Také FB virus

Zpráva

dObi · #16 Příspěvek od **dObi** » 14 led 2012 16:56

Volba 3

RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Vasek [Admin rights]
Mode: HOSTSFix -- Date : 01/14/2012 16:54:54

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[1].txt >>
RKreport[1].txt

dObi · #17 Příspěvek od **dObi** » 14 led 2012 16:56

Volba 4

RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Vasek [Admin rights]
Mode: ProxyFix -- Date : 01/14/2012 16:54:26

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (87.117.135.86:80) -> DELETED

Finished : << RKreport[1].txt >>
RKreport[1].txt

#18 Příspěvek od **vyosek** » 14 led 2012 17:25

Spustte OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi log OTL.txt, dejte jej sem

dObi · #19 Příspěvek od **dObi** » 14 led 2012 17:44

OTL logfile created on: 14.1.2012 17:35:50 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Vasek\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 55,07% Memory free
8,00 Gb Paging File | 5,73 Gb Available in Paging File | 71,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 204,11 Gb Free Space | 21,91% Space Free | Partition Type: NTFS
Drive F: | 100,00 Mb Total Space | 70,16 Mb Free Space | 70,16% Space Free | Partition Type: NTFS
Drive G: | 153,28 Gb Total Space | 76,99 Gb Free Space | 50,23% Space Free | Partition Type: NTFS

Computer Name: VASEK-PC | User Name: Vasek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.01.14 12:27:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Vasek\Desktop\OTL.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.07 17:53:51 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.08.23 10:52:42 | 000,897,024 | ---- | M] (Arcai.com) -- C:\Program Files (x86)\netcut\netcut.exe
PRC - [2011.07.28 17:35:44 | 000,262,144 | ---- | M] (Arcai.com) -- C:\Program Files (x86)\netcut\services\aips.exe
PRC - [2011.05.09 21:18:46 | 003,177,608 | ---- | M] (FinalWire Ltd.) -- C:\Program Files (x86)\AIDA64 Extreme Edition v1.70.1405 beta\aida64.exe
PRC - [2011.04.15 10:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.01.20 10:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010.12.17 06:56:10 | 003,707,808 | ---- | M] (Ghisler Software GmbH) -- C:\Program Files (x86)\Total Commander\TOTALCMD.EXE
PRC - [2010.03.09 03:28:26 | 011,989,960 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe
PRC - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
PRC - [2009.07.27 10:13:28 | 000,061,440 | ---- | M] () -- C:\Windows\SysWOW64\ASDR.exe
PRC - [2007.01.09 15:11:20 | 000,118,784 | ---- | M] (OptionNV) -- C:\Windows\SysWOW64\Gtdetectsc.exe
PRC - [2006.07.25 17:28:16 | 000,200,704 | ---- | M] (National Instruments, Inc.) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2006.07.25 17:28:10 | 000,057,344 | ---- | M] (National Instruments, Inc.) -- C:\Windows\SysWOW64\lktsrv.exe
PRC - [2006.07.25 17:28:02 | 000,045,056 | ---- | M] (National Instruments, Inc.) -- C:\Windows\SysWOW64\lkads.exe
PRC - [2006.06.19 14:01:52 | 000,688,190 | ---- | M] (National Instruments, Inc.) -- C:\Windows\SysWOW64\lkcitdl.exe
PRC - [2006.02.06 16:46:42 | 000,049,152 | ---- | M] (National Instruments Corp.) -- C:\Windows\SysWOW64\nisvcloc.exe
PRC - [2002.01.06 06:43:50 | 001,310,720 | ---- | M] (ASUSTeK Inc.) -- C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe

========== Modules (No Company Name) ==========

MOD - [2012.01.11 11:35:34 | 000,429,040 | ---- | M] () -- C:\Users\Vasek\AppData\Local\Google\Chrome\Application\17.0.963.33\ppgooglenaclpluginchrome.dll
MOD - [2012.01.11 11:35:33 | 003,772,400 | ---- | M] () -- C:\Users\Vasek\AppData\Local\Google\Chrome\Application\17.0.963.33\pdf.dll
MOD - [2012.01.11 11:34:09 | 000,122,880 | ---- | M] () -- C:\Users\Vasek\AppData\Local\Google\Chrome\Application\17.0.963.33\avutil-51.dll
MOD - [2012.01.11 11:34:07 | 000,222,208 | ---- | M] () -- C:\Users\Vasek\AppData\Local\Google\Chrome\Application\17.0.963.33\avformat-53.dll
MOD - [2012.01.11 11:34:05 | 001,746,432 | ---- | M] () -- C:\Users\Vasek\AppData\Local\Google\Chrome\Application\17.0.963.33\avcodec-53.dll
MOD - [2012.01.11 08:13:34 | 008,593,056 | ---- | M] () -- C:\Users\Vasek\AppData\Local\Google\Chrome\Application\17.0.963.33\gcswf32.dll
MOD - [2011.05.09 21:18:46 | 000,274,552 | ---- | M] () -- C:\Program Files (x86)\AIDA64 Extreme Edition v1.70.1405 beta\aida_icons7.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.03.09 03:28:12 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Symlib.dll
MOD - [2010.03.09 03:28:10 | 002,748,416 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\libmysqld.dll
MOD - [2007.03.13 15:46:50 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\SmartDoctor\VOV32.dll
MOD - [2007.02.28 17:34:04 | 000,643,142 | ---- | M] () -- C:\Program Files (x86)\ASUS\SmartDoctor\aticlocklib.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011.10.07 04:28:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.12.21 10:44:06 | 000,535,552 | ---- | M] (CSR, plc) [Auto | Running] -- C:\Windows\SysNative\HFGService.dll -- (HFGService)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.07 17:53:51 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.07.28 17:35:44 | 000,262,144 | ---- | M] (Arcai.com) [Auto | Running] -- C:\Program Files (x86)\netcut\services\aips.exe -- (AIPS)
SRV - [2011.07.05 15:57:22 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.04.15 10:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.03.16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.07.27 10:13:28 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASDR.exe -- (ASDR)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.05.31 09:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 09:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.01.09 15:11:20 | 000,118,784 | ---- | M] (OptionNV) [Auto | Running] -- C:\Windows\SysWOW64\Gtdetectsc.exe -- (gtdetectsc)
SRV - [2006.07.25 17:28:16 | 000,200,704 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2006.07.25 17:28:10 | 000,057,344 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)
SRV - [2006.07.25 17:28:02 | 000,045,056 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)
SRV - [2006.06.27 19:55:28 | 001,007,616 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2006.06.19 14:01:52 | 000,688,190 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)
SRV - [2006.02.06 16:46:42 | 000,049,152 | ---- | M] (National Instruments Corp.) [Auto | Running] -- C:\Windows\SysWOW64\nisvcloc.exe -- (niSvcLoc)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011.10.11 15:41:45 | 000,016,384 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EIO64.sys -- (EIO64)
DRV:64bit: - [2011.10.07 06:21:40 | 010,207,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.10.07 03:46:02 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.05.17 14:18:10 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.13 02:17:30 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zghsnmea.sys -- (zghsnmea)
DRV:64bit: - [2011.01.13 02:17:30 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zghsmdm.sys -- (zghsmdm)
DRV:64bit: - [2011.01.13 02:17:30 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zghsdiag.sys -- (zghsdiag)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.17 13:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.10.18 05:24:46 | 000,038,424 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2010.09.14 15:21:00 | 000,023,680 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IOMap64.sys -- (IOMap)
DRV:64bit: - [2010.09.02 16:49:46 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
DRV:64bit: - [2010.06.25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010.05.25 04:07:58 | 000,253,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.12.21 10:43:36 | 000,052,224 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthAudioHF.sys -- (BthAudioHF)
DRV:64bit: - [2009.12.21 10:43:00 | 000,078,848 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bthav.sys -- (csr_a2dp)
DRV:64bit: - [2009.07.20 03:27:34 | 000,027,136 | ---- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.12.03 03:20:54 | 000,024,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (VLAN) Realtek Virtual Miniport Driver for VLAN (NDIS 6.2)
DRV:64bit: - [2007.12.03 03:20:54 | 000,024,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2)
DRV - [2011.05.09 21:18:46 | 000,027,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AIDA64 Extreme Edition v1.70.1405 beta\kerneld.x64 -- (AIDA64Driver)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006.04.10 10:01:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\cvintdrv.sys -- (cvintdrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3462720487-3478806260-676090027-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://start.facemoods.com/?a=ddrnw [binary data]
IE - HKU\S-1-5-21-3462720487-3478806260-676090027-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
IE - HKU\S-1-5-21-3462720487-3478806260-676090027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3462720487-3478806260-676090027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;127.0.0.1;<local>

