VIRY.CZ

Prosiim o pomoc, podarilo sa mi do PC stiahnut nejakeho smejda Hotspot shield . PC je pomale a strasne blbne .

Logfile of random's system information tool 1.09 (written by random/random)
Run by Andrej at 2013-04-11 21:46:52
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 63 GB (53%) free of 117 GB
Total RAM: 2047 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:47:06, on 11. 4. 2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Windows\SysWOW64\jmdp\stij.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
C:\Program Files (x86)\Hotspot Shield\bin\fbwmgr.exe
C:\Program Files (x86)\Hotspot Shield\bin\fbw.exe
C:\Program Files (x86)\Hotspot Shield\bin\fbw.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Users\Andrej\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe
C:\Users\Andrej\AppData\Local\Opera\Opera\temporary_downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Andrej.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Andrej\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Andrej\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Service (hshld) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
O23 - Service: IBUpdaterService - Unknown owner - C:\Windows\system32\dmwu.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10234 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-57048970-2663454264-3034485676-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-57048970-2663454264-3034485676-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\g03iqxe0.default

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.6.602.180 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.9.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
afurladvisor@anchorfree.com
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\g03iqxe0.default\searchplugins\
SweetIM Search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-11-26 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-03-07 1224568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-03-19 4529272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-11-26 155384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
Hotspot Shield Class - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll [2013-02-13 233288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-03-07 1224568]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-03-07 4767304]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2012-07-08 36864]
"SoundMAXPnP"=C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [2012-07-08 1310720]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"SweetIM"=C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [2012-10-04 115032]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-01-24 3478336]
"Google Update"=C:\Users\Andrej\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-17 116648]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-02-28 18642024]
"uTorrent"=C:\Users\Andrej\AppData\Roaming\uTorrent\uTorrent.exe [2013-04-11 1052496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FMVC"=fmcodec.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-04-11 21:46:53 ----D---- C:\Program Files (x86)\trend micro
2013-04-11 21:46:52 ----D---- C:\rsit
2013-04-11 20:26:12 ----D---- C:\Users\Andrej\AppData\Roaming\TeamViewer
2013-04-11 19:19:28 ----D---- C:\ProgramData\Hotspot Shield
2013-04-11 19:19:23 ----D---- C:\Program Files (x86)\Hotspot Shield
2013-04-11 19:19:18 ----D---- C:\Users\Andrej\AppData\Roaming\Hotspot Shield
2013-04-11 19:16:40 ----D---- C:\Users\Andrej\AppData\Roaming\uTorrent
2013-04-11 18:58:04 ----D---- C:\ProgramData\SweetIM
2013-04-11 18:58:04 ----D---- C:\Program Files (x86)\SweetIM
2013-04-11 18:57:42 ----D---- C:\Windows\SysWOW64\jmdp
2013-04-11 18:57:42 ----D---- C:\Windows\SysWOW64\ARFC
2013-04-11 18:57:39 ----D---- C:\Windows\SysWOW64\WNLT
2013-04-11 18:57:37 ----D---- C:\Program Files (x86)\sweetpacks bundle uninstaller
2013-04-11 03:04:27 ----A---- C:\Windows\SysWOW64\vbscript.dll
2013-04-11 03:04:27 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2013-04-11 03:04:25 ----A---- C:\Windows\SysWOW64\ieui.dll
2013-04-11 03:04:23 ----A---- C:\Windows\SysWOW64\url.dll
2013-04-11 03:04:23 ----A---- C:\Windows\SysWOW64\ieUnatt.exe
2013-04-11 03:04:21 ----A---- C:\Windows\SysWOW64\urlmon.dll
2013-04-11 03:04:18 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2013-04-11 03:04:16 ----A---- C:\Windows\SysWOW64\wininet.dll
2013-04-11 03:04:14 ----A---- C:\Windows\SysWOW64\jscript9.dll
2013-04-11 03:04:14 ----A---- C:\Windows\SysWOW64\jscript.dll
2013-04-11 03:04:11 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2013-04-11 03:04:11 ----A---- C:\Windows\SysWOW64\iertutil.dll
2013-04-11 03:04:04 ----A---- C:\Windows\SysWOW64\mshtml.dll
2013-04-11 03:03:55 ----A---- C:\Windows\SysWOW64\ieframe.dll
2013-04-10 23:12:50 ----A---- C:\Windows\SysWOW64\mstscax.dll
2013-04-10 23:12:47 ----A---- C:\Windows\SysWOW64\aaclient.dll
2013-04-10 23:12:46 ----A---- C:\Windows\SysWOW64\tsgqec.dll
2013-04-10 23:12:14 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
2013-04-10 23:12:14 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
2013-04-10 23:12:10 ----A---- C:\Windows\SysWOW64\apisetschema.dll
2013-04-09 15:34:06 ----D---- C:\Program Files (x86)\Common Files\Skype
2013-04-08 22:05:43 ----D---- C:\Users\Andrej\AppData\Roaming\vlc
2013-04-08 22:04:39 ----D---- C:\Program Files (x86)\VideoLAN
2013-03-15 04:02:07 ----D---- C:\Program Files (x86)\Microsoft Silverlight

