prosim o preventivku policajny trojan

Zpráva

oso · #1 Příspěvek od **oso** » 16 bře 2013 15:34

Zdravim komp uplne rozbity nenabehol ani system urobeny offline scan cez kaspersky rescue cd, nasledne oprava systemu cez DART, system bezi mbam vycistil trojany, spustene mrt zatim ok, pridavam log z rsit ci uz to je ciste.
Dakujem

Logfile of random's system information tool 1.08 (written by random/random)
Run by lubos at 2013-03-16 15:29:44
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 490 GB (89%) free of 550 GB
Total RAM: 8175 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:29:51, on 16. 3. 2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Users\lubos\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\V0230Mon.exe
C:\Program Files (x86)\LG Smart Scan\LG Smart Scan.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\LG Smart Scan\LG Smart Scan Monitoring.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Program Files\trend micro\lubos.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000. ... E54934A3E1}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000. ... E54934A3E1}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [V0230Mon.exe] C:\Windows\V0230Mon.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [googletalk] C:\Users\lubos\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: LG Smart Scan.lnk = ?
O4 - Startup: Ubisoft register.lnk = C:\Program Files (x86)\Ubisoft\Register\schedule.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11396 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe"
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
"C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe"
"C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe"
C:\Windows\system32\svchost.exe -k HPService
"C:\Program Files\Microsoft Security Client\NisSrv.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-6b35b785-1629-4c8d-a8fb-2fa6f2a412dd -SystemEventPortName:HostProcess-9f94327f-de62-4c09-84ae-7390728e1444 -IoCancelEventPortName:HostProcess-36d63834-6dd0-4ecd-b1cb-8d83e4c79096 -NonStateChangingEventPortName:HostProcess-3bfdf9dd-9772-4fe2-bc05-0f28bdb20bbc -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:f5bde98a-3129-4db7-8528-2a180afca990 -DeviceGroupId:WpdFsGroup
atieclxx
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe"
"C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version8\TeamViewer8_Logfile.log
"C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version8\TeamViewer8_Logfile.log
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
"C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
"C:\Users\lubos\AppData\Roaming\Google\Google Talk\googletalk.exe" /autostart
"taskhost.exe"
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe"
"C:\Windows\V0230Mon.exe"
"C:\Program Files (x86)\LG Smart Scan\LG Smart Scan.exe" /tray
"C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"LG Smart Scan Monitoring"
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP PSC 1400 series#1348163815" -Startup
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe" -Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe" -Embedding
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"c:\program files (x86)\teamviewer\version8\TeamViewer_Desktop.exe" --IPCport 5939
"C:\Windows\system32\mrt.exe"
"C:\Windows\system32\mrt.exe" /RE
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
C:\Windows\system32\msiexec.exe /V
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=5808.11682600.148028396 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll" E7CF176E110C211B -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" 5808 "\\.\pipe\gecko-crash-server-pipe.5808" plugin
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe" --proxy-stub-channel=Flash3840.672D63D8.10591 --host-broker-channel=Flash3840.672D63D8.3336 --host-pid=3840 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll"
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe" --channel=5680.0022F16C.1647843895 --proxy-stub-channel=Flash3840.672D63D8.10591 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll" --host-npapi-version=27 --type=renderer
"D:\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\CoolYouUpdaterTask{9C7B30BF-D773-4A10-9AA0-07BA238EA11F}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pre aplikáciu Adobe PDF Reader - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-12-18 68832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16 3942048]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2011-09-02 56712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-08-09 12666984]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2013-01-27 1281512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Program Files (x86)\uTorrent\uTorrent.exe [2012-12-09 969104]
"Creative Live! Cam Manager"=C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe [2006-09-06 143360]
"googletalk"=C:\Users\lubos\AppData\Roaming\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-11-06 3673728]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-01-08 18705664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVFX Engine]
C:\Program Files (x86)\Creative\Creative Live! Cam\VideoFX\StartFX.exe [2006-08-16 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-05-04 252136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files (x86)\Winamp\winampa.exe [2011-07-11 74752]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"V0230Mon.exe"=C:\Windows\V0230Mon.exe [2006-09-06 32768]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
"UVS10 Preload"=C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe [2006-08-09 36864]
"ROC_roc_ssl_v12"=C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe / /PROMPT /CMPID=roc_ssl_v12 []
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"hpqSRMon"=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2008-07-22 150528]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\lubos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
LG Smart Scan.lnk - C:\Program Files (x86)\LG Smart Scan\LG Smart Scan.exe