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Vasek\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Vasek\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011.12.22 19:52:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.04 13:29:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.11 18:24:56 | 000,000,000 | ---D | M]

[2011.05.21 18:44:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vasek\AppData\Roaming\Mozilla\Extensions
[2011.11.28 19:43:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vasek\AppData\Roaming\Mozilla\Firefox\Profiles\1f95ao1e.default\extensions
[2011.11.28 19:43:04 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Vasek\AppData\Roaming\Mozilla\Firefox\Profiles\1f95ao1e.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.09.04 13:29:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.12.22 19:52:13 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
() (No name found) -- C:\USERS\VASEK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1F95AO1E.DEFAULT\EXTENSIONS\{9C51BD27-6ED8-4000-A2BF-36CB95C0C947}.XPI
[2011.08.31 00:12:22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2006.01.23 10:32:04 | 000,020,992 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\NPLV80Win32.dll
[2006.06.07 14:40:18 | 000,027,376 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\NPLV82Win32.dll
[2011.08.30 21:39:04 | 000,002,208 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\heureka-cz.xml
[2011.08.30 21:39:04 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.08.30 21:39:04 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
[2011.08.30 21:39:04 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011.08.30 21:39:04 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-cz.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Vasek\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Vasek\AppData\Local\Google\Chrome\Application\17.0.963.33\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Vasek\AppData\Local\Google\Chrome\Application\17.0.963.33\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Vasek\AppData\Local\Google\Chrome\Application\17.0.963.33\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Vasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: National Instruments LabVIEW 8.0 Netscape Plug-in for Windows (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPLV80Win32.dll
CHR - plugin: National Instruments LabVIEW 8.2 Netscape Plug-in for Windows (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPLV82Win32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = G:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Users\Vasek\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\Vasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: YouTube = C:\Users\Vasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Monster Dash = C:\Users\Vasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknghehebaconkajgiobncfleofebcog\2.2_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\Vasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: AVG Safe Search = C:\Users\Vasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: Stoup\u00E1n\u00ED nebo utopit! = C:\Users\Vasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoiaaaplodaeokegmjphakphcbmiip\1.2.0_0\
CHR - Extension: Gmail = C:\Users\Vasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012.01.14 16:57:03 | 000,000,843 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-3462720487-3478806260-676090027-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3462720487-3478806260-676090027-1000..\Run: [AdobeBridge] C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-21-3462720487-3478806260-676090027-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3462720487-3478806260-676090027-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3462720487-3478806260-676090027-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F484825-7EB7-43AF-851D-20FFC49F4F80}: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84FF7315-8031-40CD-8E0C-2F8A745A513C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2a094834-f11c-11e0-8732-00241d7db4a2}\Shell - "" = AutoRun
O33 - MountPoints2\{2a094834-f11c-11e0-8732-00241d7db4a2}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{3fd3982f-7b37-11e0-8418-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3fd3982f-7b37-11e0-8418-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Viewer\ppview32.exe agaxzs\auto.ppt
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.01.14 16:53:30 | 000,000,000 | ---D | C] -- C:\Users\Vasek\Desktop\RK_Quarantine
[2012.01.14 12:28:14 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Vasek\Desktop\OTL.exe
[2012.01.14 11:04:40 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.01.14 11:04:39 | 000,000,000 | ---D | C] -- C:\rsit
[2012.01.12 21:38:08 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012.01.12 21:11:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012.01.12 21:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012.01.12 21:11:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2012.01.12 20:11:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.01.12 20:11:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.01.11 18:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Unlocker
