VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Odepřený přístup k Antivirům

https://forum.viry.cz:443/viewtopic.php?t=137140

Stránka 2 z 2

Re: Odepřený přístup k Antivirům

Napsal: 30 bře 2014 11:15
od OWN3D
Při spuštění Rkillu se po chvilce objeví neodesílat

Log z ComboFixu

ComboFix 14-03-24.01 - Administrator 30.03.2014 11:56:01.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1483 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Autorun.inf
c:\documents and settings\Administrator\7658354235994425565
c:\documents and settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjaapoimdmahlodaejedekclbomdgnpi_0.localstorage-journal
c:\documents and settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjaapoimdmahlodaejedekclbomdgnpi_0.localstorage
c:\documents and settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences
c:\documents and settings\Administrator\WINDOWS
c:\program files\FunWebProducts
c:\program files\SiteFinder\SiTEfinder.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\05b1892db48f102b.fb
c:\windows\system32\Cache\11f2d02cd649c290.fb
c:\windows\system32\Cache\16c03b9905469350.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\324247c35a83e8d0.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\42227b8187babc4f.fb
c:\windows\system32\Cache\4ca98c6425ced4e6.fb
c:\windows\system32\Cache\4daea1c9ba07f086.fb
c:\windows\system32\Cache\50dd5df1296a4dcb.fb
c:\windows\system32\Cache\51a10f172dbad369.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\5d1ad1d1c82cdf0e.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\6fefbc24352e05c5.fb
c:\windows\system32\Cache\70f0da928694eb9d.fb
c:\windows\system32\Cache\7a3b9bb0737541c1.fb
c:\windows\system32\Cache\7e3a098d88bbef12.fb
c:\windows\system32\Cache\858ab56dc9e65449.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\99bd6a8083bb8ba1.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\ad9fe5961d448035.fb
c:\windows\system32\Cache\b6639a2d32b393aa.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\cbd75849f6297d97.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d39e5fd2890a5f23.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\d7df4eeee6eb56c8.fb
c:\windows\system32\Cache\dc6e050e6bc227e4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\Cache\fdfc65370fc3be57.fb
c:\windows\system32\ctfmon.exe
c:\windows\system32\tmp10C0.tmp
c:\windows\system32\tmp26A.tmp
c:\windows\system32\tmp26B.tmp
c:\windows\system32\tmp2BC.tmp
c:\windows\system32\tmp2BD.tmp
c:\windows\system32\tmp98.tmp
c:\windows\system32\tmp99.tmp
c:\windows\system32\tmpB3F.tmp
c:\windows\system32\tmpE8.tmp
c:\windows\system32\tmpE9.tmp
c:\windows\system32\tmpF3.tmp
c:\windows\system32\tmpF4.tmp
c:\windows\system32\win32
c:\windows\system32\win32\klog.dat
c:\windows\system32\winupd
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-28 do 2014-03-30 )))))))))))))))))))))))))))))))
.
.
2014-03-30 09:27 . 2014-03-30 09:27 -------- d-----w- c:\windows\LastGood.Tmp
2014-03-30 08:38 . 2014-03-30 09:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)
2014-03-30 08:38 . 2014-03-30 08:38 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-30 08:37 . 2014-03-30 08:37 52312 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-29 19:59 . 2014-03-29 19:59 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\SiteFinder
2014-03-29 13:54 . 2014-03-29 13:54 -------- d-----w- C:\rsit
2014-03-29 13:54 . 2014-03-29 13:54 -------- d-----w- c:\program files\trend micro
2014-03-29 12:26 . 2014-03-30 08:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2014-03-29 12:16 . 2014-03-30 10:05 -------- d-----w- c:\program files\SiteFinder
2014-03-29 12:16 . 2014-03-29 12:16 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\SimilarSites
2014-03-29 11:50 . 2014-03-30 09:07 -------- d-sh--w- c:\windows\system32\NT Kernel
2014-03-29 11:50 . 2014-03-29 11:50 241 ----a-w- c:\documents and settings\Administrator\Data aplikací\Dota2.bat
2014-03-23 12:25 . 2014-03-23 12:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\PAYDAY 2
2014-03-11 23:27 . 2014-03-11 23:33 -------- d-----w- c:\program files\NHL 09
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-23 14:45 . 2011-06-03 12:54 282296 ----a-w- c:\windows\system32\PnkBstrB.exe
2014-03-23 14:45 . 2010-04-24 12:26 282296 ----a-w- c:\windows\system32\PnkBstrB.xtr
2014-03-23 13:36 . 2011-06-03 12:54 139648 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2014-03-23 13:34 . 2011-06-03 12:54 282296 ----a-w- c:\windows\system32\PnkBstrB.ex0
2014-03-21 07:20 . 2012-08-30 21:37 42272 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-03-12 18:06 . 2012-05-31 11:49 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-12 18:06 . 2011-08-10 19:10 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe
[7] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
.
c:\windows\System32\ctfmon.exe ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-02-11 07:58 185856 ----a-w- c:\program files\Get Styles\enlbrdr.dll
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-10-21 113664]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-10-21 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\EA Games\\Battlefield Heroes\\BFHeroes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Half-Life\\hl.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dota 2 beta\\dota.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19.4.2012 4:50 24896]
R0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [30.3.2014 10:38 107224]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 17:11 35328]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11.7.2011 2:14 302368]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [30.8.2012 23:37 42272]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [20.12.2012 18:30 242240]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [5.9.2012 15:08 33824]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [12.3.2014 0:36 193696]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [27.8.2009 18:09 1253376]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [5.8.2011 13:44 2560]