======List of files/folders modified in the last 1 month======

2013-04-11 21:47:04 ----D---- C:\Windows\Temp
2013-04-11 21:46:53 ----RD---- C:\Program Files (x86)
2013-04-11 19:21:30 ----D---- C:\Users\Andrej\AppData\Roaming\Skype
2013-04-11 19:21:25 ----SD---- C:\ProgramData\Microsoft
2013-04-11 19:21:00 ----D---- C:\Windows\inf
2013-04-11 19:20:54 ----SHD---- C:\System Volume Information
2013-04-11 19:19:31 ----D---- C:\Windows\Prefetch
2013-04-11 19:19:28 ----HD---- C:\ProgramData
2013-04-11 19:19:22 ----D---- C:\Windows
2013-04-11 18:58:12 ----SHD---- C:\Windows\Installer
2013-04-11 18:57:53 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-04-11 18:57:42 ----D---- C:\Windows\SysWOW64
2013-04-11 18:57:42 ----D---- C:\Windows\System32
2013-04-11 11:45:51 ----D---- C:\ProgramData\NVIDIA
2013-04-11 03:30:43 ----D---- C:\Windows\winsxs
2013-04-11 03:27:45 ----D---- C:\Program Files (x86)\Internet Explorer
2013-04-11 03:27:44 ----D---- C:\Windows\SysWOW64\migration
2013-04-11 03:06:20 ----D---- C:\ProgramData\Microsoft Help
2013-04-09 15:34:08 ----D---- C:\ProgramData\Skype
2013-04-09 15:34:06 ----RD---- C:\Program Files (x86)\Skype
2013-04-09 15:34:06 ----D---- C:\Program Files (x86)\Common Files
2013-03-22 12:42:06 ----D---- C:\Program Files (x86)\Google
2013-03-17 20:38:39 ----D---- C:\Windows\rescache
2013-03-15 13:19:11 ----D---- C:\Program Files (x86)\Opera
2013-03-15 04:24:26 ----D---- C:\Windows\AppPatch
2013-03-15 04:02:07 ----RD---- C:\Program Files
2013-03-13 02:45:35 ----A---- C:\Windows\SysWOW64\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\Windows\SysWOW64\drivers\aswRvrt.sys []
R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys []
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys []
R1 aswKbd;aswKbd; C:\Windows\SysWOW64\drivers\aswKbd.sys []
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys []
R1 aswSnx;aswSnx; C:\Windows\SysWOW64\drivers\aswSnx.sys []
R1 aswSP;aswSP; C:\Windows\SysWOW64\drivers\aswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:\Windows\SysWOW64\drivers\aswTdi.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys []
R1 HssDRV6;Hotspot Shield Routing Driver 6; C:\Windows\system32\DRIVERS\hssdrv6.sys []
R2 aswFsBlk;aswFsBlk; C:\Windows\SysWOW64\drivers\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys []
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
R3 taphss6;Anchorfree HSS VPN Adapter; C:\Windows\system32\DRIVERS\taphss6.sys []
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 aswVmm;aswVmm; C:\Windows\SysWOW64\drivers\aswVmm.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys []
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE []
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-03-07 45248]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 hshld;Hotspot Shield Service; C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2013-02-23 545576]
R2 HssSrv;Hotspot Shield Routing Service; C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe [2013-02-23 453928]
R2 HssWd;Hotspot Shield Monitoring Service; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2013-02-23 389928]
R2 IBUpdaterService;IBUpdaterService; C:\Windows\system32\dmwu.exe []
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-03-19 3289208]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-02 116648]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-10 1258856]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-13 253656]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-02 116648]
S3 HssTrayService;Hotspot Shield Tray Service; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [2013-02-22 78512]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Zdravim

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Prohledat
• Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

• Ukoncete vsechny programy
• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Pockejte na dokonceni PreScanu
• Zvolte moznost Prohledat (scan)
• Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte
• Detailni postup vc. obrazku mate zde http://forum.viry.cz/viewtopic.php?f=24&t=120452

# AdwCleaner v2.200 - Log vytvorený 11/04/2013 o 22:32:32
# Aktualizované 02/04/2013 Xplode
# Operaený systém : Windows 7 Professional Service Pack 1 (64 bits)
# Uživateľ : Andrej - ANDREJ-PC
# Spustený systém : Normálny
# Spustené z : C:\Users\Andrej\Desktop\adwcleaner.exe
# Voľba [Prehľada?]


***** [Služby] *****

Nájdené : IBUpdaterService

***** [Súbory / Adresáre] *****

Adresár Nájdené : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Adresár Nájdené : C:\Program Files (x86)\SweetIM
Adresár Nájdené : C:\Program Files (x86)\sweetpacks bundle uninstaller
Adresár Nájdené : C:\ProgramData\SweetIM
Adresár Nájdené : C:\Users\Andrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Adresár Nájdené : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Adresár Nájdené : C:\Windows\SysWOW64\WNLT
Súbor Nájdené : C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\g03iqxe0.default\searchplugins\SweetIM Search.xml

***** [Registre] *****

Hodnota Nájdené : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Kľúe Nájdené : HKCU\Software\APN PIP
Kľúe Nájdené : HKCU\Software\Conduit
Kľúe Nájdené : HKCU\Software\IM
Kľúe Nájdené : HKCU\Software\ImInstaller
Kľúe Nájdené : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Kľúe Nájdené : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Kľúe Nájdené : HKCU\Software\Softonic
Kľúe Nájdené : HKCU\Software\WNLT
Kľúe Nájdené : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Kľúe Nájdené : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Kľúe Nájdené : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Kľúe Nájdené : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Kľúe Nájdené : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Kľúe Nájdené : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Kľúe Nájdené : HKLM\SOFTWARE\Classes\sim-packages
Kľúe Nájdené : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Kľúe Nájdené : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Kľúe Nájdené : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Kľúe Nájdené : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Kľúe Nájdené : HKLM\Software\PIP
Kľúe Nájdené : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Kľúe Nájdené : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Kľúe Nájdené : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Kľúe Nájdené : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Kľúe Nájdené : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Kľúe Nájdené : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Kľúe Nájdené : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Kľúe Nájdené : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Kľúe Nájdené : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Kľúe Nájdené : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Kľúe Nájdené : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [Internetové prehliadaee] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registre sú eisté.

