Reklamni rozšiření v Chrome

[Dotancilova]

Zdravím,

Chrome otevírá po kliknutí na většinu odkazů několik stránek + jsou do stránek vkládány reklamní odkazy. PC projeto Avastem a MWAVem, v Chrome stále visí dvě rozšíření (AllCheapPricce a YTBlocKerAppp). Z chrome se je nedaří odstranit, zkoušel jsem odmazání přes registry, ale daný klíč tam chyběl.

Posílám log, můžete prosím poradit? Popřípadě je šance, že se tato potvora šíří i po lokální síti? Je tu ještě pár dalších PC, zatím bez viditelných příznaků.

Díky za pomoc!

[Dotancilova]

RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Petra at 2014-04-05 12:22:53
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 16 GB (6%) free of 296 GB
Total RAM: 3068 MB (28% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4168096460-2447241369-3027707545-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4168096460-2447241369-3027707545-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\HP Photo Creations Communicator.job
C:\Windows\tasks\schedule!3036567561.job
C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-03-27 597816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2012-09-12 947176]
"SmartMenu"=C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [2008-09-23 912688]
"SpywareTerminatorShield"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2013-10-22 2777736]
"SpywareTerminatorUpdater"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2013-10-22 3684488]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-03-27 3854640]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"=C:\Users\Petra\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-26 138096]
"HP Deskjet 3050A J611 series (NET)"=C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2011-06-08 1804648]
"Optimizer Pro"=C:\Program Files\Optimizer Pro\OptProLauncher.exe [2013-06-07 135672]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2014-02-10 20922016]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Petra\AppData\Roaming\Dropbox\bin\Dropbox.exe
Lingea Update Center.lnk - C:\Program Files\Common Files\Lingea Shared\luc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\progra~2\intele~1\intele~1.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableStatusMessages"=0
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=157

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0340282f-5990-11de-a613-00247e1d0d47}]
shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c545786-8ef9-11de-a55a-00247e1d0d47}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL /RECYCLER/hzwwybgu.exe navg

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17b213dc-0eba-11e2-a16c-00247e1d0d47}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17b21426-0eba-11e2-a16c-00247e1d0d47}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17b21464-0eba-11e2-a16c-00247e1d0d47}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17b21476-0eba-11e2-a16c-00247e1d0d47}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74672b88-5988-11de-bd44-00247e1d0d47}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL /RECYCLER/mhvlvhsg.exe navg

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d8efdf2-4fa0-11e2-a49b-00247e1d0d47}]
shell\AutoRun\command - F:\Startme.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89078532-99b7-11df-b3f7-00247e1d0d47}]
shell\AutoRun\command - F:\USBAutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa3dc8bc-6dcd-11e1-a61f-00247e1d0d47}]
shell\AutoRun\command - F:\Startme.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2014-04-05 12:22:54 ----D---- C:\Program Files\trend micro
2014-04-05 12:22:53 ----D---- C:\rsit
2014-03-19 20:24:43 ----AD---- C:\Windows\VDLL.DLL
2014-03-19 20:24:43 ----AD---- C:\Windows\system32\runouce.exe
2014-03-19 20:24:43 ----AD---- C:\Windows\RUNDL132.EXE
2014-03-19 20:24:43 ----AD---- C:\Windows\logo_1.exe
2014-03-19 20:09:33 ----A---- C:\Windows\system32\msvcr80.dll
2014-03-19 20:09:31 ----A---- C:\Windows\system32\msvcp80.dll
2014-03-19 20:09:30 ----A---- C:\Windows\system32\msvcp90.dll
2014-03-19 20:09:29 ----A---- C:\Windows\system32\msvcr90.dll
2014-03-19 20:09:28 ----A---- C:\Windows\system32\eEmpty.exe
2014-03-19 20:09:14 ----D---- C:\Program Files\Common Files\MicroWorld
2014-03-19 20:09:06 ----D---- C:\ProgramData\MicroWorld
2014-03-19 09:06:36 ----D---- C:\Program Files\Common Files\Skype
2014-03-19 01:14:43 ----D---- C:\Users\Petra\AppData\Roaming\AVAST Software
2014-03-19 01:11:56 ----A---- C:\Windows\system32\aswBoot.exe
2014-03-19 01:06:37 ----D---- C:\Program Files\AVAST Software
2014-03-19 01:02:54 ----D---- C:\ProgramData\AVAST Software
2014-03-19 00:59:18 ----D---- C:\Users\Petra\AppData\Roaming\Spyware Terminator
2014-03-19 00:59:18 ----D---- C:\ProgramData\Spyware Terminator
2014-03-19 00:59:00 ----D---- C:\Program Files\Spyware Terminator

