default-1386427544464
FF SearchEngineOrder.3: Bing
FF Homepage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @thrixxx.com/WebLaunch - C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Alík\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Alík\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\Alík\AppData\Roaming\Mozilla\Firefox\Profiles\f18me2ah.default-1386427544464\searchplugins\bingp.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\esnips.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Battlefield Play4Free - C:\Users\Alík\AppData\Roaming\Mozilla\Firefox\Profiles\f18me2ah.default-1386427544464\Extensions\battlefieldplay4free@ea.com
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox

Chrome:
=======
CHR HomePage: hxxp://www.dalesearch.com/?babsrc=HP_ss&mntrId ... 0&tsp=5040
CHR RestoreOnStartup: "hxxp://www.dalesearch.com/?babsrc=HP_ss&mntrId ... 0&tsp=5040"
CHR DefaultSearchKeyword: bing.com
CHR DefaultSearchProvider: Bing
CHR DefaultSearchURL: http://www.bing.com/search?FORM=UP97DF& ... earchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Media Go Detector) - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Users\Al\u00EDk\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (Pokki Download Helper) - C:\Users\Al\u00EDk\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Extension: (Google Docs) - C:\Users\Alík\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Alík\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Seznam Li\u0161ti\u010Dka - Email) - C:\Users\Alík\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig\1.3.13_0
CHR Extension: (Seznam Li\u0161ti\u010Dka - Slovn\u00EDk) - C:\Users\Alík\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd\1.2.13_0
CHR Extension: (YouTube) - C:\Users\Alík\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Alík\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (IB Updater) - C:\Users\Alík\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.578_0
CHR Extension: (BitTorrentBar) - C:\Users\Alík\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid\2.5.0.1_0
CHR Extension: () - C:\Users\Alík\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj\1.9_0
CHR Extension: (Seznam Li\u0161ti\u010Dka - Rychl\u00E1 volba) - C:\Users\Alík\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak\1.5.14_0
CHR Extension: (uTorrentControl2) - C:\Users\Alík\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.5.0.1_0
CHR Extension: (Gmail) - C:\Users\Alík\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx
CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Martin\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Martin\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx

==================== Services (Whitelisted) =================

R2 Folding@home-CPU-[4]; C:\Folding@HomeCPU\4\Fah.exe [422400 2011-02-02] ()
R2 HiPatchService; D:\sims 3-2\HiPatchService.exe [9216 2013-11-25] (Hi-Rez Studios)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R2 MyPublicWiFiService; C:\Program Files (x86)\MyPublicWiFi\PublicWiFiService.exe [597504 2011-12-02] ()
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe [1922600 2013-07-08] (Pandora.TV)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-21] ()
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [746392 2013-03-20] (Tunngle.net GmbH)

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-11-08] ()
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [23304 2009-09-24] (IVT Corporation.)
S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [27776 2009-09-24] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-09-11] (Disc Soft Ltd)
S3 ENTECH64; C:\Windows\system32\DRIVERS\ENTECH64.sys [12744 2008-09-17] (EnTech Taiwan)
S3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [30344 2009-08-26] (IVT Corporation.)
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtpt64.sys [16384 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbs64.sys [14848 2009-09-29] (LG Electronics Inc.)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmdm64.sys [17408 2009-09-29] (LG Electronics Inc.)
S3 libusb0; C:\Windows\SysWow64\drivers\libusb0.sys [33792 2005-03-09] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-11-08] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 Tablet2k; C:\Windows\System32\Drivers\Tablet2k.sys [26112 2007-04-16] (Windows (R) Server 2003 DDK provider)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R1 truecrypt; C:\Windows\SysWow64\drivers\truecrypt.sys [222160 2010-01-02] (TrueCrypt Foundation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-19] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-19] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-19] (LG Electronics Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 BT; system32\DRIVERS\btnetdrv.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 CrystalSysInfo; \??\C:\Program Files (x86)\MediaCoder\SysInfoX64.sys [x]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena\plugins\UI\safedrv.sys [x]
S3 VComm; system32\DRIVERS\VComm.sys [x]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [x]

==================== NetSvcs (Whitelisted) ===================

NETSVCx32: nrmtqgrt -> No ServiceDLL Path.