-\\ Mozilla Firefox v12.0 (sk)

Súbor : C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\g03iqxe0.default\prefs.js

[OK] Súbor je eistý.

-\\ Google Chrome v26.0.1410.64

Súbor : C:\Users\Andrej\AppData\Local\Google\Chrome\User Data\Default\Preferences

Nájdené [l.2672] : urls_to_restore_on_startup = [ "hxxp://home.sweetim.com/?barid={34A21A52-A2C8-11E2-B9FE-001BFCF57866}&crg=3.1010000&st=23" ]

-\\ Opera v12.14.1738.0

Súbor : C:\Users\Andrej\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Súbor je eistý.

*************************

AdwCleaner[R1].txt - [4257 octets] - [11/04/2013 22:32:32]

########## EOF - C:\AdwCleaner[R1].txt - [4317 octets] ##########

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operačný systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spustené v : Normálny režim
Užívateľ : Andrej [Práva Správcu]
Režim : Kontrola -- Dátum : 04/11/2013 22:36:53
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy : 4 ¤¤¤
[DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Andrej\AppData\Local\Temp\Bunndle\BunndleOfferManager.dll [x] -> ZASTAVENÉ [TermProc]
[SUSP PATH] tv_x64.exe -- C:\Users\Andrej\AppData\Local\Temp\TeamViewer\Version8\tv_x64.exe [7] -> ZASTAVENÉ [TermProc]
[SERVICE] IBUpdaterService -- C:\Windows\system32\dmwu.exe [x] -> ERROR [0x41c]
[RESIDUE] dmwu.exe -- C:\Windows\System32\dmwu.exe [x] -> ZASTAVENÉ [TermProc]

¤¤¤ Záznamy Registrov : 4 ¤¤¤
[Services][BLSVC] HKLM\[...]\ControlSet001\Services\IBUpdaterService (C:\Windows\system32\dmwu.exe) -> NÁJDENÉ
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NÁJDENÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NÁJDENÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NÁJDENÉ

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤

¤¤¤ Ovládač : [NENAHRATÉ] ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: Maxtor 6Y120P0 SCSI Disk Device +++++
--- User ---
[MBR] 1abc3b8de4eef75ffbd0aadf50ab7ec0
[BSP] 02088255018cff1b6cb26eb6d00139e7 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 117232 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončené : << RKreport[1]_S_04112013_02d2236.txt >>
RKreport[1]_S_04112013_02d2236.txt

Spustte znovu RogueKiller

• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte
• Pak kliknete na Oprava Host a Zprava - otevre se log, ten sem vlozte

Spustte znovu AdwCleaner

• Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
• Kliknete na Smazat
• PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operačný systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spustené v : Normálny režim
Užívateľ : Andrej [Práva Správcu]
Režim : Odebrať -- Dátum : 04/14/2013 16:04:45
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy : 6 ¤¤¤
[DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Andrej\AppData\Local\Temp\Bunndle\BunndleOfferManager.dll [x] -> ZASTAVENÉ [TermProc]
[SUSP PATH] tv_x64.exe -- C:\Users\Andrej\AppData\Local\Temp\TeamViewer\Version8\tv_x64.exe [7] -> ZASTAVENÉ [TermProc]
[SERVICE] IBUpdaterService -- C:\Windows\system32\dmwu.exe [x] -> ERROR [0x41c]
[RESIDUE] dmwu.exe -- C:\Windows\System32\dmwu.exe [x] -> ZASTAVENÉ [TermProc]
[RESIDUE] dmwu.exe -- C:\Windows\System32\dmwu.exe [x] -> ZASTAVENÉ [TermProc]
[RESIDUE] dmwu.exe -- C:\Windows\System32\dmwu.exe [x] -> ZASTAVENÉ [TermProc]

¤¤¤ Záznamy Registrov : 4 ¤¤¤
[Services][BLSVC] HKLM\[...]\ControlSet001\Services\IBUpdaterService (C:\Windows\system32\dmwu.exe) -> VYMAZANÉ
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NAHRADENÉ (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRADENÉ (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRADENÉ (0)

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤

¤¤¤ Ovládač : [NENAHRATÉ] ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: Maxtor 6Y120P0 SCSI Disk Device +++++
--- User ---
[MBR] 1abc3b8de4eef75ffbd0aadf50ab7ec0
[BSP] 02088255018cff1b6cb26eb6d00139e7 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 117232 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončené : << RKreport[3]_D_04142013_02d1604.txt >>
RKreport[1]_S_04112013_02d2236.txt ; RKreport[2]_S_04142013_02d1602.txt ; RKreport[3]_D_04142013_02d1604.txt