R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [7.8.2012 16:52 625816]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [9.10.2013 10:58 3275136]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys --> c:\windows\system32\DRIVERS\vmci.sys [?]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14.2.2012 4:53 193288]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5.9.2013 11:34 171680]
S2 vToolbarUpdater18.0.5;vToolbarUpdater18.0.5;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [21.3.2014 9:20 1771032]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28.11.2009 17:10 1684736]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [12.3.2014 0:36 247968]
S3 Cbimlau;Cbimlau;c:\windows\system32\drivers\nwlnkspx.sys [25.10.2001 13:00 55936]
S3 cdiskdun;cdiskdun;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cdiskdun.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cdiskdun.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [7.8.2008 12:10 3276800]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [3.2.2010 19:05 47360]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [1.7.2010 14:21 34896]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 14:37 517096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 18:21 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-03-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-31 18:06]
.
2014-03-29 c:\windows\Tasks\AdobeAAMUpdater-1.0-JIRKA-B0E4AC879-Administrator.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-12-30 16:23]
.
2014-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-04 07:12]
.
2014-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-04 07:12]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uCustomizeSearch = hxxp://www.Google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\Administrator\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Od&eslat do aplikace OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Administrator\Nabídka Start\Programy\IMVU\Run IMVU.lnk
IE: {{CCC7B152-1D8C-11E3-B2AD-F3EF3D58318D} - {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} -
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{F3CF876A-EBAD-46B0-8557-2A5CD20A0177}: NameServer = 1.1.1.17,1.1.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\akhpfps6.default-1382997821843\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - user.js: extensions.buenosearch.tlbrSrchUrl - hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5201
FF - user.js: extensions.buenosearch.tb_url - hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5201
FF - user.js: extensions.buenosearch.id - 7c5ecf1b000000000000001d7da8044a
FF - user.js: extensions.buenosearch.appId - {37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}
FF - user.js: extensions.buenosearch.instlDay - 16158
FF - user.js: extensions.buenosearch.vrsn - 1.8.28.7
FF - user.js: extensions.buenosearch.vrsni - 1.8.28.7
FF - user.js: extensions.buenosearch.vrsnTs - 1.8.28.713:16
FF - user.js: extensions.buenosearch.prtnrId - buenosearch
FF - user.js: extensions.buenosearch.prdct - buenosearch
FF - user.js: extensions.buenosearch.aflt - babsst
FF - user.js: extensions.buenosearch.smplGrp - none
FF - user.js: extensions.buenosearch.tlbrId - base
FF - user.js: extensions.buenosearch.instlRef - sst
FF - user.js: extensions.buenosearch.dfltLng - en
FF - user.js: extensions.buenosearch.excTlbr - false
FF - user.js: extensions.buenosearch.ffxUnstlRst - true
FF - user.js: extensions.buenosearch.admin - false
FF - user.js: extensions.buenosearch.autoRvrt - false
FF - user.js: extensions.buenosearch.rvrt - false
FF - user.js: extensions.buenosearch.newTab - false
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
HKLM-Explorer_Run-PES - c:\program files\Pro Evolution Soccer 2010\pes.exe
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk - (no file)
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\RocketDock.lnk - (no file)
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\_uninst_77502439.lnk - (no file)
MSConfigStartUp-ctfmon - c:\windows\system32\ctfmon.exe
AddRemove-PhotoFiltre Studio X - c:\program files\PhotoFiltre Studio X\Uninst.exe
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-30 12:14
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,29,34,1b,57,09,95,76,46,bf,c4,30,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,29,34,1b,57,09,95,76,46,bf,c4,30,\
.
[HKEY_USERS\S-1-5-21-57989841-616249376-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,97,ca,79,19,28,7e,5c,47,97,26,31,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,97,ca,79,19,28,7e,5c,47,97,26,31,\
.
[HKEY_USERS\S-1-5-21-57989841-616249376-839522115-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings]
@Denied: (2) (Administrator)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,c9,e0,20,43,a1,23,f2,
e3
"2"=hex:f1,df,16,de,80,08,0e,2a,78,a4,28,cb,d2,56,ff,58,a6,09,d8,fb,43,e9,d5,
e7,16,83,71,61,5d,be,d8,25
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,2b,92,4b,0d,22,14,9d,
cb,e3,f8,73,90,7d,a4,36,0d,7e,db,3a,16,4c,1a,45,81,b1,a5,77,31,f5,50,d6,e8
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,36,d7,56,53,fe,9f,3d,f9
"2"=hex:8c,23,2d,03,75,bd,a0,cd
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:6b,96,68,24,0f,2f,9e,94,e8,ce,54,f3,3b,80,63,3a,1b,c3,e7,ed,44,3a,1d,
97,9f,f9,03,77,68,81,1b,0c,34,a2,88,30,12,be,09,a0
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,73,7e,45,c6,9f,9e,10,
63,a0,2f,06,c2,a3,e9,62,70,90,4c,ec,d6,92,e1,28,ba,e5,5d,0d,25,ef,fb,b7,21,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1184)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(4024)
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MI1933~1\Office14\1029\GrooveIntlResource.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2014-03-30 12:17:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-03-30 10:17
.
Před spuštěním: Volných bajtů: 19 027 943 424
Po spuštění: Volných bajtů: 21 302 296 576
.
- - End Of File - - E1F42651B9A871B90403A59CEB37C634
413FC2A0C716421B3158746D63736515

Re: Odepřený přístup k Antivirům

Napsal: 30 bře 2014 11:31
od vyosek
:arrow: OK, uz se nam to pomalu ale jiste dari osekavat, je tam toho hodne a jeste kvalitni a odolna havet :arcisit:

:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

FCopy::
c:\windows\ServicePackFiles\i386\ctfmon.exe | c:\windows\System32\ctfmon.exe

Driver::
vToolbarUpdater18.0.5
PanService
cdiskdun

Folder::
c:\windows\system32\NT Kernel
c:\program files\Common Files\AVG Secure Search
c:\Program Files\PANDORA.TV
c:\program files\Get Styles
c:\documents and settings\Administrator\Data aplikací\SiteFinder
c:\documents and settings\Administrator\Data aplikací\SimilarSites
c:\program files\SiteFinder

File::
c:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-29 c:\windows\Tasks\AdobeAAMUpdater-1.0-JIRKA-B0E4AC879-Administrator.job
2014-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.jobc:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.exe.lnk
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]

Firefox::
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\akhpfps6.default-1382997821843\
FF - user.js: extensions.buenosearch.tlbrSrchUrl - hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=7C5E001D7DA8044A&affID=128492&tsp=5201
FF - user.js: extensions.buenosearch.tb_url - hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=7C5E001D7DA8044A&affID=128492&tsp=5201
FF - user.js: extensions.buenosearch.id - 7c5ecf1b000000000000001d7da8044a
FF - user.js: extensions.buenosearch.appId - {37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}
FF - user.js: extensions.buenosearch.instlDay - 16158
FF - user.js: extensions.buenosearch.vrsn - 1.8.28.7
FF - user.js: extensions.buenosearch.vrsni - 1.8.28.7
FF - user.js: extensions.buenosearch.vrsnTs - 1.8.28.713:16
FF - user.js: extensions.buenosearch.prtnrId - buenosearch
FF - user.js: extensions.buenosearch.prdct - buenosearch
FF - user.js: extensions.buenosearch.aflt - babsst
FF - user.js: extensions.buenosearch.smplGrp - none
FF - user.js: extensions.buenosearch.tlbrId - base
FF - user.js: extensions.buenosearch.instlRef - sst
FF - user.js: extensions.buenosearch.dfltLng - en
FF - user.js: extensions.buenosearch.excTlbr - false
FF - user.js: extensions.buenosearch.ffxUnstlRst - true
FF - user.js: extensions.buenosearch.admin - false
FF - user.js: extensions.buenosearch.autoRvrt - false
FF - user.js: extensions.buenosearch.rvrt - false
FF - user.js: extensions.buenosearch.newTab - false

DDS::
IE: {{CCC7B152-1D8C-11E3-B2AD-F3EF3D58318D} - {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} -
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll

RegLockDel::
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2]
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_USERS\S-1-5-21-57989841-616249376-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

ClearJavaCache::

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Re: Odepřený přístup k Antivirům