==================== One Month Created Files and Folders ========

2013-12-14 17:15 - 2013-12-14 17:16 - 00029373 _____ C:\Users\Alík\Desktop\FRST.txt
2013-12-14 17:15 - 2013-12-14 17:15 - 00000000 ____D C:\FRST
2013-12-14 17:13 - 2013-12-14 17:13 - 00112640 _____ (forum.viry.cz) C:\Users\Alík\Desktop\FRSTLauncher.exe
2013-12-14 17:12 - 2013-12-14 17:13 - 01927796 _____ (Farbar) C:\Users\Alík\Desktop\FRST64.exe
2013-12-14 15:51 - 2013-12-14 15:51 - 00003340 _____ C:\Users\Alík\Desktop\RKreport[0]_S_12142013_155105.txt
2013-12-14 15:48 - 2013-12-14 15:56 - 00000000 ____D C:\Users\Alík\Desktop\RK_Quarantine
2013-12-14 15:48 - 2013-12-14 15:47 - 03580416 _____ C:\Users\Alík\Desktop\RogueKiller(1).exe
2013-12-14 14:58 - 2013-12-14 14:58 - 00001021 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-14 11:59 - 2013-12-14 11:59 - 00002515 _____ C:\Users\Public\Desktop\Skype.lnk
2013-12-13 14:25 - 2013-12-13 14:25 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-12-13 14:01 - 2013-12-13 14:01 - 00021029 _____ C:\ComboFix.txt
2013-12-13 13:46 - 2013-12-13 13:46 - 00000018 _____ C:\Users\Alík\Desktop\CFScript.txt
2013-12-13 12:32 - 2013-12-13 12:32 - 05154339 ____R (Swearware) C:\Users\Alík\Desktop\ComboFix.exe
2013-12-13 08:38 - 2013-12-13 08:39 - 00000000 ____D C:\rsit
2013-12-12 18:37 - 2013-12-12 18:37 - 00111460 _____ C:\Users\Alík\Desktop\1641436.jpeg
2013-12-12 01:16 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 01:16 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 01:16 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 01:16 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 01:15 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 01:15 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 01:15 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 01:15 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 01:15 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 01:15 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 01:15 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 01:15 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 01:15 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 01:15 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 01:15 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 01:15 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 01:15 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 01:15 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 01:15 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 01:15 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 01:15 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 01:15 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 01:15 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 01:15 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 01:15 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 01:15 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 01:15 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 01:15 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 01:15 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 01:15 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 01:15 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 01:15 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 01:15 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 01:15 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 01:15 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 22:48 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 22:48 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 22:48 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 22:48 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 22:48 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 22:48 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 22:48 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 22:48 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 22:48 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 22:48 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 22:48 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 22:48 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 22:48 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 22:48 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 22:48 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 22:48 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 22:48 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 22:48 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 22:48 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-11 21:14 - 2013-12-11 21:14 - 03279639 _____ C:\Users\Alík\Desktop\15879.ptg
2013-12-07 22:36 - 2013-12-13 21:22 - 00000000 ____D C:\Users\Alík\Documents\Battlefield Play4Free
2013-12-07 17:22 - 2013-12-07 17:22 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2013-12-07 15:45 - 2013-12-11 15:04 - 00000000 ____D C:\Users\Alík\Desktop\Původní data aplikace Firefox
2013-12-07 01:23 - 2013-12-07 01:23 - 00000872 _____ C:\Users\Public\Desktop\The Walking Dead - Survival Instinct.lnk
2013-12-06 21:50 - 2013-12-06 21:50 - 00000808 _____ C:\Users\Public\Desktop\Nosferatu.lnk
2013-12-06 21:50 - 2013-12-06 21:50 - 00000000 ____D C:\Windows\SysWOW64\games
2013-12-06 15:19 - 2013-12-06 15:19 - 00062407 _____ C:\Users\Guest\Desktop\UVALP-E8.T1 01.xlsx
2013-11-29 17:36 - 2013-11-30 20:59 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-11-26 11:14 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-26 11:10 - 2013-11-26 11:10 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-26 11:10 - 2013-11-26 11:10 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-26 11:10 - 2013-11-26 11:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-26 11:10 - 2013-11-26 11:10 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-26 11:10 - 2013-11-26 11:10 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-26 11:10 - 2013-11-26 11:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-26 11:10 - 2013-11-26 11:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-26 11:10 - 2013-11-26 11:10 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-26 11:10 - 2013-11-26 11:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-26 11:10 - 2013-11-26 11:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-26 11:10 - 2013-11-26 11:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-26 11:10 - 2013-11-26 11:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-26 11:10 - 2013-11-26 11:10 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-26 11:10 - 2013-11-26 11:10 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-26 11:10 - 2013-11-26 11:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-26 11:10 - 2013-11-26 11:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-26 11:10 - 2013-11-26 11:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-26 11:10 - 2013-11-26 11:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-26 11:10 - 2013-11-26 11:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-26 11:10 - 2013-11-26 11:10 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-15 22:40 - 2013-11-15 22:40 - 00000000 ____D C:\Users\Alík\Documents\Assassin's Creed IV Black Flag
2013-11-15 22:09 - 2013-11-15 22:09 - 00000883 _____ C:\Users\Public\Desktop\Assassins Creed 4 Black Flag.lnk
2013-11-15 19:04 - 2011-02-22 13:48 - 00030816 _____ (NT Kernel Resources) C:\Windows\system32\Drivers\ndisrd.sys
2013-11-15 19:03 - 2013-11-15 19:04 - 00000000 ____D C:\Program Files (x86)\MyPublicWiFi
2013-11-15 18:52 - 2013-11-15 18:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-12-14 17:16 - 2013-12-14 17:15 - 00029373 _____ C:\Users\Alík\Desktop\FRST.txt
2013-12-14 17:15 - 2013-12-14 17:15 - 00000000 ____D C:\FRST
2013-12-14 17:13 - 2013-12-14 17:13 - 00112640 _____ (forum.viry.cz) C:\Users\Alík\Desktop\FRSTLauncher.exe
2013-12-14 17:13 - 2013-12-14 17:12 - 01927796 _____ (Farbar) C:\Users\Alík\Desktop\FRST64.exe
2013-12-14 17:13 - 2010-11-26 15:29 - 00000000 ____D C:\Users\Alík\AppData\Roaming\Skype
2013-12-14 16:52 - 2009-07-14 05:45 - 00015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-14 16:52 - 2009-07-14 05:45 - 00015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-14 16:48 - 2012-10-10 16:02 - 01178056 _____ C:\Windows\WindowsUpdate.log
2013-12-14 16:47 - 2013-03-23 18:00 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-14 15:56 - 2013-12-14 15:48 - 00000000 ____D C:\Users\Alík\Desktop\RK_Quarantine
2013-12-14 15:51 - 2013-12-14 15:51 - 00003340 _____ C:\Users\Alík\Desktop\RKreport[0]_S_12142013_155105.txt
2013-12-14 15:47 - 2013-12-14 15:48 - 03580416 _____ C:\Users\Alík\Desktop\RogueKiller(1).exe
2013-12-14 15:47 - 2010-04-28 16:24 - 00000000 ____D C:\Users\Alík\AppData\Roaming\uTorrent
2013-12-14 15:43 - 2013-08-07 18:19 - 00000000 ____D C:\Program Files (x86)\Steam
2013-12-14 15:32 - 2013-08-23 20:01 - 00000000 ____D C:\Program Files (x86)\Origin
2013-12-14 15:25 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-14 15:01 - 2010-06-16 19:41 - 00000000 ____D C:\Users\Alík\AppData\Local\LogMeIn Hamachi
2013-12-14 15:01 - 2010-04-29 13:26 - 00000000 ____D C:\Users\Alík\AppData\Roaming\DAEMON Tools Lite
2013-12-14 15:00 - 2009-12-21 06:34 - 00000000 ____D C:\Windows\Panther
2013-12-14 14:59 - 2013-02-25 00:20 - 00000000 ____D C:\Program Files (x86)\CCleaner
2013-12-14 14:58 - 2013-12-14 14:58 - 00001021 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-14 14:58 - 2012-10-10 14:50 - 00002782 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-12-14 11:59 - 2013-12-14 11:59 - 00002515 _____ C:\Users\Public\Desktop\Skype.lnk
2013-12-14 11:59 - 2010-11-26 15:28 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-14 11:59 - 2010-11-26 15:28 - 00000000 ____D C:\ProgramData\Skype
2013-12-14 10:52 - 2013-09-11 21:33 - 00000000 ____D C:\Users\Alík\AppData\Roaming\Seznam.cz
2013-12-13 21:27 - 2013-10-21 17:22 - 00282104 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-12-13 21:27 - 2012-12-23 15:04 - 00234768 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-12-13 21:27 - 2011-03-22 14:56 - 00282104 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-12-13 21:22 - 2013-12-07 22:36 - 00000000 ____D C:\Users\Alík\Documents\Battlefield Play4Free
