Odepřený přístup k Antivirům

[OWN3D]

Při spuštění Rkillu se po chvilce objeví neodesílat

Log z ComboFixu

ComboFix 14-03-24.01 - Administrator 30.03.2014 11:56:01.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1483 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Autorun.inf
c:\documents and settings\Administrator\7658354235994425565
c:\documents and settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjaapoimdmahlodaejedekclbomdgnpi_0.localstorage-journal
c:\documents and settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjaapoimdmahlodaejedekclbomdgnpi_0.localstorage
c:\documents and settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences
c:\documents and settings\Administrator\WINDOWS
c:\program files\FunWebProducts
c:\program files\SiteFinder\SiTEfinder.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\05b1892db48f102b.fb
c:\windows\system32\Cache\11f2d02cd649c290.fb
c:\windows\system32\Cache\16c03b9905469350.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\324247c35a83e8d0.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\42227b8187babc4f.fb
c:\windows\system32\Cache\4ca98c6425ced4e6.fb
c:\windows\system32\Cache\4daea1c9ba07f086.fb
c:\windows\system32\Cache\50dd5df1296a4dcb.fb
c:\windows\system32\Cache\51a10f172dbad369.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\5d1ad1d1c82cdf0e.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\6fefbc24352e05c5.fb
c:\windows\system32\Cache\70f0da928694eb9d.fb
c:\windows\system32\Cache\7a3b9bb0737541c1.fb
c:\windows\system32\Cache\7e3a098d88bbef12.fb
c:\windows\system32\Cache\858ab56dc9e65449.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\99bd6a8083bb8ba1.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\ad9fe5961d448035.fb
c:\windows\system32\Cache\b6639a2d32b393aa.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\cbd75849f6297d97.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d39e5fd2890a5f23.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\d7df4eeee6eb56c8.fb
c:\windows\system32\Cache\dc6e050e6bc227e4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\Cache\fdfc65370fc3be57.fb
c:\windows\system32\ctfmon.exe
c:\windows\system32\tmp10C0.tmp
c:\windows\system32\tmp26A.tmp
c:\windows\system32\tmp26B.tmp
c:\windows\system32\tmp2BC.tmp
c:\windows\system32\tmp2BD.tmp
c:\windows\system32\tmp98.tmp
c:\windows\system32\tmp99.tmp
c:\windows\system32\tmpB3F.tmp
c:\windows\system32\tmpE8.tmp
c:\windows\system32\tmpE9.tmp
c:\windows\system32\tmpF3.tmp
c:\windows\system32\tmpF4.tmp
c:\windows\system32\win32
c:\windows\system32\win32\klog.dat
c:\windows\system32\winupd
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-28 do 2014-03-30 )))))))))))))))))))))))))))))))
.
.
2014-03-30 09:27 . 2014-03-30 09:27 -------- d-----w- c:\windows\LastGood.Tmp
2014-03-30 08:38 . 2014-03-30 09:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)
2014-03-30 08:38 . 2014-03-30 08:38 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-30 08:37 . 2014-03-30 08:37 52312 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-29 19:59 . 2014-03-29 19:59 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\SiteFinder
2014-03-29 13:54 . 2014-03-29 13:54 -------- d-----w- C:\rsit
2014-03-29 13:54 . 2014-03-29 13:54 -------- d-----w- c:\program files\trend micro
2014-03-29 12:26 . 2014-03-30 08:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2014-03-29 12:16 . 2014-03-30 10:05 -------- d-----w- c:\program files\SiteFinder
2014-03-29 12:16 . 2014-03-29 12:16 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\SimilarSites
2014-03-29 11:50 . 2014-03-30 09:07 -------- d-sh--w- c:\windows\system32\NT Kernel
2014-03-29 11:50 . 2014-03-29 11:50 241 ----a-w- c:\documents and settings\Administrator\Data aplikací\Dota2.bat
2014-03-23 12:25 . 2014-03-23 12:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\PAYDAY 2
2014-03-11 23:27 . 2014-03-11 23:33 -------- d-----w- c:\program files\NHL 09
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-23 14:45 . 2011-06-03 12:54 282296 ----a-w- c:\windows\system32\PnkBstrB.exe
2014-03-23 14:45 . 2010-04-24 12:26 282296 ----a-w- c:\windows\system32\PnkBstrB.xtr
2014-03-23 13:36 . 2011-06-03 12:54 139648 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2014-03-23 13:34 . 2011-06-03 12:54 282296 ----a-w- c:\windows\system32\PnkBstrB.ex0
2014-03-21 07:20 . 2012-08-30 21:37 42272 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-03-12 18:06 . 2012-05-31 11:49 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-12 18:06 . 2011-08-10 19:10 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe
[7] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
.
c:\windows\System32\ctfmon.exe ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-02-11 07:58 185856 ----a-w- c:\program files\Get Styles\enlbrdr.dll
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-10-21 113664]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-10-21 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\EA Games\\Battlefield Heroes\\BFHeroes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Half-Life\\hl.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dota 2 beta\\dota.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19.4.2012 4:50 24896]
R0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [30.3.2014 10:38 107224]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 17:11 35328]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11.7.2011 2:14 302368]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [30.8.2012 23:37 42272]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [20.12.2012 18:30 242240]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [5.9.2012 15:08 33824]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [12.3.2014 0:36 193696]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [27.8.2009 18:09 1253376]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [5.8.2011 13:44 2560]