Napsal: 30 bře 2014 11:59
od OWN3D
ComboFix 14-03-24.01 - Administrator 30.03.2014 12:46:20.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1417 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
FILE ::
"c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.exe.lnk"
"c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk"
"c:\windows\Tasks\Adobe Flash Player Updater.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\AVG Secure Search
c:\program files\Common Files\AVG Secure Search\CommonInstaller\10.0.6\CommonInstaller.exe
c:\program files\Common Files\AVG Secure Search\CommonInstaller\10.2.0\CommonInstaller.exe
c:\program files\Common Files\AVG Secure Search\CommonInstaller\11.0.2\CommonInstaller.exe
c:\program files\Common Files\AVG Secure Search\CommonInstaller\11.1.0\CommonInstaller.exe
c:\program files\Common Files\AVG Secure Search\CommonInstaller\11.2.0\CommonInstaller.exe
c:\program files\Common Files\AVG Secure Search\CommonInstaller\12.2.6\CommonInstaller.exe
c:\program files\Common Files\AVG Secure Search\CommonInstaller\8.0.1\CommonInstaller.exe
c:\program files\Common Files\AVG Secure Search\CommonInstaller\9.0.1\CommonInstaller.exe
c:\program files\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll
c:\program files\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
c:\program files\Common Files\AVG Secure Search\DNTInstaller\14.0.1\avgdttbx.dll
c:\program files\Common Files\AVG Secure Search\DNTInstaller\14.1.7\avgdttbx.dll
c:\program files\Common Files\AVG Secure Search\DNTInstaller\14.2.0\avgdttbx.dll
c:\program files\Common Files\AVG Secure Search\DNTInstaller\15.2.0\avgdttbx.dll
c:\program files\Common Files\AVG Secure Search\DNTInstaller\15.3.0\avgdttbx.dll
c:\program files\Common Files\AVG Secure Search\DNTInstaller\15.4.0\avgdttbx.dll
c:\program files\Common Files\AVG Secure Search\DNTInstaller\15.5.0\avgdttbx.dll
c:\program files\Common Files\AVG Secure Search\DNTInstaller\17.0.1\avgdttbx.dll
c:\program files\Common Files\AVG Secure Search\DNTInstaller\17.0.12\avgdttbx.dll
c:\program files\Common Files\AVG Secure Search\DNTInstaller\17.1.2\avgdttbx.dll
c:\program files\Common Files\AVG Secure Search\DNTInstaller\17.2.0\avgdttbx.dll
c:\program files\Common Files\AVG Secure Search\DNTInstaller\17.3.0\avgdttbx.dll
c:\program files\Common Files\AVG Secure Search\DNTInstaller\18.0.0\avgdttbx.dll
c:\program files\Common Files\AVG Secure Search\DNTInstaller\18.0.5\avgdttbx.dll
c:\program files\Common Files\AVG Secure Search\DriverInstaller\12.2.6\DriverInstaller.exe
c:\program files\Common Files\AVG Secure Search\DriverInstaller\13.2.0\DriverInstaller.exe
c:\program files\Common Files\AVG Secure Search\DriverInstaller\14.0.1\DriverInstaller.exe
c:\program files\Common Files\AVG Secure Search\DriverInstaller\14.1.7\DriverInstaller.exe
c:\program files\Common Files\AVG Secure Search\DriverInstaller\14.2.0\DriverInstaller.exe
c:\program files\Common Files\AVG Secure Search\DriverInstaller\15.2.0\DriverInstaller.exe
c:\program files\Common Files\AVG Secure Search\DriverInstaller\15.3.0\DriverInstaller.exe
c:\program files\Common Files\AVG Secure Search\DriverInstaller\15.4.0\DriverInstaller.exe
c:\program files\Common Files\AVG Secure Search\DriverInstaller\15.5.0\DriverInstaller.exe
c:\program files\Common Files\AVG Secure Search\DriverInstaller\17.0.1\DriverInstaller.exe
c:\program files\Common Files\AVG Secure Search\DriverInstaller\17.0.12\DriverInstaller.exe
c:\program files\Common Files\AVG Secure Search\DriverInstaller\17.1.2\DriverInstaller.exe
c:\program files\Common Files\AVG Secure Search\DriverInstaller\17.2.0\DriverInstaller.exe
c:\program files\Common Files\AVG Secure Search\DriverInstaller\17.3.0\DriverInstaller.exe
c:\program files\Common Files\AVG Secure Search\DriverInstaller\18.0.0\DriverInstaller.exe
c:\program files\Common Files\AVG Secure Search\DriverInstaller\18.0.5\DriverInstaller.exe
c:\program files\Common Files\AVG Secure Search\InstalledProducts.ini
c:\program files\Common Files\AVG Secure Search\NativeBrowserApi\17.2.0\NativeBrowserApi.dll
c:\program files\Common Files\AVG Secure Search\NativeBrowserApi\17.3.0\NativeBrowserApi.dll
c:\program files\Common Files\AVG Secure Search\NativeBrowserApi\18.0.0\NativeBrowserApi.dll
c:\program files\Common Files\AVG Secure Search\NativeBrowserApi\18.0.5\NativeBrowserApi.dll
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\14.0.1\AVGRewardsWorker.dll
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\14.1.7\AVGRewardsWorker.dll
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\14.2.0\AVGRewardsWorker.dll
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\15.2.0\AVGRewardsWorker.cfg
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\15.2.0\AVGRewardsWorker.dll
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\15.3.0\AVGRewardsWorker.cfg
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\15.3.0\AVGRewardsWorker.dll
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\15.3.0\helper.dll
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\15.4.0\AVGRewardsWorker.cfg
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\15.4.0\AVGRewardsWorker.dll
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\15.4.0\helper.dll
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\15.5.0\AVGRewardsWorker.cfg
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\15.5.0\AVGRewardsWorker.dll
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\15.5.0\helper.dll
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\17.0.1\AVGRewardsWorker.cfg
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\17.0.1\AVGRewardsWorker.dll
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\17.0.1\helper.dll
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\17.0.12\AVGRewardsWorker.cfg
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\17.0.12\AVGRewardsWorker.dll
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\17.0.12\helper.dll
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\17.1.2\AVGRewardsWorker.cfg
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\17.1.2\AVGRewardsWorker.dll
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\17.1.2\helper.dll
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\10.0.6\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\10.2.0\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\11.0.2\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\11.1.0\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\12.2.6\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\13.2.0\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\14.0.1\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\14.1.7\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\14.2.0\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\15.2.0\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\15.3.0\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\15.4.0\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\15.5.0\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\17.0.1\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\17.0.12\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\17.1.2\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\17.2.0\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\17.3.0\manifest.json
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\17.3.0\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\18.0.0\manifest.json
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\18.0.0\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\18.0.5\manifest.json
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\18.0.5\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\8.0.1\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\9.0.1\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.1.7\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.1.7\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.1\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.1\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\10.0.6\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\10.2.0\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\11.0.2\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\11.1.0\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\11.2.0\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\12.2.6\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\13.2.0\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\14.0.1\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\14.1.7\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\14.2.0\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\15.2.0\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\15.3.0\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\15.4.0\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\15.5.0\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\17.0.1\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\17.0.12\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\17.1.2\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\17.2.0\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\17.3.0\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\18.0.0\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\18.0.5\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\8.0.1\toolband
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\9.0.1\toolband
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.1.7\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.1\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\log4cplusU.dll
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\log4cplusU.dll
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\log4cplusU.dll
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\log4cplusU.dll