2013-12-13 15:12 - 2010-04-15 13:26 - 00000000 ___RD C:\Users\Alík\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-13 14:25 - 2013-12-13 14:25 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-12-13 14:02 - 2013-01-17 23:56 - 00000000 ____D C:\Qoobox
2013-12-13 14:01 - 2013-12-13 14:01 - 00021029 _____ C:\ComboFix.txt
2013-12-13 13:58 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-12-13 13:46 - 2013-12-13 13:46 - 00000018 _____ C:\Users\Alík\Desktop\CFScript.txt
2013-12-13 13:40 - 2012-10-06 16:46 - 00000000 ____D C:\Users\Alík\AppData\Local\Apps\2.0
2013-12-13 12:32 - 2013-12-13 12:32 - 05154339 ____R (Swearware) C:\Users\Alík\Desktop\ComboFix.exe
2013-12-13 12:23 - 2013-01-29 20:10 - 00000000 ____D C:\Program Files\trend micro
2013-12-13 08:59 - 2011-04-11 10:24 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Skype
2013-12-13 08:58 - 2010-09-07 07:01 - 00000000 ____D C:\Users\Guest\AppData\Local\LogMeIn Hamachi
2013-12-13 08:39 - 2013-12-13 08:38 - 00000000 ____D C:\rsit
2013-12-13 00:39 - 2013-08-29 15:06 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-12-13 00:02 - 2010-04-15 13:26 - 00000000 ____D C:\Users\Alík
2013-12-12 23:06 - 2009-07-14 16:18 - 00675100 _____ C:\Windows\system32\perfh005.dat
2013-12-12 23:06 - 2009-07-14 16:18 - 00145054 _____ C:\Windows\system32\perfc005.dat
2013-12-12 23:06 - 2009-07-14 06:13 - 01604522 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-12 18:37 - 2013-12-12 18:37 - 00111460 _____ C:\Users\Alík\Desktop\1641436.jpeg
2013-12-12 17:05 - 2013-10-15 12:16 - 00000000 ____D C:\Users\Alík\Documents\FIFA 14
2013-12-12 11:02 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-12 11:00 - 2009-07-14 05:45 - 04957384 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 01:16 - 2009-12-21 00:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 21:14 - 2013-12-11 21:14 - 03279639 _____ C:\Users\Alík\Desktop\15879.ptg
2013-12-11 15:04 - 2013-12-07 15:45 - 00000000 ____D C:\Users\Alík\Desktop\Původní data aplikace Firefox
2013-12-11 12:52 - 2013-03-23 18:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 12:52 - 2013-03-23 18:00 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 12:52 - 2011-08-06 18:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-10 21:28 - 2012-05-12 11:52 - 00000000 ____D C:\Users\Alík\AppData\Roaming\vlc
2013-12-09 20:40 - 2012-05-12 11:16 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-12-07 22:26 - 2013-08-07 21:39 - 00000000 ____D C:\Users\Alík\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-12-07 17:22 - 2013-12-07 17:22 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2013-12-07 17:21 - 2009-12-20 23:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-07 16:24 - 2011-02-19 08:50 - 00000000 ____D C:\Users\Alík\AppData\Roaming\.minecraft
2013-12-07 01:23 - 2013-12-07 01:23 - 00000872 _____ C:\Users\Public\Desktop\The Walking Dead - Survival Instinct.lnk
2013-12-07 01:21 - 2011-11-03 18:04 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-12-06 21:50 - 2013-12-06 21:50 - 00000808 _____ C:\Users\Public\Desktop\Nosferatu.lnk
2013-12-06 21:50 - 2013-12-06 21:50 - 00000000 ____D C:\Windows\SysWOW64\games
2013-12-06 16:16 - 2012-10-24 22:53 - 00000000 ___RD C:\Users\Guest\Desktop\79
2013-12-06 15:19 - 2013-12-06 15:19 - 00062407 _____ C:\Users\Guest\Desktop\UVALP-E8.T1 01.xlsx
2013-12-06 14:19 - 2013-09-12 07:18 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Seznam.cz
2013-12-04 20:25 - 2009-07-14 06:08 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-03 15:49 - 2010-12-08 13:33 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-12-01 12:47 - 2012-11-09 16:32 - 00000000 ____D C:\Users\Alík\Desktop\Škola
2013-11-30 20:59 - 2013-11-29 17:36 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-11-29 17:40 - 2011-08-12 18:47 - 00000000 ____D C:\Program Files (x86)\Dream Computer Piano
2013-11-26 19:48 - 2013-09-04 16:49 - 00000219 _____ C:\Users\Alík\Desktop\Dota 2.url
2013-11-26 16:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-26 12:54 - 2013-12-12 01:15 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 11:19 - 2013-12-12 01:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 11:18 - 2013-12-12 01:15 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 11:11 - 2013-12-12 01:15 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-26 11:10 - 2013-11-26 11:10 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-26 11:10 - 2013-11-26 11:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-26 11:10 - 2013-11-26 11:10 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-26 11:10 - 2013-11-26 11:10 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-26 11:10 - 2013-11-26 11:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-26 11:10 - 2013-11-26 11:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-26 11:10 - 2013-11-26 11:10 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-26 11:10 - 2013-11-26 11:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-26 11:10 - 2013-11-26 11:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-26 11:10 - 2013-11-26 11:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-26 11:10 - 2013-11-26 11:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-26 11:10 - 2013-11-26 11:10 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-26 11:10 - 2013-11-26 11:10 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-26 11:10 - 2013-11-26 11:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-26 11:10 - 2013-11-26 11:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-26 11:10 - 2013-11-26 11:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-26 11:10 - 2013-11-26 11:10 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-26 11:10 - 2013-11-26 11:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-26 11:10 - 2013-11-26 11:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-26 11:10 - 2013-11-26 11:10 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-26 10:48 - 2013-12-12 01:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 10:46 - 2013-12-12 01:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 10:41 - 2013-12-12 01:15 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 10:29 - 2013-12-12 01:15 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 10:27 - 2013-12-12 01:15 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 10:23 - 2013-12-12 01:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 10:21 - 2013-12-12 01:15 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 10:18 - 2013-12-12 01:15 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 10:18 - 2013-12-12 01:15 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 10:16 - 2013-12-12 01:15 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 09:57 - 2013-12-12 01:15 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 09:38 - 2013-12-12 01:15 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 09:38 - 2013-12-12 01:15 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 09:35 - 2013-12-12 01:15 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 09:32 - 2013-12-12 01:15 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 09:28 - 2013-12-12 01:15 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 09:16 - 2013-12-12 01:15 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 09:02 - 2013-12-12 01:15 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 08:48 - 2013-12-12 01:15 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 08:32 - 2013-12-12 01:15 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 08:26 - 2013-12-12 01:15 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 08:07 - 2013-12-12 01:15 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 07:40 - 2013-12-12 01:15 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 07:34 - 2013-12-12 01:15 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 07:34 - 2013-12-12 01:15 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 07:33 - 2013-12-12 01:15 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 07:27 - 2013-12-12 01:15 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-23 19:26 - 2013-12-11 22:48 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-23 18:47 - 2013-12-11 22:48 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-11-19 11:21 - 2009-12-20 23:53 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-19 00:35 - 2013-01-19 17:57 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-19 00:35 - 2013-01-19 17:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-19 00:35 - 2011-01-25 23:30 - 00001912 _____ C:\Windows\epplauncher.mif
2013-11-15 23:59 - 2013-01-14 17:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-15 22:40 - 2013-11-15 22:40 - 00000000 ____D C:\Users\Alík\Documents\Assassin's Creed IV Black Flag
2013-11-15 22:09 - 2013-11-15 22:09 - 00000883 _____ C:\Users\Public\Desktop\Assassins Creed 4 Black Flag.lnk
2013-11-15 19:04 - 2013-11-15 19:03 - 00000000 ____D C:\Program Files (x86)\MyPublicWiFi
2013-11-15 18:53 - 2013-11-15 18:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 06:27 - 2013-08-05 00:49 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 06:20 - 2009-12-20 23:52 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Alík\AppData\Local\Temp\ntdll_dump.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\RegInOut Scheduled Scan - Martin.job => C:\Program Files (x86)\RegInOut\RegInOut.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGFMV89K8N4TKBRVDNGCMPLH9M9YWGPYTMP142LVFKXXHJMLNHCE1SYBPYE0PMJ4T18891X6LVP0DKB35P1JCDVRJKMJUVPNJ7K
AlternateDataStreams: C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
AlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_PVX2VCGFMV89K8N4TKBRVDNGCMPLH9M9YWGPYTMP142LVFKXXHJMLNHCE1SYBPYE0PMJ4T18891X6LVP0DKB35P1JCDVRJKMJUVPNJ7K
AlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_PVX2VCGFMV89K8N4TKBRVDNGCMPLH9M9YWGPYTMP142LVFKXXHJMLNHCE1SYBPYE0PMJ4T18891X6LVP0DKB35P1JCDVRJKMJUVPNJ7K
AlternateDataStreams: C:\ProgramData\Data aplikací:$SS_DESCRIPTOR_PVX2VCGFMV89K8N4TKBRVDNGCMPLH9M9YWGPYTMP142LVFKXXHJMLNHCE1SYBPYE0PMJ4T18891X6LVP0DKB35P1JCDVRJKMJUVPNJ7K
AlternateDataStreams: C:\ProgramData\TEMP:3559A02E
AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE
AlternateDataStreams: C:\ProgramData\TEMP:C28667BE
AlternateDataStreams: C:\ProgramData\TEMP:E64A79AB