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operačný systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spustené v : Normálny režim
Užívateľ : Andrej [Práva Správcu]
Režim : Oprava HOSTS -- Dátum : 04/14/2013 16:08:41
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy : 6 ¤¤¤
[DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Andrej\AppData\Local\Temp\Bunndle\BunndleOfferManager.dll [x] -> ZASTAVENÉ [TermProc]
[SUSP PATH] tv_x64.exe -- C:\Users\Andrej\AppData\Local\Temp\TeamViewer\Version8\tv_x64.exe [7] -> ZASTAVENÉ [TermProc]
[SERVICE] IBUpdaterService -- C:\Windows\system32\dmwu.exe [x] -> ERROR [0x41c]
[RESIDUE] dmwu.exe -- C:\Windows\System32\dmwu.exe [x] -> ZASTAVENÉ [TermProc]
[RESIDUE] dmwu.exe -- C:\Windows\System32\dmwu.exe [x] -> ZASTAVENÉ [TermProc]
[RESIDUE] dmwu.exe -- C:\Windows\System32\dmwu.exe [x] -> ZASTAVENÉ [TermProc]

¤¤¤ Záznamy Registrov : 0 ¤¤¤

¤¤¤ Ovládač : [NENAHRATÉ] ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost

Dokončené : << RKreport[8]_H_04142013_02d1608.txt >>
RKreport[1]_S_04112013_02d2236.txt ; RKreport[2]_S_04142013_02d1602.txt ; RKreport[3]_D_04142013_02d1604.txt ; RKreport[4]_H_04142013_02d1607.txt ; RKreport[5]_H_04142013_02d1607.txt ;
RKreport[6]_H_04142013_02d1608.txt ; RKreport[7]_H_04142013_02d1608.txt ; RKreport[8]_H_04142013_02d1608.txt

# AdwCleaner v2.200 - Log vytvorený 14/04/2013 o 16:13:37
# Aktualizované 02/04/2013 Xplode
# Operaený systém : Windows 7 Professional Service Pack 1 (64 bits)
# Uživateľ : Andrej - ANDREJ-PC
# Spustený systém : Normálny
# Spustené z : C:\Users\Andrej\Desktop\adwcleaner.exe
# Voľba [Vymaza?]


***** [Služby] *****

Zastavené & vymazané : IBUpdaterService

***** [Súbory / Adresáre] *****

Adresár Vymazané : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Adresár Vymazané : C:\Program Files (x86)\sweetpacks bundle uninstaller
Adresár Vymazané : C:\ProgramData\SweetIM
Adresár Vymazané : C:\Users\Andrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Adresár Vymazané : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Adresár Vymazané : C:\Windows\SysWOW64\WNLT
Súbor Vymazané : C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\g03iqxe0.default\searchplugins\SweetIM Search.xml
Vymazané pri reštarte : C:\Program Files (x86)\SweetIM

***** [Registre] *****

Hodnota Vymazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Kľúe Vymazané : HKCU\Software\APN PIP
Kľúe Vymazané : HKCU\Software\Conduit
Kľúe Vymazané : HKCU\Software\IM
Kľúe Vymazané : HKCU\Software\ImInstaller
Kľúe Vymazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Kľúe Vymazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Kľúe Vymazané : HKCU\Software\Softonic
Kľúe Vymazané : HKCU\Software\WNLT
Kľúe Vymazané : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Kľúe Vymazané : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Kľúe Vymazané : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Kľúe Vymazané : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Kľúe Vymazané : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Kľúe Vymazané : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Kľúe Vymazané : HKLM\SOFTWARE\Classes\sim-packages
Kľúe Vymazané : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Kľúe Vymazané : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Kľúe Vymazané : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Kľúe Vymazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Kľúe Vymazané : HKLM\Software\PIP
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Kľúe Vymazané : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Kľúe Vymazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [Internetové prehliadaee] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registre sú eisté.

-\\ Mozilla Firefox v12.0 (sk)

Súbor : C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\g03iqxe0.default\prefs.js

[OK] Súbor je eistý.

-\\ Google Chrome v26.0.1410.64

Súbor : C:\Users\Andrej\AppData\Local\Google\Chrome\User Data\Default\Preferences

Vymazané [l.2674] : urls_to_restore_on_startup = [ "hxxp://home.sweetim.com/?barid={34A21A52-A2C8-11E2-B9FE-001BF[...]

-\\ Opera v12.14.1738.0

Súbor : C:\Users\Andrej\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Súbor je eistý.

*************************

AdwCleaner[R1].txt - [4382 octets] - [11/04/2013 22:32:32]
AdwCleaner[R2].txt - [4442 octets] - [14/04/2013 16:11:36]
AdwCleaner[S1].txt - [4408 octets] - [14/04/2013 16:13:37]