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\loggingserver.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\log4cplusU.dll
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\log4cplusU.dll
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\log4cplusU.dll
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\log4cplusU.dll
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\updater.xml
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\log4cplusU.dll
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\updater.xml
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\UpdaterConfig.ini
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\UpdaterConfig.ini
c:\program files\Get Styles
c:\program files\Get Styles\ct.htm
c:\program files\Get Styles\enlbrdr.dll
c:\program files\Get Styles\hoticon.ico
c:\program files\Get Styles\Thumbs.db
c:\program files\Get Styles\tomapi.js
c:\program files\Get Styles\tommain.js
c:\program files\Get Styles\uninstall.exe
c:\program files\PANDORA.TV
c:\program files\PANDORA.TV\PanService\avcodec-53.dll
c:\program files\PANDORA.TV\PanService\avformat-53.dll
c:\program files\PANDORA.TV\PanService\avutil-51.dll
c:\program files\PANDORA.TV\PanService\crossdomain.xml
c:\program files\PANDORA.TV\PanService\killp.exe
c:\program files\PANDORA.TV\PanService\libupnp.dll
c:\program files\PANDORA.TV\PanService\msvcp100.dll
c:\program files\PANDORA.TV\PanService\msvcr100.dll
c:\program files\PANDORA.TV\PanService\noname.gif
c:\program files\PANDORA.TV\PanService\PanConf.ini
c:\program files\PANDORA.TV\PanService\PandoraService.exe
c:\program files\PANDORA.TV\PanService\PanElevateExecutor.exe
c:\program files\PANDORA.TV\PanService\PanServiceStarter.exe
c:\program files\PANDORA.TV\PanService\PanStreamer.dll
c:\program files\PANDORA.TV\PanService\Proxy.dll
c:\program files\PANDORA.TV\PanService\pthreadVC2.dll
c:\program files\PANDORA.TV\PanService\unins000.dat
c:\program files\PANDORA.TV\PanService\unins000.exe
c:\program files\PANDORA.TV\PanService\UnistAX.exe
c:\program files\SiteFinder
c:\program files\SiteFinder\btn.ico
c:\program files\SiteFinder\hotbtn.ico
c:\program files\SiteFinder\SiteFinder_new.dll
c:\program files\SiteFinder\sitefinder_uninstaller.exe
c:\program files\SiteFinder\ToolbarData.ini
c:\windows\system32\NT Kernel
c:\windows\system32\NT Kernel\324234.TMP
.
.
--------------- FCopy ---------------
.
c:\windows\ServicePackFiles\i386\ctfmon.exe --> c:\windows\System32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CDISKDUN
-------\Legacy_PANSERVICE
-------\Legacy_VTOOLBARUPDATER18.0.5
-------\Service_cdiskdun
-------\Service_PanService
-------\Service_vToolbarUpdater18.0.5
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-28 do 2014-03-30 )))))))))))))))))))))))))))))))
.
.
2014-03-30 10:46 . 2008-04-14 07:52 15360 -c--a-w- c:\windows\system32\dllcache\ctfmon.exe
2014-03-30 10:46 . 2008-04-14 07:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
2014-03-30 10:17 . 2014-03-30 10:17 -------- d-----w- c:\windows\LastGood.Tmp
2014-03-30 08:38 . 2014-03-30 09:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)
2014-03-30 08:38 . 2014-03-30 08:38 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-30 08:37 . 2014-03-30 08:37 52312 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-29 19:59 . 2014-03-29 19:59 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\SiteFinder
2014-03-29 13:54 . 2014-03-29 13:54 -------- d-----w- C:\rsit
2014-03-29 13:54 . 2014-03-29 13:54 -------- d-----w- c:\program files\trend micro
2014-03-29 12:26 . 2014-03-30 08:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2014-03-29 12:16 . 2014-03-29 12:16 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\SimilarSites
2014-03-29 11:50 . 2014-03-29 11:50 241 ----a-w- c:\documents and settings\Administrator\Data aplikací\Dota2.bat
2014-03-23 12:25 . 2014-03-23 12:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\PAYDAY 2
2014-03-11 23:27 . 2014-03-11 23:33 -------- d-----w- c:\program files\NHL 09
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-23 14:45 . 2011-06-03 12:54 282296 ----a-w- c:\windows\system32\PnkBstrB.exe
2014-03-23 14:45 . 2010-04-24 12:26 282296 ----a-w- c:\windows\system32\PnkBstrB.xtr
2014-03-23 13:36 . 2011-06-03 12:54 139648 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2014-03-23 13:34 . 2011-06-03 12:54 282296 ----a-w- c:\windows\system32\PnkBstrB.ex0
2014-03-21 07:20 . 2012-08-30 21:37 42272 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-03-12 18:06 . 2012-05-31 11:49 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-12 18:06 . 2011-08-10 19:10 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"PES"="c:\program files\Pro Evolution Soccer 2010\pes.exe" [BU]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-10-21 113664]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-10-21 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\EA Games\\Battlefield Heroes\\BFHeroes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Half-Life\\hl.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dota 2 beta\\dota.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19.4.2012 4:50 24896]
R0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [30.3.2014 10:38 107224]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 17:11 35328]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11.7.2011 2:14 302368]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [30.8.2012 23:37 42272]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [20.12.2012 18:30 242240]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [5.9.2012 15:08 33824]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [12.3.2014 0:36 193696]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [27.8.2009 18:09 1253376]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [5.8.2011 13:44 2560]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [9.10.2013 10:58 3275136]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys --> c:\windows\system32\DRIVERS\vmci.sys [?]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14.2.2012 4:53 193288]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5.9.2013 11:34 171680]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28.11.2009 17:10 1684736]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [12.3.2014 0:36 247968]
S3 Cbimlau;Cbimlau;c:\windows\system32\drivers\nwlnkspx.sys [25.10.2001 13:00 55936]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [7.8.2008 12:10 3276800]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [3.2.2010 19:05 47360]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [1.7.2010 14:21 34896]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 14:37 517096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 18:21 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-03-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-31 18:06]
.
2014-03-29 c:\windows\Tasks\AdobeAAMUpdater-1.0-JIRKA-B0E4AC879-Administrator.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-12-30 16:23]
.
2014-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-04 07:12]
.
2014-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-04 07:12]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uCustomizeSearch = hxxp://www.Google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\Administrator\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Od&eslat do aplikace OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Administrator\Nabídka Start\Programy\IMVU\Run IMVU.lnk
IE: {{CCC7B152-1D8C-11E3-B2AD-F3EF3D58318D} - {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} -
TCP: Interfaces\{F3CF876A-EBAD-46B0-8557-2A5CD20A0177}: NameServer = 1.1.1.17,1.1.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\akhpfps6.default-1382997821843\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-4F6D5E84-5826-4394-9F40-3A9A19165651_is1 - c:\program files\PANDORA.TV\PanService\unins000.exe
AddRemove-Get Styles - c:\program files\Get Styles\uninstall.exe
AddRemove-SiteFinder - c:\program files\SiteFinder\sitefinder_uninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-30 13:00
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-57989841-616249376-839522115-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings]
@Denied: (2) (Administrator)
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,c9,e0,20,43,a1,23,f2,
e3
"2"=hex:f1,df,16,de,80,08,0e,2a,78,a4,28,cb,d2,56,ff,58,a6,09,d8,fb,43,e9,d5,
e7,16,83,71,61,5d,be,d8,25
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,2b,92,4b,0d,22,14,9d,
cb,e3,f8,73,90,7d,a4,36,0d,7e,db,3a,16,4c,1a,45,81,b1,a5,77,31,f5,50,d6,e8
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,36,d7,56,53,fe,9f,3d,f9
"2"=hex:8c,23,2d,03,75,bd,a0,cd
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:6b,96,68,24,0f,2f,9e,94,e8,ce,54,f3,3b,80,63,3a,1b,c3,e7,ed,44,3a,1d,
97,9f,f9,03,77,68,81,1b,0c,34,a2,88,30,12,be,09,a0
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,73,7e,45,c6,9f,9e,10,
63,a0,2f,06,c2,a3,e9,62,70,90,4c,ec,d6,92,e1,28,ba,e5,5d,0d,25,ef,fb,b7,21,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1184)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3204)
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MI1933~1\Office14\1029\GrooveIntlResource.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\System32\TUProgSt.exe
.
**************************************************************************
.
Celkový čas: 2014-03-30 13:03:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-03-30 11:02
ComboFix2.txt 2014-03-30 10:17
.
Před spuštěním: Volných bajtů: 20 831 256 576
Po spuštění: Volných bajtů: 20 720 738 304
.
- - End Of File - - 9DAEA013FD3ABA220473BE6571D72F97
413FC2A0C716421B3158746D63736515