==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Al¡k\Desktop" je 1111 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce
"C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent
"C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================
Přílohy
Addition.7z
(6.89 KiB) Staženo 50 x
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119532
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: skype se laguje podezření na vir

#4 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start
HKCU\...\Run: [Facebook Update] - C:\Users\Alík\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-06-25] (Facebook Inc.)
C:\Users\Alík\AppData\Local\Facebook\Update
HKLM-x32\...\Run: [SunJavaUpdateSched] - C-
HKU\Martin\...\Run: [LG LinkAir] - [x]
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - F780142E33B740098AF8F68F376D8CB0 URL = http://mystart.incredibar.com/mb201/?se ... ccJnK&i=26
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.dalesearch.com/?q={searchTer ... 0&tsp=5040
SearchScopes: HKCU - {25477387-2310-45df-933D-E9416D3D0303} URL = http://eis.esnips.com/page/search_provi ... 8d1391d&q={searchTerms}
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-x32: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
C:\Program Files (x86)\Skype\Toolbars
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
FF ProfilePath: C:\Users\Alík\AppData\Roaming\Mozilla\Firefox\Profiles\f18me2ah.default-1386427544464
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF Plugin: @microsoft.com/GENUINE - disabled No File
CHR HomePage: hxxp://www.dalesearch.com/?babsrc=HP_ss ... 0&tsp=5040
CHR RestoreOnStartup: "hxxp://www.dalesearch.com/?babsrc=HP_ss&mntrId ... 0&tsp=5040"
CHR DefaultSearchKeyword: bing.com
CHR DefaultSearchProvider: Bing
CHR DefaultSearchURL: http://www.bing.com/search?FORM=UP97DF& ... earchTerms}
C:\Users\Alík\AppData\Local\Temp
C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGFMV89K8N4TKBRVDNGCMPLH9M9YWGPYTMP142LVFKXXHJMLNHCE1SYBPYE0PMJ4T18891X6LVP0DKB35P1JCDVRJKMJUVPNJ7K
AlternateDataStreams: C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
AlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_PVX2VCGFMV89K8N4TKBRVDNGCMPLH9M9YWGPYTMP142LVFKXXHJMLNHCE1SYBPYE0PMJ4T18891X6LVP0DKB35P1JCDVRJKMJUVPNJ7K
AlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_PVX2VCGFMV89K8N4TKBRVDNGCMPLH9M9YWGPYTMP142LVFKXXHJMLNHCE1SYBPYE0PMJ4T18891X6LVP0DKB35P1JCDVRJKMJUVPNJ7K
AlternateDataStreams: C:\ProgramData\Data aplikací:$SS_DESCRIPTOR_PVX2VCGFMV89K8N4TKBRVDNGCMPLH9M9YWGPYTMP142LVFKXXHJMLNHCE1SYBPYE0PMJ4T18891X6LVP0DKB35P1JCDVRJKMJUVPNJ7K
AlternateDataStreams: C:\ProgramData\TEMP:3559A02E
AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE
AlternateDataStreams: C:\ProgramData\TEMP:C28667BE
AlternateDataStreams: C:\ProgramData\TEMP:E64A79AB
SweetIM for Facebook 1.0 (x32 Version: 1.0.0006)
SweetIM for Messenger 3.3 (x32 Version: 3.3.0007)
Task: {346E8604-C45B-4C08-9E57-DD13E87B251A} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Alex05
Návštěvník
Návštěvník
Příspěvky: 114
Registrován: 19 led 2013 00:21

Re: skype se laguje podezření na vir

#5 Příspěvek od Alex05 »