Ubisoft register.lnk - C:\Program Files (x86)\Ubisoft\Register\schedule.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2013-03-16 15:29:44 ----D---- C:\rsit
2013-03-16 15:29:44 ----D---- C:\Program Files\trend micro
2013-03-16 14:27:53 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2013-03-16 14:27:53 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2013-03-16 14:27:53 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-03-16 14:27:53 ----A---- C:\Windows\system32\mshtmled.dll
2013-03-16 14:27:52 ----A---- C:\Windows\SYSWOW64\url.dll
2013-03-16 14:27:52 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2013-03-16 14:27:52 ----A---- C:\Windows\system32\url.dll
2013-03-16 14:27:52 ----A---- C:\Windows\system32\ieUnatt.exe
2013-03-16 14:27:52 ----A---- C:\Windows\system32\ieui.dll
2013-03-16 14:27:51 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-03-16 14:27:51 ----A---- C:\Windows\system32\urlmon.dll
2013-03-16 14:27:51 ----A---- C:\Windows\system32\jscript9.dll
2013-03-16 14:27:50 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-03-16 14:27:50 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-03-16 14:27:50 ----A---- C:\Windows\system32\msfeeds.dll
2013-03-16 14:27:49 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-03-16 14:27:49 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-03-16 14:27:49 ----A---- C:\Windows\system32\wininet.dll
2013-03-16 14:27:49 ----A---- C:\Windows\system32\vbscript.dll
2013-03-16 14:27:49 ----A---- C:\Windows\system32\jsproxy.dll
2013-03-16 14:27:49 ----A---- C:\Windows\system32\jscript.dll
2013-03-16 14:27:48 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-03-16 14:27:48 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-03-16 14:27:48 ----A---- C:\Windows\system32\iertutil.dll
2013-03-16 14:27:47 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-03-16 14:27:46 ----A---- C:\Windows\system32\mshtml.dll
2013-03-16 14:27:45 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-03-16 14:27:45 ----A---- C:\Windows\system32\ieframe.dll
2013-03-16 14:24:34 ----A---- C:\Windows\system32\drivers\usb8023.sys
2013-03-16 14:21:17 ----D---- C:\Users\lubos\AppData\Roaming\Malwarebytes
2013-03-16 14:21:04 ----D---- C:\ProgramData\Malwarebytes
2013-03-16 14:21:03 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-16 14:21:03 ----A---- C:\Windows\system32\drivers\mbam.sys
2013-03-16 00:03:37 ----AD---- C:\Kaspersky Rescue Disk 10.0
2013-03-14 21:44:27 ----D---- C:\Program Files\Microsoft Silverlight
2013-03-10 17:17:47 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-02-27 22:31:06 ----A---- C:\Windows\SYSWOW64\UIAnimation.dll
2013-02-27 22:31:06 ----A---- C:\Windows\SYSWOW64\msmpeg2vdec.dll
2013-02-27 22:31:06 ----A---- C:\Windows\system32\UIAnimation.dll
2013-02-27 22:31:06 ----A---- C:\Windows\system32\msmpeg2vdec.dll
2013-02-27 22:30:58 ----A---- C:\Windows\SYSWOW64\WMPhoto.dll
2013-02-27 22:30:58 ----A---- C:\Windows\system32\WMPhoto.dll
2013-02-27 22:30:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-02-27 22:30:56 ----AH---- C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-02-27 22:30:56 ----AH---- C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-02-27 22:30:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-27 22:30:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-02-27 22:30:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-02-27 22:30:55 ----AH---- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-27 22:30:55 ----AH---- C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-02-27 22:30:55 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2013-02-27 22:30:55 ----A---- C:\Windows\SYSWOW64\d3d10_1.dll
2013-02-27 22:30:55 ----A---- C:\Windows\system32\d3d10warp.dll
2013-02-27 22:30:55 ----A---- C:\Windows\system32\d3d10_1.dll
2013-02-27 22:30:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-02-27 22:30:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-02-27 22:30:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-02-27 22:30:54 ----AH---- C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-02-27 22:30:54 ----AH---- C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-02-27 22:30:54 ----AH---- C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-02-27 22:30:54 ----A---- C:\Windows\SYSWOW64\XpsGdiConverter.dll
2013-02-27 22:30:54 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2013-02-27 22:30:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-02-27 22:30:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-02-27 22:30:53 ----AH---- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-02-27 22:30:53 ----AH---- C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-02-27 22:30:53 ----A---- C:\Windows\SYSWOW64\dxgi.dll
2013-02-27 22:30:51 ----A---- C:\Windows\SYSWOW64\d3d10level9.dll
2013-02-27 22:30:51 ----A---- C:\Windows\SYSWOW64\d3d10core.dll
2013-02-27 22:30:51 ----A---- C:\Windows\SYSWOW64\d3d10_1core.dll
2013-02-27 22:30:51 ----A---- C:\Windows\system32\dxgi.dll
2013-02-27 22:30:51 ----A---- C:\Windows\system32\d3d10level9.dll
2013-02-27 22:30:51 ----A---- C:\Windows\system32\d3d10core.dll
2013-02-27 22:30:51 ----A---- C:\Windows\system32\d3d10_1core.dll
2013-02-27 22:30:50 ----A---- C:\Windows\SYSWOW64\XpsPrint.dll
2013-02-27 22:30:50 ----A---- C:\Windows\SYSWOW64\WindowsCodecsExt.dll
2013-02-27 22:30:50 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2013-02-27 22:30:50 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2013-02-27 22:30:50 ----A---- C:\Windows\SYSWOW64\d3d11.dll
2013-02-27 22:30:50 ----A---- C:\Windows\SYSWOW64\d3d10.dll
2013-02-27 22:30:50 ----A---- C:\Windows\system32\XpsPrint.dll
2013-02-27 22:30:50 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2013-02-27 22:30:50 ----A---- C:\Windows\system32\WindowsCodecs.dll
2013-02-27 22:30:50 ----A---- C:\Windows\system32\FntCache.dll
2013-02-27 22:30:50 ----A---- C:\Windows\system32\DWrite.dll
2013-02-27 22:30:50 ----A---- C:\Windows\system32\d3d11.dll
2013-02-27 22:30:50 ----A---- C:\Windows\system32\d3d10.dll
2013-02-27 22:30:49 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2013-02-27 22:30:49 ----A---- C:\Windows\system32\d2d1.dll