======List of files/folders modified in the last 1 months======

2014-04-05 12:22:55 ----D---- C:\Windows\Prefetch
2014-04-05 12:22:54 ----D---- C:\Program Files
2014-04-05 12:22:51 ----D---- C:\Windows\Temp
2014-04-05 12:01:24 ----D---- C:\Users\Petra\AppData\Roaming\Skype
2014-04-04 21:50:40 ----SHD---- C:\System Volume Information
2014-04-04 12:42:04 ----D---- C:\Windows\System32
2014-04-04 12:42:04 ----D---- C:\Windows\inf
2014-04-04 12:42:04 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-03-31 12:56:10 ----D---- C:\Windows\system32\drivers
2014-03-31 12:52:28 ----D---- C:\Windows
2014-03-31 12:51:44 ----D---- C:\Users\Petra\AppData\Roaming\Dropbox
2014-03-30 12:57:23 ----D---- C:\Users\Petra\AppData\Roaming\tixati
2014-03-29 04:18:19 ----D---- C:\Windows\system32\catroot2
2014-03-27 21:25:08 ----D---- C:\Windows\system32\Tasks
2014-03-19 20:39:31 ----D---- C:\Windows\Tasks
2014-03-19 20:30:19 ----D---- C:\ProgramData\Intelewin filter
2014-03-19 20:10:38 ----A---- C:\Windows\win.ini
2014-03-19 20:09:14 ----D---- C:\Program Files\Common Files
2014-03-19 20:09:06 ----HD---- C:\ProgramData
2014-03-19 20:00:35 ----D---- C:\ProgramData\InstallMate
2014-03-19 19:57:30 ----D---- C:\ProgramData\BesTSAvEForYou
2014-03-19 19:57:03 ----D---- C:\ProgramData\AllCheapPricce
2014-03-19 19:48:15 ----D---- C:\ProgramData\saevenshaorie
2014-03-19 19:48:15 ----D---- C:\ProgramData\saavenSHare
2014-03-19 17:01:34 ----D---- C:\ProgramData\YTBlocKerAppp
2014-03-19 17:01:31 ----D---- C:\ProgramData\MinImumPreiice
2014-03-19 17:01:29 ----D---- C:\ProgramData\SeareCh-NewTaba
2014-03-19 09:06:42 ----SHD---- C:\Windows\Installer
2014-03-19 09:06:41 ----D---- C:\ProgramData\Skype
2014-03-19 09:06:36 ----RD---- C:\Program Files\Skype
2014-03-19 01:12:00 ----D---- C:\Windows\winsxs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2014-03-27 54832]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-03-27 776976]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-03-27 411552]
R1 aswTdi;aswTdi; C:\Windows\system32\drivers\aswTdi.sys [2014-03-27 57672]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2011-06-21 32768]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49}; \??\C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl [2008-09-26 59376]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-03-27 67824]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 99272]
R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [2008-03-27 34664]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-02-29 1202560]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-05-12 170032]
R3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-06-23 80424]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2008-06-23 81960]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-06-23 16168]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
R3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-08-29 3664384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2012-10-03 10837352]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2008-08-11 385536]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]
R3 trufos;trufos; C:\Windows\system32\drivers\trufos.sys [2014-03-19 343456]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 awjsxddh;awjsxddh; C:\Windows\system32\drivers\awjsxddh.sys []
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 8192]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2008-11-19 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2008-11-19 19968]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2008-11-19 24832]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 vfs101x;vfs101x; C:\Windows\system32\drivers\vfs101x.sys [2008-05-26 40752]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 XMLDIUSB;XML USB Device Interface; C:\Windows\System32\Drivers\XMLDIUSB.sys [2008-01-16 33152]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_84a4a6b7\aestsrv.exe [2008-06-27 77824]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2007-12-11 12800]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-03-19 144672]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-03-27 50344]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-02-12 345376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 DpHost;@C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [2008-07-14 322624]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-16 94208]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2008-03-18 19456]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-09-12 20472]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-10-02 645992]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-03 1258856]
R2 Recovery Service for Windows;Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [2008-09-23 365904]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2008-06-30 241734]
R2 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service; C:\Program Files\Spyware Terminator\st_rsser.exe [2013-10-22 587912]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_84a4a6b7\STacSV.exe [2008-08-11 225362]
R2 TVCapSvc;TV Background Capture Service (TVBCS); C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-04-22 296320]
R2 TVSched;TV Task Scheduler (TVTS); C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-04-22 116104]
R2 vfsFPService;Validity Fingerprint Service; C:\Windows\system32\vfsFPService.exe [2008-05-26 599344]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2012-09-12 287824]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-19 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-09-08 193840]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-19 136176]
S3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-08-27 165192]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-03-26 545576]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S3 usnjsvc;Služba Čtení deníku USN sdílených složek programu Messenger; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

-----------------EOF-----------------

[vyosek]

Zdravim

To mate nejakou firemni sit?? Nebo jen sit vice PC doma?

Popřípadě je šance, že se tato potvora šíří i po lokální síti? Je tu ještě pár dalších PC, zatím bez viditelných příznaků.

[Dotancilova]

Je to domácí síť, zde několik laptopů..

[vyosek]

Tak na to mrkneme

Odinstalujte Microsoft Security Client - Avast je lepsi a dva antiviry spolu koliduji

Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

• Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
• Spustte a kliknete na Deletion
• Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

• Ulozte nejlepe na plochu
• Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
• Probehne vytvoreni zalohy a nasledne prohledavani
• Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

[Dotancilova]

Díky! Ok, lets go...