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2013 01
Ran by Alík at 2013-12-14 18:42:08 Run:1
Running from C:\Users\Alík\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKCU\...\Run: [Facebook Update] - C:\Users\Alík\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-06-25] (Facebook Inc.)
C:\Users\Alík\AppData\Local\Facebook\Update
HKLM-x32\...\Run: [SunJavaUpdateSched] - C-
HKU\Martin\...\Run: [LG LinkAir] - [x]
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - F780142E33B740098AF8F68F376D8CB0 URL = http://mystart.incredibar.com/mb201/?se ... ccJnK&i=26
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.dalesearch.com/?q={searchTer ... 0&tsp=5040
SearchScopes: HKCU - {25477387-2310-45df-933D-E9416D3D0303} URL = http://eis.esnips.com/page/search_provi ... 8d1391d&q={searchTerms}
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-x32: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
C:\Program Files (x86)\Skype\Toolbars
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
FF ProfilePath: C:\Users\Alík\AppData\Roaming\Mozilla\Firefox\Profiles\f18me2ah.default-1386427544464
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF Plugin: @microsoft.com/GENUINE - disabled No File
CHR HomePage: hxxp://www.dalesearch.com/?babsrc=HP_ss ... 0&tsp=5040
CHR RestoreOnStartup: "hxxp://www.dalesearch.com/?babsrc=HP_ss&mntrId ... 0&tsp=5040"
CHR DefaultSearchKeyword: bing.com
CHR DefaultSearchProvider: Bing
CHR DefaultSearchURL: http://www.bing.com/search?FORM=UP97DF& ... earchTerms}
C:\Users\Alík\AppData\Local\Temp
C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGFMV89K8N4TKBRVDNGCMPLH9M9YWGPYTMP142LVFKXXHJMLNHCE1SYBPYE0PMJ4T18891X6LVP0DKB35P1JCDVRJKMJUVPNJ7K
AlternateDataStreams: C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
AlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_PVX2VCGFMV89K8N4TKBRVDNGCMPLH9M9YWGPYTMP142LVFKXXHJMLNHCE1SYBPYE0PMJ4T18891X6LVP0DKB35P1JCDVRJKMJUVPNJ7K
AlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_PVX2VCGFMV89K8N4TKBRVDNGCMPLH9M9YWGPYTMP142LVFKXXHJMLNHCE1SYBPYE0PMJ4T18891X6LVP0DKB35P1JCDVRJKMJUVPNJ7K
AlternateDataStreams: C:\ProgramData\Data aplikací:$SS_DESCRIPTOR_PVX2VCGFMV89K8N4TKBRVDNGCMPLH9M9YWGPYTMP142LVFKXXHJMLNHCE1SYBPYE0PMJ4T18891X6LVP0DKB35P1JCDVRJKMJUVPNJ7K
AlternateDataStreams: C:\ProgramData\TEMP:3559A02E
AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE
AlternateDataStreams: C:\ProgramData\TEMP:C28667BE
AlternateDataStreams: C:\ProgramData\TEMP:E64A79AB
SweetIM for Facebook 1.0 (x32 Version: 1.0.0006)
SweetIM for Messenger 3.3 (x32 Version: 3.3.0007)
Task: {346E8604-C45B-4C08-9E57-DD13E87B251A} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe
End
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => Value deleted successfully.
C:\Users\Alík\AppData\Local\Facebook\Update => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKU\Martin\Software\Microsoft\Windows\CurrentVersion\Run\\LG LinkAir => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\F780142E33B740098AF8F68F376D8CB0 => Key deleted successfully.
HKCR\CLSID\F780142E33B740098AF8F68F376D8CB0 => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{25477387-2310-45df-933D-E9416D3D0303} => Key deleted successfully.
HKCR\CLSID\{25477387-2310-45df-933D-E9416D3D0303} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9FDDE16B-836F-4806-AB1F-1455CBEFF289} => Key deleted successfully.
C:\Program Files (x86)\Windows Live\Companion\companioncore.dll => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key deleted successfully.
C:\Program Files (x86)\Skype\Toolbars => Moved successfully.
HKCR\PROTOCOLS\Handler\skype-ie-addon-data => Key deleted successfully.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.
C:\Program Files (x86)\Skype\Toolbars => Should not be moved.
Firefox Keyword.URL deleted successfully.
HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
CHR HomePage: hxxp://www.dalesearch.com/?babsrc=HP_ss ... 0&tsp=5040 ==> The Chrome "Settings" can be used to fix the entry.
CHR RestoreOnStartup: "hxxp://www.dalesearch.com/?babsrc=HP_ss&mntrId ... 0&tsp=5040" ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchKeyword: bing.com ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchProvider: Bing ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchURL: http://www.bing.com/search?FORM=UP97DF& ... earchTerms} ==> The Chrome "Settings" can be used to fix the entry.

"C:\Users\Alík\AppData\Local\Temp" directory move:

C:\Users\Alík\AppData\Local\Temp\613770.od => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\BP4FUpdater.log => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\BP4FUpdaterLauncher.log => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\CVR5D7A.tmp.cvr => Moved successfully.
Could not move "C:\Users\Alík\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\Alík\AppData\Local\Temp\MSI14a3a.LOG => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\MSI40cec.LOG => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\PDApp.log => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\Skype.msi => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\SkypeToolbars.msi => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\users00 => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\utt1A43.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\utt1A44.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\utt1A45.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\utt1A56.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\utt203C.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\utt203D.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\utt204E.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\utt204F.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\utt23F4.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\utt2414.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\utt2415.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\utt2416.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\utt2CDD.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\utt2D1D.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\utt2D1E.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\utt2D2E.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\utt3B4E.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\utt3B6F.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\utt3B9E.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\utt3BBF.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\utt401F.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\utt4020.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\utt4021.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\utt4022.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\utt7915.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\utt7916.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\utt7917.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\utt7928.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\utt7F7F.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\utt806A.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\utt80C9.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\utt80CA.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\uttF0C8.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\uttF0D9.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\uttF0DA.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\uttF0DB.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\uttF790.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\uttF791.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\uttF792.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\uttF7A2.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\_17EA.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\_2456.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\_323D.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\_53A3.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\_6D49.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\_AB62.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\~961A.bat => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\~961A.tmp => Moved successfully.
C:\Users\Alík\AppData\Local\Temp\~F058.tmp => Moved successfully.
Could not move "C:\Users\Alík\AppData\Local\Temp" directory. => Scheduled to move on reboot.