======List of files/folders modified in the last 1 months======

2013-03-16 23:04:53 ----D---- C:\Windows\system32\wfp
2013-03-16 23:04:53 ----D---- C:\Windows\system32\wbem
2013-03-16 23:04:53 ----D---- C:\Windows
2013-03-16 23:04:50 ----D---- C:\Windows\system32\CodeIntegrity
2013-03-16 23:04:49 ----D---- C:\Users\lubos\AppData\Roaming\GHISLER
2013-03-16 23:04:49 ----D---- C:\ProgramData\Ulead Systems
2013-03-16 23:04:43 ----D---- C:\Windows\registration
2013-03-16 15:29:44 ----RD---- C:\Program Files
2013-03-16 15:29:41 ----D---- C:\Windows\Temp
2013-03-16 15:27:54 ----D---- C:\Users\lubos\AppData\Roaming\uTorrent
2013-03-16 15:23:57 ----D---- C:\Program Files (x86)
2013-03-16 15:23:53 ----SHD---- C:\Windows\Installer
2013-03-16 15:23:53 ----D---- C:\ProgramData
2013-03-16 15:23:52 ----D---- C:\Program Files (x86)\SweetIM
2013-03-16 15:23:52 ----D---- C:\Config.Msi
2013-03-16 15:21:47 ----D---- C:\ProgramData\InstallMate
2013-03-16 15:10:57 ----D---- C:\Windows\system32\config
2013-03-16 15:01:15 ----D---- C:\Windows\System32
2013-03-16 15:01:15 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-03-16 15:01:14 ----D---- C:\Windows\inf
2013-03-16 14:59:10 ----A---- C:\Windows\SYSWOW64\log.txt
2013-03-16 14:58:06 ----D---- C:\Users\lubos\AppData\Roaming\Skype
2013-03-16 14:57:10 ----D---- C:\Windows\winsxs
2013-03-16 14:55:16 ----D---- C:\Windows\system32\drivers
2013-03-16 14:55:15 ----D---- C:\Windows\AppPatch
2013-03-16 14:55:15 ----D---- C:\Program Files (x86)\Internet Explorer
2013-03-16 14:55:14 ----D---- C:\Windows\SYSWOW64\migration
2013-03-16 14:55:14 ----D---- C:\Windows\SysWOW64
2013-03-16 14:55:13 ----D---- C:\Windows\system32\migration
2013-03-16 14:55:11 ----D---- C:\Program Files\Internet Explorer
2013-03-16 14:55:10 ----D---- C:\Windows\system32\DriverStore
2013-03-16 14:54:12 ----D---- C:\Windows\system32\Tasks
2013-03-16 14:54:11 ----D---- C:\Windows\Tasks
2013-03-16 14:31:18 ----A---- C:\Windows\system32\MRT.exe
2013-03-16 14:31:03 ----D---- C:\ProgramData\Microsoft Help
2013-03-16 14:28:47 ----D---- C:\Windows\system32\catroot
2013-03-16 14:28:42 ----D---- C:\Windows\system32\catroot2
2013-03-16 14:26:19 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2013-03-16 14:24:58 ----SHD---- C:\System Volume Information
2013-03-13 15:20:02 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-03-12 19:55:46 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-02-28 16:02:04 ----D---- C:\Windows\SYSWOW64\pt-BR
2013-02-28 16:02:03 ----D---- C:\Windows\SYSWOW64\pt-PT
2013-02-28 16:02:03 ----D---- C:\Windows\SYSWOW64\pl-PL
2013-02-28 16:02:03 ----D---- C:\Windows\SYSWOW64\it-IT
2013-02-28 16:02:02 ----D---- C:\Windows\SYSWOW64\zh-HK
2013-02-28 16:02:02 ----D---- C:\Windows\SYSWOW64\ko-KR
2013-02-28 16:02:02 ----D---- C:\Windows\SYSWOW64\hu-HU
2013-02-28 16:02:01 ----D---- C:\Windows\SYSWOW64\nl-NL
2013-02-28 16:02:01 ----D---- C:\Windows\SYSWOW64\fr-FR
2013-02-28 16:02:01 ----D---- C:\Windows\SYSWOW64\el-GR
2013-02-28 16:02:00 ----D---- C:\Windows\SYSWOW64\fi-FI
2013-02-28 16:01:59 ----D---- C:\Windows\SYSWOW64\zh-TW
2013-02-28 16:01:59 ----D---- C:\Windows\SYSWOW64\tr-TR
2013-02-28 16:01:59 ----D---- C:\Windows\SYSWOW64\sv-SE
2013-02-28 16:01:59 ----D---- C:\Windows\SYSWOW64\es-ES
2013-02-28 16:01:58 ----D---- C:\Windows\SYSWOW64\zh-CN
2013-02-28 16:01:58 ----D---- C:\Windows\SYSWOW64\ja-JP
2013-02-28 16:01:58 ----D---- C:\Windows\SYSWOW64\de-DE
2013-02-28 16:01:58 ----D---- C:\Windows\SYSWOW64\cs-CZ
2013-02-28 16:01:56 ----D---- C:\Windows\SYSWOW64\ru-RU
2013-02-28 16:01:55 ----D---- C:\Windows\SYSWOW64\nb-NO
2013-02-28 16:01:55 ----D---- C:\Windows\SYSWOW64\da-DK
2013-02-28 16:01:54 ----D---- C:\Windows\SYSWOW64\en-US
2013-02-28 16:01:48 ----D---- C:\Windows\system32\pt-BR
2013-02-28 16:01:48 ----D---- C:\Windows\system32\it-IT
2013-02-28 16:01:47 ----D---- C:\Windows\system32\pt-PT
2013-02-28 16:01:46 ----D---- C:\Windows\system32\pl-PL
2013-02-28 16:01:45 ----D---- C:\Windows\system32\ko-KR
2013-02-28 16:01:44 ----D---- C:\Windows\system32\hu-HU
2013-02-28 16:01:43 ----D---- C:\Windows\system32\zh-HK
2013-02-28 16:01:43 ----D---- C:\Windows\system32\el-GR
2013-02-28 16:01:42 ----D---- C:\Windows\system32\nl-NL
2013-02-28 16:01:41 ----D---- C:\Windows\system32\fr-FR
2013-02-28 16:01:40 ----D---- C:\Windows\system32\tr-TR