UsbFix:

############################## | UsbFix V 7.134 | [Deletion]

User: Petra (Administrator) # PETRA-PC
Updated 06/09/2013 by El Desaparecido
Started at 12:50:27 | 05/04/2014

Website: http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: eldesaparecido@sosvirus.net

PC: Hewlett-Packard (HP Pavilion dv3000 Notebook PC) (X86-based PC)
CPU: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz (2000)
RAM -> [Total : 3068 | Free : 605]
BIOS: Default System BIOS
BOOT: Normal boot

OS: Microsoft® Windows Vista™ Home Premium (6.0.6002 32-Bit) # Service Pack 2
WB: Windows Internet Explorer 8.0.6001.19088

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 289 Gb (16 Mb free - 6%) [] # NTFS
D:\ -> Fixed drive # 9 Gb (1 Mb free - 13%) [RECOVERY] # NTFS
E:\ -> CD-ROM
G:\ -> CD-ROM
H:\ -> Removable drive # 7 Gb (2 Mb free - 29%) [] # FAT32

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [] -
HKLM\SOFTWARE | Run : [SmartMenu] - %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
HKLM\SOFTWARE | Run : [SpywareTerminatorShield] - C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\SOFTWARE | Run : [SpywareTerminatorUpdater] - C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
HKLM\SOFTWARE | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
HKU\S-1-5-19\SOFTWARE | Run : [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
HKU\S-1-5-20\SOFTWARE | Run : [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4168096460-2447241369-3027707545-1000\SOFTWARE | Run : [Facebook Update] - "C:\Users\Petra\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-4168096460-2447241369-3027707545-1000\SOFTWARE | Run : [HP Deskjet 3050A J611 series (NET)] - "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
HKU\S-1-5-21-4168096460-2447241369-3027707545-1000\SOFTWARE | Run : [Optimizer Pro] - C:\Program Files\Optimizer Pro\OptProLauncher.exe
HKU\S-1-5-21-4168096460-2447241369-3027707545-1000\SOFTWARE | Run : [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-4168096460-2447241369-3027707545-1000\SOFTWARE | Run : [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-4168096460-2447241369-3027707545-1001\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
HKU\S-1-5-19\SOFTWARE | RunOnce : [] -
HKU\S-1-5-20\SOFTWARE | RunOnce : [] -
HKU\S-1-5-18\SOFTWARE | RunOnce : [] -

################## | Stopped processes |

Stopped! C:\Windows\system32\nvvsvc.exe (980)
Stopped! C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_84a4a6b7\STacSV.exe (1284)
Stopped! C:\Windows\system32\SLsvc.exe (1472)
Stopped! C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1644)
Stopped! C:\Windows\system32\nvvsvc.exe (1656)
Stopped! C:\Windows\system32\Hpservice.exe (1780)
Stopped! C:\Windows\system32\vfsFPService.exe (1904)
Stopped! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (524)
Stopped! C:\Windows\system32\taskeng.exe (1420)
Stopped! C:\Windows\System32\spoolsv.exe (1584)
Stopped! C:\Program Files\DigitalPersona\Bin\DpHostW.exe (756)
Stopped! C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_84a4a6b7\aestsrv.exe (2304)
Stopped! C:\Windows\system32\agrsmsvc.exe (2340)
Stopped! C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (2352)
Stopped! C:\Program Files\Bonjour\mDNSResponder.exe (2364)
Stopped! C:\Program Files\SMINST\BLService.exe (2640)
Stopped! C:\Program Files\Cyberlink\Shared files\RichVideo.exe (2660)
Stopped! C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (2692)
Stopped! C:\Program Files\Spyware Terminator\st_rsser.exe (2820)
Stopped! C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe (2864)
Stopped! C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe (2900)
Stopped! C:\Windows\system32\SearchIndexer.exe (2972)
Stopped! C:\Windows\system32\taskeng.exe (3636)
Stopped! C:\Program Files\Google\Update\GoogleUpdate.exe (3676)
Stopped! C:\Windows\Explorer.EXE (4064)
Stopped! C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (2268)
Stopped! C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (4072)
Stopped! C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (3508)
Stopped! C:\Program Files\AVAST Software\Avast\AvastUI.exe (1920)
Stopped! C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe (2588)
Stopped! C:\Program Files\Skype\Phone\Skype.exe (2912)
Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (896)
Stopped! C:\Users\Petra\AppData\Roaming\Dropbox\bin\Dropbox.exe (2752)
Stopped! C:\Program Files\Windows Media Player\wmpnscfg.exe (3752)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (2632)
Stopped! c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (4420)
Stopped! C:\Program Files\Optimizer Pro\OptProReminder.exe (4452)
Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (4908)
Stopped! C:\Windows\system32\conime.exe (5968)
Stopped! C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (6068)
Stopped! C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (4352)
Stopped! C:\Windows\system32\taskeng.exe (5744)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (1776)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (3940)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (1488)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (4512)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (4160)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (4088)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (1384)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (4780)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (3412)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (3356)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (5160)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (29556)
Stopped! C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (35444)
Stopped! C:\ProgramData\HP Photo Creations\MessageCheck.exe (37332)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (36916)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (36964)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (38556)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (40904)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (38840)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (40340)
Stopped! C:\Windows\system32\msiexec.exe (35888)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (39324)
Stopped! C:\Windows\system32\WUDFHost.exe (39520)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (40572)
Stopped! C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe (38252)

################## | Files # Infected Folders |

Deleted ! C:\Users\Petra\AppData\Roaming\lowsec
Deleted ! C:\Users\Petra\AppData\Local\Temp\BACKUP.40372591.mexe.com
Deleted ! C:\Users\Petra\AppData\Local\Temp\BACKUP.49864259.mexe.com
Deleted ! C:\Users\Petra\AppData\Local\Temp\mexe.com
Deleted ! C:\Users\Petra\AppData\Local\Temp\MWAVSCAN.COM
Deleted ! C:\Users\Petra\AppData\Local\Temp\Temp
Deleted ! C:\Windows\rundl132.exe
Deleted ! C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
Deleted ! H:\RunClubSanDisk.exe
Deleted ! D:\desktop.ini
Deleted ! H:\autorun.inf

(!) Temporary files deleted.