########## EOF - C:\AdwCleaner[S1].txt - [4468 octets] ##########

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

ComboFix 13-04-15.01 - Andrej . 04. 2013 23:19:31.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.2047.960 [GMT 2:00]
Running from: c:\users\Andrej\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\SET5506.tmp
c:\windows\SysWow64\SET92F6.tmp
c:\windows\TEMP\INS_49e4efd1.TMP
c:\windows\TEMP\nvSCPAPI.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-03-16 to 2013-04-16 )))))))))))))))))))))))))))))))
.
.
2013-04-16 21:28 . 2013-04-16 21:28 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-04-16 21:28 . 2013-04-16 21:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-15 01:04 . 2013-04-15 01:05 -------- d-----w- c:\windows\LastGood
2013-04-14 14:14 . 2013-04-14 14:15 98 ----a-w- c:\windows\DeleteOnReboot.bat
2013-04-12 06:31 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0A7100A-D9F5-45C8-8E4E-871CAEDE9D87}\mpengine.dll
2013-04-11 20:27 . 2013-04-11 20:27 -------- d-----w- c:\users\fbwuser
2013-04-11 19:46 . 2013-04-11 19:47 -------- d-----w- c:\program files (x86)\trend micro
2013-04-11 19:46 . 2013-04-11 19:47 -------- d-----w- C:\rsit
2013-04-11 18:26 . 2013-04-11 18:26 -------- d-----w- c:\users\Andrej\AppData\Roaming\TeamViewer
2013-04-11 17:19 . 2013-04-11 17:50 -------- d-----w- c:\programdata\Hotspot Shield
2013-04-11 17:19 . 2013-04-11 20:27 -------- d-----w- c:\program files (x86)\Hotspot Shield
2013-04-11 17:19 . 2013-04-11 17:19 -------- d-----w- c:\users\Andrej\AppData\Roaming\Hotspot Shield
2013-04-11 17:16 . 2013-04-16 20:55 -------- d-----w- c:\users\Andrej\AppData\Roaming\uTorrent
2013-04-11 16:58 . 2013-04-11 16:58 -------- d-----w- c:\program files (x86)\SweetIM
2013-04-11 16:57 . 2013-04-11 16:58 -------- d-----w- c:\windows\SysWow64\jmdp
2013-04-11 16:57 . 2013-04-11 16:57 -------- d-----w- c:\windows\SysWow64\ARFC
2013-04-11 16:57 . 2013-02-27 11:24 1273648 ----a-w- c:\windows\system32\dmwu.exe
2013-04-11 16:57 . 2013-02-27 11:23 35328 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-04-11 16:57 . 2011-06-10 23:15 829264 ----a-w- c:\windows\system32\msvcr100.dll
2013-04-11 16:57 . 2011-06-10 23:15 608080 ----a-w- c:\windows\system32\msvcp100.dll
2013-04-11 01:03 . 2013-02-22 06:29 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-04-09 13:34 . 2013-04-09 13:34 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-04-08 20:05 . 2013-04-10 15:30 -------- d-----w- c:\users\Andrej\AppData\Roaming\vlc
2013-04-08 20:04 . 2013-04-08 20:04 -------- d-----w- c:\program files (x86)\VideoLAN
2013-04-03 00:54 . 2013-04-03 00:54 46280 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2013-03-26 06:52 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-11 01:07 . 2012-07-07 07:16 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-13 00:45 . 2012-07-07 06:53 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 00:45 . 2012-07-07 06:53 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-11 23:10 . 2012-07-07 06:39 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-06 23:33 . 2013-03-15 02:33 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-06 23:33 . 2013-03-15 02:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-06 23:33 . 2012-07-08 05:47 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2012-07-08 05:47 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2012-07-08 05:46 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2012-07-07 06:52 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-06 23:33 . 2013-03-15 02:33 22600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-03-06 23:33 . 2012-07-08 05:47 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:33 . 2012-07-08 05:46 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:32 . 2012-07-08 05:46 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2012-07-07 06:52 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-02-25 22:32 . 2013-02-25 22:32 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-25 22:32 . 2012-10-10 20:22 2505144 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-02-25 22:32 . 2012-10-10 20:22 15129960 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-02-25 22:32 . 2013-02-25 22:32 6262608 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-02-25 22:32 . 2012-10-10 20:23 2826040 ----a-w- c:\windows\system32\nvapi64.dll
2013-02-25 22:32 . 2013-02-25 22:32 18055184 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-02-25 22:32 . 2012-02-09 20:43 1814304 ----a-w- c:\windows\system32\nvdispco64.dll
2013-02-25 22:32 . 2013-02-25 22:32 2720544 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32 26929440 ----a-w- c:\windows\system32\nvoglv64.dll
2013-02-25 22:32 . 2013-02-25 22:32 7932256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32 2346784 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32 11036448 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 22:32 . 2012-10-10 20:23 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll
2013-02-25 22:32 . 2013-02-25 22:32 2904352 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32 20449056 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-02-25 22:32 . 2012-10-10 20:23 15053264 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-02-25 22:32 . 2013-02-25 22:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32 7564040 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32 1985824 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32 12641992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-02-25 22:32 . 2013-02-25 22:32 9390760 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-22 01:53 . 2013-02-22 01:53 42184 ----a-w- c:\windows\system32\drivers\taphss6.sys
2013-02-12 05:45 . 2013-03-14 05:44 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-14 05:44 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-14 05:44 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 05:45 . 2013-03-14 05:44 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 04:48 . 2013-03-14 05:44 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 05:44 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-18 15:00 . 2012-07-08 10:17 3460896 ----a-w- c:\windows\system32\nvsvc64.dll
2013-01-18 15:00 . 2012-07-08 10:17 6390048 ----a-w- c:\windows\system32\nvcpl.dll
2013-01-18 15:00 . 2012-11-18 14:04 2558240 ----a-w- c:\windows\system32\nvsvcr.dll
2013-01-18 15:00 . 2012-07-08 10:17 884512 ----a-w- c:\windows\system32\nvvsvc.exe
2013-01-18 15:00 . 2012-07-08 10:17 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-01-18 15:00 . 2012-07-08 10:17 118560 ----a-w- c:\windows\system32\nvmctray.dll
2013-01-18 06:15 . 2013-01-18 06:15 550176 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
"uTorrent"="c:\users\Andrej\AppData\Roaming\uTorrent\uTorrent.exe" [2013-04-11 1052496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2012-07-08 36864]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2012-07-08 1310720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"StereoLinksInstall"="c:\program files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe" [2013-01-18 1041696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-03-19 3289208]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 aswVmm;aswVmm; [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-09-22 14448]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-08 1255736]
S0 aswRvrt;aswRvrt; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-08 283200]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2013-04-03 46280]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2013-04-05 566568]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2013-04-05 390952]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-02-22 42184]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-07 00:45]
.
2013-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-01 22:18]
.
2013-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-01 22:18]
.
2013-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57048970-2663454264-3034485676-1000Core.job
- c:\users\Andrej\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-17 08:02]
.
2013-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57048970-2663454264-3034485676-1000UA.job
- c:\users\Andrej\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-17 08:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.sk/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\g03iqxe0.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-SweetIM Bundle by SweetPacks - c:\program files (x86)\sweetpacks bundle uninstaller\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-16 23:33:08
ComboFix-quarantined-files.txt 2013-04-16 21:33
.
Pre-Run: 62 961 164 288 bytes free
Post-Run: 63 796 744 192 bytes free
.
- - End Of File - - 84F0DBDA7D9D5ADC486478BB06F44FA0