Re: Odepřený přístup k Antivirům

Napsal: 30 bře 2014 12:34
od vyosek
Jdeme dale :James008:

:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Re: Odepřený přístup k Antivirům

Napsal: 30 bře 2014 12:41
od OWN3D
# AdwCleaner v3.022 - Report created 30/03/2014 at 13:43:44
# Updated 13/03/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - JIRKA-B0E4AC879
# Running from : C:\Documents and Settings\Administrator\Plocha\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\~0
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Ask
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\ICQ\ICQToolbar
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Premium
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\SweetIM
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Zoomex
[#] Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ICQ6Toolbar
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\Program Files\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Conduit
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\PackageAware
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Pokki
Folder Deleted : C:\Documents and Settings\Administrator\Data aplikací\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Administrator\Data aplikací\Babylon
Folder Deleted : C:\Documents and Settings\Administrator\Data aplikací\dvdvideosoftiehelpers
Folder Deleted : C:\Documents and Settings\Administrator\Data aplikací\eType
Folder Deleted : C:\Documents and Settings\Administrator\Data aplikací\OpenCandy
Folder Deleted : C:\Documents and Settings\Administrator\Data aplikací\searchresultstb
Folder Deleted : C:\Documents and Settings\Administrator\Data aplikací\SimilarSites
Folder Deleted : C:\Documents and Settings\Administrator\Data aplikací\Toolbar4
Folder Deleted : C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\akhpfps6.default-1382997821843\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Folder Deleted : C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\akhpfps6.default-1382997821843\Extensions\sitefinder@sitefinder.com
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\akhpfps6.default-1382997821843\invalidprefs.js
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\akhpfps6.default-1382997821843\searchplugins\buenosearch.xml
File Deleted : C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\akhpfps6.default-1382997821843\user.js
File Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKCU\Software\Classes\*\shell\pokki
Key Deleted : HKCU\Software\Classes\Folder\shell\pokki
Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFile3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKCU\Software\5c55db8ce76aed13
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1098640
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3225826
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5E50AE1D-BC76-418B-94C4-EFEAC0CEF80C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD5175E2-7CC1-418C-B66C-0AB95DAD4103}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{43B4B831-F41F-4F73-8F14-4FFF0BA75B1B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D9463CD-BBD8-42F4-AB72-D7B1191D9F3D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDE58274-7A2A-4682-8C47-A379DD9E36CB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FD5CD67F-DA82-6C3B-A049-4E82BBB6B6E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\dt soft\daemon tools toolbar
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\PrivitizeVPNInstallDates
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Mozilla Firefox v28.0 (cs)

[ File : C:\Documents and Settings\Jura\Data aplikací\Mozilla\Firefox\Profiles\xrl50afb.default\prefs.js ]

Line Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Data aplikací\\AVG Secure Search\\10.0.0.7");
Line Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7Bc0723a65-8cb6-4e18-b32e-7bf10e483b66%7D&mid=c6cc39f7bb3a05e50c90c2db840ae436-e8019d83d8a0ae9203ccee91448294dcff72f5b2&ds=AVG&v=10.0.0.7&l[...]