[2012.01.11 18:23:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Unlocker
[2012.01.11 18:13:30 | 000,000,000 | ---D | C] -- C:\Users\Vasek\Desktop\COMPUTER
[2012.01.11 18:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kernel for PDF Restriction Removal
[2012.01.11 18:13:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kernel for PDF Restriction Removal
[2012.01.11 17:58:45 | 000,000,000 | ---D | C] -- C:\Users\Vasek\AppData\Roaming\EurekaLog
[2012.01.11 17:50:53 | 000,000,000 | ---D | C] -- C:\Users\Vasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF to Image 2009
[2012.01.11 17:50:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PdfSvg
[2012.01.11 17:50:52 | 000,000,000 | ---D | C] -- C:\Users\Vasek\AppData\Roaming\pdf2image2009
[2012.01.11 16:21:01 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012.01.11 16:21:01 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012.01.11 16:21:01 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.01.11 16:21:01 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.01.11 16:19:30 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012.01.11 16:18:37 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012.01.11 16:18:37 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012.01.10 14:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\arcai.com
[2012.01.10 14:21:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\netcut
[2012.01.08 17:21:36 | 000,000,000 | ---D | C] -- C:\Users\Vasek\Desktop\pokec
[2012.01.07 17:39:19 | 000,000,000 | ---D | C] -- C:\Users\Vasek\Desktop\dog
[2012.01.07 17:22:10 | 000,000,000 | ---D | C] -- C:\Users\Vasek\AppData\Roaming\GemX eBooks
[2012.01.07 14:32:09 | 000,000,000 | ---D | C] -- C:\Users\Vasek\Desktop\nivo-slider
[2012.01.06 15:29:41 | 000,000,000 | ---D | C] -- C:\Users\Vasek\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.01.02 17:24:45 | 000,000,000 | ---D | C] -- C:\Users\Vasek\Desktop\MIDOS
[2012.01.02 14:49:23 | 000,000,000 | ---D | C] -- C:\Users\Vasek\Desktop\INK
[2011.12.28 10:40:22 | 000,000,000 | ---D | C] -- C:\Users\Vasek\Desktop\Sucker Punch Soundtrack [2011]
[2011.12.25 13:34:16 | 000,000,000 | ---D | C] -- C:\Users\Vasek\Nová složka
[2011.12.25 13:34:13 | 000,000,000 | ---D | C] -- C:\Users\Vasek\KF
[2011.12.23 20:46:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Counter-Strike Source
[2011.12.23 17:20:00 | 000,000,000 | ---D | C] -- C:\Users\Vasek\.system32
[2011.12.23 17:18:43 | 000,000,000 | ---D | C] -- C:\Users\Vasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DotAlicious Gaming Client
[2011.12.23 17:18:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DotAlicious Gaming Client
[2011.12.22 23:11:46 | 000,000,000 | ---D | C] -- C:\Users\Vasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike Source
[2011.12.22 23:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike Source
[2011.12.22 15:12:03 | 000,000,000 | ---D | C] -- C:\Users\Vasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KFPUB.COM
[2011.12.22 15:06:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KFPUB.COM
[2011.12.21 18:52:21 | 000,000,000 | ---D | C] -- C:\Users\Vasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Advanced RAR Password Recovery
[2011.12.21 18:52:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced RAR Password Recovery
[2011.12.21 18:52:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElcomSoft
[2011.12.15 18:31:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2011.12.15 18:31:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011.12.15 18:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2011.09.28 19:03:18 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Vasek\AppData\Roaming\pcouffin.sys
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.01.14 17:10:00 | 000,000,962 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3462720487-3478806260-676090027-1000UA.job
[2012.01.14 16:54:27 | 000,014,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.14 16:54:27 | 000,014,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.14 16:53:25 | 000,783,872 | ---- | M] () -- C:\Users\Vasek\Desktop\RogueKiller.exe
[2012.01.14 16:47:41 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.01.14 16:47:06 | 000,000,200 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012.01.14 16:46:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.14 16:46:43 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.14 16:08:00 | 000,000,200 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2012.01.14 14:10:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3462720487-3478806260-676090027-1000Core.job
[2012.01.14 12:32:16 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.01.14 12:27:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Vasek\Desktop\OTL.exe
[2012.01.14 11:03:51 | 000,002,044 | -H-- | M] () -- C:\Users\Vasek\Documents\Default.rdp