Opat mi naskocila namisto google chrom nejaka blbost tak som pouzil RogueKiller - prehladat a potom zmazat

A tiez Adwcleaner tu je log # AdwCleaner v2.200 - Log vytvorený 17/04/2013 o 00:05:07
# Aktualizované 02/04/2013 Xplode
# Operaený systém : Windows 7 Professional Service Pack 1 (64 bits)
# Uživateľ : Andrej - ANDREJ-PC
# Spustený systém : Normálny
# Spustené z : C:\Users\Andrej\Desktop\adwcleaner.exe
# Voľba [Vymaza?]


***** [Služby] *****


***** [Súbory / Adresáre] *****

Adresár Vymazané : C:\Program Files (x86)\SweetIM

***** [Registre] *****


***** [Internetové prehliadaee] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registre sú eisté.

-\\ Mozilla Firefox v12.0 (sk)

Súbor : C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\g03iqxe0.default\prefs.js

[OK] Súbor je eistý.

-\\ Google Chrome v26.0.1410.64

Súbor : C:\Users\Andrej\AppData\Local\Google\Chrome\User Data\Default\Preferences

Vymazané [l.2563] : urls_to_restore_on_startup = [ "hxxp://home.sweetim.com/?barid={34A21A52-A2C8-11E2-B9FE-001BF[...]

-\\ Opera v12.14.1738.0

Súbor : C:\Users\Andrej\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Súbor je eistý.

*************************

AdwCleaner[R1].txt - [4382 octets] - [11/04/2013 22:32:32]
AdwCleaner[R2].txt - [4442 octets] - [14/04/2013 16:11:36]
AdwCleaner[R3].txt - [1311 octets] - [14/04/2013 17:01:53]
AdwCleaner[R4].txt - [1494 octets] - [17/04/2013 00:01:38]
AdwCleaner[S1].txt - [4533 octets] - [14/04/2013 16:13:37]
AdwCleaner[S2].txt - [328 octets] - [17/04/2013 00:02:02]
AdwCleaner[S3].txt - [328 octets] - [17/04/2013 00:02:20]
AdwCleaner[S4].txt - [328 octets] - [17/04/2013 00:04:39]
AdwCleaner[S5].txt - [1576 octets] - [17/04/2013 00:05:07]

########## EOF - C:\AdwCleaner[S5].txt - [1636 octets] ##########

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Folder::
  c:\program files (x86)\Hotspot Shield
  c:\users\Andrej\AppData\Roaming\Hotspot Shield
  c:\program files (x86)\SweetIM
  c:\programdata\Hotspot Shield
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "DAEMON Tools Lite"=-
  "Skype"=-
  "uTorrent"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  "Adobe ARM"=-
  "SunJavaUpdateSched"=-
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  RegNull::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
  
  File::
  C:\Windows\tasks\Adobe Flash Player Updater.job
  C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
  C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-57048970-2663454264-3034485676-1000Core.job
  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-57048970-2663454264-3034485676-1000UA.job
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Pri pokuse vlozit skript do Combofixu mi vzdy vyhodi hlasku , ze nazov scriptu nie je spravne vyhlaskovany. Som si isty ze som nazov vlozil spravne, napada vas o aky problem moze ist? Dakujem

uz som to skopiroval spravne.