[ File : C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\akhpfps6.default-1382997821843\prefs.js ]


*************************

AdwCleaner[R0].txt - [14683 octets] - [30/03/2014 13:42:32]
AdwCleaner[S0].txt - [14782 octets] - [30/03/2014 13:43:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14843 octets] ##########

Re: Odepřený přístup k Antivirům

Napsal: 30 bře 2014 12:59
od vyosek
:arrow: Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do okna vlozte skript nize

  • Kód: Vybrat vše

    autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;
  • Nasledne kliknete na Run Script
  • PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Re: Odepřený přístup k Antivirům

Napsal: 30 bře 2014 13:33
od OWN3D
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Administrator on ne 30.03.2014 at 14:10:01,10.
Systém Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Administrator\Plocha\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

30.3.2014 14:12:48 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-57989841-616249376-839522115-500\Software\Microsoft\Internet Explorer\SearchScopes\{1B44FD68-52A8-4EAA-9CBD-EE1BB2B17F06} deleted successfully
HKEY_USERS\S-1-5-21-57989841-616249376-839522115-500\Software\Microsoft\Internet Explorer\SearchScopes\{54AB3E84-EE0F-4E1F-AB44-4710AD95A97B} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks\{CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\jqs@sun.com deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Documents and Settings\ADMINI~1\Data aplikací\Mozilla\Firefox\Profiles\akhpfps6.default-1382997821843\prefs.js:
user_pref("browser.startup.homepage", "http://www.seznam.cz/");
user_pref("browser.search.useDBForOrder", "false");

Added to C:\Documents and Settings\ADMINI~1\Data aplikací\Mozilla\Firefox\Profiles\akhpfps6.default-1382997821843\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Documents and Settings\ADMINI~1\Data aplikací\Mozilla\SeaMonkey\Profiles\j314rxtk.default\prefs.js:
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CSeaMonkey%5Csearchplugins%5Cgoogle.src");

Added to C:\Documents and Settings\ADMINI~1\Data aplikací\Mozilla\SeaMonkey\Profiles\j314rxtk.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Documents and Settings\Jura\Data aplikací\Mozilla\Firefox\Profiles\xrl50afb.default\prefs.js:

Added to C:\Documents and Settings\Jura\Data aplikací\Mozilla\Firefox\Profiles\xrl50afb.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Documents and Settings\ADMINI~1\Data aplikací\Mozilla\Firefox\Profiles\akhpfps6.default-1382997821843

user.js not found
---- Lines jqs@sun.com modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"c:\\\\
---- FireFox user.js and prefs.js backups ----

prefs_30.03.2014_1426_.backup

ProfilePath: C:\Documents and Settings\ADMINI~1\Data aplikací\Mozilla\SeaMonkey\Profiles\j314rxtk.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_30.03.2014_1426_.backup

ProfilePath: C:\Documents and Settings\Jura\Data aplikací\Mozilla\Firefox\Profiles\xrl50afb.default

user.js not found
---- Lines jqs@sun.com modified from prefs.js ----

user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26,{20a82645-c095-46ed-80e3-08825760534b}:1.1,jqs@sun.com:1.0,{1E7396
---- FireFox user.js and prefs.js backups ----

prefs_30.03.2014_1426_.backup

==== Deleting Files \ Folders ======================

C:\Program Files\Mozilla Firefox\defaults\preferences\pref.js deleted
C:\Program Files\Common Files\DVDVideoSoft\bin deleted
C:\Program Files\EvilLyrics deleted
C:\Documents and Settings\Administrator\Data aplikací\Dota2.bat deleted
C:\Documents and Settings\Administrator\Data aplikací\GetRightToGo deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\ICQ deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\CloudSoft deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\InstallMate deleted
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\CRE deleted
C:\Documents and Settings\Jura\Data aplikací\Mozilla\Firefox\Profiles\xrl50afb.default\kmpmediatoolbar deleted
C:\Documents and Settings\Jura\Data aplikací\Mozilla\Firefox\Profiles\xrl50afb.default\extensions\{daf5b34c-1aa3-4c33-ae24-766a370635d2} deleted
"C:\Documents and Settings\Administrator\Data aplikací\Vso" deleted
"C:\Documents and Settings\Administrator\Data aplikací\temp" deleted
"C:\Documents and Settings\Administrator\Data aplikací\VMware" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"="C:\Program Files\AVG\AVG2012\Firefox4" [30.01.2013 16:53]

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\ADMINI~1\Data aplikací\Mozilla\Firefox\Profiles\akhpfps6.default-1382997821843
- Undetermined - C:\Documents and Settings\Administrator\Data aplikacĂ­\Mozilla\Firefox\Profiles\akhpfps6.default-1382997821843\extensions\battlefieldheroespatcher@ea.com
- Battlefield Heroes Updater - %ProfilePath%\extensions\battlefieldheroespatcher@ea.com

ProfilePath: C:\Documents and Settings\ADMINI~1\Data aplikací\Mozilla\SeaMonkey\Profiles\j314rxtk.default
- Undetermined - C:\Documents and Settings\Administrator\Data aplikacĂ­\Mozilla\SeaMonkey\Profiles\j314rxtk.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
- Undetermined - C:\Documents and Settings\Administrator\Data aplikacĂ­\Mozilla\SeaMonkey\Profiles\j314rxtk.default\extensions\inspector@mozilla.org
- Undetermined - C:\Program Files\SeaMonkey\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}
- Undetermined - C:\Program Files\SeaMonkey\extensions\modern@themes.mozilla.org
- DOM Inspector - %ProfilePath%\extensions\inspector@mozilla.org
- ChatZilla - %ProfilePath%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}