Could not move "C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGFMV89K8N4TKBRVDNGCMPLH9M9YWGPYTMP142LVFKXXHJMLNHCE1SYBPYE0PMJ4T18891X6LVP0DKB35P1JCDVRJKMJUVPNJ7K" => Scheduled to move on reboot.
C:\Windows\System32 => ":{4B9A1497-0817-47C4-9612-D6A1C53ACF57}" ADS removed successfully.
"C:\Users\All Users" => ":$SS_DESCRIPTOR_PVX2VCGFMV89K8N4TKBRVDNGCMPLH9M9YWGPYTMP142LVFKXXHJMLNHCE1SYBPYE0PMJ4T18891X6LVP0DKB35P1JCDVRJKMJUVPNJ7K" ADS not found.
"C:\ProgramData\Application Data" => ":$SS_DESCRIPTOR_PVX2VCGFMV89K8N4TKBRVDNGCMPLH9M9YWGPYTMP142LVFKXXHJMLNHCE1SYBPYE0PMJ4T18891X6LVP0DKB35P1JCDVRJKMJUVPNJ7K" ADS not found.
"C:\ProgramData\Data aplikací" => ":$SS_DESCRIPTOR_PVX2VCGFMV89K8N4TKBRVDNGCMPLH9M9YWGPYTMP142LVFKXXHJMLNHCE1SYBPYE0PMJ4T18891X6LVP0DKB35P1JCDVRJKMJUVPNJ7K" ADS not found.
C:\ProgramData\TEMP => ":3559A02E" ADS removed successfully.
C:\ProgramData\TEMP => ":8CE646EE" ADS removed successfully.
C:\ProgramData\TEMP => ":C28667BE" ADS removed successfully.
C:\ProgramData\TEMP => ":E64A79AB" ADS removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{346E8604-C45B-4C08-9E57-DD13E87B251A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{346E8604-C45B-4C08-9E57-DD13E87B251A} => Key deleted successfully.
C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => Key deleted successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2013-12-14 18:45:43)<=

"C:\Users\Alík\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => File could not move.
"C:\Users\Alík\AppData\Local\Temp" => Directory could not move.
"C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGFMV89K8N4TKBRVDNGCMPLH9M9YWGPYTMP142LVFKXXHJMLNHCE1SYBPYE0PMJ4T18891X6LVP0DKB35P1JCDVRJKMJUVPNJ7K" => File could not move.

==== End of Fixlog ====
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119532
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: skype se laguje podezření na vir

#6 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Alex05
Návštěvník
Návštěvník
Příspěvky: 114
Registrován: 19 led 2013 00:21

Re: skype se laguje podezření na vir

#7 Příspěvek od Alex05 »

Právě že žádná stále stejná situace :?:
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119532
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: skype se laguje podezření na vir

#8 Příspěvek od Rudy »

Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Alex05
Návštěvník
Návštěvník
Příspěvky: 114
Registrován: 19 led 2013 00:21

Re: skype se laguje podezření na vir

#9 Příspěvek od Alex05 »