ComboFix 13-04-17.01 - Andrej . 04. 2013 15:38:34.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.2047.1110 [GMT 2:00]
Running from: c:\users\Andrej\Desktop\ComboFix.exe
Command switches used :: c:\users\Andrej\Desktop\CFScript.txt
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\tasks\Adobe Flash Player Updater.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-57048970-2663454264-3034485676-1000Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-57048970-2663454264-3034485676-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Hotspot Shield
c:\program files (x86)\Hotspot Shield\bin\af_proxy.dll
c:\program files (x86)\Hotspot Shield\bin\af_proxy_cmd.exe
c:\program files (x86)\Hotspot Shield\bin\cfghlp.dll
c:\program files (x86)\Hotspot Shield\bin\cpau.dll
c:\program files (x86)\Hotspot Shield\bin\FBW.exe
c:\program files (x86)\Hotspot Shield\bin\FBWMgr.exe
c:\program files (x86)\Hotspot Shield\bin\ffinst.exe
c:\program files (x86)\Hotspot Shield\bin\hssfixme.exe
c:\program files (x86)\Hotspot Shield\bin\hssinst.dll
c:\program files (x86)\Hotspot Shield\bin\HssInstaller.exe
c:\program files (x86)\Hotspot Shield\bin\HssInstaller64.exe
c:\program files (x86)\Hotspot Shield\bin\HSSTrayService.exe
c:\program files (x86)\Hotspot Shield\bin\hsswd.exe
c:\program files (x86)\Hotspot Shield\bin\lang\gui-ara.dll
c:\program files (x86)\Hotspot Shield\bin\lang\gui-bur.dll
c:\program files (x86)\Hotspot Shield\bin\lang\gui-eng.dll
c:\program files (x86)\Hotspot Shield\bin\lang\gui-fre.dll
c:\program files (x86)\Hotspot Shield\bin\lang\gui-ger.dll
c:\program files (x86)\Hotspot Shield\bin\lang\gui-chi.dll
c:\program files (x86)\Hotspot Shield\bin\lang\gui-jpn.dll
c:\program files (x86)\Hotspot Shield\bin\lang\gui-per.dll
c:\program files (x86)\Hotspot Shield\bin\lang\gui-rus.dll
c:\program files (x86)\Hotspot Shield\bin\lang\gui-spa.dll
c:\program files (x86)\Hotspot Shield\bin\lang\gui-tur.dll
c:\program files (x86)\Hotspot Shield\bin\lang\gui-vie.dll
c:\program files (x86)\Hotspot Shield\bin\libeay32.dll
c:\program files (x86)\Hotspot Shield\bin\libpkcs11-helper-1.dll
c:\program files (x86)\Hotspot Shield\bin\libssl32.dll
c:\program files (x86)\Hotspot Shield\bin\NetworkRep.dll
c:\program files (x86)\Hotspot Shield\bin\openvpn.exe
c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe
c:\program files (x86)\Hotspot Shield\bin\openvpntray.exe
c:\program files (x86)\Hotspot Shield\bin\tapinstall.exe
c:\program files (x86)\Hotspot Shield\bin\vistahlp.dll
c:\program files (x86)\Hotspot Shield\bin\wddll.dll
c:\program files (x86)\Hotspot Shield\bin\zlib1.dll
c:\program files (x86)\Hotspot Shield\config\config.hvpn
c:\program files (x86)\Hotspot Shield\config\hss_data\00f0e347ddc91c7073b200812ac55e22
c:\program files (x86)\Hotspot Shield\config\hss_data\08992b06b3293e13e4d5f53f6e067d2c
c:\program files (x86)\Hotspot Shield\config\hss_data\1d69ef28104409d2c1aa05fd5263544b
c:\program files (x86)\Hotspot Shield\config\hss_data\2fec6e628a4ee57f125b1c87a354c42a
c:\program files (x86)\Hotspot Shield\config\hss_data\32ff50b259fdb532aba3bfd4fc9c19f0
c:\program files (x86)\Hotspot Shield\config\hss_data\5406084c3c923ce2680bd4748190cf40
c:\program files (x86)\Hotspot Shield\config\hss_data\59b38185f045fa2903cc032fcc2a2846
c:\program files (x86)\Hotspot Shield\config\hss_data\5d96080e62e2f6aa3f301cb94d5f30d0
c:\program files (x86)\Hotspot Shield\config\hss_data\64735a456ebed180d8c50ca48e9c0398
c:\program files (x86)\Hotspot Shield\config\hss_data\8656bc2e83f419aef98316770b6540cd
c:\program files (x86)\Hotspot Shield\config\hss_data\86946fd54bc6bdfc0022fa6e9c4ebfe3
c:\program files (x86)\Hotspot Shield\config\hss_data\8a25bbd5affbb3ae75f6fb82c390dcee
c:\program files (x86)\Hotspot Shield\config\hss_data\8a960e9fe506c22c9d02c52b5fee5c0a
c:\program files (x86)\Hotspot Shield\config\hss_data\a56d666e246c6ebf4364757c1748e59f
c:\program files (x86)\Hotspot Shield\config\hss_data\b0b81b0d25d24bfc152d89daf297918a
c:\program files (x86)\Hotspot Shield\config\hss_data\bb3dbc851f22daeee9284269aa835db5
c:\program files (x86)\Hotspot Shield\config\hss_data\bbcc7b91a52816a7b60d5c21a379f57e
c:\program files (x86)\Hotspot Shield\config\hss_data\c238afdc1b457c4e55fb8be6ec521074
c:\program files (x86)\Hotspot Shield\config\hss_data\d19ddb95ec9640b0e0b21a6ef33be077
c:\program files (x86)\Hotspot Shield\config\hss_data\d4218dfa2777e1d8452dcb7c82c5e24f
c:\program files (x86)\Hotspot Shield\config\hss_data\f1075ba7d8a7dbdb33eb05a925bb0dea
c:\program files (x86)\Hotspot Shield\config\hss_data\sess_unified
c:\program files (x86)\Hotspot Shield\config\hss_data\stats
c:\program files (x86)\Hotspot Shield\config\hss_data\wrurl