ProfilePath: C:\Documents and Settings\Jura\Data aplikací\Mozilla\Firefox\Profiles\xrl50afb.default
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
- Undetermined - C:\Documents and Settings\Jura\Data aplikacĂ­\Mozilla\Firefox\Profiles\xrl50afb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
- AVG Safe Search - C:\Program Files\AVG\AVG2012\Firefox4
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
- Undetermined - C:\Documents and Settings\All Users\Data aplikacĂ­\AVG Secure Search\10.0.0.7
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

AppDir: C:\Program Files\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\akhpfps6.default-1382997821843
95812430959AE88CDD0301AB3A71913B - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll - Shockwave Flash
A9C86900D2A61728C8326FE7147617C5 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll - Google Update
5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
F833DD5D8F959819F44BC98F47B1B6BB - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
65D09D8BC91D74C8800725EB33D1EE1B - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
36FBE76F4F51396B0F70FC95CD7481D2 - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll - Pando Web Plugin
9013599B12923A45C029C34E8D2211AC - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.1.0.30401.0.dll - Silverlight Plug-In
9013599B12923A45C029C34E8D2211AC - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll - Silverlight Plug-In
A878453A1714870EAADA83E6434BDB77 - C:\Program Files\Java\jre6\bin\plugin2\npdeployJava1.dll - Java Deployment Toolkit 6.0.310.5
34E3709244736B8976820F730E5A8815 - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll - Java(TM) Platform SE 6 U31
2134E14DFB56952F548487898AE63A89 - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
45D7F2FABDFD500E3C35DC068B552544 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
7E54D1EC87CE306CB1A26CE59AFE6E37 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
D33D39A318AEA70691CED7530E2D9DF9 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
CFBC726A1712BD8DC9914EA06DBCE20B - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
BF2AD333C79072EEBE5AE0D72670E64E - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrlui.dll - Microsoft® Silverlight


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cjaapoimdmahlodaejedekclbomdgnpi - C:\Documents and Settings\All Users\Data aplikací\Zoomex\cjaapoimdmahlodaejedekclbomdgnpi.crx[]
dknkjnkhedbanphkkpbpcgoblmkbfhlf - C:\Documents and Settings\Administrator\Local Settings\Data aplikací\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[09.10.2013 10:59]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
dknkjnkhedbanphkkpbpcgoblmkbfhlf - C:\Documents and Settings\Administrator\Local Settings\Data aplikací\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx[]
nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Documents and Settings\Administrator\Data aplikací\DVDVideoSoft\dvsYoutubeDownload.crx[07.02.2014 17:07]

Battlefield Heroes - Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh
Zoomex - Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\cjaapoimdmahlodaejedekclbomdgnpi
BitTorrentControl_v12 - Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Skype for Chromium - Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

==== Chrome Fix ======================

C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\cjaapoimdmahlodaejedekclbomdgnpi deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dknkjnkhedbanphkkpbpcgoblmkbfhlf_0.localstorage deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dknkjnkhedbanphkkpbpcgoblmkbfhlf_0.localstorage-journal deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\databases\chrome-extension_dknkjnkhedbanphkkpbpcgoblmkbfhlf_0 deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Search_URL"="http://www.google.com/ie"
"ICQ Search"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"CustomizeSearch"="http://www.Google.com/"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"ICQ Search"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... {startPage}"
{83B7857D-38FF-407B-A054-B975E89E625D} The Pirate Bay Url="http://thepiratebay.org/search/{searchTerms}"
{EAEF9F1D-EDB2-4C97-A8A7-66F74C8D4B76} Torrentz Search Url="http://www.torrentz.com/search?q={searchTerms}"
{FBBC760F-F8FD-434D-8E0B-A06B1CE1288E} Mininova Url="http://www.mininova.org/search/?search={searchTerms}"
{FBBC760F-F8FD-434D-8E0B-A06B1CE1288E} Mininova Url="http://www.mininova.org/search/?search={searchTerms}"

==== Reset Google Chrome ======================

C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Chromium\User Data\Default\Preferences was reset successfully
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Chromium\User Data\Default\Web Data was reset successfully
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZoomEx deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9A457C9F-60CA-B8D3-5A38-28E841A65E69} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cjaapoimdmahlodaejedekclbomdgnpi deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\EvilLyrics deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\akhpfps6.default-1382997821843\Cache emptied successfully
C:\Documents and Settings\Jura\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\xrl50afb.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Chromium\User Data\Default\Cache emptied successfully
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2571 folders=433 51104337 bytes)

==== Empty Temp Folders ======================

C:\Documents and Settings\Administrator\Local Settings\temp will be emptied at reboot
C:\Documents and Settings\Default User\Local Settings\temp emptied successfully
C:\Documents and Settings\Jura\Local Settings\temp emptied successfully
C:\Documents and Settings\LocalService\Local Settings\temp emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on ne 30.03.2014 at 14:35:44,40 ======================

Re: Odepřený přístup k Antivirům

Napsal: 30 bře 2014 13:48
od vyosek
Tak jak se dycha nasemu pacientovi??

Je uz na tom lepe??

Doporucuji vymenit AVG za nejaky poradny antivir - napr. Avast Free

Re: Odepřený přístup k Antivirům

Napsal: 30 bře 2014 13:56
od OWN3D
Řekl bych že je na tom líp jen díky vám. :happy: Právě instaluji Avast tak snad to bude lepší. Každopádně děkuji za pomoc a za ochotu. DÍKY :worship:

Re: Odepřený přístup k Antivirům

Napsal: 30 bře 2014 14:17
od vyosek
Nainstalujte Avast

:arrow: Dejte log z FRST http://forum.viry.cz/viewtopic.php?f=24&t=132509 at se podivame po pripadnych zbytcich
Všechny časy jsou v UTC+01:00
Stránka 2 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz