Vir Coinminer

[Unown]

Zdravím,
pc mi detekoval virus "Coinminer" a vyřadil oba antiviry (nevím, které z dítek mi omylem doinstalovalo druhý), tak jsem antiviry odinstaloval a restartoval PC - a ejhle - antiviry tam jsou pořád a oba sou v "Enhanced protecton mode" a nic s nima nejde udělat - jsou smazané, odinstalované a stejně se zobrazují. po začátek posílám výpis z hijacku a RSITU

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04:13, on 3.11.2011
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Users\Blanka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Blanka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Blanka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Blanka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Blanka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Blanka\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2559434
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Hoyle Toolbar - {64b507cd-5eb6-4217-aef4-c88b4fcfb77b} - C:\Program Files (x86)\Hoyle\prxtbHoy2.dll
R3 - URLSearchHook: (no name) - {b0d3574e-b41f-4fe9-b976-1e8e303095b9} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Hoyle - {64b507cd-5eb6-4217-aef4-c88b4fcfb77b} - C:\Program Files (x86)\Hoyle\prxtbHoy2.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Hoyle Toolbar - {64b507cd-5eb6-4217-aef4-c88b4fcfb77b} - C:\Program Files (x86)\Hoyle\prxtbHoy2.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [wxpdrv] C:\Windows\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\Windows\update.tray-2-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico1] C:\Windows\update.tray-9-0\svchost.exe
O4 - HKLM\..\Run: [5714482.exe] "C:\Windows\Temp\5714482.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\Windows\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\Windows\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [3045789.exe] "C:\Users\Blanka\AppData\Local\Temp\3045789.exe"
O4 - HKLM\..\Run: [3024765.exe] "C:\Users\Blanka\AppData\Local\Temp\3024765.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: Aktualizovat ESET licenci.lnk = C:\Program Files (x86)\ESET\MiNODLogin\MiNODLogin.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: srvbtcclient - Unknown owner - C:\Windows\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\Windows\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\Windows\sysdriver32.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: wxpdrivers - Cronosoft - C:\Windows\update.1\svchost.exe