################## | Registry |

Deleted ! HKCU\Software\Microsoft\Handle
Deleted ! HKCU\Software\QZAIB7KITK
Deleted ! HKCU\Software\YVIBBBHA8C
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Deleted ! HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore|DisableConfig
Deleted ! HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore|DisableSR

################## | Mountpoints2 |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{0340282f-5990-11de-a613-00247e1d0d47}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{0c545786-8ef9-11de-a55a-00247e1d0d47}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{17b213dc-0eba-11e2-a16c-00247e1d0d47}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{17b21426-0eba-11e2-a16c-00247e1d0d47}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{17b21464-0eba-11e2-a16c-00247e1d0d47}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{74672b88-5988-11de-bd44-00247e1d0d47}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{7d8efdf2-4fa0-11e2-a49b-00247e1d0d47}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{89078532-99b7-11df-b3f7-00247e1d0d47}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{aa3dc8bc-6dcd-11e1-a61f-00247e1d0d47}

################## | Listing |

[04/10/2012 - 10:01:27 | SHD ] C:\$RECYCLE.BIN
[22/10/2010 - 13:46:44 | D ] C:\9fc1c041a7bbfa05c7aafd5650b2ac11
[18/09/2006 - 23:43:36 | N | 24] C:\autoexec.bat
[24/10/2012 - 07:54:10 | SHD ] C:\boot
[11/04/2009 - 08:36:36 | RASH | 333257] C:\bootmgr
[05/04/2014 - 12:48:58 | D ] C:\Config.Msi
[18/09/2006 - 23:43:37 | N | 10] C:\config.sys
[02/11/2006 - 15:02:03 | SHD ] C:\Documents and Settings
[07/11/2007 - 09:00:40 | N | 17734] C:\eula.1028.txt
[07/11/2007 - 09:00:40 | N | 17734] C:\eula.1031.txt
[07/11/2007 - 09:00:40 | N | 10134] C:\eula.1033.txt
[07/11/2007 - 09:00:40 | N | 17734] C:\eula.1036.txt
[07/11/2007 - 09:00:40 | N | 17734] C:\eula.1040.txt
[07/11/2007 - 09:00:40 | N | 118] C:\eula.1041.txt
[07/11/2007 - 09:00:40 | N | 17734] C:\eula.1042.txt
[07/11/2007 - 09:00:40 | N | 17734] C:\eula.2052.txt
[07/11/2007 - 09:00:40 | N | 17734] C:\eula.3082.txt
[07/11/2007 - 09:00:40 | N | 1110] C:\globdata.ini
[31/03/2014 - 12:47:29 | ASH | 3218046976] C:\hiberfil.sys
[04/11/2008 - 01:34:56 | D ] C:\HP
[24/10/2012 - 11:56:27 | D ] C:\install
[07/11/2007 - 09:03:18 | N | 562688] C:\install.exe
[07/11/2007 - 09:00:40 | N | 843] C:\install.ini
[07/11/2007 - 09:03:18 | N | 76304] C:\install.res.1028.dll
[07/11/2007 - 09:03:18 | N | 96272] C:\install.res.1031.dll
[07/11/2007 - 09:03:18 | N | 91152] C:\install.res.1033.dll
[07/11/2007 - 09:03:18 | N | 97296] C:\install.res.1036.dll
[07/11/2007 - 09:03:18 | N | 95248] C:\install.res.1040.dll
[07/11/2007 - 09:03:18 | N | 81424] C:\install.res.1041.dll
[07/11/2007 - 09:03:18 | N | 79888] C:\install.res.1042.dll
[07/11/2007 - 09:03:18 | N | 75792] C:\install.res.2052.dll
[07/11/2007 - 09:03:18 | N | 96272] C:\install.res.3082.dll
[20/01/2009 - 03:17:53 | D ] C:\Intel
[15/06/2009 - 12:42:39 | RHD ] C:\MSOCache
[05/10/2012 - 09:55:48 | D ] C:\My Web Sites
[10/05/2013 - 20:13:06 | D ] C:\NVIDIA
[31/03/2014 - 12:47:27 | ASH | 3531833344] C:\pagefile.sys
[21/01/2008 - 04:32:31 | D ] C:\PerfLogs
[05/04/2014 - 12:49:00 | D ] C:\Program Files
[19/03/2014 - 20:09:06 | HD ] C:\ProgramData
[05/04/2014 - 12:31:20 | D ] C:\rsit
[25/08/2010 - 13:16:37 | D ] C:\Sounds
[22/08/2009 - 00:36:44 | N | 268] C:\sqmdata00.sqm
[22/08/2009 - 00:36:44 | N | 244] C:\sqmnoopt00.sqm
[23/10/2012 - 15:44:40 | D ] C:\SwSetup
[04/04/2014 - 21:50:40 | SHD ] C:\System Volume Information
[11/06/2009 - 10:45:16 | D ] C:\System.sav
[13/09/2011 - 12:46:09 | D ] C:\TiskProRadost
[05/04/2014 - 12:58:50 | D ] C:\UsbFix
[05/04/2014 - 12:59:15 | A | 12235] C:\UsbFix [Clean 1] PETRA-PC.txt
[11/08/2013 - 17:55:00 | D ] C:\Users
[07/11/2007 - 09:00:40 | N | 5686] C:\vcredist.bmp
[07/11/2007 - 09:09:22 | N | 1442522] C:\VC_RED.cab
[07/11/2007 - 09:12:28 | N | 232960] C:\VC_RED.MSI
[05/04/2014 - 12:58:38 | D ] C:\Windows
[25/08/2010 - 15:19:14 | N | 208] C:\[20081211]InternetKit.log
[04/10/2012 - 10:01:27 | SHD ] D:\$RECYCLE.BIN
[11/06/2009 - 10:41:46 | N | 13] D:\BLOCK.RIN
[20/01/2009 - 03:47:26 | RSHD ] D:\boot
[04/10/2006 - 01:02:44 | SH | 438328] D:\bootmgr
[10/09/2002 - 18:14:28 | N | 8134] D:\Folder.htt
[20/01/2009 - 03:47:44 | D ] D:\HP
[31/03/2014 - 12:47:57 | N | 195] D:\MASTER.LOG
[20/01/2009 - 03:47:33 | RSHD ] D:\PRELOAD
[12/09/2008 - 19:17:38 | SH | 381873] D:\protect.arabic
[15/09/2008 - 17:57:58 | N | 182624] D:\protect.bulgarian
[16/09/2002 - 16:37:48 | SH | 181898] D:\protect.chinese hong kong
[16/09/2002 - 16:37:40 | SH | 181916] D:\protect.chinese simplified
[16/09/2002 - 16:37:48 | SH | 181898] D:\protect.chinese traditional
[27/04/2006 - 18:19:40 | SH | 181865] D:\protect.czech
[03/11/2005 - 17:21:26 | SH | 181726] D:\protect.danish
[10/09/2002 - 15:56:12 | SH | 181605] D:\protect.dutch
[10/09/2002 - 15:50:18 | N | 181651] D:\protect.ed
[22/11/2004 - 17:28:30 | SH | 181648] D:\protect.english
[03/11/2005 - 17:20:20 | SH | 181673] D:\protect.finnish
[03/11/2005 - 17:19:52 | SH | 181736] D:\protect.french
[03/11/2005 - 17:18:10 | SH | 181669] D:\protect.german
[23/11/2005 - 17:56:46 | SH | 182689] D:\protect.greek
[23/01/2006 - 11:18:00 | SH | 182605] D:\protect.hebrew
[28/08/2007 - 16:58:08 | N | 181696] D:\protect.hungarian
[03/11/2005 - 17:17:00 | SH | 181554] D:\protect.italian
[19/06/2007 - 17:22:10 | SH | 182351] D:\protect.japanese
[24/11/2005 - 13:24:44 | SH | 218295] D:\protect.korean
[03/11/2005 - 17:15:12 | SH | 181578] D:\protect.norwegian
[25/04/2006 - 16:44:10 | SH | 181789] D:\protect.polish
[03/11/2005 - 17:13:12 | SH | 181624] D:\protect.portuguese
[27/10/2005 - 21:24:10 | SH | 181882] D:\protect.portuguese brazilian
[15/09/2008 - 17:57:54 | N | 181735] D:\protect.romanian
[28/06/2004 - 10:52:46 | SH | 211936] D:\protect.russian
[04/07/2007 - 13:46:44 | SH | 181954] D:\protect.slovak
[03/11/2005 - 17:11:46 | SH | 181586] D:\protect.spanish
[10/09/2002 - 16:15:06 | SH | 181602] D:\protect.swedish
[12/08/2003 - 12:37:30 | SH | 181783] D:\protect.turkish
[20/01/2009 - 03:47:25 | RD ] D:\RECOVERY
[20/01/2009 - 03:47:33 | RSHD ] D:\SOURCES
[04/04/2014 - 21:51:08 | SHD ] D:\System Volume Information
[20/01/2009 - 03:47:43 | D ] D:\Tools
[20/01/2009 - 03:47:32 | D ] D:\WINDOWS
[24/08/2011 - 19:46:00 | D ] H:\SanDiskSecureAccess
[29/06/2011 - 10:56:42 | N | 27311232] H:\RunSanDiskSecureAccess_Win.exe
[24/08/2011 - 19:46:10 | D ] H:\club_application
[04/11/2013 - 13:33:42 | D ] H:\Noverre Gallica
[25/10/2013 - 01:24:56 | D ] H:\švédština
[12/11/2013 - 11:05:30 | D ] H:\.Trash-1001
[12/11/2013 - 11:05:00 | D ] H:\ARMIDA
[17/12/2013 - 09:27:06 | D ] H:\Wien
[13/11/2013 - 12:35:36 | D ] H:\táta kalendář 2014
[12/11/2013 - 23:01:42 | N | 16795] H:\Flora Jungmann.docx
[12/11/2013 - 13:39:24 | N | 181076] H:\Flora Jungmann.jpg
[03/02/2014 - 08:08:44 | D ] H:\KB Stockholm
[20/02/2012 - 11:28:08 | D ] H:\PHOTO-BnF
[13/03/2014 - 09:20:16 | D ] H:\Schiller
[28/04/2013 - 18:54:12 | D ] H:\Milano- disertačka
[26/03/2014 - 10:47:34 | D ] H:\Gab. Rycin BUW - Zbiory Królewskie
[24/03/2014 - 17:25:28 | N | 15914] H:\J.-G. Noverre and his luxurious _job application_ to Warsaw.docx
[27/03/2014 - 01:13:02 | N | 3303835] H:\Etat de comporaison du prix des matieres 1755.pdf
[05/03/2013 - 01:33:30 | D ] H:\Didona abbandonata- partitura!
[08/10/2013 - 21:44:04 | D ] H:\Citera assediata
[02/04/2014 - 00:14:16 | D ] H:\BUW Warsawa
[07/02/2009 - 08:04:58 | D ] H:\Oxford Annual Dance Symposium