2013-02-28 16:01:40 ----D---- C:\Windows\system32\fi-FI
2013-02-28 16:01:39 ----D---- C:\Windows\system32\sv-SE
2013-02-28 16:01:39 ----D---- C:\Windows\system32\es-ES
2013-02-28 16:01:37 ----D---- C:\Windows\system32\zh-TW
2013-02-28 16:01:37 ----D---- C:\Windows\system32\de-DE
2013-02-28 16:01:36 ----D---- C:\Windows\system32\cs-CZ
2013-02-28 16:01:35 ----D---- C:\Windows\system32\zh-CN
2013-02-28 16:01:34 ----D---- C:\Windows\system32\ja-JP
2013-02-28 16:01:33 ----D---- C:\Windows\system32\ru-RU
2013-02-28 16:01:33 ----D---- C:\Windows\system32\nb-NO
2013-02-28 16:01:32 ----D---- C:\Windows\system32\da-DK
2013-02-28 16:01:31 ----D---- C:\Windows\system32\en-US
2013-02-21 17:34:42 ----D---- C:\Windows\Prefetch
2013-02-19 22:07:23 ----D---- C:\Program Files\Microsoft Security Client
2013-02-19 22:07:21 ----D---- C:\Program Files (x86)\Microsoft Security Client
2013-02-17 20:22:55 ----D---- C:\ProgramData\Skype
2013-02-17 20:22:52 ----RD---- C:\Program Files (x86)\Skype
2013-02-17 20:22:52 ----D---- C:\Program Files (x86)\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-01-20 230320]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-12-26 564824]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-12-26 283200]
R2 cpuz135;cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R2 RtNdPt60;Realtek NDIS Protocol Driver; C:\Windows\system32\DRIVERS\RtNdPt60.sys [2009-07-20 27136]
R3 Afc;PPdus ASPI Shell; C:\Windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-07-28 10278912]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-07-28 368640]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver; C:\Windows\System32\Drivers\EtronHub3.sys [2011-08-17 57088]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver; C:\Windows\System32\Drivers\EtronXHCI.sys [2011-08-17 80384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-08-12 3053160]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2011-07-06 367976]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-01 535656]
R3 V0230Vfx;V0230Vfx; C:\Windows\system32\DRIVERS\V0230Vfx.sys [2006-05-04 10752]
R3 V0230VID;Live! Cam Video IM Pro; C:\Windows\system32\DRIVERS\V0230VID.sys [2006-09-28 586336]
S3 athrusb;Atheros Wireless LAN USB device driver; C:\Windows\system32\DRIVERS\athrxusb.sys [2008-07-29 1075712]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\Combofix\catchme.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-21 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys []
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 pneteth;PdaNet Broadband; C:\Windows\system32\DRIVERS\pneteth.sys [2011-11-25 15360]
S3 pwdrvio;pwdrvio; \??\C:\Windows\syswow64\pwdrvio.sys []
S3 pwdspio;pwdspio; \??\C:\Windows\syswow64\pwdspio.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0); C:\Windows\system32\DRIVERS\RtTeam60.sys [2009-12-21 51712]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2); C:\Windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 24064]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 StkCMini;Syntek AVStream USB2.0 ATV; C:\Windows\System32\Drivers\StkCMini.sys [2010-06-07 1917576]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0); C:\Windows\system32\DRIVERS\RtTeam60.sys [2009-12-21 51712]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2); C:\Windows\system32\DRIVERS\RtVLAN60.sys [2007-12-03 24064]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S3 WinUsb;Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-07-28 239616]
R2 Capture Device Service;Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-10-05 325656]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-01-27 22056]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2011-11-12 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2011-11-12 107832]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [2006-12-19 272024]
R2 TeamViewer8;TeamViewer 8; C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-03-06 3560288]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-09-28 49152]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-13 253656]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-03-10 115608]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-10-12 419624]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-09-02 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 16 bře 2013 16:40