ComboFix 13-12-13.01 - Alík 15.12.2013 0:26.8.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4094.2776 [GMT 1:00]
Spuštěný z: c:\users\AlÝk\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-11-14 do 2013-12-14 )))))))))))))))))))))))))))))))
.
.
2013-12-14 23:36 . 2013-12-14 23:36 -------- d-----w- c:\users\System\AppData\Local\temp
2013-12-14 23:36 . 2013-12-14 23:36 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-12-14 23:36 . 2013-12-14 23:36 -------- d-----w- c:\users\Martin\AppData\Local\temp
2013-12-14 23:36 . 2013-12-14 23:36 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-12-14 23:36 . 2013-12-14 23:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-14 23:36 . 2013-12-14 23:36 -------- d-----w- c:\users\AppData\AppData\Local\temp
2013-12-14 23:36 . 2013-12-14 23:36 -------- d-----w- c:\users\AlÝk\AppData\Local\temp
2013-12-14 23:36 . 2013-12-14 23:36 -------- d-----w- c:\users\ALK~2\AppData\Local\temp
2013-12-14 23:36 . 2013-12-14 23:36 -------- d-----w- c:\users\Alík\AppData\Local\temp
2013-12-14 19:02 . 2013-12-14 19:02 -------- d-----w- c:\users\Alík\AppData\Roaming\Awesomium
2013-12-14 16:15 . 2013-12-14 17:45 -------- d-----w- C:\FRST
2013-12-14 14:38 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F7674192-3EFF-4495-B458-F9A02097997B}\mpengine.dll
2013-12-14 10:59 . 2013-12-14 10:59 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-12-13 14:17 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-13 13:25 . 2013-12-13 13:25 -------- d-----w- c:\programdata\Kaspersky Lab
2013-12-13 07:38 . 2013-12-13 07:39 -------- d-----w- C:\rsit
2013-12-12 00:16 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-12 00:16 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-12 00:16 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 00:16 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-12 00:16 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-11 21:48 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-12-07 16:22 . 2013-12-07 16:22 -------- d-----w- c:\programdata\Hi-Rez Studios
2013-12-07 10:05 . 2013-10-18 13:16 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64F464EA-71CD-4717-96E3-2A6C6DB1C74A}\gapaengine.dll
2013-12-06 20:50 . 2013-12-06 20:50 -------- d-----w- c:\windows\SysWow64\games
2013-11-29 16:36 . 2013-11-30 19:59 -------- d-----w- c:\program files (x86)\MyPC Backup
2013-11-26 10:14 . 2013-10-14 17:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-11-15 18:04 . 2011-02-22 12:48 30816 ----a-w- c:\windows\system32\drivers\ndisrd.sys
2013-11-15 18:03 . 2013-11-15 18:04 -------- d-----w- c:\program files (x86)\MyPublicWiFi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-13 20:27 . 2013-10-21 16:22 282104 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-12-13 20:27 . 2011-03-22 13:56 282104 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-12-13 20:27 . 2012-12-23 14:04 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-12-11 11:52 . 2013-03-23 17:00 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 11:52 . 2011-08-06 17:50 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-19 10:21 . 2009-12-20 22:53 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-14 05:20 . 2009-12-20 22:52 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-10-21 16:22 . 2013-10-21 16:22 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-10-18 13:16 . 2013-03-13 14:16 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-12 02:30 . 2013-11-13 22:49 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 22:49 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 22:49 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 22:49 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 22:49 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25 . 2013-11-13 22:54 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-13 22:54 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-13 22:51 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-13 22:51 197120 ----a-w- c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-13 22:51 1930752 ----a-w- c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-13 22:51 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-13 22:51 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-13 22:51 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-13 22:49 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-13 22:49 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-09-28 01:09 . 2013-11-13 22:52 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-27 08:53 . 2013-09-27 08:53 248240 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-09-27 08:53 . 2012-08-30 21:03 134944 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-09-25 02:26 . 2013-11-13 22:51 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-09-25 02:26 . 2013-11-13 22:51 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:23 . 2013-11-13 22:51 135680 ----a-w- c:\windows\system32\sspicli.dll
2013-09-25 02:23 . 2013-11-13 22:51 28672 ----a-w- c:\windows\system32\sspisrv.dll
2013-09-25 02:23 . 2013-11-13 22:51 28160 ----a-w- c:\windows\system32\secur32.dll
2013-09-25 02:22 . 2013-11-13 22:51 340992 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 02:21 . 2013-11-13 22:51 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-09-25 02:21 . 2013-11-13 22:51 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2013-09-25 01:58 . 2013-11-13 22:51 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-09-25 01:57 . 2013-11-13 22:51 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-09-25 01:57 . 2013-11-13 22:51 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-09-25 01:56 . 2013-11-13 22:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-09-25 01:03 . 2013-11-13 22:51 30720 ----a-w- c:\windows\system32\lsass.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Core Temp"="c:\program files (x86)\CoreTemp64\Core Temp.exe" [2009-08-05 472592]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2009-12-14 385024]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-12-11 1823656]
"cz.seznam.software.autoupdate"="c:\users\Alík\AppData\Roaming\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2013-11-21 3551576]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
"cz.seznam.software.szndesktop"="c:\users\Alík\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2013-04-12 92664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]
"WTClient"="WTClient.exe" [2007-04-11 40960]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\users\Alík\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 MyPublicWiFiService;MyPublicWiFi Service;c:\program files (x86)\MyPublicWiFi\PublicWiFiService.exe;c:\program files (x86)\MyPublicWiFi\PublicWiFiService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys;c:\windows\SYSNATIVE\Drivers\btnetBus.sys [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys;c:\windows\SYSNATIVE\DRIVERS\ENTECH64.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\plugins\UI\safedrv.sys;c:\program files (x86)\Garena\plugins\UI\safedrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys;c:\windows\SYSNATIVE\Drivers\IvtBtBus.sys [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys;c:\windows\SYSNATIVE\drivers\libusb0.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys;c:\windows\SYSNATIVE\DRIVERS\PTSimHid.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys;c:\windows\SYSNATIVE\Drivers\BtHidBus.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys;c:\windows\SYSNATIVE\DRIVERS\ndisrd.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys;c:\windows\SYSNATIVE\drivers\acedrv11.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\sims 3-2\HiPatchService.exe;d:\sims 3-2\HiPatchService.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\KMPService.exe;c:\program files (x86)\PANDORA.TV\PanService\KMPService.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtpt64.sys [x]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtbs64.sys [x]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvmdm64.sys [x]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys;c:\windows\SYSNATIVE\DRIVERS\PTSimBus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
nrmtqgrt
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-19 10:44 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-12-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-23 11:52]
.
2013-08-11 c:\windows\Tasks\RegInOut Scheduled Scan - Martin.job
- c:\program files (x86)\RegInOut\RegInOut.exe [2011-12-30 08:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-03 9642528]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = hxxp://www.google.com
IE: Add to AMV Convert Tool... - c:\program files (x86)\MP3 Player Utilities 4.00\AMVConverter\grab.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files (x86)\MP3 Player Utilities 4.00\MediaManager\grab.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Alík\AppData\Roaming\Mozilla\Firefox\Profiles\f18me2ah.default-1386427544464\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
FF - ExtSQL: 2013-12-07 22:26; battlefieldplay4free@ea.com; c:\users\Alík\AppData\Roaming\Mozilla\Firefox\Profiles\f18me2ah.default-1386427544464\extensions\battlefieldplay4free@ea.com
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2013-12-15 00:39:03
ComboFix-quarantined-files.txt 2013-12-14 23:39
ComboFix2.txt 2013-12-13 13:01
ComboFix3.txt 2013-12-13 11:57
ComboFix4.txt 2013-01-21 22:24
ComboFix5.txt 2013-12-14 23:24
.
Před spuštěním: Volných bajtů: 11 009 564 672
Po spuštění: Volných bajtů: 10 622 287 872
.
- - End Of File - - D16B4F97BC0FAE77AA885ED8D3B0677F
413FC2A0C716421B3158746D63736515
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119532
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: skype se laguje podezření na vir

#10 Příspěvek od Rudy »

Přesuňte ComboFix na kořenový adresář c:\. Otevřte poznámkový blok a zkopírujte do něj:
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Reboot::
Uložte opět na kořenový adresář c:\ jako CFScript.txt. Pak jej myší (v průzkumníku windows, nebo jiném souborovém manažeru) přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Alex05
Návštěvník
Návštěvník
Příspěvky: 114
Registrován: 19 led 2013 00:21

Re: skype se laguje podezření na vir

#11 Příspěvek od Alex05 »

Tím na kořenový adresář myslíte prostě na C? :)
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119532
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: skype se laguje podezření na vir

#12 Příspěvek od Rudy »

Alex05 píše:Tím na kořenový adresář myslíte prostě na C? :)
Ano. Normálně to děláme z plochy, ale protože máte v názvu profilu diakritiku, kterou CF nezná, nedokázal by skript načíst.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Alex05
Návštěvník
Návštěvník
Příspěvky: 114
Registrován: 19 led 2013 00:21

Re: skype se laguje podezření na vir

#13 Příspěvek od Alex05 »