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
H:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | http://www.sosvirus.net |

[vyosek]

Pockam si jeste na logy z Junkware a AdwCleaneru

[Dotancilova]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Petra on so 05.04.2014 at 13:05:28,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\optimizer pro
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\browserconnection.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dnsbho.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\optimizer pro
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\fun web products
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\funwebproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\mywebsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\shoppingreport2
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\sprotector
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4168096460-2447241369-3027707545-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\browserconnection.loader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\browserconnection.loader.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnsbho.bho
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnsbho.bho.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\shopperreports.reporter
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\shopperreports.reporter.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\shoppingreport2.iebuttona
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\shoppingreport2.iebuttona.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\shoppingreport2.rprtctrl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\1clickdownload
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\optimizer pro_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{a7bc02af-1128-4a31-bcf8-1a3ee803d3b3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{a81a974f-8a22-43e6-9243-5198ff758da1}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{c670dcae-e392-aa32-6f42-143c7fc4bdfd}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2405727
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C0AD47EC-4E3E-4A9D-BC14-91044EE28A08}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{C0AD47EC-4E3E-4A9D-BC14-91044EE28A08}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\starapp"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Petra\AppData\Roaming\optimizer pro"
Successfully deleted: [Folder] "C:\Users\Petra\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\Petra\appdata\locallow\media access startup"
Successfully deleted: [Folder] "C:\Users\Petra\appdata\locallow\mywebsearch"
Successfully deleted: [Folder] "C:\Users\Petra\appdata\locallow\shoppingreport2"
Successfully deleted: [Folder] "C:\Program Files\daemon tools toolbar"
Successfully deleted: [Folder] "C:\Program Files\optimizer pro"
Successfully deleted: [Folder] "C:\Program Files\saveshare"
Successfully deleted: [Folder] "C:\Program Files\sweetim"
Successfully deleted: [Folder] "C:\Program Files\websearch"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro"



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
Successfully deleted: [Folder] C:\Users\Petra\appdata\local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 05.04.2014 at 13:10:02,08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Dotancilova]

A poslední...

# AdwCleaner v3.023 - Report created 05/04/2014 at 13:15:05
# Updated 01/04/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Petra - PETRA-PC
# Running from : C:\Users\Petra\Downloads\adwcleaner (1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AllCheapPricce
Folder Deleted : C:\ProgramData\saavenSHare
Folder Deleted : C:\ProgramData\saevenshaorie
Folder Deleted : C:\ProgramData\SeaarrcHi-NewTabe
Folder Deleted : C:\ProgramData\SeareCh-NewTaba
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
Folder Deleted : C:\Program Files\1ClickDownload
Folder Deleted : C:\Program Files\EZDownloader
Folder Deleted : C:\Program Files\iMesh Applications
Folder Deleted : C:\Users\Petra\AppData\Local\PackageAware
Folder Deleted : C:\Users\Petra\AppData\LocalLow\Internet Saving Optimizer
Folder Deleted : C:\Users\Petra\AppData\LocalLow\wincoreimband
Folder Deleted : C:\Users\Petra\AppData\LocalLow\saavenSHare
Folder Deleted : C:\Users\Petra\AppData\LocalLow\saevenshaorie
Folder Deleted : C:\Users\Petra\AppData\LocalLow\SeaarrcHi-NewTabe
Folder Deleted : C:\Users\Petra\AppData\LocalLow\SeareCh-NewTaba
Folder Deleted : C:\Users\Petra\AppData\Roaming\EZDownloader
Folder Deleted : C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\sxgs0n9s.default\SweetPacksToolbarData
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}
Folder Deleted : C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\sxgs0n9s.default\Extensions\staged
File Deleted : C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\sxgs0n9s.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Deleted : C:\Users\Public\Desktop\EZDownloader.lnk
File Deleted : C:\Users\Petra\Desktop\Optimizer Pro.lnk
File Deleted : C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\sxgs0n9s.default\searchplugins\bingp.xml
File Deleted : C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\sxgs0n9s.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml
File Deleted : C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\sxgs0n9s.default\searchplugins\SweetIm.xml
File Deleted : C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\sxgs0n9s.default\searchplugins\WebSearch.xml
File Deleted : C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\sxgs0n9s.default\user.js
File Deleted : C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage
File Deleted : C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{2224e955-00e9-4613-a844-ce69fccaae91}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping [{DB38E21A-0133-419d-92AD-ECDFD5244D6D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping [{EB620C54-E229-4942-87CE-E717109FC8C6}]
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7025E484-D4B0-441A-9F0B-69063BD679CE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{8258B35C-05B8-4C0E-9525-9BCCC70F8F2D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A89256AD-EC17-4A83-BEF5-4B8BC4F39306}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D44FD6F0-9746-484E-B5C4-C66688393872}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F84D69AA-3E20-4305-984E-18E640D7F7FF}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{5617ECA9-488D-4BA2-8562-9710B9AB78D2}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\AppDataLow\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKCU\Software\AppDataLow\Software\DoubleD
Key Deleted : HKCU\Software\AppDataLow\Software\Internet Saving Optimizer
Key Deleted : HKCU\Software\AppDataLow\Software\Media Access Startup
Key Deleted : HKCU\Software\AppDataLow\Software\mediabarim
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\daemon tools toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QueryExplorer

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.19088


-\\ Mozilla Firefox v

[ File : C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\sxgs0n9s.default\prefs.js ]

Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.pur-esult.info/?pid=724&r=2013/08/10&hid=838722346&lg=EN&cc=CZ&l=1&q=");
Line Deleted : user_pref("browser.search.order.1", "WebSearch");
Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.html");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Line Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube.com/.*|.*.yahoo.com/.*|.[...]
Line Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Line Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Line Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Search Results");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Search Results");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.imesh.com");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=393&systemid=1&sr=0&q=");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_predict_include_script");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_prad");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxp://cdn1.predictad.com/scripts/publishers/sweetim/predictadme.js");
Line Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
Line Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.simapp_id", "{49926640-B229-11E1-BF5B-00247E1D0D47}");
Line Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={49926640-B229-11E1-BF5B-00247E1D0D47}");
Line Deleted : user_pref("sweetim.toolbar.version", "1.5.0.2");

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [16451 octets] - [05/04/2014 13:13:38]
AdwCleaner[S0].txt - [15875 octets] - [05/04/2014 13:15:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15936 octets] ##########

[Dotancilova]

Když kouknu do Chrome, ty dvě "věci" jsou stále v rozšířeních.

[vyosek]

Jeste taky nekoncime

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  emptyclsid;
  iedefaults;
  FFdefaults;
  CHRdefaults;
  emptyalltemp;
  resethosts;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

[Dotancilova]

Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Petra on so 05.04.2014 at 18:47:50,95.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Petra\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

5.4.2014 18:49:25 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4168096460-2447241369-3027707545-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-4168096460-2447241369-3027707545-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-4168096460-2447241369-3027707545-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\sxgs0n9s.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.msn.com/?pc=UP97&ocid=UP97DHP");
user_pref("browser.search.defaultenginename", "Bing ");
user_pref("browser.search.selectedEngine", "Bing ");
user_pref("keyword.URL", "http://www.bing.com/search?FORM=UP97DF&PC=UP97&q=");

Added to C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\sxgs0n9s.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\sxgs0n9s.default

user.js not found
---- Lines EEE6C361-6118-11DC-9C72-001320C79847 modified from prefs.js ----

user_pref("extensions.enabledItems", "{20a82645-c095-46ed-80e3-08825760534b}:1.1,{2224E955-00E9-4613-A844-CE69FCCAAE91}:3.6.3.4500,{27E679CC-6AAB-4B2A
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- FireFox user.js and prefs.js backups ----

prefs_05.04.2014_1902_.backup

==== Deleting Files \ Folders ======================

C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\sxgs0n9s.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} not found
C:\PROGRA~2\kklgiiimeifajcnapgjfeadjbkabieee deleted
C:\Windows\system32\appdata deleted
C:\Users\Petra\AppData\LocalLow\{9B90DE3C-B559-0001-F5A7-9371FF7C6590} deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\{0B33546F-30F6-8587-96D0-A3E9F9467516} deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\{7F09DA29-6BF7-5AC0-3978-399F93369F14} deleted
C:\PROGRA~2\Intelewin filter deleted
C:\PROGRA~2\cbc2a15b26ee7c24 deleted
C:\PROGRA~2\MinImumPreiice deleted
C:\PROGRA~2\BesTSAvEForYou deleted
C:\PROGRA~2\InstallMate deleted
C:\Users\Guest\AppData\LocalLow\mediabarim deleted
C:\Users\Guest\AppData\LocalLow\wincoreimband deleted
"C:\PROGRA~2\gbnbeclbnobbjdhncjopmceojidjpimn\gbnbeclbnobbjdhncjopmceojidjpimn.crx" deleted
"C:\PROGRA~2\gbnbeclbnobbjdhncjopmceojidjpimn\update.xml" deleted
"C:\PROGRA~2\gbnbeclbnobbjdhncjopmceojidjpimn" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"epi@xsod-.org"="C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\sxgs0n9s.default\extensions" [05.04.2014 13:15]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"epi@xsod-.org"="C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\sxgs0n9s.default\extensions" [05.04.2014 13:15]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\sxgs0n9s.default
- Undetermined - C:\Program Files\Internet Saving Optimizer\3.6.3.4500\FF
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}
- RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
- LexFox - C:\Program Files\Mozilla Firefox\extensions\info@lingea.com
- Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
- SmartPrintButton - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension

AppDir: C:\Program Files\Mozilla Firefox
- LexFox - %AppDir%\extensions\info@lingea.com
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