--
End of file - 11908 bytes


______________________________________________________


info.txt logfile of random's system information tool 1.09 2011-11-03 20:06:04

======Uninstall list======

-->MsiExec /X{1C4551A6-4743-4093-91E4-1477CD655043}
64 Bit HP CIO Components Installer-->MsiExec.exe /I{FF21C3E6-97FD-474F-9518-8DCBE94C2854}
Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{FDB3B167-F4FA-461D-976F-286304A57B2A}
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_Plugin.exe -maintain plugin
Adobe Flash Player 11 ActiveX 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_0_1_ActiveX.exe -maintain activex
Adobe Reader X (10.1.0) - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AA1000000001}
AMD APP SDK Runtime-->MsiExec.exe /I{503F672D-6C84-448A-8F8F-4BC35AC83441}
AMD Catalyst Install Manager-->msiexec /q/x{4A35302C-A6D3-DDE5-38BA-55E7BABA9670} REBOOT=ReallySuppress
AMD Drag and Drop Transcoding-->MsiExec.exe /X{8FCBB6DA-069C-8D08-DD99-F0881B9EECC3}
AMD Media Foundation Decoders-->MsiExec.exe /X{C5823264-8DFC-6E63-9D69-A35B1A98B537}
AMD USB Filter Driver-->MsiExec.exe /X{82809116-D1EE-443C-AE31-F19E709DDF7A}
Ask Toolbar-->MsiExec.exe /X{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Catalyst Control Center - Branding-->MsiExec.exe /I{19A492A0-888F-44A0-9B21-D91700763F62}
Catz 5-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Hry\Pes a kočka\Uninst\Setup.exe"
Centrum zařízení Windows Mobile-->MsiExec.exe /X{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}
Codec-TS SDK-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{28FB7853-A6ED-4F67-8635-9F0E863FC0AD}\Setup.exe" -l0x9
ConvertXtoDVD 3.0.0.9b-->"C:\Program Files (x86)\VSO\ConvertX\3\unins000.exe"
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
DAEMON Tools Toolbar-->C:\Program Files (x86)\DAEMON Tools Toolbar\uninst.exe
Definition update for Microsoft Office 2010 (KB982726) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{7A31FF65-054F-4CAF-9929-DCE76CDBAE64}" "1029" "0"
De-interlace SDK-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{9A0E0340-C3D7-42D1-96D4-64179FD456AE}\Setup.exe" -l0x9
ESET Antivirus License Finder (MiNODLogin)-->"C:\Program Files (x86)\ESET\MiNODLogin\MiNODLoginUninst.exe"
EVEREST Ultimate Edition v5.50-->"C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Fishing 2010-->"D:\Hry\rybaření\Fishing 2010\unins000.exe"
Foxit Reader-->C:\Program Files (x86)\Foxit Software\Foxit Reader\Uninstall.exe
GM Rally-->"C:\Program Files (x86)\InstallShield Installation Information\{D964D3EC-B909-4196-9041-A11EFDA9C512}\setup.exe" -runfromtemp -l0x0009 -removeonly
Google Earth-->MsiExec.exe /X{2EAF7E61-068E-11DF-953C-005056806466}
High-Definition Video Playback 10-->MsiExec.exe /X{237CCB62-8454-43E3-B158-3ACD0134852E}
HijackThis 2.0.2-->"C:\Users\Blanka\Desktop\HijackThis.exe" /uninstall
Hoyle Toolbar-->C:\Program Files (x86)\Hoyle\uninstall.exe
HPDiagnosticAlert-->MsiExec.exe /I{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}
Hugo3D PC-->D:\Hry\Hugo\Hugo3D\UNWISE.EXE D:\Hry\Hugo\Hugo3D\INSTALL.LOG
ICQ7.2-->"C:\Program Files (x86)\InstallShield Installation Information\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
InterVideo WinDVD-->"C:\Program Files (x86)\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF}
Knoll Light Factory EZ Studio 15-->C:\Windows\unvise32.exe C:\Program Files (x86)\Pinnacle\Studio 15\Plugins\RTFx\klfezstudio.log
Kolekce The Sims™ 3 Na plný plyn-->"C:\Program Files (x86)\InstallShield Installation Information\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}\Sims3SP02Setup.exe" -runfromtemp -l0x0005 -removeonly
Landwirtschafts Simulator 2011-->"C:\Program Files (x86)\Landwirtschafts Simulator 2011\unins000.exe"
Medal of Honor (TM)-->MsiExec.exe /X{415030B8-3E8B-462A-8C03-41D95AA3AB3B}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /x64 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{8E34682C-8118-31F1-BC4C-98CD9675E1C2}
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0015-0405-1000-0000000FF1CE}" "{9F412D54-AC04-46F9-AFE7-FE15DC0147A0}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0405-1000-0000000FF1CE}" "{9F412D54-AC04-46F9-AFE7-FE15DC0147A0}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0405-1000-0000000FF1CE}" "{9F412D54-AC04-46F9-AFE7-FE15DC0147A0}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0019-0405-1000-0000000FF1CE}" "{9F412D54-AC04-46F9-AFE7-FE15DC0147A0}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0405-1000-0000000FF1CE}" "{9F412D54-AC04-46F9-AFE7-FE15DC0147A0}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0405-1000-0000000FF1CE}" "{9F412D54-AC04-46F9-AFE7-FE15DC0147A0}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0405-1000-0000000FF1CE}" "{AEC2C00D-1E7E-45E3-9058-81EA2446B3CD}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0407-1000-0000000FF1CE}" "{70A3169E-288F-454F-A08D-20DF66639B50}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-1000-0000000FF1CE}" "{0242505C-4E90-407F-9299-B5B275F50D86}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-041B-1000-0000000FF1CE}" "{4B806706-B352-42E8-8C8B-5CEBCEDBC4E0}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002C-0405-1000-0000000FF1CE}" "{715203B3-AD16-41A4-B13C-E1065EAB8963}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0405-1000-0000000FF1CE}" "{15D45352-C443-406A-9DF2-EF4A750A40CF}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0044-0405-1000-0000000FF1CE}" "{9F412D54-AC04-46F9-AFE7-FE15DC0147A0}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0405-1000-0000000FF1CE}" "{4B8654FE-410D-462C-9B3C-09D031BF4534}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0405-1000-0000000FF1CE}" "{9F412D54-AC04-46F9-AFE7-FE15DC0147A0}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00BA-0405-1000-0000000FF1CE}" "{9F412D54-AC04-46F9-AFE7-FE15DC0147A0}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" "1029" "0"
Microsoft Office Access MUI (Czech) 2010-->MsiExec.exe /X{90140000-0015-0405-1000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2010-->MsiExec.exe /X{90140000-0016-0405-1000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2010-->MsiExec.exe /X{90140000-00BA-0405-1000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2010-->MsiExec.exe /X{90140000-0044-0405-1000-0000000FF1CE}
Microsoft Office Office 32-bit Components 2010-->MsiExec.exe /X{90140000-0043-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2010-->MsiExec.exe /X{90140000-00A1-0405-1000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2010-->MsiExec.exe /X{90140000-001A-0405-1000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2010-->MsiExec.exe /X{90140000-0018-0405-1000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUSR /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{91140000-0011-0000-1000-0000000FF1CE}
Microsoft Office Proof (Czech) 2010-->MsiExec.exe /X{90140000-001F-0405-1000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-1000-0000000FF1CE}
Microsoft Office Proof (German) 2010-->MsiExec.exe /X{90140000-001F-0407-1000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2010-->MsiExec.exe /X{90140000-001F-041B-1000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2010-->MsiExec.exe /X{90140000-002C-0405-1000-0000000FF1CE}
Microsoft Office Publisher MUI (Czech) 2010-->MsiExec.exe /X{90140000-0019-0405-1000-0000000FF1CE}
Microsoft Office Shared 32-bit MUI (Czech) 2010-->MsiExec.exe /X{90140000-0043-0405-1000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2010-->MsiExec.exe /X{90140000-006E-0405-1000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2010-->MsiExec.exe /X{90140000-001B-0405-1000-0000000FF1CE}
Microsoft Primary Interoperability Assemblies 2005-->MsiExec.exe /X{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053-->MsiExec.exe /X{B6E3757B-5E77-3915-866A-CCFC4B8D194C}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319-->MsiExec.exe /X{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mozilla Firefox 7.0.1 (x86 cs)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Mumble 1.2.3-->MsiExec.exe /I{62C68336-B969-4097-B0BD-A3A0FBFD59C1}
muvee autoProducer 3.5 magicMoments_CE - Leadtek-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D05B3985-3B58-418A-BB37-B43F04A56FA1}\Setup.exe" -l0x9
Nero 10 Menu TemplatePack Basic-->MsiExec.exe /X{63AA3EAB-23BB-48B2-9AD0-44F878075604}
Nero 10 Movie ThemePack Basic-->MsiExec.exe /X{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}
Nero BackItUp 10 Help (CHM)-->MsiExec.exe /X{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}
Nero BackItUp 10-->MsiExec.exe /X{68AB6930-5BFF-4FF6-923B-516A91984FE6}
Nero Burning ROM 10-->MsiExec.exe /X{7A5D731D-B4B3-490E-B339-75685712BAAB}
Nero BurningROM 10 Help (CHM)-->MsiExec.exe /X{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}
Nero BurnRights 10 Help (CHM)-->MsiExec.exe /X{555868C6-49FB-484F-BB43-8980651A1B00}
Nero BurnRights 10-->MsiExec.exe /X{943CFD7D-5336-47AF-9418-E02473A5A517}
Nero Control Center 10-->MsiExec.exe /X{6DFB899F-17A2-48F0-A533-ED8D6866CF38}
Nero ControlCenter 10 Help (CHM)-->MsiExec.exe /X{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}
Nero Core Components 10-->MsiExec.exe /X{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}
Nero CoverDesigner 10 Help (CHM)-->MsiExec.exe /X{C3273C55-E1E4-41FF-8D69-0158090DB8D8}
Nero CoverDesigner 10-->MsiExec.exe /X{FCF00A6E-FB58-477A-ABE9-232907105521}
Nero DiscSpeed 10 Help (CHM)-->MsiExec.exe /X{C18A0418-442A-4186-AF98-D08F5054A2FC}
Nero DiscSpeed 10-->MsiExec.exe /X{34490F4E-48D0-492E-8249-B48BECF0537C}
Nero Dolby Files 10-->MsiExec.exe /X{C3580AC4-C827-4332-B935-9A282ED5BB97}
Nero Express 10 Help (CHM)-->MsiExec.exe /X{33643918-7957-4839-92C7-EA96CB621A98}
Nero Express 10-->MsiExec.exe /X{70550193-1C22-445C-8FA4-564E155DB1A7}
Nero InfoTool 10 Help (CHM)-->MsiExec.exe /X{66049135-9659-4AAD-9169-9CCA269EBB3E}
Nero InfoTool 10-->MsiExec.exe /X{F412B4AF-388C-4FF5-9B2F-33DB1C536953}
Nero MediaHub 10 Help (CHM)-->MsiExec.exe /X{F467862A-D9CA-47ED-8D81-B4B3C9399272}
Nero MediaHub 10-->MsiExec.exe /X{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}
Nero Multimedia Suite 10-->MsiExec.exe /I{277C1559-4CF7-44FF-8D07-98AA9C13AABD}
Nero Recode 10 Help (CHM)-->MsiExec.exe /X{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}
Nero Recode 10-->MsiExec.exe /X{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}
Nero RescueAgent 10 Help (CHM)-->MsiExec.exe /X{92E25238-61A3-4ACD-A407-3C480EEF47A7}
Nero RescueAgent 10-->MsiExec.exe /X{E337E787-CF61-4B7B-B84F-509202A54023}
Nero SoundTrax 10 Help (CHM)-->MsiExec.exe /X{16987E99-C95C-4513-9239-7B44A0A71DB5}
Nero SoundTrax 10-->MsiExec.exe /X{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}
Nero StartSmart 10 Help (CHM)-->MsiExec.exe /X{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}
Nero StartSmart 10-->MsiExec.exe /X{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}
Nero Update-->MsiExec.exe /X{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}
Nero Vision 10 Help (CHM)-->MsiExec.exe /X{329411A0-19F3-4740-874F-17400B126F27}
Nero Vision 10-->MsiExec.exe /X{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}
Nero WaveEditor 10 Help (CHM)-->MsiExec.exe /X{7A295D8F-484B-4FFB-89AB-C1FD497591FE}
Nero WaveEditor 10-->MsiExec.exe /X{EDCDFAD5-DF80-4600-A493-E9DAD6810230}
NVIDIA PhysX-->MsiExec.exe /X{1C4551A6-4743-4093-91E4-1477CD655043}
Origin-->C:\Program Files (x86)\Origin\OriginUninstall.exe
Ovladače videa společnosti Pinnacle-->MsiExec.exe /X{6DE721A5-5E89-4D74-994C-652BB3C0672E}
Pinnacle Studio 15 Ultimate Plugins-->MsiExec.exe /I{EB5DF19E-75D5-4FF1-AE23-2A9A2E0F2BDD}
Pinnacle Studio 15-->MsiExec.exe /I{1362E602-9625-42D3-B57F-CDA9D26F9DA8}
Pinnacle Studio Bonus Content-->MsiExec.exe /I{FC030CB5-46A6-4229-AD6E-0AC869F509C8}
Popeláři-->"D:\Hry\popeláři\Popeláři\unins000.exe"
PowerISO-->"C:\Program Files (x86)\PowerISO\uninstall.exe"
rajče verze 58 sestavení 203-->"C:\Program Files (x86)\rajce\unins000.exe"
RealNetworks - Microsoft Visual C++ 2008 Runtime-->MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}
RealPlayer-->C:\Program Files (x86)\Real\RealPlayer\Update\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
RealUpgrade 1.1-->MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}
Red Giant ToonIt Studio 15-->C:\Windows\unvise32.exe C:\Program Files (x86)\Pinnacle\Studio 15\Plugins\RTFx\rgtoonitstudio.log
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {3162617C-537F-3BB6-8D0C-C6021F442391} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {9D621E6E-E010-3C80-A055-135891134750} /parameterfolder Extended
Security Update for Microsoft Excel 2010 (KB2553070)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{D40ED475-5079-46A1-A80E-986E5F101921}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2553091)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{527AC538-7A51-40A5-89D7-5C1FEBBEA4C3}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2553096)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{C4BF81CC-3786-4CE4-9D9F-DD393678B9EC}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2584066)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{C4E07687-87FD-4539-BF06-66FD994E05B6}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2584066)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{C4E07687-87FD-4539-BF06-66FD994E05B6}" "1029" "0"
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{97C3086D-D78B-43ED-9E13-1ED4704298FB}" "1029" "0"
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{97C3086D-D78B-43ED-9E13-1ED4704298FB}" "1029" "0"
Skype Toolbars-->MsiExec.exe /I{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Skype™ 5.0-->MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
The KMPlayer (remove only)-->"C:\Program Files (x86)\The KMPlayer\uninstall.exe"
The Simpsons Hit & Run(TM)-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F79AAB3A-B8B4-4AC7-94AB-1C4C076C6A89}\setup.exe" -l0x9
The Sims™ 3 Cestovní horečka-->"C:\Program Files (x86)\InstallShield Installation Information\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}\Sims3EP01Setup.exe" -runfromtemp -l0x0005 -removeonly
The Sims™ 3 Luxusní bydlení – Kolekce-->"C:\Program Files (x86)\InstallShield Installation Information\{71828142-5A24-4BD0-97E7-976DA08CE6CF}\Sims3SP01Setup.exe" -runfromtemp -l0x0005 -removeonly
The Sims™ 3 Povolání snů-->"C:\Program Files (x86)\InstallShield Installation Information\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}\Sims3EP02Setup.exe" -runfromtemp -l0x0005 -removeonly
The Sims™ 3-->"C:\Program Files (x86)\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -runfromtemp -l0x0005 -removeonly
TT-SB SDK-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{AF9848E2-5F19-4E49-9E6E-044FBDC28404}\Setup.exe" -l0x9
TuneUp Utilities 2011-->C:\Program Files (x86)\TuneUp Utilities 2011\TUInstallHelper.exe --Trigger-Uninstall
Ultra Video Converter 4.4.0827-->"C:\Program Files (x86)\Ultra Video Converter\unins000.exe"
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Extended (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Extended
Update for Microsoft .NET Framework 4 Extended (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Extended
Update for Microsoft Office 2010 (KB2494150)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{428CB7A0-1068-4CE1-8835-39C7ECD297ED}" "1029" "0"
Update for Microsoft Office 2010 (KB2553065)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{57CEB66B-DD29-4883-92A2-671331657B52}" "1029" "0"
Update for Microsoft Office 2010 (KB2553092)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0044-0405-1000-0000000FF1CE}" "{E636FE63-842B-4F4B-9884-DA189ACC0B91}" "1029" "0"
Update for Microsoft Office 2010 (KB2553092)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{E636FE63-842B-4F4B-9884-DA189ACC0B91}" "1029" "0"
Update for Microsoft Office 2010 (KB2566458)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{A6C194EA-C6CB-4314-9E43-AD1F4A1E9D74}" "1029" "0"
Update for Microsoft Outlook Social Connector (KB2583935)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0405-1000-0000000FF1CE}" "{E3C039D0-EC78-41E0-A08E-10A84A7CB297}" "1029" "0"
Update for Microsoft Outlook Social Connector (KB2583935)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{1FD215F3-AB16-4BC8-89A7-32457D45DE6D}" "1029" "0"
VLC media player 1.1.4-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}
Windows Live Fotogalerie-->MsiExec.exe /X{FB79FDB7-4DE1-453D-99FE-9A880F57380E}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1B8ABA62-74F0-47ED-B18C-A43128E591B8}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Language Selector-->MsiExec.exe /I{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}
Windows Live Movie Maker-->MsiExec.exe /X{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common-->MsiExec.exe /X{78906B56-0E81-42A7-AC25-F54C946E1538}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{463F67F4-58D0-4C0D-BBC9-D0CC4E56D1B8}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
WinFast Multimedia Driver Installation -->C:\Program Files (x86)\InstallShield Installation Information\{418EC9DD-25EE-4C3F-8827-B7AA9B26405B}\setup.exe -runfromtemp -l0x0005 -removeonly
WinFast PVR2-->C:\Program Files (x86)\InstallShield Installation Information\{C92C584E-C781-475E-A8E2-C67D993A6B95}\setup.exe -runfromtemp -l0x0005 -removeonly
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
World of Tanks closed Beta v.0.6.2.8-->"D:\Hry\World_of_Tanks_closed_Beta\unins000.exe"
x64 Components v2.7.0-->"C:\Program Files\Shark007\unins000.exe"

======Hosts File======

127.0.0.1 facebook.com
127.0.0.1 http://www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com

======System event log======

Computer Name: Blanka-PC
Event Code: 7036
Message: Stav služby Služba DPS (Diagnostic Policy Service) byl změněn na: Spuštěno
Record Number: 390813
Source Name: Service Control Manager
Time Written: 20110927165423.404431-000
Event Type: Informace
User:

Computer Name: Blanka-PC
Event Code: 7036
Message: Stav služby Adobe Acrobat Update Service byl změněn na: Spuštěno
Record Number: 390812
Source Name: Service Control Manager
Time Written: 20110927165423.394431-000
Event Type: Informace
User:

Computer Name: Blanka-PC
Event Code: 7036
Message: Stav služby Šifrování byl změněn na: Spuštěno
Record Number: 390811
Source Name: Service Control Manager
Time Written: 20110927165423.394431-000
Event Type: Informace
User:

Computer Name: Blanka-PC
Event Code: 7036
Message: Stav služby ArcSoft Connect Daemon byl změněn na: Spuštěno
Record Number: 390810
Source Name: Service Control Manager
Time Written: 20110927165422.554429-000
Event Type: Informace
User:

Computer Name: Blanka-PC
Event Code: 7036
Message: Stav služby Pracovní stanice byl změněn na: Spuštěno
Record Number: 390809
Source Name: Service Control Manager
Time Written: 20110927165421.784428-000
Event Type: Informace
User:

=====Application event log=====

Computer Name: Blanka-PC
Event Code: 33
Message: Generování kontextu aktivace pro C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll se nezdařilo. Závislé sestavení Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Record Number: 29138
Source Name: SideBySide
Time Written: 20110423101002.000000-000
Event Type: Chyba
User:

Computer Name: Blanka-PC
Event Code: 33
Message: Generování kontextu aktivace pro C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll se nezdařilo. Závislé sestavení Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Record Number: 29137
Source Name: SideBySide
Time Written: 20110423100842.000000-000
Event Type: Chyba
User:

Computer Name: Blanka-PC
Event Code: 33
Message: Generování kontextu aktivace pro C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll se nezdařilo. Závislé sestavení Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Record Number: 29136
Source Name: SideBySide
Time Written: 20110423100842.000000-000
Event Type: Chyba
User:

Computer Name: Blanka-PC
Event Code: 33
Message: Generování kontextu aktivace pro C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll se nezdařilo. Závislé sestavení Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Record Number: 29135
Source Name: SideBySide
Time Written: 20110423100838.000000-000
Event Type: Chyba
User:

Computer Name: Blanka-PC
Event Code: 33
Message: Generování kontextu aktivace pro C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll se nezdařilo. Závislé sestavení Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Record Number: 29134
Source Name: SideBySide
Time Written: 20110423100542.000000-000
Event Type: Chyba
User:

=====Security event log=====

Computer Name: Blanka-PC
Event Code: 4634
Message: Účet byl odhlášen.

Předmět:
ID zabezpečení: S-1-5-21-2657635680-3219457055-4108436301-1001
Název účtu: Blanka
Doména účtu: Blanka-PC
ID přihlášení: 0x570884

Typ přihlášení: 3

Tato událost je generována, pokud je zničena relace přihlášení. Může být spojena s událostí přihlášení pomocí hodnoty ID přihlášení. Hodnoty ID přihlášení jsou jednoznačné pouze v rámci jednotlivých restartů stejného počítače.
Record Number: 38778
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110705200807.840653-000
Event Type: Úspěšný audit
User:

Computer Name: Blanka-PC
Event Code: 4634
Message: Účet byl odhlášen.

Předmět:
ID zabezpečení: S-1-5-7
Název účtu: ANONYMOUS LOGON
Doména účtu: NT AUTHORITY
ID přihlášení: 0x61c3e0

Typ přihlášení: 3

Tato událost je generována, pokud je zničena relace přihlášení. Může být spojena s událostí přihlášení pomocí hodnoty ID přihlášení. Hodnoty ID přihlášení jsou jednoznačné pouze v rámci jednotlivých restartů stejného počítače.
Record Number: 38777
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110705200510.379502-000
Event Type: Úspěšný audit
User:

Computer Name: Blanka-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
ID přihlášení: 0x0

Typ přihlášení: 3

Nové přihlášení:
ID zabezpečení: S-1-5-7
Název účtu: ANONYMOUS LOGON
Doména účtu: NT AUTHORITY
ID přihlášení: 0x61c3e0
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x0
Název procesu: -

Informace o síti:
Název pracovní stanice: NOTEBOOK
Adresa zdrojové sítě 192.168.1.4
Zdrojový port: 49620

Podrobné informace o ověření:
Proces přihlášení: NtLmSsp
Balíček ověření: NTLM
Přenosové služby: -
Název balíčku (pouze NTLM): NTLM V1
Délka klíče: 128

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 38776
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110705200459.003852-000
Event Type: Úspěšný audit
User:

Computer Name: Blanka-PC
Event Code: 4634
Message: Účet byl odhlášen.

Předmět:
ID zabezpečení: S-1-5-7
Název účtu: ANONYMOUS LOGON
Doména účtu: NT AUTHORITY
ID přihlášení: 0x575214

Typ přihlášení: 3

Tato událost je generována, pokud je zničena relace přihlášení. Může být spojena s událostí přihlášení pomocí hodnoty ID přihlášení. Hodnoty ID přihlášení jsou jednoznačné pouze v rámci jednotlivých restartů stejného počítače.
Record Number: 38775
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110705195443.087623-000
Event Type: Úspěšný audit
User:

Computer Name: Blanka-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
ID přihlášení: 0x0

Typ přihlášení: 3

Nové přihlášení:
ID zabezpečení: S-1-5-7
Název účtu: ANONYMOUS LOGON
Doména účtu: NT AUTHORITY
ID přihlášení: 0x575214
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x0
Název procesu: -

Informace o síti:
Název pracovní stanice: NOTEBOOK
Adresa zdrojové sítě 192.168.1.4
Zdrojový port: 49196

Podrobné informace o ověření:
Proces přihlášení: NtLmSsp
Balíček ověření: NTLM
Přenosové služby: -
Název balíčku (pouze NTLM): NTLM V1
Délka klíče: 128

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 38774
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110705195431.998989-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\ArcSoft\Bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Pinnacle\Shared Files\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=AMD64 Family 16 Model 2 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=0203
"AMDAPPSDKROOT"=C:\Program Files (x86)\AMD APP\

-----------------EOF-----------------


prosím o radu,co dál

[Mc_Murphy]

Zdravím.

Dej mi minutku, hnedle se na to mrknu.

[Mc_Murphy]

Takže jako první zpráva: Máš v PC - kromě tuny velice zdržujících toolbarů - tzv. Facebook vir.
Dva antiviry v počítači jsou kontraproduktivní - budou se tlouct a způsobovat více škody jak užitku. Jeden musí pryč a já vím, který to bude - ten nelegální ESET, co tam vidím! Ono budou muset jít pryč oba a jeden nainstalovat zpátky po vyčištění, protože AV jsou FB virem poškozeny, ale ESET půjde pryč a zpátky už ne, protože nelegálním software se tu opravdu nezabýváme!
Taky silně pochybuji, že software na ladění a čištění systému TuneUp Utilities byl legálně zakoupen. A jak jsme na tom se zbytkem? Co Windows? Co produkty MS Office?

[Unown]

fcb viry tedy odinstaluji
vím, že jsou 2 ativiry kontraproduktivní, šak jsem psal, že nevím, jak se tam druhý dostal..oba půjdou pryč a dostane se tam nějaký freeantivir
TuneUP jsou ve 30 denní zkoušecí době, MS Win je originál, nemám problém nafotit krabici i origo média. Office je studentská licence poskytovaná na vš

jaké další kroky?

[Mc_Murphy]

Dobrá tedy, takže oba antiviry potom odpálíme a nainstalujeme free řešení. K nabídce jsou tu AVAST! FREE Antivirus, Avira Free Antivirus a Microsoft Security Essentials.
Osobně doporučuji Avast! - nezatěžuje tolik systém, pravidelné aktualizace virové databáze a je komplet lokalizovaný v češtině. Avira je také dobrá, ale je pouze v němčině a v angličtině, tuším.

FCB viry jen tak neodinstaluješ, musíme na ně pustit několik silnějších nástrojů.
Každopádně můžeš odinstalovat vše, co má v názvu toolbar nebo bar, to jsou hrozná zdržovadla.
A my se teď vrhneme na první krok v čištění. Čti prosím návody pečlivě a syny k tomu teď nepouštěj, ať to neděláme stokrát.

Stáhni RogueKiller - http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

• Ukonči všechny programy!
• Pokud používáš Win Vista či Win 7, klikni na RogueKiller pravým myšítkem a dej Run As Administrator či Spustit jako správce.
• Zvol možnost 2 a potvrď [Enter].
• Utilita provede svou činnost a dá log - ten mi sem vlož.
• Nyní znovu stejný postup, ale zvol možnost 3 a poté ještě jednou s možností 4 - logy mi sem opět vlož.

[Unown]

logy:

RogueKiller V6.1.7 [11/05/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Blanka [Admin rights]
Mode: Remove -- Date : 11/05/2011 20:03:38

¤¤¤ Bad processes: 17 ¤¤¤
[HJ NAME] svchost.exe -- C:\Windows\update.5.0\svchost.exe -> KILLED [TermProc]
[HJ NAME] svchost.exe -- C:\Windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\update.5.0\svchost.exe -> KILLED [TermProc]
[SUSP PATH] sysdriver32.exe -- C:\Windows\sysdriver32.exe -> KILLED [TermProc]
[HJ NAME] svchost.exe -- C:\Windows\update.1\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\update.tray-2-0\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\update.tray-9-0\svchost.exe -> KILLED [TermProc]
[SUSP PATH] sysdriver32.exe -- C:\Windows\sysdriver32.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\update.2\svchost.exe -> KILLED [TermProc]
[SERVICE] srvbtcclient -- C:\Windows\update.5.0\svchost.exe srv -> STOPPED
[SERVICE] srviecheck -- C:\Windows\update.2\svchost.exe srv -> STOPPED
[SERVICE] srvsysdriver32 -- C:\Windows\sysdriver32.exe srv -> STOPPED
[SERVICE] wxpdrivers -- C:\Windows\update.1\svchost.exe srv -> STOPPED

¤¤¤ Registry Entries: 24 ¤¤¤
[SUSP PATH] HKLM\[...]\Wow6432Node\Run : wxpdrv (C:\Windows\services32.exe) -> DELETED
[HJ NAME] HKLM\[...]\Wow6432Node\Run : tray_ico0 (C:\Windows\update.tray-2-0\svchost.exe) -> DELETED
[HJ NAME] HKLM\[...]\Wow6432Node\Run : tray_ico1 (C:\Windows\update.tray-9-0\svchost.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Wow6432Node\Run : 5714482.exe ("C:\Windows\Temp\5714482.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Wow6432Node\Run : sysdriver32.exe ("C:\Windows\sysdriver32.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Wow6432Node\Run : sysdriver32_.exe ("C:\Windows\sysdriver32_.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Wow6432Node\Run : 3045789.exe ("C:\Users\Blanka\AppData\Local\Temp\3045789.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Wow6432Node\Run : 3024765.exe ("C:\Users\Blanka\AppData\Local\Temp\3024765.exe") -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\Windows\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\Windows\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\Windows\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\Windows\update.1\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\Windows\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\Windows\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\Windows\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\Windows\update.1\svchost.exe srv) -> DELETED
[SUSP PATH] AutoKMS.job : C:\Windows\AutoKMS.exe -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED ()
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED ()
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED ()
[HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED ()
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED ()
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED ()
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED ()

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 http://www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]


Finished : << RKreport[1].txt >>
RKreport[1].txt

__________________________________________________________

RogueKiller V6.1.7 [11/05/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Blanka [Admin rights]
Mode: HOSTSFix -- Date : 11/05/2011 20:05:18

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 http://www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]


¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


________________________________________________


RogueKiller V6.1.7 [11/05/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Blanka [Admin rights]
Mode: ProxyFix -- Date : 11/05/2011 20:07:10

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

[Mc_Murphy]

OK, pokračujeme...

!! PROSÍM, ČTI NÁVOD DŮKLADNĚ - TATO UTILITA MÁ VELKOU SCHOPNOST MAZAT A JE NUTNÉ JI APLIKOVAT JEN NA DOPORUČENÍ, JINAK TI MŮŽE JÍT SYSTÉM DO KYTEK !!
Stáhni a ulož na Plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypni všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary apod.
• Vypni všechny běžící aplikace - ICQ, Skype, browsery, prostě všechny programy, ať běží pouze ComboFix.
• Pokud máš Win XP, spusť pod účtem Správce/Administrator.
• Pokud máš Win Vista či Win 7, klikni na ComboFix pravým myšítkem a dej Run As Administrator či Spustit jako správce.
• Ihned po startu se zobrazí stránka s licenčním ujednáním - pokračuj kliknutím na [Ano].
• Pokud Ti ComboFix nabídne instalaci Konzoly pro zotavení, tak souhlas.
• Dále postupuj dle pokynů. Během scanu nech PC naprosto v klidu - nespouštěj žádné aplikace a neklikej do zobrazujícího se okna!
• Scan by měl trvat cca 10 min, ale pokud bude PC hodne zaneseno, může se čas samozřejmě prodloužit.
• Po dokončení scanu a případném restartu ComboFix zobrazí log, který případně najdeš v C:\ComboFix.txt. Jeho obsah mi sem vlož.
• Detailní postup včetně obrázků najdeš zde: http://www.bleepingcomputer.com/combofi ... t-combofix

[Unown]

ComboFix 11-11-05.03 - Blanka 05.11.2011 21:32:01.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4094.2660 [GMT 1:00]
Spuštěný z: c:\users\Blanka\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ESET\MiNODLogin
c:\program files (x86)\ESET\MiNODLogin\MiNODLogin.exe
c:\program files (x86)\ESET\MiNODLogin\MiNODLogin.jar
c:\program files (x86)\ESET\MiNODLogin\MiNODLoginLib.dll
c:\program files (x86)\ESET\MiNODLogin\MiNODLoginUninst.exe
c:\program files (x86)\ESET\MiNODLogin\servidores.xml
c:\users\Blanka\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7D333F8F-8C4B-4989-8413-6566B52B62B7}.xps
c:\users\Blanka\AppData\Roaming\inst.exe
c:\users\Blanka\AppData\Roaming\Microsoft\Windows\Recent\www.3dmgame.com.url
c:\users\Blanka\AppData\Roaming\vso_ts_preview.xml
c:\users\Ladik\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4978428E-CCA6-4E3F-B701-3A3CC6143ED4}.xps
c:\users\Ladik\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DAAD659E-4173-4B6C-8656-722DAAF71FAF}.xps
c:\users\Ladik\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FECAD75B-E9F3-4396-9125-A2DA7D6FF6BB}.xps
c:\users\Ladik\AppData\Roaming\vso_ts_preview.xml
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\av_ico
c:\windows\av_ico\ico_mcafee_start.ico
c:\windows\av_ico\ico_NOD_AV_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\IsUn0405.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\security\Database\tmp.edb
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\consrv.dll
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\SysWow64\Dvbpws.dll
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-05 do 2011-11-05 )))))))))))))))))))))))))))))))
.
.
2011-11-05 20:37 . 2011-11-05 20:37 -------- d-----w- c:\users\Ladik\AppData\Local\temp
2011-11-05 20:37 . 2011-11-05 20:37 -------- d-----w- c:\users\Elizabeta\AppData\Local\temp
2011-11-05 20:37 . 2011-11-05 20:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-05 19:37 . 2011-11-05 19:37 -------- d-----w- c:\programdata\InstallShield
2011-11-05 19:37 . 2008-10-10 15:01 26624 ----a-r- c:\windows\SysWow64\LGDispDrv.dll
2011-11-05 19:37 . 2008-10-10 15:01 147456 ----a-r- c:\windows\SysWow64\LgExport.dll
2011-11-05 19:37 . 2011-11-05 19:37 -------- d-----w- c:\program files (x86)\LG Soft India
2011-11-05 19:37 . 2004-04-17 11:41 196608 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
2011-11-05 19:37 . 2004-04-17 11:40 385024 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\_ispmres.dll
2011-11-05 19:37 . 2004-04-16 10:24 61440 ----a-w- c:\windows\SysWow64\ISUSPM.cpl
2011-11-05 19:37 . 2004-04-13 05:07 69632 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe
2011-11-05 19:37 . 2004-04-13 05:06 368640 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\_isusres.dll
2011-11-05 19:37 . 2004-04-23 18:03 446464 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\agent.exe
2011-11-05 19:37 . 2004-04-13 05:03 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\ISDM.exe
2011-11-05 19:36 . 2004-04-18 22:42 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2011-11-05 19:36 . 2004-04-18 22:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2011-11-05 19:36 . 2004-04-18 22:39 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2011-11-05 19:36 . 2004-04-18 22:39 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2011-11-05 19:36 . 2004-04-18 22:39 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2011-11-04 19:18 . 2011-11-04 19:18 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-11-04 14:10 . 2011-11-04 14:10 -------- d-----w- c:\users\Ladik\AppData\Roaming\Canon
2011-11-04 14:10 . 2011-11-04 14:10 -------- d-----w- c:\users\Ladik\AppData\Local\Canon Easy-PhotoPrint EX
2011-11-03 21:20 . 2011-11-03 21:24 -------- d-----w- c:\users\Blanka\AppData\Roaming\Canon
2011-11-03 21:13 . 2011-11-03 21:21 -------- d-----w- c:\users\Blanka\AppData\Local\Canon Easy-PhotoPrint EX
2011-11-03 21:13 . 2011-11-03 21:13 -------- d--h--w- c:\programdata\CanonIJEPPEX2
2011-11-03 21:13 . 2011-11-03 21:13 -------- d--h--w- c:\programdata\CanonEPP
2011-11-03 21:12 . 2010-08-25 04:00 361472 ----a-w- c:\windows\system32\CNMXLMAD.DLL
2011-11-03 21:11 . 2011-11-03 21:11 -------- d-----w- c:\programdata\CanonIJMSetup
2011-11-03 21:11 . 2011-11-03 21:11 -------- d-----w- c:\program files\Common Files\CANON
2011-11-03 21:11 . 2011-11-03 21:11 -------- d-----w- c:\programdata\CanonIJWSpt
2011-11-03 21:10 . 2011-11-03 21:10 -------- d-----w- c:\program files\Canon
2011-11-03 21:10 . 2011-11-03 21:10 -------- d--h--w- c:\programdata\CanonBJ
2011-11-03 21:10 . 2010-08-25 04:00 87040 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPAD.DLL
2011-11-03 21:10 . 2010-08-25 04:00 28672 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDAD.DLL
2011-11-03 21:10 . 2011-11-03 21:10 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-11-03 21:10 . 2010-03-18 18:25 307200 ----a-w- c:\windows\SysWow64\CNC5100L.dll
2011-11-03 21:10 . 2010-03-18 18:26 348672 ----a-w- c:\windows\system32\CNC5100L.dll
2011-11-03 21:10 . 2010-03-18 16:13 1354240 ----a-w- c:\windows\system32\CNC5100C.dll
2011-11-03 21:10 . 2010-03-18 16:13 112128 ----a-w- c:\windows\system32\CNC5100I.dll
2011-11-03 21:10 . 2010-03-18 16:11 106496 ----a-w- c:\windows\SysWow64\CNC5100U.dll
2011-11-03 21:10 . 2008-08-25 17:02 17920 ----a-w- c:\windows\system32\CNHMCA6.dll
2011-11-03 21:10 . 2008-08-25 17:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll
2011-11-03 21:09 . 2010-08-25 04:00 361472 ----a-w- c:\windows\system32\CNMLMAD.DLL
2011-11-03 21:09 . 2010-01-13 14:04 103424 ----a-w- c:\windows\system32\CNC5100O.dll
2011-11-03 21:09 . 2010-03-11 08:57 248320 ----a-w- c:\windows\system32\CNMIUAD.DLL
2011-11-03 21:07 . 2011-11-03 21:11 -------- d-----w- c:\program files (x86)\Canon
2011-11-03 19:06 . 2011-11-03 19:06 -------- d-----w- C:\rsit
2011-11-03 19:06 . 2011-11-03 19:06 -------- d-----w- c:\program files\trend micro
2011-11-03 18:43 . 2011-11-03 21:54 -------- d-----w- c:\windows\ufa
2011-11-03 17:33 . 2011-11-05 05:50 -------- d-----w- c:\programdata\Origin
2011-11-03 17:33 . 2011-11-03 17:33 -------- d-----w- c:\program files (x86)\Origin Games
2011-11-03 17:33 . 2011-11-03 17:33 -------- d-----w- c:\program files (x86)\Origin
2011-11-03 13:29 . 2011-11-03 13:29 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-03 10:11 . 2011-11-03 10:11 -------- d-----w- c:\users\Blanka\AppData\Local\AMD
2011-11-02 21:22 . 2011-11-02 21:22 -------- d-----w- c:\users\Ladik\AppData\Local\AMD
2011-11-02 20:33 . 2011-11-02 20:33 -------- d-----w- c:\windows\system32\Macromed
2011-11-02 19:17 . 2011-11-02 19:17 -------- d-----w- c:\users\Elizabeta\AppData\Local\AMD
2011-11-02 16:52 . 2011-11-02 16:52 -------- d-----w- c:\programdata\ATI
2011-11-02 16:52 . 2011-11-02 16:52 -------- d-----w- c:\program files (x86)\AMD APP
2011-11-02 16:52 . 2011-11-02 16:52 -------- d-----w- c:\programdata\AMD
2011-11-02 16:52 . 2010-02-18 08:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2011-11-02 16:51 . 2011-11-02 16:51 -------- d-----w- c:\users\Default\AppData\Roaming\ATI
2011-11-02 16:51 . 2011-11-02 16:51 -------- d-----w- c:\users\Default\AppData\Local\ATI
2011-11-02 16:32 . 2011-11-03 21:54 246272 ----a-w- c:\windows\unrar.exe
2011-11-02 16:29 . 2011-11-02 16:29 -------- d--h--w- c:\windows\update.tray-9-0
2011-11-02 16:29 . 2011-11-02 16:29 -------- d--h--w- c:\windows\update.tray-9-0-lnk
2011-11-02 16:29 . 2011-11-02 16:29 -------- d--h--w- c:\windows\update.tray-2-0
2011-11-02 16:29 . 2011-11-02 16:29 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-11-01 10:09 . 2011-11-01 10:09 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2011-11-01 10:09 . 2011-11-01 10:09 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2011-11-01 10:09 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F169F7E6-6F11-418F-8E66-EB22C25C73D4}\mpengine.dll
2011-10-28 20:45 . 2004-03-29 14:23 90112 ----a-w- c:\windows\unvise32.exe
2011-10-28 20:34 . 2011-10-28 20:34 -------- d-----w- c:\program files (x86)\Common Files\Pinnacle
2011-10-28 20:34 . 2011-10-28 20:34 -------- d-----w- c:\users\Blanka\AppData\Local\Downloaded Installations
2011-10-28 20:34 . 2011-10-30 22:39 -------- d-----w- c:\users\Blanka\AppData\Local\Pinnacle
2011-10-28 20:33 . 2011-10-28 20:33 -------- d-----w- c:\programdata\Pinnacle Studio Ultimate
2011-10-28 20:27 . 2011-10-28 20:45 -------- d-----w- c:\program files (x86)\Pinnacle
2011-10-28 20:27 . 2011-10-28 20:27 -------- d-----w- c:\programdata\Studio 15
2011-10-28 20:27 . 2011-10-28 20:27 -------- d-----w- c:\programdata\Pinnacle Studio Plus
2011-10-28 20:27 . 2011-10-28 20:27 -------- d-----w- c:\program files (x86)\Common Files\Yahoo!
2011-10-28 20:27 . 2011-10-28 20:27 -------- d-----w- c:\program files (x86)\Common Files\Pegasus Imaging
2011-10-28 20:21 . 2011-10-28 20:33 -------- d-----w- c:\programdata\Pinnacle
2011-10-25 20:22 . 2011-08-13 05:27 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-25 20:22 . 2011-08-13 04:18 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-10-24 14:55 . 2011-10-24 14:58 -------- d-----w- c:\program files\PhotoFilter
2011-10-21 13:31 . 2011-10-21 13:31 -------- d-----w- c:\users\Elizabeta\AppData\Roaming\DAEMON Tools Lite
2011-10-18 05:26 . 2011-10-18 05:26 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-10-11 15:25 . 2011-10-11 15:25 -------- d-----w- c:\users\Elizabeta\AppData\Roaming\wargaming.net
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-08 19:38 . 2011-09-08 19:38 14851106 ----a-w- c:\windows\SysWow64\ArtD - Grafický atelier Černý_Book-Maker_uninstaller.exe
2011-09-02 08:44 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-09-02 08:44 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-08-24 19:19 . 2011-08-24 19:19 56320 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-08-24 19:18 . 2011-08-24 19:18 13601280 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-08-24 19:17 . 2011-08-24 19:17 43520 ----a-w- c:\windows\SysWow64\OpenCL.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{64b507cd-5eb6-4217-aef4-c88b4fcfb77b}"= "c:\program files (x86)\Hoyle\prxtbHoy2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{64b507cd-5eb6-4217-aef4-c88b4fcfb77b}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{64b507cd-5eb6-4217-aef4-c88b4fcfb77b}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Hoyle\prxtbHoy2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{64b507cd-5eb6-4217-aef4-c88b4fcfb77b}"= "c:\program files (x86)\Hoyle\prxtbHoy2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{64b507cd-5eb6-4217-aef4-c88b4fcfb77b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2010-08-11 2920448]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2010-06-09 101888]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-04-03 1234216]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
.
c:\users\Blanka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 245120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Aktualizovat ESET licenci.lnk - c:\program files (x86)\ESET\MiNODLogin\MiNODLogin.exe [N/A]
forteManager.lnk - c:\program files (x86)\LG Soft India\forteManager\bin\Monitor.exe [2011-11-5 1687552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"ArcSoft Connection Service"=c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [2010-03-30 26752]
R3 LGDDCDevice;LGDDCDevice;c:\program files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [2008-12-12 14336]
R3 LGII2CDevice;LGII2CDevice;c:\program files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-12-12 18432]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-11-23 1974080]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 WFLR6654;WinFast TV2000 XP Expert (FM1216MK3);c:\windows\system32\drivers\wfeaglxt.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2657635680-3219457055-4108436301-1001Core.job
- c:\users\Blanka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-14 21:32]
.
2011-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2657635680-3219457055-4108436301-1001UA.job
- c:\users\Blanka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-14 21:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"combofix"="c:\combofix\CF10151.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2559434
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Blanka\AppData\Roaming\Mozilla\Firefox\Profiles\0qlftxz4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2992540&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/?clid=3
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{b0d3574e-b41f-4fe9-b976-1e8e303095b9} - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKLM-Run-tray_ico - (no file)
Wow6432Node-HKLM-Run-tray_ico2 - (no file)
Wow6432Node-HKLM-Run-tray_ico3 - (no file)
Wow6432Node-HKLM-Run-tray_ico4 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{64B507CD-5EB6-4217-AEF4-C88B4FCFB77B} - (no file)
WebBrowser-{B0D3574E-B41F-4FE9-B976-1E8E303095B9} - (no file)
AddRemove-MiNODLogin - c:\program files (x86)\ESET\MiNODLogin\MiNODLoginUninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
.
**************************************************************************
.
Celkový čas: 2011-11-05 21:47:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-05 20:47
.
Před spuštěním: 7 393 566 720
Po spuštění: 9 409 925 120
.
- - End Of File - - B9637FCD85D8AD771C414B56F94BBAD8

[Mc_Murphy]

Pokud jsi tak ještě neučinil, přesuň ComboFix na Plochu.

• Otevři si Poznámkový blok (Start >> Spustit... (nebo Win+R) >> do okénka napiš notepad >> [Enter]).
• Zkopíruj do něj tento script:

Kód: Vybrat vše

KillAll::

Driver::
AdobeARMservice
NAUpdate

File::
c:\program files (x86)\Hoyle\prxtbHoy2.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Aktualizovat ESET licenci.lnk
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2657635680-3219457055-4108436301-1001Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2657635680-3219457055-4108436301-1001UA.job

Collect::
c:\windows\unrar.exe

Folder::
c:\windows\ufa
c:\windows\update.tray-9-0
c:\windows\update.tray-9-0-lnk
c:\windows\update.tray-2-0
c:\windows\update.tray-2-0-lnk
c:\program files (x86)\ESET\MiNODLogin

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{64b507cd-5eb6-4217-aef4-c88b4fcfb77b}"=-
[-HKEY_CLASSES_ROOT\clsid\{64b507cd-5eb6-4217-aef4-c88b4fcfb77b}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{64b507cd-5eb6-4217-aef4-c88b4fcfb77b}]
[-HKEY_CLASSES_ROOT\clsid\{64b507cd-5eb6-4217-aef4-c88b4fcfb77b}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
"ISUSPM Startup"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"=-
"ISUSScheduler"=-
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"=-
"TkBellExe"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

DDS::
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2559434

Firefox::
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}

Reboot::

• Ulož vytvořený TXT jako CFScript.txt
• Přetáhni vytvořený CFScript.txt nad ComboFix a pusť (viz obrázek).
  
• Po aplikaci scriptu (a případném restartu PC) na Tebe vyskočí log. Jeho obsah mi sem vlož.

Může se stát, že po aplikaci scriptu nenaběhnou Windows. V tom případě restartuj PC, hned při náběhu mačkej klávesu F8 a zvol Poslední známou konfiguraci.

[Unown]

první log se mi povedlo omylem smazat, tak jsem to udělal celé znovu


ComboFix 11-11-15.06 - Blanka 16.11.2011 15:59:36.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4094.2897 [GMT 1:00]
Spuštěný z: c:\users\Blanka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Blanka\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\Hoyle\prxtbHoy2.dll"
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Aktualizovat ESET licenci.lnk"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2657635680-3219457055-4108436301-1001Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2657635680-3219457055-4108436301-1001UA.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-16 do 2011-11-16 )))))))))))))))))))))))))))))))
.
.
2011-11-16 15:05 . 2011-11-16 15:05 -------- d-----w- c:\users\Ladik\AppData\Local\temp
2011-11-16 15:05 . 2011-11-16 15:05 -------- d-----w- c:\users\Elizabeta\AppData\Local\temp
2011-11-16 15:05 . 2011-11-16 15:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-08 15:54 . 2011-11-08 15:54 -------- d-----w- c:\programdata\Sandlot Games
2011-11-08 15:36 . 2011-11-08 15:36 -------- d-----w- c:\programdata\PopCap Games
2011-11-07 12:06 . 2011-11-07 12:06 -------- d-----w- c:\users\Elizabeta\AppData\Local\VirtualStore
2011-11-06 13:15 . 2011-11-06 13:16 -------- d-----w- c:\users\Blanka\AppData\Roaming\wargaming.net
2011-11-06 13:07 . 2011-11-06 13:07 -------- d-----w- c:\users\Ladik\AppData\Local\VirtualStore
2011-11-05 19:37 . 2011-11-05 19:37 -------- d-----w- c:\programdata\InstallShield
2011-11-05 19:37 . 2008-10-10 15:01 26624 ----a-r- c:\windows\SysWow64\LGDispDrv.dll
2011-11-05 19:37 . 2008-10-10 15:01 147456 ----a-r- c:\windows\SysWow64\LgExport.dll
2011-11-05 19:37 . 2011-11-05 19:37 -------- d-----w- c:\program files (x86)\LG Soft India
2011-11-05 19:37 . 2004-04-17 11:41 196608 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
2011-11-05 19:37 . 2004-04-17 11:40 385024 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\_ispmres.dll
2011-11-05 19:37 . 2004-04-16 10:24 61440 ----a-w- c:\windows\SysWow64\ISUSPM.cpl
2011-11-05 19:37 . 2004-04-13 05:07 69632 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe
2011-11-05 19:37 . 2004-04-13 05:06 368640 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\_isusres.dll
2011-11-05 19:37 . 2004-04-23 18:03 446464 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\agent.exe
2011-11-05 19:37 . 2004-04-13 05:03 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\ISDM.exe
2011-11-05 19:36 . 2004-04-18 22:42 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2011-11-05 19:36 . 2004-04-18 22:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2011-11-05 19:36 . 2004-04-18 22:39 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2011-11-05 19:36 . 2004-04-18 22:39 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2011-11-05 19:36 . 2004-04-18 22:39 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2011-11-04 19:18 . 2011-11-04 19:18 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-11-04 14:10 . 2011-11-04 14:10 -------- d-----w- c:\users\Ladik\AppData\Roaming\Canon
2011-11-04 14:10 . 2011-11-04 14:10 -------- d-----w- c:\users\Ladik\AppData\Local\Canon Easy-PhotoPrint EX
2011-11-03 21:20 . 2011-11-03 21:24 -------- d-----w- c:\users\Blanka\AppData\Roaming\Canon
2011-11-03 21:13 . 2011-11-08 15:00 -------- d-----w- c:\users\Blanka\AppData\Local\Canon Easy-PhotoPrint EX
2011-11-03 21:13 . 2011-11-03 21:13 -------- d--h--w- c:\programdata\CanonIJEPPEX2
2011-11-03 21:13 . 2011-11-03 21:13 -------- d--h--w- c:\programdata\CanonEPP
2011-11-03 21:12 . 2010-08-25 04:00 361472 ----a-w- c:\windows\system32\CNMXLMAD.DLL
2011-11-03 21:11 . 2011-11-03 21:11 -------- d-----w- c:\programdata\CanonIJMSetup
2011-11-03 21:11 . 2011-11-03 21:11 -------- d-----w- c:\program files\Common Files\CANON
2011-11-03 21:11 . 2011-11-03 21:11 -------- d-----w- c:\programdata\CanonIJWSpt
2011-11-03 21:10 . 2011-11-03 21:10 -------- d-----w- c:\program files\Canon
2011-11-03 21:10 . 2011-11-03 21:10 -------- d--h--w- c:\programdata\CanonBJ
2011-11-03 21:10 . 2010-08-25 04:00 87040 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPAD.DLL
2011-11-03 21:10 . 2010-08-25 04:00 28672 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDAD.DLL
2011-11-03 21:10 . 2011-11-03 21:10 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-11-03 21:10 . 2010-03-18 18:25 307200 ----a-w- c:\windows\SysWow64\CNC5100L.dll
2011-11-03 21:10 . 2010-03-18 18:26 348672 ----a-w- c:\windows\system32\CNC5100L.dll
2011-11-03 21:10 . 2010-03-18 16:13 1354240 ----a-w- c:\windows\system32\CNC5100C.dll
2011-11-03 21:10 . 2010-03-18 16:13 112128 ----a-w- c:\windows\system32\CNC5100I.dll
2011-11-03 21:10 . 2010-03-18 16:11 106496 ----a-w- c:\windows\SysWow64\CNC5100U.dll
2011-11-03 21:10 . 2008-08-25 17:02 17920 ----a-w- c:\windows\system32\CNHMCA6.dll
2011-11-03 21:10 . 2008-08-25 17:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll
2011-11-03 21:09 . 2010-08-25 04:00 361472 ----a-w- c:\windows\system32\CNMLMAD.DLL
2011-11-03 21:09 . 2010-01-13 14:04 103424 ----a-w- c:\windows\system32\CNC5100O.dll
2011-11-03 21:09 . 2010-03-11 08:57 248320 ----a-w- c:\windows\system32\CNMIUAD.DLL
2011-11-03 21:07 . 2011-11-03 21:11 -------- d-----w- c:\program files (x86)\Canon
2011-11-03 19:06 . 2011-11-03 19:06 -------- d-----w- C:\rsit
2011-11-03 19:06 . 2011-11-03 19:06 -------- d-----w- c:\program files\trend micro
2011-11-03 17:33 . 2011-11-05 05:50 -------- d-----w- c:\programdata\Origin
2011-11-03 17:33 . 2011-11-03 17:33 -------- d-----w- c:\program files (x86)\Origin Games
2011-11-03 17:33 . 2011-11-03 17:33 -------- d-----w- c:\program files (x86)\Origin
2011-11-03 13:29 . 2011-11-03 13:29 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-03 10:11 . 2011-11-03 10:11 -------- d-----w- c:\users\Blanka\AppData\Local\AMD
2011-11-02 21:22 . 2011-11-02 21:22 -------- d-----w- c:\users\Ladik\AppData\Local\AMD
2011-11-02 20:33 . 2011-11-02 20:33 -------- d-----w- c:\windows\system32\Macromed
2011-11-02 19:17 . 2011-11-02 19:17 -------- d-----w- c:\users\Elizabeta\AppData\Local\AMD
2011-11-02 16:52 . 2011-11-02 16:52 -------- d-----w- c:\programdata\ATI
2011-11-02 16:52 . 2011-11-02 16:52 -------- d-----w- c:\program files (x86)\AMD APP
2011-11-02 16:52 . 2011-11-02 16:52 -------- d-----w- c:\programdata\AMD
2011-11-02 16:52 . 2010-02-18 08:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2011-11-02 16:51 . 2011-11-02 16:51 -------- d-----w- c:\users\Default\AppData\Roaming\ATI
2011-11-02 16:51 . 2011-11-02 16:51 -------- d-----w- c:\users\Default\AppData\Local\ATI
2011-11-01 10:09 . 2011-11-01 10:09 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2011-11-01 10:09 . 2011-11-01 10:09 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2011-11-01 10:09 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F169F7E6-6F11-418F-8E66-EB22C25C73D4}\mpengine.dll
2011-10-28 20:45 . 2004-03-29 14:23 90112 ----a-w- c:\windows\unvise32.exe
2011-10-28 20:34 . 2011-10-28 20:34 -------- d-----w- c:\program files (x86)\Common Files\Pinnacle
2011-10-28 20:34 . 2011-10-28 20:34 -------- d-----w- c:\users\Blanka\AppData\Local\Downloaded Installations
2011-10-28 20:34 . 2011-10-30 22:39 -------- d-----w- c:\users\Blanka\AppData\Local\Pinnacle
2011-10-28 20:33 . 2011-10-28 20:33 -------- d-----w- c:\programdata\Pinnacle Studio Ultimate
2011-10-28 20:27 . 2011-10-28 20:45 -------- d-----w- c:\program files (x86)\Pinnacle
2011-10-28 20:27 . 2011-10-28 20:27 -------- d-----w- c:\programdata\Studio 15
2011-10-28 20:27 . 2011-10-28 20:27 -------- d-----w- c:\programdata\Pinnacle Studio Plus
2011-10-28 20:27 . 2011-10-28 20:27 -------- d-----w- c:\program files (x86)\Common Files\Yahoo!
2011-10-28 20:27 . 2011-10-28 20:27 -------- d-----w- c:\program files (x86)\Common Files\Pegasus Imaging
2011-10-28 20:21 . 2011-10-28 20:33 -------- d-----w- c:\programdata\Pinnacle
2011-10-25 20:22 . 2011-08-13 05:27 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-25 20:22 . 2011-08-13 04:18 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-10-24 14:55 . 2011-10-24 14:58 -------- d-----w- c:\program files\PhotoFilter
2011-10-21 13:31 . 2011-10-21 13:31 -------- d-----w- c:\users\Elizabeta\AppData\Roaming\DAEMON Tools Lite
2011-10-18 05:26 . 2011-10-18 05:26 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-01 03:25 . 2011-10-13 04:34 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:42 . 2011-10-13 04:34 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-08 19:38 . 2011-09-08 19:38 14851106 ----a-w- c:\windows\SysWow64\ArtD - Grafický atelier Černý_Book-Maker_uninstaller.exe
2011-09-06 03:03 . 2011-10-13 04:34 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-09-02 08:44 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-09-02 08:44 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-08-27 05:37 . 2011-10-13 04:34 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-13 04:34 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-13 04:34 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-08-27 04:26 . 2011-10-13 04:34 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-24 19:19 . 2011-08-24 19:19 56320 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-08-24 19:18 . 2011-08-24 19:18 13601280 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-08-24 19:17 . 2011-08-24 19:17 43520 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-08-20 05:37 . 2011-10-13 04:35 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-08-20 04:31 . 2011-10-13 04:35 981504 ----a-w- c:\windows\SysWow64\wininet.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-05_20.42.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-11 16:00 . 2011-11-16 14:56 62762 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-16 14:56 41484 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-13 16:03 . 2011-11-16 14:02 13904 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2657635680-3219457055-4108436301-1003_UserData.bin
+ 2010-11-11 16:00 . 2011-11-16 14:56 21068 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2657635680-3219457055-4108436301-1001_UserData.bin
- 2010-11-11 15:49 . 2011-11-05 20:42 65536 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-11 15:49 . 2011-11-16 15:06 65536 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-05 20:42 81920 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-16 15:06 81920 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-11-11 15:54 . 2011-11-05 20:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-11 15:54 . 2011-11-16 14:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-11 15:54 . 2011-11-05 20:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-11-11 15:54 . 2011-11-16 14:55 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-11-11 15:54 . 2011-11-05 20:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-11 15:54 . 2011-11-16 14:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-11 15:54 . 2011-11-16 15:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-11 15:54 . 2011-11-05 20:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-11 15:54 . 2011-11-16 15:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-11-11 15:54 . 2011-11-05 20:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-15 18:45 . 2011-11-16 14:53 3292 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-07-25 08:35 . 2011-11-16 13:41 6236 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2657635680-3219457055-4108436301-1004_UserData.bin
- 2011-11-05 20:42 . 2011-11-05 20:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-16 15:06 . 2011-11-16 15:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-05 20:42 . 2011-11-05 20:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-16 15:06 . 2011-11-16 15:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-10 19:17 . 2011-11-13 17:07 309684 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2011-11-05 19:26 655054 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-08 15:19 655054 c:\windows\system32\perfh009.dat
- 2009-07-14 15:18 . 2011-11-05 19:26 669660 c:\windows\system32\perfh005.dat
+ 2009-07-14 15:18 . 2011-11-08 15:19 669660 c:\windows\system32\perfh005.dat
- 2009-07-14 02:36 . 2011-11-05 19:26 121926 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-11-08 15:19 121926 c:\windows\system32\perfc009.dat
- 2009-07-14 15:18 . 2011-11-05 19:26 141292 c:\windows\system32\perfc005.dat
+ 2009-07-14 15:18 . 2011-11-08 15:19 141292 c:\windows\system32\perfc005.dat
+ 2010-11-11 15:49 . 2011-11-16 15:06 786432 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-11-11 15:49 . 2011-11-05 20:42 786432 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 05:01 . 2011-11-05 20:41 425620 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-16 15:05 425620 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-12-06 23:16 . 2011-11-16 15:05 1595024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-12-06 23:16 . 2011-11-05 20:41 1595024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-07-25 10:36 . 2011-11-16 11:14 5589948 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2657635680-3219457055-4108436301-1004-8192.dat
- 2011-07-25 10:36 . 2011-11-02 20:37 5589948 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2657635680-3219457055-4108436301-1004-8192.dat
+ 2010-11-11 15:25 . 2011-11-14 05:48 3910560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2657635680-3219457055-4108436301-1001-8192.dat
+ 2011-04-06 09:26 . 2011-11-06 17:19 11902744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2657635680-3219457055-4108436301-1003-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2010-08-11 2920448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2010-06-09 101888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
.
c:\users\Blanka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 245120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
forteManager.lnk - c:\program files (x86)\LG Soft India\forteManager\bin\Monitor.exe [2011-11-5 1687552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ArcSoft Connection Service"=c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [2010-03-30 26752]
R3 LGDDCDevice;LGDDCDevice;c:\program files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [2008-12-12 14336]
R3 LGII2CDevice;LGII2CDevice;c:\program files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-12-12 18432]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-11-23 1974080]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 WFLR6654;WinFast TV2000 XP Expert (FM1216MK3);c:\windows\system32\drivers\wfeaglxt.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Blanka\AppData\Roaming\Mozilla\Firefox\Profiles\0qlftxz4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2992540&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
.
**************************************************************************
.
Celkový čas: 2011-11-16 16:11:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-16 15:11
ComboFix2.txt 2011-11-16 14:51
ComboFix3.txt 2011-11-05 20:47
.
Před spuštěním: 8 326 844 416
Po spuštění: 8 106 164 224
.
- - End Of File - - 265955D919F44B01B567BDACCCB1B7C4

[Mc_Murphy]

Omylem? Řešíš zavirovaný počítač, ozveš se za 10 dní a důležitý log si smažeš omylem?

No ty brďo, Ty jsi expert... také kromě jiného nechápu, proč jsi mi dal log do quote. Edituj si ho a uprav to do normálu, kdo to má číst?

[Unown]

byl sem 14 dní mimo ...

no když sem to přetáhl na combofix ten log, tak to po mě chtělo stáhnout novou verzi, tak sem i dal stáhnout a ona se udělala rovnou ta kontrola a restartoval se pc, tak sem nevěděl, že se log neudělal a nechal jsem to udělat celé znovu

[Mc_Murphy]

Stáhni a nainstaluj Malwarebytes' Anti-Malware (zkráceně MBAM) podle návodu z tohoto topicu.

• Proveď aktualizaci virové databáze.
• V záložce Kontrolor zvol Úplná kontrola a zaškrtni všechny pevné disky, které máš na počítači.
• Předem nic nemaž!!
• MBAM mívá občas falešné detekce, proto vlož jeho log do příspěvku a počkej na posouzení!

[Unown]

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Verze databáze: 8199

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

20.11.2011 16:57:08
mbam-log-2011-11-20 (16-57-05).txt

Typ: Úplná kontrola (C:\|D:\|E:\|)
Kontrolované objekty: 501278
Uplynulý čas: 46 minut, 48 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 29

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\Qoobox\quarantine\C\program files (x86)\ESET\minodlogin\minodlogin.exe.vir (Riskware.KG) -> No action taken.
c:\Qoobox\quarantine\C\program files (x86)\ESET\minodlogin\minodloginuninst.exe.vir (Riskware.KG) -> No action taken.
c:\Qoobox\quarantine\C\Windows\services32.exe.vir (Trojan.Agent) -> No action taken.
c:\Qoobox\quarantine\C\Windows\sysdriver32.exe.vir (Trojan.Agent) -> No action taken.
c:\Qoobox\quarantine\C\Windows\sysdriver32_.exe.vir (Trojan.Agent) -> No action taken.
c:\Qoobox\quarantine\C\Windows\System32\consrv.dll.vir (Trojan.Agent) -> No action taken.
c:\Qoobox\quarantine\C\Windows\ufa\ufa.exe.vir (PUP.BitMiner) -> No action taken.
c:\Qoobox\quarantine\C\Windows\update.1\svchost.exe.vir (Trojan.Agent) -> No action taken.
c:\Qoobox\quarantine\C\Windows\update.2\svchost.exe.vir (Trojan.Dropper.H) -> No action taken.
c:\Qoobox\quarantine\C\Windows\update.5.0\svchost.exe.vir (Trojan.Downloader) -> No action taken.
c:\Qoobox\quarantine\C\Windows\update.tray-2-0\svchost.exe.vir (Trojan.Agent) -> No action taken.
c:\Qoobox\quarantine\C\Windows\update.tray-2-0-lnk\svchost.exe.vir (Trojan.Agent) -> No action taken.
c:\Qoobox\quarantine\C\Windows\update.tray-9-0\svchost.exe.vir (Trojan.Agent) -> No action taken.
c:\Qoobox\quarantine\C\Windows\update.tray-9-0-lnk\svchost.exe.vir (Trojan.Agent) -> No action taken.
c:\Users\Blanka\Desktop\Adobe 9\adobe photoshop elements 9 cz\CORE\core_keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\Users\Blanka\Desktop\michal\rk_quarantine\3024765.exe.vir (Trojan.Agent) -> No action taken.
c:\Users\Blanka\Desktop\michal\rk_quarantine\3045789.exe.vir (Trojan.Agent) -> No action taken.
c:\Users\Blanka\Desktop\michal\rk_quarantine\5714482.exe.vir (Trojan.Agent) -> No action taken.
c:\Users\Blanka\Desktop\michal\rk_quarantine\services32.exe.vir (Trojan.Agent) -> No action taken.
c:\Users\Blanka\Desktop\michal\rk_quarantine\svchost.exe.vir (Trojan.Agent) -> No action taken.
c:\Users\Blanka\Desktop\michal\rk_quarantine\sysdriver32.exe.vir (Trojan.Agent) -> No action taken.
c:\Users\Blanka\Desktop\michal\rk_quarantine\sysdriver32_.exe.vir (Trojan.Agent) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\63e1cce7\X (Rootkit.Agent) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\63e1cce7\X (Rootkit.Agent) -> No action taken.
d:\Hry\medal of honour\Binaries\loader.dll (Riskware.Tool.CK) -> No action taken.
d:\láďa plocha\Desktop\vso.cxdvd3.5.3.139_up_by_stajl\copy of vso.software.convertxtodvd.v3.5.3.139.multilingual.winall.incl.keygen-brd\Keygen\Keygen.exe (RiskWare.Tool.CK) -> No action taken.
d:\láďa plocha\Desktop\winamp pro 5.53 build 1938\KEYGEN\KG-CORE\winamp 5x core keygen.exe (RiskWare.Tool.CK) -> No action taken.
d:\láďa plocha\Desktop\winamp pro 5.53 build 1938\KEYGEN\KG-DVT\KeyMaker.exe (RiskWare.Tool.CK) -> No action taken.
d:\láďa plocha\Desktop\winamp pro 5.53 build 1938\KEYGEN\KG-FFF\winamp.5.50_keygen-fff.exe (RiskWare.Tool.CK) -> No action taken.

[Mc_Murphy]

Vskutku hezká sbírka nelegálního software, jen co je pravda!
Všechny nálezy MBAMu dej smazat.

Pokud jsi tak ještě neučinil, přesuň ComboFix na Plochu.

• Otevři si Poznámkový blok (Start >> Spustit... (nebo Win+R) >> do okénka napiš notepad >> [Enter]).
• Zkopíruj do něj tento script:

Kód: Vybrat vše

KillAll::

Folder::
c:\Users\Blanka\Desktop\Adobe 9\adobe photoshop elements 9 cz
d:\láďa plocha\Desktop\winamp pro 5.53 build 1938\KEYGEN
d:\láďa plocha\Desktop\vso.cxdvd3.5.3.139_up_by_stajl

Reboot::

• Ulož vytvořený TXT jako CFScript.txt
• Přetáhni vytvořený CFScript.txt nad ComboFix a pusť (viz obrázek).
  
• Po aplikaci scriptu (a případném restartu PC) na Tebe vyskočí log. Jeho obsah mi sem vlož.

Může se stát, že po aplikaci scriptu nenaběhnou Windows. V tom případě restartuj PC, hned při náběhu mačkej klávesu F8 a zvol Poslední známou konfiguraci.