R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [7.8.2012 16:52 625816]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [9.10.2013 10:58 3275136]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys --> c:\windows\system32\DRIVERS\vmci.sys [?]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14.2.2012 4:53 193288]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5.9.2013 11:34 171680]
S2 vToolbarUpdater18.0.5;vToolbarUpdater18.0.5;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [21.3.2014 9:20 1771032]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28.11.2009 17:10 1684736]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [12.3.2014 0:36 247968]
S3 Cbimlau;Cbimlau;c:\windows\system32\drivers\nwlnkspx.sys [25.10.2001 13:00 55936]
S3 cdiskdun;cdiskdun;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cdiskdun.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cdiskdun.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [7.8.2008 12:10 3276800]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [3.2.2010 19:05 47360]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [1.7.2010 14:21 34896]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 14:37 517096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 18:21 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-03-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-31 18:06]
.
2014-03-29 c:\windows\Tasks\AdobeAAMUpdater-1.0-JIRKA-B0E4AC879-Administrator.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-12-30 16:23]
.
2014-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-04 07:12]
.
2014-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-04 07:12]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uCustomizeSearch = hxxp://www.Google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\Administrator\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Od&eslat do aplikace OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Administrator\Nabídka Start\Programy\IMVU\Run IMVU.lnk
IE: {{CCC7B152-1D8C-11E3-B2AD-F3EF3D58318D} - {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} -
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{F3CF876A-EBAD-46B0-8557-2A5CD20A0177}: NameServer = 1.1.1.17,1.1.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\akhpfps6.default-1382997821843\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - user.js: extensions.buenosearch.tlbrSrchUrl - hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5201
FF - user.js: extensions.buenosearch.tb_url - hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5201
FF - user.js: extensions.buenosearch.id - 7c5ecf1b000000000000001d7da8044a
FF - user.js: extensions.buenosearch.appId - {37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}
FF - user.js: extensions.buenosearch.instlDay - 16158
FF - user.js: extensions.buenosearch.vrsn - 1.8.28.7
FF - user.js: extensions.buenosearch.vrsni - 1.8.28.7
FF - user.js: extensions.buenosearch.vrsnTs - 1.8.28.713:16
FF - user.js: extensions.buenosearch.prtnrId - buenosearch
FF - user.js: extensions.buenosearch.prdct - buenosearch
FF - user.js: extensions.buenosearch.aflt - babsst
FF - user.js: extensions.buenosearch.smplGrp - none
FF - user.js: extensions.buenosearch.tlbrId - base
FF - user.js: extensions.buenosearch.instlRef - sst
FF - user.js: extensions.buenosearch.dfltLng - en
FF - user.js: extensions.buenosearch.excTlbr - false
FF - user.js: extensions.buenosearch.ffxUnstlRst - true
FF - user.js: extensions.buenosearch.admin - false
FF - user.js: extensions.buenosearch.autoRvrt - false
FF - user.js: extensions.buenosearch.rvrt - false
FF - user.js: extensions.buenosearch.newTab - false
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
HKLM-Explorer_Run-PES - c:\program files\Pro Evolution Soccer 2010\pes.exe
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk - (no file)
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\RocketDock.lnk - (no file)
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\_uninst_77502439.lnk - (no file)
MSConfigStartUp-ctfmon - c:\windows\system32\ctfmon.exe
AddRemove-PhotoFiltre Studio X - c:\program files\PhotoFiltre Studio X\Uninst.exe
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-30 12:14
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,29,34,1b,57,09,95,76,46,bf,c4,30,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,29,34,1b,57,09,95,76,46,bf,c4,30,\
.
[HKEY_USERS\S-1-5-21-57989841-616249376-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,97,ca,79,19,28,7e,5c,47,97,26,31,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,97,ca,79,19,28,7e,5c,47,97,26,31,\
.
[HKEY_USERS\S-1-5-21-57989841-616249376-839522115-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings]
@Denied: (2) (Administrator)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,c9,e0,20,43,a1,23,f2,
e3
"2"=hex:f1,df,16,de,80,08,0e,2a,78,a4,28,cb,d2,56,ff,58,a6,09,d8,fb,43,e9,d5,
e7,16,83,71,61,5d,be,d8,25
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,2b,92,4b,0d,22,14,9d,
cb,e3,f8,73,90,7d,a4,36,0d,7e,db,3a,16,4c,1a,45,81,b1,a5,77,31,f5,50,d6,e8
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,36,d7,56,53,fe,9f,3d,f9
"2"=hex:8c,23,2d,03,75,bd,a0,cd
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:6b,96,68,24,0f,2f,9e,94,e8,ce,54,f3,3b,80,63,3a,1b,c3,e7,ed,44,3a,1d,
97,9f,f9,03,77,68,81,1b,0c,34,a2,88,30,12,be,09,a0
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,73,7e,45,c6,9f,9e,10,
63,a0,2f,06,c2,a3,e9,62,70,90,4c,ec,d6,92,e1,28,ba,e5,5d,0d,25,ef,fb,b7,21,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1184)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(4024)
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MI1933~1\Office14\1029\GrooveIntlResource.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2014-03-30 12:17:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-03-30 10:17
.
Před spuštěním: Volných bajtů: 19 027 943 424
Po spuštění: Volných bajtů: 21 302 296 576
.
- - End Of File - - E1F42651B9A871B90403A59CEB37C634
413FC2A0C716421B3158746D63736515

[vyosek]

OK, uz se nam to pomalu ale jiste dari osekavat, je tam toho hodne a jeste kvalitni a odolna havet

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  FCopy::
  c:\windows\ServicePackFiles\i386\ctfmon.exe | c:\windows\System32\ctfmon.exe
  
  Driver::
  vToolbarUpdater18.0.5
  PanService
  cdiskdun
  
  Folder::
  c:\windows\system32\NT Kernel
  c:\program files\Common Files\AVG Secure Search
  c:\Program Files\PANDORA.TV
  c:\program files\Get Styles
  c:\documents and settings\Administrator\Data aplikací\SiteFinder
  c:\documents and settings\Administrator\Data aplikací\SimilarSites
  c:\program files\SiteFinder
  
  File::
  c:\windows\Tasks\Adobe Flash Player Updater.job
  2014-03-29 c:\windows\Tasks\AdobeAAMUpdater-1.0-JIRKA-B0E4AC879-Administrator.job
  2014-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.jobc:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.exe.lnk
  c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk
  
  Registry::
  [-HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
  
  Firefox::
  FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\akhpfps6.default-1382997821843\
  FF - user.js: extensions.buenosearch.tlbrSrchUrl - hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=7C5E001D7DA8044A&affID=128492&tsp=5201
  FF - user.js: extensions.buenosearch.tb_url - hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=7C5E001D7DA8044A&affID=128492&tsp=5201
  FF - user.js: extensions.buenosearch.id - 7c5ecf1b000000000000001d7da8044a
  FF - user.js: extensions.buenosearch.appId - {37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}
  FF - user.js: extensions.buenosearch.instlDay - 16158
  FF - user.js: extensions.buenosearch.vrsn - 1.8.28.7
  FF - user.js: extensions.buenosearch.vrsni - 1.8.28.7
  FF - user.js: extensions.buenosearch.vrsnTs - 1.8.28.713:16
  FF - user.js: extensions.buenosearch.prtnrId - buenosearch
  FF - user.js: extensions.buenosearch.prdct - buenosearch
  FF - user.js: extensions.buenosearch.aflt - babsst
  FF - user.js: extensions.buenosearch.smplGrp - none
  FF - user.js: extensions.buenosearch.tlbrId - base
  FF - user.js: extensions.buenosearch.instlRef - sst
  FF - user.js: extensions.buenosearch.dfltLng - en
  FF - user.js: extensions.buenosearch.excTlbr - false
  FF - user.js: extensions.buenosearch.ffxUnstlRst - true
  FF - user.js: extensions.buenosearch.admin - false
  FF - user.js: extensions.buenosearch.autoRvrt - false
  FF - user.js: extensions.buenosearch.rvrt - false
  FF - user.js: extensions.buenosearch.newTab - false
  
  DDS::
  IE: {{CCC7B152-1D8C-11E3-B2AD-F3EF3D58318D} - {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} -
  Trusted Zone: clonewarsadventures.com
  Trusted Zone: freerealms.com
  Trusted Zone: soe.com
  Trusted Zone: sony.com
  Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll
  
  RegLockDel::
  [HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2]
  [HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
  
  RegLock::
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  [HKEY_USERS\S-1-5-21-57989841-616249376-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
  [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[OWN3D]