ComboFix 13-12-13.01 - Alík 15.12.2013 12:40:00.9.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4094.2606 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-11-15 do 2013-12-15 )))))))))))))))))))))))))))))))
.
.
2013-12-14 19:02 . 2013-12-14 19:02 -------- d-----w- c:\users\Alík\AppData\Roaming\Awesomium
2013-12-14 16:15 . 2013-12-14 17:45 -------- d-----w- C:\FRST
2013-12-14 10:59 . 2013-12-14 10:59 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-12-13 14:17 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-13 13:25 . 2013-12-13 13:25 -------- d-----w- c:\programdata\Kaspersky Lab
2013-12-13 07:38 . 2013-12-13 07:39 -------- d-----w- C:\rsit
2013-12-12 00:16 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-12 00:16 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-12 00:16 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 00:16 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-12 00:16 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-11 21:48 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-12-07 16:22 . 2013-12-07 16:22 -------- d-----w- c:\programdata\Hi-Rez Studios
2013-12-07 10:05 . 2013-10-18 13:16 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64F464EA-71CD-4717-96E3-2A6C6DB1C74A}\gapaengine.dll
2013-12-06 20:50 . 2013-12-06 20:50 -------- d-----w- c:\windows\SysWow64\games
2013-11-29 16:36 . 2013-11-30 19:59 -------- d-----w- c:\program files (x86)\MyPC Backup
2013-11-26 10:14 . 2013-10-14 17:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-11-15 18:04 . 2011-02-22 12:48 30816 ----a-w- c:\windows\system32\drivers\ndisrd.sys
2013-11-15 18:03 . 2013-11-15 18:04 -------- d-----w- c:\program files (x86)\MyPublicWiFi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-15 10:04 . 2009-12-20 22:52 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-13 20:27 . 2013-10-21 16:22 282104 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-12-13 20:27 . 2011-03-22 13:56 282104 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-12-13 20:27 . 2012-12-23 14:04 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-12-11 11:52 . 2013-03-23 17:00 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 11:52 . 2011-08-06 17:50 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-19 10:21 . 2009-12-20 22:53 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-10-21 16:22 . 2013-10-21 16:22 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-10-18 13:16 . 2013-03-13 14:16 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-12 02:30 . 2013-11-13 22:49 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 22:49 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 22:49 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 22:49 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 22:49 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25 . 2013-11-13 22:54 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-13 22:54 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-13 22:51 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-13 22:51 197120 ----a-w- c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-13 22:51 1930752 ----a-w- c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-13 22:51 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-13 22:51 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-13 22:51 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-13 22:49 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-13 22:49 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-09-28 01:09 . 2013-11-13 22:52 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-27 08:53 . 2013-09-27 08:53 248240 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-09-27 08:53 . 2012-08-30 21:03 134944 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-09-25 02:26 . 2013-11-13 22:51 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-09-25 02:26 . 2013-11-13 22:51 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:23 . 2013-11-13 22:51 135680 ----a-w- c:\windows\system32\sspicli.dll
2013-09-25 02:23 . 2013-11-13 22:51 28672 ----a-w- c:\windows\system32\sspisrv.dll
2013-09-25 02:23 . 2013-11-13 22:51 28160 ----a-w- c:\windows\system32\secur32.dll
2013-09-25 02:22 . 2013-11-13 22:51 340992 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 02:21 . 2013-11-13 22:51 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-09-25 02:21 . 2013-11-13 22:51 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2013-09-25 01:58 . 2013-11-13 22:51 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-09-25 01:57 . 2013-11-13 22:51 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-09-25 01:57 . 2013-11-13 22:51 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-09-25 01:56 . 2013-11-13 22:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-09-25 01:03 . 2013-11-13 22:51 30720 ----a-w- c:\windows\system32\lsass.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Core Temp"="c:\program files (x86)\CoreTemp64\Core Temp.exe" [2009-08-05 472592]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2009-12-14 385024]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-12-11 1823656]
"cz.seznam.software.autoupdate"="c:\users\Alík\AppData\Roaming\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2013-11-21 3551576]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
"cz.seznam.software.szndesktop"="c:\users\Alík\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2013-04-12 92664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]
"WTClient"="WTClient.exe" [2007-04-11 40960]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\users\Alík\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys;c:\windows\SYSNATIVE\Drivers\btnetBus.sys [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys;c:\windows\SYSNATIVE\DRIVERS\ENTECH64.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\plugins\UI\safedrv.sys;c:\program files (x86)\Garena\plugins\UI\safedrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys;c:\windows\SYSNATIVE\Drivers\IvtBtBus.sys [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys;c:\windows\SYSNATIVE\drivers\libusb0.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys;c:\windows\SYSNATIVE\DRIVERS\PTSimHid.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys;c:\windows\SYSNATIVE\Drivers\BtHidBus.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys;c:\windows\SYSNATIVE\DRIVERS\ndisrd.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys;c:\windows\SYSNATIVE\drivers\acedrv11.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\sims 3-2\HiPatchService.exe;d:\sims 3-2\HiPatchService.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MyPublicWiFiService;MyPublicWiFi Service;c:\program files (x86)\MyPublicWiFi\PublicWiFiService.exe;c:\program files (x86)\MyPublicWiFi\PublicWiFiService.exe [x]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\KMPService.exe;c:\program files (x86)\PANDORA.TV\PanService\KMPService.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtpt64.sys [x]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtbs64.sys [x]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvmdm64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys;c:\windows\SYSNATIVE\DRIVERS\PTSimBus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
nrmtqgrt
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-19 10:44 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-12-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-23 11:52]
.
2013-12-15 c:\windows\Tasks\RegInOut Scheduled Scan - Martin.job
- c:\program files (x86)\RegInOut\RegInOut.exe [2011-12-30 08:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-03 9642528]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = hxxp://www.google.com
IE: Add to AMV Convert Tool... - c:\program files (x86)\MP3 Player Utilities 4.00\AMVConverter\grab.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files (x86)\MP3 Player Utilities 4.00\MediaManager\grab.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Alík\AppData\Roaming\Mozilla\Firefox\Profiles\f18me2ah.default-1386427544464\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
FF - ExtSQL: 2013-12-07 22:26; battlefieldplay4free@ea.com; c:\users\Alík\AppData\Roaming\Mozilla\Firefox\Profiles\f18me2ah.default-1386427544464\extensions\battlefieldplay4free@ea.com
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\folding@homecpu\4\Fah.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\PANDORA.TV\PanService\KMPProcess.exe
c:\windows\System32\Drivers\WTSRV.EXE
c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
.
**************************************************************************
.
Celkový čas: 2013-12-15 12:57:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-12-15 11:57
ComboFix2.txt 2013-12-13 13:01
ComboFix3.txt 2013-12-13 11:57
ComboFix4.txt 2013-01-21 22:24
ComboFix5.txt 2013-12-14 23:24
.
Před spuštěním: Volných bajtů: 10 476 167 168
Po spuštění: Volných bajtů: 10 244 534 272
.
- - End Of File - - 583AD8883AE8969A82822723733FFB64
413FC2A0C716421B3158746D63736515
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119532
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: skype se laguje podezření na vir

#14 Příspěvek od Rudy »

Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Alex05
Návštěvník
Návštěvník
Příspěvky: 114
Registrován: 19 led 2013 00:21

Re: skype se laguje podezření na vir

#15 Příspěvek od Alex05 »

Nene stím skypem to ani nehlo,jen se mi o něco zrychlil počítač :).. :?: zvláštní je že to jenom na mém počítači na ostatních jede v pořádku takže to nebude internetem :?:
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“