[2012.01.13 16:15:54 | 000,001,456 | ---- | M] () -- C:\Users\Vasek\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012.01.12 21:38:01 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012.01.12 16:59:58 | 000,000,132 | ---- | M] () -- C:\Users\Vasek\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.01.11 18:13:16 | 000,001,209 | ---- | M] () -- C:\Users\Vasek\Desktop\Kernel for PDF Restriction Removal .lnk
[2012.01.11 17:50:54 | 000,001,154 | ---- | M] () -- C:\Users\Vasek\Desktop\PDF to Image 2009.lnk
[2012.01.11 16:36:08 | 046,757,781 | ---- | M] () -- C:\Users\Vasek\Desktop\Zdeněk-Schröter---Autoškola---Moderní-učebnice.pdf
[2012.01.11 03:02:29 | 001,498,544 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.11 03:02:29 | 000,634,568 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2012.01.11 03:02:29 | 000,618,974 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.11 03:02:29 | 000,123,158 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2012.01.11 03:02:29 | 000,107,294 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.10 14:21:28 | 000,000,979 | ---- | M] () -- C:\Users\Vasek\Desktop\netcut.lnk
[2012.01.10 14:21:28 | 000,000,046 | ---- | M] () -- C:\Users\Vasek\Desktop\netcut support.url
[2012.01.09 16:26:54 | 003,513,202 | ---- | M] () -- C:\Users\Vasek\Desktop\dan+zofka.iff
[2012.01.09 16:26:54 | 000,000,132 | ---- | M] () -- C:\Users\Vasek\AppData\Roaming\Adobe AIFF Format CS5 Prefs
[2012.01.09 16:19:05 | 001,313,316 | ---- | M] () -- C:\Users\Vasek\Desktop\DAN.jpg
[2012.01.08 20:11:22 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2012.01.06 14:30:13 | 005,236,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.01.02 22:09:35 | 000,068,135 | ---- | M] () -- C:\Users\Vasek\Desktop\1079809-Clipart-3d-Green-DNA-Crop-Gene-Modification-Helix-Plant-Royalty-Free-Vector-Illustration.jpg
[2011.12.21 19:04:33 | 000,000,918 | ---- | M] () -- C:\Windows\ARPR.INI
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.01.14 16:56:52 | 000,783,872 | ---- | C] () -- C:\Users\Vasek\Desktop\RogueKiller.exe
[2012.01.14 12:32:16 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.01.14 12:24:50 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.01.11 18:13:16 | 000,001,209 | ---- | C] () -- C:\Users\Vasek\Desktop\Kernel for PDF Restriction Removal .lnk
[2012.01.11 17:50:54 | 000,001,154 | ---- | C] () -- C:\Users\Vasek\Desktop\PDF to Image 2009.lnk
[2012.01.11 16:07:03 | 046,757,781 | ---- | C] () -- C:\Users\Vasek\Desktop\Zdeněk-Schröter---Autoškola---Moderní-učebnice.pdf
[2012.01.10 14:21:28 | 000,000,979 | ---- | C] () -- C:\Users\Vasek\Desktop\netcut.lnk
[2012.01.10 14:21:28 | 000,000,046 | ---- | C] () -- C:\Users\Vasek\Desktop\netcut support.url
[2012.01.10 14:21:27 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\actskn43.ocx
[2012.01.09 16:26:54 | 000,000,132 | ---- | C] () -- C:\Users\Vasek\AppData\Roaming\Adobe AIFF Format CS5 Prefs
[2012.01.09 16:26:53 | 003,513,202 | ---- | C] () -- C:\Users\Vasek\Desktop\dan+zofka.iff
[2012.01.09 16:19:04 | 001,313,316 | ---- | C] () -- C:\Users\Vasek\Desktop\DAN.jpg
[2012.01.08 20:11:22 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012.01.02 22:09:37 | 000,068,135 | ---- | C] () -- C:\Users\Vasek\Desktop\1079809-Clipart-3d-Green-DNA-Crop-Gene-Modification-Helix-Plant-Royalty-Free-Vector-Illustration.jpg
[2011.12.21 18:52:46 | 000,000,918 | ---- | C] () -- C:\Windows\ARPR.INI
[2011.12.07 17:53:55 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.07 17:53:51 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.11.26 16:08:26 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2011.10.06 21:30:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.09.28 19:03:18 | 000,099,384 | ---- | C] () -- C:\Users\Vasek\AppData\Roaming\inst.exe
[2011.09.28 19:03:18 | 000,007,859 | ---- | C] () -- C:\Users\Vasek\AppData\Roaming\pcouffin.cat
[2011.09.28 19:03:18 | 000,001,167 | ---- | C] () -- C:\Users\Vasek\AppData\Roaming\pcouffin.inf
[2011.09.14 10:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.07.05 18:31:02 | 000,000,132 | ---- | C] () -- C:\Users\Vasek\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011.07.05 18:29:45 | 000,000,132 | ---- | C] () -- C:\Users\Vasek\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2011.06.08 17:42:40 | 000,000,384 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.06.06 19:30:01 | 000,000,132 | ---- | C] () -- C:\Users\Vasek\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.05.19 12:31:04 | 000,001,057 | ---- | C] () -- C:\Users\Vasek\AppData\Roaming\vso_ts_preview.xml
[2011.05.15 14:09:36 | 000,001,456 | ---- | C] () -- C:\Users\Vasek\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011.05.11 17:50:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.11.08 15:53:07 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\mssec-ocd.dll
[2010.06.25 18:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.12.21 02:42:18 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2009.07.27 10:13:28 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\ASDR.exe
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.03.08 08:46:09 | 000,009,851 | ---- | C] () -- C:\Windows\SysWow64\mswen-oce.dll
[2006.04.10 10:00:00 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\cvintdrv.sys