ComboFix 14-03-24.01 - Administrator 30.03.2014 12:46:20.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1417 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
FILE ::
"c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.exe.lnk"
"c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk"
"c:\windows\Tasks\Adobe Flash Player Updater.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\AVG Secure Search
c:\program files\Common Files\AVG Secure Search\CommonInstaller\10.0.6\CommonInstaller.exe
c:\program files\Common Files\AVG Secure Search\CommonInstaller\10.2.0\CommonInstaller.exe
c:\program files\Common Files\AVG Secure Search\CommonInstaller\11.0.2\CommonInstaller.exe
c:\program files\Common Files\AVG Secure Search\CommonInstaller\11.1.0\CommonInstaller.exe
c:\program files\Common Files\AVG Secure Search\CommonInstaller\11.2.0\CommonInstaller.exe
c:\program files\Common Files\AVG Secure Search\CommonInstaller\12.2.6\CommonInstaller.exe
c:\program files\Common Files\AVG Secure Search\CommonInstaller\8.0.1\CommonInstaller.exe
c:\program files\Common Files\AVG Secure Search\CommonInstaller\9.0.1\CommonInstaller.exe
c:\program files\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll
c:\program files\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
c:\program files\Common Files\AVG Secure Search\DNTInstaller\14.0.1\avgdttbx.dll
c:\program files\Common Files\AVG Secure Search\DNTInstaller\14.1.7\avgdttbx.dll
c:\program files\Common Files\AVG Secure Search\DNTInstaller\14.2.0\avgdttbx.dll
c:\program files\Common Files\AVG Secure Search\DNTInstaller\15.2.0\avgdttbx.dll
c:\program files\Common Files\AVG Secure Search\DNTInstaller\15.3.0\avgdttbx.dll
c:\program files\Common Files\AVG Secure Search\DNTInstaller\15.4.0\avgdttbx.dll
c:\program files\Common Files\AVG Secure Search\DNTInstaller\15.5.0\avgdttbx.dll
c:\program files\Common Files\AVG Secure Search\DNTInstaller\17.0.1\avgdttbx.dll
c:\program files\Common Files\AVG Secure Search\DNTInstaller\17.0.12\avgdttbx.dll
c:\program files\Common Files\AVG Secure Search\DNTInstaller\17.1.2\avgdttbx.dll
c:\program files\Common Files\AVG Secure Search\DNTInstaller\17.2.0\avgdttbx.dll
c:\program files\Common Files\AVG Secure Search\DNTInstaller\17.3.0\avgdttbx.dll
c:\program files\Common Files\AVG Secure Search\DNTInstaller\18.0.0\avgdttbx.dll
c:\program files\Common Files\AVG Secure Search\DNTInstaller\18.0.5\avgdttbx.dll
c:\program files\Common Files\AVG Secure Search\DriverInstaller\12.2.6\DriverInstaller.exe
c:\program files\Common Files\AVG Secure Search\DriverInstaller\13.2.0\DriverInstaller.exe
c:\program files\Common Files\AVG Secure Search\DriverInstaller\14.0.1\DriverInstaller.exe
c:\program files\Common Files\AVG Secure Search\DriverInstaller\14.1.7\DriverInstaller.exe
c:\program files\Common Files\AVG Secure Search\DriverInstaller\14.2.0\DriverInstaller.exe
c:\program files\Common Files\AVG Secure Search\DriverInstaller\15.2.0\DriverInstaller.exe
c:\program files\Common Files\AVG Secure Search\DriverInstaller\15.3.0\DriverInstaller.exe
c:\program files\Common Files\AVG Secure Search\DriverInstaller\15.4.0\DriverInstaller.exe
c:\program files\Common Files\AVG Secure Search\DriverInstaller\15.5.0\DriverInstaller.exe
c:\program files\Common Files\AVG Secure Search\DriverInstaller\17.0.1\DriverInstaller.exe
c:\program files\Common Files\AVG Secure Search\DriverInstaller\17.0.12\DriverInstaller.exe
c:\program files\Common Files\AVG Secure Search\DriverInstaller\17.1.2\DriverInstaller.exe
c:\program files\Common Files\AVG Secure Search\DriverInstaller\17.2.0\DriverInstaller.exe
c:\program files\Common Files\AVG Secure Search\DriverInstaller\17.3.0\DriverInstaller.exe
c:\program files\Common Files\AVG Secure Search\DriverInstaller\18.0.0\DriverInstaller.exe
c:\program files\Common Files\AVG Secure Search\DriverInstaller\18.0.5\DriverInstaller.exe
c:\program files\Common Files\AVG Secure Search\InstalledProducts.ini
c:\program files\Common Files\AVG Secure Search\NativeBrowserApi\17.2.0\NativeBrowserApi.dll
c:\program files\Common Files\AVG Secure Search\NativeBrowserApi\17.3.0\NativeBrowserApi.dll
c:\program files\Common Files\AVG Secure Search\NativeBrowserApi\18.0.0\NativeBrowserApi.dll
c:\program files\Common Files\AVG Secure Search\NativeBrowserApi\18.0.5\NativeBrowserApi.dll
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\14.0.1\AVGRewardsWorker.dll
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\14.1.7\AVGRewardsWorker.dll
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\14.2.0\AVGRewardsWorker.dll
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\15.2.0\AVGRewardsWorker.cfg
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\15.2.0\AVGRewardsWorker.dll
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\15.3.0\AVGRewardsWorker.cfg
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\15.3.0\AVGRewardsWorker.dll
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\15.3.0\helper.dll
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\15.4.0\AVGRewardsWorker.cfg
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\15.4.0\AVGRewardsWorker.dll
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\15.4.0\helper.dll
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\15.5.0\AVGRewardsWorker.cfg
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\15.5.0\AVGRewardsWorker.dll
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\15.5.0\helper.dll
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\17.0.1\AVGRewardsWorker.cfg
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\17.0.1\AVGRewardsWorker.dll
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\17.0.1\helper.dll
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\17.0.12\AVGRewardsWorker.cfg
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\17.0.12\AVGRewardsWorker.dll
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\17.0.12\helper.dll
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\17.1.2\AVGRewardsWorker.cfg
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\17.1.2\AVGRewardsWorker.dll
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\17.1.2\helper.dll
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\10.0.6\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\10.2.0\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\11.0.2\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\11.1.0\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\12.2.6\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\13.2.0\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\14.0.1\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\14.1.7\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\14.2.0\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\15.2.0\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\15.3.0\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\15.4.0\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\15.5.0\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\17.0.1\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\17.0.12\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\17.1.2\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\17.2.0\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\17.3.0\manifest.json
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\17.3.0\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\18.0.0\manifest.json
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\18.0.0\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\18.0.5\manifest.json
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\18.0.5\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\8.0.1\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\9.0.1\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.1.7\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.1.7\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.1\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.1\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\10.0.6\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\10.2.0\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\11.0.2\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\11.1.0\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\11.2.0\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\12.2.6\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\13.2.0\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\14.0.1\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\14.1.7\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\14.2.0\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\15.2.0\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\15.3.0\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\15.4.0\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\15.5.0\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\17.0.1\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\17.0.12\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\17.1.2\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\17.2.0\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\17.3.0\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\18.0.0\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\18.0.5\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\8.0.1\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\9.0.1\toolband
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.1.7\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.1\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\log4cplusU.dll
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\log4cplusU.dll
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\log4cplusU.dll
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\log4cplusU.dll
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\loggingserver.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\log4cplusU.dll
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\log4cplusU.dll
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\log4cplusU.dll
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\log4cplusU.dll
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\updater.xml
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\log4cplusU.dll
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\updater.xml
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\UpdaterConfig.ini
c:\program files\Get Styles
c:\program files\Get Styles\ct.htm
c:\program files\Get Styles\enlbrdr.dll
c:\program files\Get Styles\hoticon.ico
c:\program files\Get Styles\Thumbs.db
c:\program files\Get Styles\tomapi.js
c:\program files\Get Styles\tommain.js
c:\program files\Get Styles\uninstall.exe
c:\program files\PANDORA.TV
c:\program files\PANDORA.TV\PanService\avcodec-53.dll
c:\program files\PANDORA.TV\PanService\avformat-53.dll
c:\program files\PANDORA.TV\PanService\avutil-51.dll
c:\program files\PANDORA.TV\PanService\crossdomain.xml
c:\program files\PANDORA.TV\PanService\killp.exe
c:\program files\PANDORA.TV\PanService\libupnp.dll
c:\program files\PANDORA.TV\PanService\msvcp100.dll
c:\program files\PANDORA.TV\PanService\msvcr100.dll
c:\program files\PANDORA.TV\PanService\noname.gif
c:\program files\PANDORA.TV\PanService\PanConf.ini
c:\program files\PANDORA.TV\PanService\PandoraService.exe
c:\program files\PANDORA.TV\PanService\PanElevateExecutor.exe
c:\program files\PANDORA.TV\PanService\PanServiceStarter.exe
c:\program files\PANDORA.TV\PanService\PanStreamer.dll
c:\program files\PANDORA.TV\PanService\Proxy.dll
c:\program files\PANDORA.TV\PanService\pthreadVC2.dll
c:\program files\PANDORA.TV\PanService\unins000.dat
c:\program files\PANDORA.TV\PanService\unins000.exe
c:\program files\PANDORA.TV\PanService\UnistAX.exe
c:\program files\SiteFinder
c:\program files\SiteFinder\btn.ico
c:\program files\SiteFinder\hotbtn.ico
c:\program files\SiteFinder\SiteFinder_new.dll
c:\program files\SiteFinder\sitefinder_uninstaller.exe
c:\program files\SiteFinder\ToolbarData.ini
c:\windows\system32\NT Kernel
c:\windows\system32\NT Kernel\324234.TMP
.
.
--------------- FCopy ---------------
.
c:\windows\ServicePackFiles\i386\ctfmon.exe --> c:\windows\System32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CDISKDUN
-------\Legacy_PANSERVICE
-------\Legacy_VTOOLBARUPDATER18.0.5
-------\Service_cdiskdun
-------\Service_PanService
-------\Service_vToolbarUpdater18.0.5
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-28 do 2014-03-30 )))))))))))))))))))))))))))))))
.
.
2014-03-30 10:46 . 2008-04-14 07:52 15360 -c--a-w- c:\windows\system32\dllcache\ctfmon.exe
2014-03-30 10:46 . 2008-04-14 07:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
2014-03-30 10:17 . 2014-03-30 10:17 -------- d-----w- c:\windows\LastGood.Tmp
2014-03-30 08:38 . 2014-03-30 09:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)
2014-03-30 08:38 . 2014-03-30 08:38 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-30 08:37 . 2014-03-30 08:37 52312 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-29 19:59 . 2014-03-29 19:59 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\SiteFinder
2014-03-29 13:54 . 2014-03-29 13:54 -------- d-----w- C:\rsit
2014-03-29 13:54 . 2014-03-29 13:54 -------- d-----w- c:\program files\trend micro
2014-03-29 12:26 . 2014-03-30 08:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2014-03-29 12:16 . 2014-03-29 12:16 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\SimilarSites
2014-03-29 11:50 . 2014-03-29 11:50 241 ----a-w- c:\documents and settings\Administrator\Data aplikací\Dota2.bat
2014-03-23 12:25 . 2014-03-23 12:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\PAYDAY 2
2014-03-11 23:27 . 2014-03-11 23:33 -------- d-----w- c:\program files\NHL 09
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-23 14:45 . 2011-06-03 12:54 282296 ----a-w- c:\windows\system32\PnkBstrB.exe
2014-03-23 14:45 . 2010-04-24 12:26 282296 ----a-w- c:\windows\system32\PnkBstrB.xtr
2014-03-23 13:36 . 2011-06-03 12:54 139648 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2014-03-23 13:34 . 2011-06-03 12:54 282296 ----a-w- c:\windows\system32\PnkBstrB.ex0
2014-03-21 07:20 . 2012-08-30 21:37 42272 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-03-12 18:06 . 2012-05-31 11:49 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-12 18:06 . 2011-08-10 19:10 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"PES"="c:\program files\Pro Evolution Soccer 2010\pes.exe" [BU]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-10-21 113664]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-10-21 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\EA Games\\Battlefield Heroes\\BFHeroes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Half-Life\\hl.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dota 2 beta\\dota.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19.4.2012 4:50 24896]
R0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [30.3.2014 10:38 107224]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 17:11 35328]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11.7.2011 2:14 302368]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [30.8.2012 23:37 42272]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [20.12.2012 18:30 242240]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [5.9.2012 15:08 33824]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [12.3.2014 0:36 193696]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [27.8.2009 18:09 1253376]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [5.8.2011 13:44 2560]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [9.10.2013 10:58 3275136]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys --> c:\windows\system32\DRIVERS\vmci.sys [?]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14.2.2012 4:53 193288]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5.9.2013 11:34 171680]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28.11.2009 17:10 1684736]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [12.3.2014 0:36 247968]
S3 Cbimlau;Cbimlau;c:\windows\system32\drivers\nwlnkspx.sys [25.10.2001 13:00 55936]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [7.8.2008 12:10 3276800]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [3.2.2010 19:05 47360]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [1.7.2010 14:21 34896]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 14:37 517096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 18:21 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-03-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-31 18:06]
.
2014-03-29 c:\windows\Tasks\AdobeAAMUpdater-1.0-JIRKA-B0E4AC879-Administrator.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-12-30 16:23]
.
2014-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-04 07:12]
.
2014-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-04 07:12]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uCustomizeSearch = hxxp://www.Google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\Administrator\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Od&eslat do aplikace OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Administrator\Nabídka Start\Programy\IMVU\Run IMVU.lnk
IE: {{CCC7B152-1D8C-11E3-B2AD-F3EF3D58318D} - {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} -
TCP: Interfaces\{F3CF876A-EBAD-46B0-8557-2A5CD20A0177}: NameServer = 1.1.1.17,1.1.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\akhpfps6.default-1382997821843\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-4F6D5E84-5826-4394-9F40-3A9A19165651_is1 - c:\program files\PANDORA.TV\PanService\unins000.exe
AddRemove-Get Styles - c:\program files\Get Styles\uninstall.exe
AddRemove-SiteFinder - c:\program files\SiteFinder\sitefinder_uninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-30 13:00
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-57989841-616249376-839522115-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings]
@Denied: (2) (Administrator)
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,c9,e0,20,43,a1,23,f2,
e3
"2"=hex:f1,df,16,de,80,08,0e,2a,78,a4,28,cb,d2,56,ff,58,a6,09,d8,fb,43,e9,d5,
e7,16,83,71,61,5d,be,d8,25
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,2b,92,4b,0d,22,14,9d,
cb,e3,f8,73,90,7d,a4,36,0d,7e,db,3a,16,4c,1a,45,81,b1,a5,77,31,f5,50,d6,e8
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,36,d7,56,53,fe,9f,3d,f9
"2"=hex:8c,23,2d,03,75,bd,a0,cd
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:6b,96,68,24,0f,2f,9e,94,e8,ce,54,f3,3b,80,63,3a,1b,c3,e7,ed,44,3a,1d,
97,9f,f9,03,77,68,81,1b,0c,34,a2,88,30,12,be,09,a0
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,73,7e,45,c6,9f,9e,10,
63,a0,2f,06,c2,a3,e9,62,70,90,4c,ec,d6,92,e1,28,ba,e5,5d,0d,25,ef,fb,b7,21,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1184)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3204)
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MI1933~1\Office14\1029\GrooveIntlResource.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\System32\TUProgSt.exe
.
**************************************************************************
.
Celkový čas: 2014-03-30 13:03:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-03-30 11:02
ComboFix2.txt 2014-03-30 10:17
.
Před spuštěním: Volných bajtů: 20 831 256 576
Po spuštění: Volných bajtů: 20 720 738 304
.
- - End Of File - - 9DAEA013FD3ABA220473BE6571D72F97
413FC2A0C716421B3158746D63736515