Zdravim

A tentokrat to hodlate dokoncit nebo se na to vykvaknete jako minule?

Jen se zeptam pouzivate legalni operacni system, nejvyssi licence Ultimate zrovna neni bezna.

oso · #3 Příspěvek od **oso** » 17 bře 2013 15:31

vyosek píše:Zdravim

A tentokrat to hodlate dokoncit nebo se na to vykvaknete jako minule?

Jen se zeptam pouzivate legalni operacni system, nejvyssi licence Ultimate zrovna neni bezna.

zdravim no minule sme system preinstalovali takze uz som dalej neriesil, ano je to legalny system

#4 Příspěvek od **vyosek** » 17 bře 2013 15:31

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

oso · #5 Příspěvek od **oso** » 17 bře 2013 16:48

nejako sa to zaseklo na firefox settings

#6 Příspěvek od **vyosek** » 17 bře 2013 16:56

On se obcas zasekava, pokud neni zasek delsi jak 15 minut, tak jej nechte pracovat

oso · #7 Příspěvek od **oso** » 17 bře 2013 17:13

vyosek píše:On se obcas zasekava, pokud neni zasek delsi jak 15 minut, tak jej nechte pracovat

no asi hodinovy tak som to zhodil a dal este raz

oso · #8 Příspěvek od **oso** » 17 bře 2013 17:45

tak zas polhodina a nic zaseknute co s tym ?

#9 Příspěvek od **vyosek** » 17 bře 2013 18:10

Zkuste jej zopakovat v nouzovem rezimu jeste

oso · #10 Příspěvek od **oso** » 17 bře 2013 18:43

nic ani safe mod nejde

#11 Příspěvek od **vyosek** » 18 bře 2013 07:45

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Prohledat
Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

oso · #12 Příspěvek od **oso** » 18 bře 2013 20:55

tu je log

# AdwCleaner v2.115 - Logfile created 03/18/2013 at 20:53:35
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : lubos - LUBOS-PC
# Boot Mode : Normal
# Running from : C:\Users\lubos\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\Users\lubos\AppData\Roaming\Mozilla\Firefox\Profiles\coucu6oi.default\searchplugins\Askcom.xml
File Found : C:\Users\lubos\AppData\Roaming\Mozilla\Firefox\Profiles\coucu6oi.default\searchplugins\MyStart Search.xml
File Found : C:\Users\lubos\AppData\Roaming\Mozilla\Firefox\Profiles\coucu6oi.default\searchplugins\SweetIM Search.xml
File Found : C:\Users\lubos\AppData\Roaming\Mozilla\Firefox\Profiles\coucu6oi.default\searchplugins\SweetIm.xml
Folder Found : C:\Program Files (x86)\SweetIM
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\Users\lubos\AppData\Local\Giant Savings
Folder Found : C:\Users\lubos\AppData\Local\SwvUpdater
Folder Found : C:\Users\lubos\AppData\Roaming\Mozilla\Firefox\Profiles\coucu6oi.default\extensions\crossriderapp4479@crossrider.com
Folder Found : C:\Users\lubos\AppData\Roaming\Mozilla\Firefox\Profiles\coucu6oi.default\SweetIMToolbarData
Folder Found : C:\Users\lubos\AppData\Roaming\Mozilla\Firefox\Profiles\coucu6oi.default\SweetPacksToolbarData

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Giant Savings
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKU\S-1-5-21-3980981197-3802730759-2479173781-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKU\S-1-5-21-3980981197-3802730759-2479173781-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : HKU\S-1-5-21-3980981197-3802730759-2479173781-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16521

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10005&barid={2DD2A69D-54CE-11E2-BCC1-50E54934A3E1}

-\\ Mozilla Firefox v19.0.2 (sk)

File : C:\Users\lubos\AppData\Roaming\Mozilla\Firefox\Profiles\coucu6oi.default\prefs.js

Found : user_pref("browser.newtab.url", "hxxp://home.sweetim.com/?src=97&barid={2DD2A69D-54CE-11E2-BCC1-50E5[...]
Found : user_pref("browser.search.defaultenginename", "SweetIM Search");
Found : user_pref("extensions.5051c7916193a.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Found : user_pref("extensions.crossriderapp4479.4479.InstallationThankYouPage", true);
Found : user_pref("extensions.crossriderapp4479.4479.InstallationTime", 1347034515);
Found : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.searchUserConifrmation", false[...]
Found : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setHomepage", false);
Found : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setNewTab", false);
Found : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setSearch", false);
Found : user_pref("extensions.crossriderapp4479.4479.active", true);
Found : user_pref("extensions.crossriderapp4479.4479.addressbar", "");
Found : user_pref("extensions.crossriderapp4479.4479.addressbarenhanced", "");
Found : user_pref("extensions.crossriderapp4479.4479.backgroundjs", "\n\n//\n");
Found : user_pref("extensions.crossriderapp4479.4479.backgroundver", 37);
Found : user_pref("extensions.crossriderapp4479.4479.can_run_bg_code", true);
Found : user_pref("extensions.crossriderapp4479.4479.certdomaininstaller", "");
Found : user_pref("extensions.crossriderapp4479.4479.changeprevious", false);
Found : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Found : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.value", "1347034515");
Found : user_pref("extensions.crossriderapp4479.4479.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.value", "1347034515");
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_arbitrary_code.expiration", "Mon Mar 18 201[...]
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_arbitrary_code.value", "%22%28function%28%2[...]
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_blocklist.expiration", "Mon Mar 18 2013 20:[...]
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_cf_bu1.expiration", "Fri Feb 01 2030 00:00:[...]
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_cf_bu1.value", "1361278717");
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.expiration", "Tue Mar 19 2013 [...]
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.value", "%22SK%22");
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.value", "1363633092");
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 0[...]
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_currenttime.value", "%221362693980%22");
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.value", "%221%22");
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.value", "%2214019%22");
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.value", "1347035110284");
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.value", "%221171%22");
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.value", "%2278477%22");
Found : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Found : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.value", "1347035096915");
Found : user_pref("extensions.crossriderapp4479.4479.cookie.lastrequest.expiration", "Fri Feb 01 2030 00:00:[...]
Found : user_pref("extensions.crossriderapp4479.4479.cookie.lastrequest.value", "%7B%22path%22%3A%22/watch%2[...]
Found : user_pref("extensions.crossriderapp4479.4479.description", "Save big with Giant Savings! Coupons dis[...]
Found : user_pref("extensions.crossriderapp4479.4479.domain", "");
Found : user_pref("extensions.crossriderapp4479.4479.enablesearch", false);
Found : user_pref("extensions.crossriderapp4479.4479.fbremoteurl", "");
Found : user_pref("extensions.crossriderapp4479.4479.group", 0);
Found : user_pref("extensions.crossriderapp4479.4479.homepage", "");
Found : user_pref("extensions.crossriderapp4479.4479.iframe", false);
Found : user_pref("extensions.crossriderapp4479.4479.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
Found : user_pref("extensions.crossriderapp4479.4479.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]
Found : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Found : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.value", "88");
Found : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Found : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.value", "0");
Found : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.value", "%7B%7D");
Found : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.expiration", "Tue Mar 19[...]
Found : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.value", "true");
Found : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Found : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.value", "%7B%7D");
Found : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_remote_resources.expiration", "Fri[...]
Found : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_remote_resources.value", "%7B%22re[...]
Found : user_pref("extensions.crossriderapp4479.4479.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Found : user_pref("extensions.crossriderapp4479.4479.manifesturl", "");
Found : user_pref("extensions.crossriderapp4479.4479.name", "Giant Savings");
Found : user_pref("extensions.crossriderapp4479.4479.newtab", "");
Found : user_pref("extensions.crossriderapp4479.4479.opensearch", "");
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.name", "base");
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.ver", 4);
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.ver", 15);
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.code", "var a=appAPI.db.getList([...]
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.name", "GPL Background (BG)");
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.ver", 34);
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.name", "CrossriderAppUtils");
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.ver", 2);
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.name", "CrossriderUtils");
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.ver", 2);
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.code", "if((typeof isBackground===\"u[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.name", "FFAppAPIWrapper");
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.ver", 5);
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.name", "jQuery");
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.ver", 3);
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.name", "debug");
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.ver", 3);
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.name", "resources");
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.ver", 2);
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.name", "initializer");
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.ver", 2);
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.name", "jquery_1_7_1");
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.ver", 3);
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.name", "resources_background");
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.ver", 1);
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPT[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.name", "appApiMessage");
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.ver", 1);
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.code", "if(appAPI.__should_activate_v[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.name", "appApiValidation");
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.ver", 1);
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.code", "if(typeof jQuery!==\"undefine[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.name", "CrossriderInfo");
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.ver", 2);
Found : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_0", "4,14,78,16,64,47,72,1000015"[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Found : user_pref("extensions.crossriderapp4479.4479.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Found : user_pref("extensions.crossriderapp4479.4479.pluginsversion", 59);
Found : user_pref("extensions.crossriderapp4479.4479.publisher", "215 Apps");
Found : user_pref("extensions.crossriderapp4479.4479.searchstatus", 0);
Found : user_pref("extensions.crossriderapp4479.4479.setnewtab", false);
Found : user_pref("extensions.crossriderapp4479.4479.settingsurl", "");
Found : user_pref("extensions.crossriderapp4479.4479.thankyou", "");
Found : user_pref("extensions.crossriderapp4479.4479.updateinterval", 360);
Found : user_pref("extensions.crossriderapp4479.4479.ver", 88);
Found : user_pref("extensions.crossriderapp4479.adsOldValue", -1);
Found : user_pref("extensions.crossriderapp4479.apps", "4479");
Found : user_pref("extensions.crossriderapp4479.bic", "139a18bf42029e99a3a8a69cf78bb4f5");
Found : user_pref("extensions.crossriderapp4479.cid", 4479);
Found : user_pref("extensions.crossriderapp4479.firstrun", false);
Found : user_pref("extensions.crossriderapp4479.hadappinstalled", true);
Found : user_pref("extensions.crossriderapp4479.installationdate", 1347035067);
Found : user_pref("extensions.crossriderapp4479.lastcheck", 22727218);
Found : user_pref("extensions.crossriderapp4479.lastcheckitem", 22727264);
Found : user_pref("extensions.crossriderapp4479.modetype", "production");
Found : user_pref("extensions.crossriderapp4479.statsDailyCounter", 6);
Found : user_pref("extensions.enabledAddons", "%7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14,crossridera[...]
Found : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?barid={2DD2A69D-54CE-11E2-BCC1-50E549[...]