========== LOP Check ==========

[2011.10.12 15:21:10 | 000,000,000 | ---D | M] -- C:\Users\Vasek\AppData\Roaming\2K Sports
[2011.07.19 15:31:20 | 000,000,000 | ---D | M] -- C:\Users\Vasek\AppData\Roaming\AIMP
[2012.01.14 16:45:30 | 000,000,000 | ---D | M] -- C:\Users\Vasek\AppData\Roaming\AIMP3
[2011.06.02 12:15:58 | 000,000,000 | ---D | M] -- C:\Users\Vasek\AppData\Roaming\Ashampoo
[2011.05.23 15:17:07 | 000,000,000 | ---D | M] -- C:\Users\Vasek\AppData\Roaming\AVG10
[2012.01.06 15:29:41 | 000,000,000 | ---D | M] -- C:\Users\Vasek\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.06.14 19:04:55 | 000,000,000 | ---D | M] -- C:\Users\Vasek\AppData\Roaming\Crayon Physics Deluxe
[2011.07.27 09:26:55 | 000,000,000 | ---D | M] -- C:\Users\Vasek\AppData\Roaming\DAEMON Tools Lite
[2011.10.19 17:25:59 | 000,000,000 | ---D | M] -- C:\Users\Vasek\AppData\Roaming\Dev-Cpp
[2012.01.11 17:58:45 | 000,000,000 | ---D | M] -- C:\Users\Vasek\AppData\Roaming\EurekaLog
[2012.01.07 17:22:10 | 000,000,000 | ---D | M] -- C:\Users\Vasek\AppData\Roaming\GemX eBooks
[2011.10.07 20:39:14 | 000,000,000 | ---D | M] -- C:\Users\Vasek\AppData\Roaming\GHISLER
[2011.11.12 21:41:43 | 000,000,000 | ---D | M] -- C:\Users\Vasek\AppData\Roaming\ICQ
[2011.06.26 14:47:29 | 000,000,000 | ---D | M] -- C:\Users\Vasek\AppData\Roaming\Leadertech
[2011.11.15 14:55:35 | 000,000,000 | ---D | M] -- C:\Users\Vasek\AppData\Roaming\National Instruments
[2012.01.11 17:50:52 | 000,000,000 | ---D | M] -- C:\Users\Vasek\AppData\Roaming\pdf2image2009
[2012.01.11 18:34:10 | 000,000,000 | ---D | M] -- C:\Users\Vasek\AppData\Roaming\PrimoPDF
[2011.12.07 17:53:49 | 000,000,000 | ---D | M] -- C:\Users\Vasek\AppData\Roaming\PunkBuster
[2011.11.15 17:05:49 | 000,000,000 | ---D | M] -- C:\Users\Vasek\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.05.11 19:54:17 | 000,000,000 | ---D | M] -- C:\Users\Vasek\AppData\Roaming\TeamViewer
[2011.12.14 19:16:54 | 000,000,000 | ---D | M] -- C:\Users\Vasek\AppData\Roaming\Trine2
[2011.10.08 10:10:43 | 000,000,000 | ---D | M] -- C:\Users\Vasek\AppData\Roaming\Vso
[2011.09.04 13:46:39 | 000,000,000 | ---D | M] -- C:\Users\Vasek\AppData\Roaming\Wireshark
[2012.01.14 16:47:41 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012.01.14 16:47:06 | 000,000,200 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2012.01.14 16:08:00 | 000,000,200 | ---- | M] () -- C:\Windows\Tasks\AutoKMSDaily.job
[2011.08.31 11:15:21 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 273 bytes -> C:\ProgramData\TEMP:8927A071
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:51394AA5

< End of report >

#20 Příspěvek od **vyosek** » 14 led 2012 17:46

Nejak tam nevidim ten avast free jak jsem psal

dObi · #21 Příspěvek od **dObi** » 14 led 2012 18:10

Neboj, už je stáhlý.
V době dělání logu, jsem teprve stahoval, hold zima tady na horách dokáže internet pěkně zpomalit

#22 Příspěvek od **vyosek** » 14 led 2012 19:39

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
@Alternate Data Stream - 273 bytes -> C:\ProgramData\TEMP:8927A071
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:51394AA5
[2012.01.14 16:47:41 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012.01.14 16:47:06 | 000,000,200 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2012.01.14 16:08:00 | 000,000,200 | ---- | M] () -- C:\Windows\Tasks\AutoKMSDaily.job
[2011.05.23 15:17:07 | 000,000,000 | ---D | M] -- C:\Users\Vasek\AppData\Roaming\AVG10
[2012.01.12 21:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012.01.12 21:11:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2012.01.12 20:11:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.01.12 20:11:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\{3fd3982f-7b37-11e0-8418-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2a094834-f11c-11e0-8732-00241d7db4a2}\Shell - "" = AutoRun
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-3462720487-3478806260-676090027-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
CHR - Extension: AVG Safe Search = C:\Users\Vasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Vasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
[2011.12.22 19:52:13 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
() (No name found) -- C:\USERS\VASEK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1F95AO1E.DEFAULT\EXTENSIONS\{9C51BD27-6ED8-4000-A2BF-36CB95C0C947}.XPI
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011.12.22 19:52:13 | 000,000,000 | ---D | M]
IE - HKU\S-1-5-21-3462720487-3478806260-676090027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;127.0.0.1;<local>
IE - HKU\S-1-5-21-3462720487-3478806260-676090027-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://start.facemoods.com/?a=ddrnw [binary data]
IE - HKU\S-1-5-21-3462720487-3478806260-676090027-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
"Google Update"=-
"AdobeBridge"=-
"Steam"=-
"SpybotSD TeaTimer"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"=-
"Adobe ARM"=-

:files
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3462720487-3478806260-676090027-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3462720487-3478806260-676090027-1000UA.job
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

dObi · #23 Příspěvek od **dObi** » 14 led 2012 20:18

All processes killed
========== OTL ==========
ADS C:\ProgramData\TEMP:8927A071 deleted successfully.
ADS C:\ProgramData\TEMP:51394AA5 deleted successfully.
C:\Windows\Tasks\Ad-Aware Update (Weekly).job moved successfully.
C:\Windows\Tasks\AutoKMS.job moved successfully.
C:\Windows\Tasks\AutoKMSDaily.job moved successfully.
C:\Users\Vasek\AppData\Roaming\AVG10\cfgall folder moved successfully.
C:\Users\Vasek\AppData\Roaming\AVG10 folder moved successfully.
C:\ProgramData\Lavasoft\License folder moved successfully.
C:\ProgramData\Lavasoft folder moved successfully.
C:\Program Files (x86)\Lavasoft\Ad-Aware folder moved successfully.
C:\Program Files (x86)\Lavasoft folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Logs folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy folder moved successfully.
C:\Program Files (x86)\Spybot - Search & Destroy folder moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fd3982f-7b37-11e0-8418-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3fd3982f-7b37-11e0-8418-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a094834-f11c-11e0-8732-00241d7db4a2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a094834-f11c-11e0-8732-00241d7db4a2}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\S-1-5-21-3462720487-3478806260-676090027-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
C:\Users\Vasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins folder moved successfully.
C:\Users\Vasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons folder moved successfully.
C:\Users\Vasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content folder moved successfully.
C:\Users\Vasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0 folder moved successfully.
File C:\Users\Vasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll not found.
C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4\Components folder moved successfully.
C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4\Chrome folder moved successfully.
C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4 folder moved successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ not found.
HKU\S-1-5-21-3462720487-3478806260-676090027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-3462720487-3478806260-676090027-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKU\S-1-5-21-3462720487-3478806260-676090027-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Steam deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\SwitchBoard deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
========== FILES ==========
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3462720487-3478806260-676090027-1000Core.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3462720487-3478806260-676090027-1000UA.job moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\msdownld.tmp folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Vasek
->Temp folder emptied: 17262071 bytes
->Temporary Internet Files folder emptied: 119388681 bytes
->Java cache emptied: 1386093 bytes
->FireFox cache emptied: 38392916 bytes
->Google Chrome cache emptied: 55086308 bytes
->Flash cache emptied: 1368581 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2428488 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2048 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50507 bytes
RecycleBin emptied: 164238298 bytes

Total Files Cleaned = 381,00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Vasek
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01142012_200439

Files\Folders moved on Reboot...
C:\Users\Vasek\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#24 Příspěvek od **vyosek** » 14 led 2012 20:32

Jak se chova nas pacient

dObi · #25 Příspěvek od **dObi** » 14 led 2012 23:04

Po několika hodinách stále žádné vyskakovací okno, takže to vypadá, že je to už vše v pořádku.

Mockrát vám děkuji za pomoc a váš volný čas.

#26 Příspěvek od **vyosek** » 15 led 2012 10:13

Tak jeste uklidime

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokdu nejsou problemy ci dotazy, je to z me strany vse

dObi · #27 Příspěvek od **dObi** » 15 led 2012 13:30

Takže pročištěno, a stále vypadá vše OK.
Ještě jednou tedy mockrát děkuji za pomoc

#28 Příspěvek od **vyosek** » 15 led 2012 13:33

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

VIRY.CZ

Také FB virus

Re: Také FB virus

Re: Také FB virus

Re: Také FB virus

Re: Také FB virus

Re: Také FB virus

Re: Také FB virus

Re: Také FB virus

Re: Také FB virus

Re: Také FB virus

Re: Také FB virus

Re: Také FB virus

Re: Také FB virus

Re: Také FB virus