[vyosek]

Jdeme dale

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

[OWN3D]

# AdwCleaner v3.022 - Report created 30/03/2014 at 13:43:44
# Updated 13/03/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - JIRKA-B0E4AC879
# Running from : C:\Documents and Settings\Administrator\Plocha\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\~0
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Ask
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\ICQ\ICQToolbar
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Premium
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\SweetIM
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Zoomex
[#] Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ICQ6Toolbar
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\Program Files\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Conduit
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\PackageAware
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Pokki
Folder Deleted : C:\Documents and Settings\Administrator\Data aplikací\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Administrator\Data aplikací\Babylon
Folder Deleted : C:\Documents and Settings\Administrator\Data aplikací\dvdvideosoftiehelpers
Folder Deleted : C:\Documents and Settings\Administrator\Data aplikací\eType
Folder Deleted : C:\Documents and Settings\Administrator\Data aplikací\OpenCandy
Folder Deleted : C:\Documents and Settings\Administrator\Data aplikací\searchresultstb
Folder Deleted : C:\Documents and Settings\Administrator\Data aplikací\SimilarSites
Folder Deleted : C:\Documents and Settings\Administrator\Data aplikací\Toolbar4
Folder Deleted : C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\akhpfps6.default-1382997821843\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Folder Deleted : C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\akhpfps6.default-1382997821843\Extensions\sitefinder@sitefinder.com
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\akhpfps6.default-1382997821843\invalidprefs.js
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\akhpfps6.default-1382997821843\searchplugins\buenosearch.xml
File Deleted : C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\akhpfps6.default-1382997821843\user.js
File Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKCU\Software\Classes\*\shell\pokki
Key Deleted : HKCU\Software\Classes\Folder\shell\pokki
Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFile3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKCU\Software\5c55db8ce76aed13
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1098640
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3225826
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5E50AE1D-BC76-418B-94C4-EFEAC0CEF80C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD5175E2-7CC1-418C-B66C-0AB95DAD4103}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{43B4B831-F41F-4F73-8F14-4FFF0BA75B1B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D9463CD-BBD8-42F4-AB72-D7B1191D9F3D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDE58274-7A2A-4682-8C47-A379DD9E36CB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FD5CD67F-DA82-6C3B-A049-4E82BBB6B6E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\dt soft\daemon tools toolbar
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\PrivitizeVPNInstallDates
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Mozilla Firefox v28.0 (cs)

[ File : C:\Documents and Settings\Jura\Data aplikací\Mozilla\Firefox\Profiles\xrl50afb.default\prefs.js ]

Line Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Data aplikací\\AVG Secure Search\\10.0.0.7");
Line Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7Bc0723a65-8cb6-4e18-b32e-7bf10e483b66%7D&mid=c6cc39f7bb3a05e50c90c2db840ae436-e8019d83d8a0ae9203ccee91448294dcff72f5b2&ds=AVG&v=10.0.0.7&l[...]