*************************

AdwCleaner[R1].txt - [18478 octets] - [18/03/2013 20:53:35]

########## EOF - C:\AdwCleaner[R1].txt - [18539 octets] ##########

#13 Příspěvek od **vyosek** » 18 bře 2013 21:14

Spustte znovu AdwCleaner

Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Smazat
PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

oso · #14 Příspěvek od **oso** » 18 bře 2013 21:31

je tu

# AdwCleaner v2.115 - Logfile created 03/18/2013 at 21:20:33
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : lubos - LUBOS-PC
# Boot Mode : Normal
# Running from : C:\Users\lubos\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\lubos\AppData\Roaming\Mozilla\Firefox\Profiles\coucu6oi.default\searchplugins\Askcom.xml
File Deleted : C:\Users\lubos\AppData\Roaming\Mozilla\Firefox\Profiles\coucu6oi.default\searchplugins\MyStart Search.xml
File Deleted : C:\Users\lubos\AppData\Roaming\Mozilla\Firefox\Profiles\coucu6oi.default\searchplugins\SweetIM Search.xml
File Deleted : C:\Users\lubos\AppData\Roaming\Mozilla\Firefox\Profiles\coucu6oi.default\searchplugins\SweetIm.xml
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Users\lubos\AppData\Local\Giant Savings
Folder Deleted : C:\Users\lubos\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\lubos\AppData\Roaming\Mozilla\Firefox\Profiles\coucu6oi.default\extensions\crossriderapp4479@crossrider.com
Folder Deleted : C:\Users\lubos\AppData\Roaming\Mozilla\Firefox\Profiles\coucu6oi.default\SweetIMToolbarData
Folder Deleted : C:\Users\lubos\AppData\Roaming\Mozilla\Firefox\Profiles\coucu6oi.default\SweetPacksToolbarData

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Giant Savings
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16521

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10005&barid={2DD2A69D-54CE-11E2-BCC1-50E54934A3E1} --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0.2 (sk)

File : C:\Users\lubos\AppData\Roaming\Mozilla\Firefox\Profiles\coucu6oi.default\prefs.js

Deleted : user_pref("browser.newtab.url", "hxxp://home.sweetim.com/?src=97&barid={2DD2A69D-54CE-11E2-BCC1-50E5[...]
Deleted : user_pref("browser.search.defaultenginename", "SweetIM Search");
Deleted : user_pref("extensions.5051c7916193a.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationTime", 1347034515);
Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.searchUserConifrmation", false[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp4479.4479.active", true);
Deleted : user_pref("extensions.crossriderapp4479.4479.addressbar", "");
Deleted : user_pref("extensions.crossriderapp4479.4479.addressbarenhanced", "");
Deleted : user_pref("extensions.crossriderapp4479.4479.backgroundjs", "\n\n//\n");
Deleted : user_pref("extensions.crossriderapp4479.4479.backgroundver", 37);
Deleted : user_pref("extensions.crossriderapp4479.4479.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp4479.4479.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp4479.4479.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.value", "1347034515");
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.value", "1347034515");
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_arbitrary_code.expiration", "Mon Mar 18 201[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_arbitrary_code.value", "%22%28function%28%2[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_blocklist.expiration", "Mon Mar 18 2013 20:[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_cf_bu1.expiration", "Fri Feb 01 2030 00:00:[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_cf_bu1.value", "1361278717");
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.expiration", "Tue Mar 19 2013 [...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.value", "%22SK%22");
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.value", "1363633092");
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_currenttime.value", "%221362693980%22");
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.value", "%2214019%22");
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.value", "1347035110284");
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.value", "%221171%22");
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.value", "%2278477%22");
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.value", "1347035096915");
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.lastrequest.expiration", "Fri Feb 01 2030 00:00:[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.lastrequest.value", "%7B%22path%22%3A%22/watch%2[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.description", "Save big with Giant Savings! Coupons dis[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.domain", "");
Deleted : user_pref("extensions.crossriderapp4479.4479.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp4479.4479.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp4479.4479.group", 0);
Deleted : user_pref("extensions.crossriderapp4479.4479.homepage", "");
Deleted : user_pref("extensions.crossriderapp4479.4479.iframe", false);
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.value", "88");
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.value", "0");
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.expiration", "Tue Mar 19[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_remote_resources.expiration", "Fri[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_remote_resources.value", "%7B%22re[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp4479.4479.name", "Giant Savings");
Deleted : user_pref("extensions.crossriderapp4479.4479.newtab", "");
Deleted : user_pref("extensions.crossriderapp4479.4479.opensearch", "");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.ver", 4);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.ver", 15);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.code", "var a=appAPI.db.getList([...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.ver", 34);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.code", "if((typeof isBackground===\"u[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.ver", 5);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.name", "debug");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.ver", 3);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.name", "resources");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.ver", 2);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.ver", 2);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.ver", 3);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPT[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.name", "appApiMessage");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.ver", 1);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.code", "if(appAPI.__should_activate_v[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.name", "appApiValidation");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.ver", 1);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.code", "if(typeof jQuery!==\"undefine[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.name", "CrossriderInfo");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.ver", 2);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_0", "4,14,78,16,64,47,72,1000015"[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsversion", 59);
Deleted : user_pref("extensions.crossriderapp4479.4479.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp4479.4479.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp4479.4479.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp4479.4479.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp4479.4479.thankyou", "");
Deleted : user_pref("extensions.crossriderapp4479.4479.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp4479.4479.ver", 88);
Deleted : user_pref("extensions.crossriderapp4479.adsOldValue", -1);
Deleted : user_pref("extensions.crossriderapp4479.apps", "4479");
Deleted : user_pref("extensions.crossriderapp4479.bic", "139a18bf42029e99a3a8a69cf78bb4f5");
Deleted : user_pref("extensions.crossriderapp4479.cid", 4479);
Deleted : user_pref("extensions.crossriderapp4479.firstrun", false);
Deleted : user_pref("extensions.crossriderapp4479.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp4479.installationdate", 1347035067);
Deleted : user_pref("extensions.crossriderapp4479.lastcheck", 22727218);
Deleted : user_pref("extensions.crossriderapp4479.lastcheckitem", 22727264);
Deleted : user_pref("extensions.crossriderapp4479.modetype", "production");
Deleted : user_pref("extensions.crossriderapp4479.statsDailyCounter", 6);
Deleted : user_pref("extensions.enabledAddons", "%7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14,crossridera[...]
Deleted : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?barid={2DD2A69D-54CE-11E2-BCC1-50E549[...]

*************************

AdwCleaner[R1].txt - [18599 octets] - [18/03/2013 20:53:35]
AdwCleaner[R2].txt - [18660 octets] - [18/03/2013 21:20:14]
AdwCleaner[S1].txt - [18546 octets] - [18/03/2013 21:20:33]

########## EOF - C:\AdwCleaner[S1].txt - [18607 octets] ##########

#15 Příspěvek od **vyosek** » 18 bře 2013 22:08

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

VIRY.CZ

prosim o preventivku policajny trojan

prosim o preventivku policajny trojan

Re: prosim o preventivku policajny trojan

Re: prosim o preventivku policajny trojan

Re: prosim o preventivku policajny trojan

Re: prosim o preventivku policajny trojan

Re: prosim o preventivku policajny trojan

Re: prosim o preventivku policajny trojan

Re: prosim o preventivku policajny trojan

Re: prosim o preventivku policajny trojan

Re: prosim o preventivku policajny trojan

Re: prosim o preventivku policajny trojan

Re: prosim o preventivku policajny trojan

Re: prosim o preventivku policajny trojan

Re: prosim o preventivku policajny trojan

Re: prosim o preventivku policajny trojan