==== Firefox Plugins ======================

Profilepath: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\sxgs0n9s.default
77149DCA2C3134C50150ECD33593F4A8 - C:\Program Files\Java\jre6\bin\npjpi160_31.dll - Java(TM) Platform SE 6 U31
E638C845403AB63112673A0C72C07789 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll - RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit)
0C316A33BBE35CD1097936393A177656 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
9013599B12923A45C029C34E8D2211AC - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll - Silverlight Plug-In
34E3709244736B8976820F730E5A8815 - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll - Java(TM) Platform SE 6 U31
5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
BB3570FCFB7007C06B79E0801A7989E6 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
E2318E8514ABF50E3ECEDAB9465A90A1 - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
F8EFDCFC440A420D6C1ECD245AB20207 - C:\Windows\system32\Macromed\Flash\NPSWF32.dll - Shockwave Flash
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Petra\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
A878453A1714870EAADA83E6434BDB77 - C:\Program Files\Java\jre6\bin\plugin2\npdeployJava1.dll - Java Deployment Toolkit 6.0.310.5
198BED114015C2671C88FDC32CDCB21D - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
56B73E1ADFD768E80369C4A2E68F35DF - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll - RealJukebox NS Plugin
4E8238CA1046D97636E63ABF173772CD - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
E7856C9B1AE2DED52C98E69497308083 - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll - RealPlayer Version Plugin
FECA876FDDE0B85CE9B8F6E7FCD4EAFD - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.6
729748FAE31553B4111833712ADAE54D - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.6
7E419D3D6388689BA4E7DC82D85BD457 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.6
FE3278C12FCC7D2F708C25181F3AEF95 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.6
2A2F642E663ECB9EE97FF896F084F402 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.6
81D641B7A9C19A2901CFF888F52A30E7 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.6
E70D106AE988BB3720F9A1A08D42C234 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.6.6
99F97C9FE748C37528C338A423577FCB - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll - Microsoft® Windows Media Player Firefox Plugin
198BED114015C2671C88FDC32CDCB21D - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
A878453A1714870EAADA83E6434BDB77 - C:\Program Files\Java\jre6\bin\npdeployJava1.dll - Java Deployment Toolkit 6.0.310.5
56B73E1ADFD768E80369C4A2E68F35DF - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll - RealJukebox NS Plugin
4E8238CA1046D97636E63ABF173772CD - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
E7856C9B1AE2DED52C98E69497308083 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll - RealPlayer Version Plugin


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[27.03.2014 21:24]
jfmjfhklogoienhpfnppmbcbjfjnkonk - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx[02.06.2011 10:09]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[09.10.2013 10:59]

BesTSAvEForYou - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaohimencblbemgpmmngfbeejdaecea
RealPlayer HTML5Video Downloader Extension - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk
1Click Downloader - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh
MinImumPreiice - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjncpoadnigimacgfihnpfniklnhkokn
YTBlocKerAppp - Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbnbeclbnobbjdhncjopmceojidjpimn
AdBlock - Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
avast Online Security - Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
RealPlayer HTML5Video Downloader Extension - Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk
Skype Click to Call - Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Bubble Santa - Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbokbbbgkgifjmmbokbdiimcffphbgha
YTBlocKerAppp - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbnbeclbnobbjdhncjopmceojidjpimn
RealPlayer HTML5Video Downloader Extension - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk
1Click Downloader - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Skype for Chromium - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

==== Chrome Fix ======================

C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx deleted successfully
C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.pur-esult.info_0.localstorage deleted successfully
C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.pur-esult.info_0.localstorage-journal deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaohimencblbemgpmmngfbeejdaecea deleted successfully
C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_blaohimencblbemgpmmngfbeejdaecea_0.localstorage deleted successfully
C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_blaohimencblbemgpmmngfbeejdaecea_0.localstorage-journal deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjncpoadnigimacgfihnpfniklnhkokn deleted successfully
C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kjncpoadnigimacgfihnpfniklnhkokn_0.localstorage deleted successfully
C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kjncpoadnigimacgfihnpfniklnhkokn_0.localstorage-journal deleted successfully
C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbnbeclbnobbjdhncjopmceojidjpimn deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbnbeclbnobbjdhncjopmceojidjpimn deleted successfully
C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gbnbeclbnobbjdhncjopmceojidjpimn_0.localstorage deleted successfully
C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gbnbeclbnobbjdhncjopmceojidjpimn_0.localstorage-journal deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gbnbeclbnobbjdhncjopmceojidjpimn_0.localstorage deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gbnbeclbnobbjdhncjopmceojidjpimn_0.localstorage-journal deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eedncafgbflcjjenjljbddneiphlapeh deleted successfully
C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eedncafgbflcjjenjljbddneiphlapeh_0.localstorage deleted successfully
C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eedncafgbflcjjenjljbddneiphlapeh_0.localstorage-journal deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhfedcjiefnankabnanmjkdkembnipji deleted successfully
C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hhfedcjiefnankabnanmjkdkembnipji_0.localstorage deleted successfully
C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hhfedcjiefnankabnanmjkdkembnipji_0.localstorage-journal deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbnnfnfhfmmbepgffplfcapfdffddfok deleted successfully
C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jbnnfnfhfmmbepgffplfcapfdffddfok_0.localstorage deleted successfully
C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jbnnfnfhfmmbepgffplfcapfdffddfok_0.localstorage-journal deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oinccpmempkeplbffdpefbecgnlleech deleted successfully
C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oinccpmempkeplbffdpefbecgnlleech_0.localstorage deleted successfully
C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oinccpmempkeplbffdpefbecgnlleech_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://fr.msn.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://fr.msn.com/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{searchCLSID} Unknown Url="Not_Found"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... {startPage}"

==== Reset Google Chrome ======================

C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4168096460-2447241369-3027707545-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{08E03154-FE2D-CF56-D24A-BBEB308B537D} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{91589FB4-7785-D24C-240C-65D28B3B3B68} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CA1838EF-A497-194E-3850-37A62CEE398B} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{ef65f95a} deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Guest\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Petra\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XBYFBEOT will be deleted at reboot
C:\Users\Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=113 folders=43 9175148 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Guest\AppData\Local\Temp emptied successfully
C:\Users\Petra\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Petra\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Users\Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XBYFBEOT" not found

==== EOF on so 05.04.2014 at 19:11:29,79 ======================

[vyosek]

Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

[Dotancilova]

AHoj, odjela jsem do zahraničí, tak kdyžtak dořeším až po návratu...
ale vypadá to, že problém je snad vyřešen, reklamy zmizely, Děkuji moc za pomoc!

[vyosek]

Dobra, tema nechavam otevrene a pak to tedy jen docistime - toho nejhorsiho jsme se zbavili