[ File : C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\akhpfps6.default-1382997821843\prefs.js ]


*************************

AdwCleaner[R0].txt - [14683 octets] - [30/03/2014 13:42:32]
AdwCleaner[S0].txt - [14782 octets] - [30/03/2014 13:43:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14843 octets] ##########

[vyosek]

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  emptyclsid;
  iedefaults;
  FFdefaults;
  CHRdefaults;
  emptyalltemp;
  resethosts;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

[OWN3D]

Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Administrator on ne 30.03.2014 at 14:10:01,10.
Systém Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Administrator\Plocha\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

30.3.2014 14:12:48 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-57989841-616249376-839522115-500\Software\Microsoft\Internet Explorer\SearchScopes\{1B44FD68-52A8-4EAA-9CBD-EE1BB2B17F06} deleted successfully
HKEY_USERS\S-1-5-21-57989841-616249376-839522115-500\Software\Microsoft\Internet Explorer\SearchScopes\{54AB3E84-EE0F-4E1F-AB44-4710AD95A97B} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks\{CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\jqs@sun.com deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Documents and Settings\ADMINI~1\Data aplikací\Mozilla\Firefox\Profiles\akhpfps6.default-1382997821843\prefs.js:
user_pref("browser.startup.homepage", "http://www.seznam.cz/");
user_pref("browser.search.useDBForOrder", "false");

Added to C:\Documents and Settings\ADMINI~1\Data aplikací\Mozilla\Firefox\Profiles\akhpfps6.default-1382997821843\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Documents and Settings\ADMINI~1\Data aplikací\Mozilla\SeaMonkey\Profiles\j314rxtk.default\prefs.js:
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CSeaMonkey%5Csearchplugins%5Cgoogle.src");

Added to C:\Documents and Settings\ADMINI~1\Data aplikací\Mozilla\SeaMonkey\Profiles\j314rxtk.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Documents and Settings\Jura\Data aplikací\Mozilla\Firefox\Profiles\xrl50afb.default\prefs.js:

Added to C:\Documents and Settings\Jura\Data aplikací\Mozilla\Firefox\Profiles\xrl50afb.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Documents and Settings\ADMINI~1\Data aplikací\Mozilla\Firefox\Profiles\akhpfps6.default-1382997821843

user.js not found
---- Lines jqs@sun.com modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"c:\\\\
---- FireFox user.js and prefs.js backups ----

prefs_30.03.2014_1426_.backup

ProfilePath: C:\Documents and Settings\ADMINI~1\Data aplikací\Mozilla\SeaMonkey\Profiles\j314rxtk.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_30.03.2014_1426_.backup

ProfilePath: C:\Documents and Settings\Jura\Data aplikací\Mozilla\Firefox\Profiles\xrl50afb.default

user.js not found
---- Lines jqs@sun.com modified from prefs.js ----

user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26,{20a82645-c095-46ed-80e3-08825760534b}:1.1,jqs@sun.com:1.0,{1E7396
---- FireFox user.js and prefs.js backups ----

prefs_30.03.2014_1426_.backup

==== Deleting Files \ Folders ======================

C:\Program Files\Mozilla Firefox\defaults\preferences\pref.js deleted
C:\Program Files\Common Files\DVDVideoSoft\bin deleted
C:\Program Files\EvilLyrics deleted
C:\Documents and Settings\Administrator\Data aplikací\Dota2.bat deleted
C:\Documents and Settings\Administrator\Data aplikací\GetRightToGo deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\ICQ deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\CloudSoft deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\InstallMate deleted
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\CRE deleted
C:\Documents and Settings\Jura\Data aplikací\Mozilla\Firefox\Profiles\xrl50afb.default\kmpmediatoolbar deleted
C:\Documents and Settings\Jura\Data aplikací\Mozilla\Firefox\Profiles\xrl50afb.default\extensions\{daf5b34c-1aa3-4c33-ae24-766a370635d2} deleted
"C:\Documents and Settings\Administrator\Data aplikací\Vso" deleted
"C:\Documents and Settings\Administrator\Data aplikací\temp" deleted
"C:\Documents and Settings\Administrator\Data aplikací\VMware" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"="C:\Program Files\AVG\AVG2012\Firefox4" [30.01.2013 16:53]

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\ADMINI~1\Data aplikací\Mozilla\Firefox\Profiles\akhpfps6.default-1382997821843
- Undetermined - C:\Documents and Settings\Administrator\Data aplikacĂ­\Mozilla\Firefox\Profiles\akhpfps6.default-1382997821843\extensions\battlefieldheroespatcher@ea.com
- Battlefield Heroes Updater - %ProfilePath%\extensions\battlefieldheroespatcher@ea.com

ProfilePath: C:\Documents and Settings\ADMINI~1\Data aplikací\Mozilla\SeaMonkey\Profiles\j314rxtk.default
- Undetermined - C:\Documents and Settings\Administrator\Data aplikacĂ­\Mozilla\SeaMonkey\Profiles\j314rxtk.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
- Undetermined - C:\Documents and Settings\Administrator\Data aplikacĂ­\Mozilla\SeaMonkey\Profiles\j314rxtk.default\extensions\inspector@mozilla.org
- Undetermined - C:\Program Files\SeaMonkey\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}
- Undetermined - C:\Program Files\SeaMonkey\extensions\modern@themes.mozilla.org
- DOM Inspector - %ProfilePath%\extensions\inspector@mozilla.org
- ChatZilla - %ProfilePath%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}

ProfilePath: C:\Documents and Settings\Jura\Data aplikací\Mozilla\Firefox\Profiles\xrl50afb.default
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
- Undetermined - C:\Documents and Settings\Jura\Data aplikacĂ­\Mozilla\Firefox\Profiles\xrl50afb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
- AVG Safe Search - C:\Program Files\AVG\AVG2012\Firefox4
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
- Undetermined - C:\Documents and Settings\All Users\Data aplikacĂ­\AVG Secure Search\10.0.0.7
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

AppDir: C:\Program Files\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\akhpfps6.default-1382997821843
95812430959AE88CDD0301AB3A71913B - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll - Shockwave Flash
A9C86900D2A61728C8326FE7147617C5 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll - Google Update
5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
F833DD5D8F959819F44BC98F47B1B6BB - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
65D09D8BC91D74C8800725EB33D1EE1B - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
36FBE76F4F51396B0F70FC95CD7481D2 - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll - Pando Web Plugin
9013599B12923A45C029C34E8D2211AC - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.1.0.30401.0.dll - Silverlight Plug-In
9013599B12923A45C029C34E8D2211AC - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll - Silverlight Plug-In
A878453A1714870EAADA83E6434BDB77 - C:\Program Files\Java\jre6\bin\plugin2\npdeployJava1.dll - Java Deployment Toolkit 6.0.310.5
34E3709244736B8976820F730E5A8815 - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll - Java(TM) Platform SE 6 U31
2134E14DFB56952F548487898AE63A89 - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
45D7F2FABDFD500E3C35DC068B552544 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
7E54D1EC87CE306CB1A26CE59AFE6E37 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
D33D39A318AEA70691CED7530E2D9DF9 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
CFBC726A1712BD8DC9914EA06DBCE20B - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
BF2AD333C79072EEBE5AE0D72670E64E - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrlui.dll - Microsoft® Silverlight


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cjaapoimdmahlodaejedekclbomdgnpi - C:\Documents and Settings\All Users\Data aplikací\Zoomex\cjaapoimdmahlodaejedekclbomdgnpi.crx[]
dknkjnkhedbanphkkpbpcgoblmkbfhlf - C:\Documents and Settings\Administrator\Local Settings\Data aplikací\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[09.10.2013 10:59]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
dknkjnkhedbanphkkpbpcgoblmkbfhlf - C:\Documents and Settings\Administrator\Local Settings\Data aplikací\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx[]
nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Documents and Settings\Administrator\Data aplikací\DVDVideoSoft\dvsYoutubeDownload.crx[07.02.2014 17:07]

Battlefield Heroes - Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh
Zoomex - Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\cjaapoimdmahlodaejedekclbomdgnpi
BitTorrentControl_v12 - Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Skype for Chromium - Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

==== Chrome Fix ======================

C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\cjaapoimdmahlodaejedekclbomdgnpi deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dknkjnkhedbanphkkpbpcgoblmkbfhlf_0.localstorage deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dknkjnkhedbanphkkpbpcgoblmkbfhlf_0.localstorage-journal deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\databases\chrome-extension_dknkjnkhedbanphkkpbpcgoblmkbfhlf_0 deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Search_URL"="http://www.google.com/ie"
"ICQ Search"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"CustomizeSearch"="http://www.Google.com/"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"ICQ Search"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... {startPage}"
{83B7857D-38FF-407B-A054-B975E89E625D} The Pirate Bay Url="http://thepiratebay.org/search/{searchTerms}"
{EAEF9F1D-EDB2-4C97-A8A7-66F74C8D4B76} Torrentz Search Url="http://www.torrentz.com/search?q={searchTerms}"
{FBBC760F-F8FD-434D-8E0B-A06B1CE1288E} Mininova Url="http://www.mininova.org/search/?search={searchTerms}"
{FBBC760F-F8FD-434D-8E0B-A06B1CE1288E} Mininova Url="http://www.mininova.org/search/?search={searchTerms}"

==== Reset Google Chrome ======================

C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Chromium\User Data\Default\Preferences was reset successfully
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Chromium\User Data\Default\Web Data was reset successfully
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZoomEx deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9A457C9F-60CA-B8D3-5A38-28E841A65E69} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cjaapoimdmahlodaejedekclbomdgnpi deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\EvilLyrics deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\akhpfps6.default-1382997821843\Cache emptied successfully
C:\Documents and Settings\Jura\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\xrl50afb.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Chromium\User Data\Default\Cache emptied successfully
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2571 folders=433 51104337 bytes)

==== Empty Temp Folders ======================

C:\Documents and Settings\Administrator\Local Settings\temp will be emptied at reboot
C:\Documents and Settings\Default User\Local Settings\temp emptied successfully
C:\Documents and Settings\Jura\Local Settings\temp emptied successfully
C:\Documents and Settings\LocalService\Local Settings\temp emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on ne 30.03.2014 at 14:35:44,40 ======================

[vyosek]

Tak jak se dycha nasemu pacientovi??

Je uz na tom lepe??

Doporucuji vymenit AVG za nejaky poradny antivir - napr. Avast Free

[OWN3D]

Řekl bych že je na tom líp jen díky vám. Právě instaluji Avast tak snad to bude lepší. Každopádně děkuji za pomoc a za ochotu. DÍKY

[vyosek]

Nainstalujte Avast

Dejte log z FRST http://forum.viry.cz/viewtopic.php?f=24&t=132509 at se podivame po pripadnych zbytcich