c:\program files (x86)\Hotspot Shield\config\hsscon.cfg
c:\program files (x86)\Hotspot Shield\config\hssst.cfg
c:\program files (x86)\Hotspot Shield\config\hssst.cfg.bak
c:\program files (x86)\Hotspot Shield\config\icooff.cfg
c:\program files (x86)\Hotspot Shield\config\proxy.hvpn
c:\program files (x86)\Hotspot Shield\config\sd-info-direct.cfg
c:\program files (x86)\Hotspot Shield\config\sd-info-main.cfg
c:\program files (x86)\Hotspot Shield\config\sd-info-saved.cfg
c:\program files (x86)\Hotspot Shield\config\sdcon.cfg
c:\program files (x86)\Hotspot Shield\config\upd_dat.cfg
c:\program files (x86)\Hotspot Shield\config\update.cfg
c:\program files (x86)\Hotspot Shield\config\update_info.cfg
c:\program files (x86)\Hotspot Shield\driver\taphss6.cat
c:\program files (x86)\Hotspot Shield\driver\taphss6.inf
c:\program files (x86)\Hotspot Shield\driver\taphss6.sys
c:\program files (x86)\Hotspot Shield\hss.ico
c:\program files (x86)\Hotspot Shield\HssFF\config_ff.txt
c:\program files (x86)\Hotspot Shield\HssFF\config_ff_srch.txt
c:\program files (x86)\Hotspot Shield\HssIE\config.txt
c:\program files (x86)\Hotspot Shield\HssIE\config_srch.txt
c:\program files (x86)\Hotspot Shield\HssIE\HssIE.dll
c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
c:\program files (x86)\Hotspot Shield\hsswd\default\default.cfg
c:\program files (x86)\Hotspot Shield\HssWPR\hssdrv6.cat
c:\program files (x86)\Hotspot Shield\HssWPR\hssdrv6.sys
c:\program files (x86)\Hotspot Shield\HssWPR\hssinst.dll
c:\program files (x86)\Hotspot Shield\HssWPR\HssInstaller64.exe
c:\program files (x86)\Hotspot Shield\HssWPR\HssSrv.exe
c:\program files (x86)\Hotspot Shield\HssWPR\nethss6.inf
c:\program files (x86)\Hotspot Shield\HssWPR\wpr.conf
c:\program files (x86)\Hotspot Shield\htdocs\bg_btn_sing.png
c:\program files (x86)\Hotspot Shield\htdocs\blank.html
c:\program files (x86)\Hotspot Shield\htdocs\btn_blue_bg.png
c:\program files (x86)\Hotspot Shield\htdocs\btn_buy.png
c:\program files (x86)\Hotspot Shield\htdocs\btn_close.png
c:\program files (x86)\Hotspot Shield\htdocs\btn_close_20.png
c:\program files (x86)\Hotspot Shield\htdocs\btn_green_bg.png
c:\program files (x86)\Hotspot Shield\htdocs\btn_green_big_bg.png
c:\program files (x86)\Hotspot Shield\htdocs\btn_help.png
c:\program files (x86)\Hotspot Shield\htdocs\btn_info.png
c:\program files (x86)\Hotspot Shield\htdocs\btn_red_bg.png
c:\program files (x86)\Hotspot Shield\htdocs\btn_select.png
c:\program files (x86)\Hotspot Shield\htdocs\btn_settings.png
c:\program files (x86)\Hotspot Shield\htdocs\btn_share.png
c:\program files (x86)\Hotspot Shield\htdocs\common.css
c:\program files (x86)\Hotspot Shield\htdocs\common.js
c:\program files (x86)\Hotspot Shield\htdocs\connected.png
c:\program files (x86)\Hotspot Shield\htdocs\connected12.bmp
c:\program files (x86)\Hotspot Shield\htdocs\connected12.png
c:\program files (x86)\Hotspot Shield\htdocs\connected16.bmp
c:\program files (x86)\Hotspot Shield\htdocs\connected16.png
c:\program files (x86)\Hotspot Shield\htdocs\connected20.bmp
c:\program files (x86)\Hotspot Shield\htdocs\connected20.png
c:\program files (x86)\Hotspot Shield\htdocs\connected24.bmp
c:\program files (x86)\Hotspot Shield\htdocs\connected24.png
c:\program files (x86)\Hotspot Shield\htdocs\connecting.png
c:\program files (x86)\Hotspot Shield\htdocs\connecting12.bmp
c:\program files (x86)\Hotspot Shield\htdocs\connecting12.png
c:\program files (x86)\Hotspot Shield\htdocs\connecting16.bmp
c:\program files (x86)\Hotspot Shield\htdocs\connecting16.png
c:\program files (x86)\Hotspot Shield\htdocs\connecting20.bmp
c:\program files (x86)\Hotspot Shield\htdocs\connecting20.png
c:\program files (x86)\Hotspot Shield\htdocs\connecting24.bmp
c:\program files (x86)\Hotspot Shield\htdocs\connecting24.png
c:\program files (x86)\Hotspot Shield\htdocs\disconnected12.bmp
c:\program files (x86)\Hotspot Shield\htdocs\disconnected12.png
c:\program files (x86)\Hotspot Shield\htdocs\disconnected16.bmp
c:\program files (x86)\Hotspot Shield\htdocs\disconnected16.png
c:\program files (x86)\Hotspot Shield\htdocs\disconnected20.bmp
c:\program files (x86)\Hotspot Shield\htdocs\disconnected20.png
c:\program files (x86)\Hotspot Shield\htdocs\disconnected24.bmp
c:\program files (x86)\Hotspot Shield\htdocs\disconnected24.png
c:\program files (x86)\Hotspot Shield\htdocs\elite_box.png
c:\program files (x86)\Hotspot Shield\htdocs\elite_ex.gif
c:\program files (x86)\Hotspot Shield\htdocs\elite_text.png
c:\program files (x86)\Hotspot Shield\htdocs\error.html
c:\program files (x86)\Hotspot Shield\htdocs\faq.html
c:\program files (x86)\Hotspot Shield\htdocs\first_prompt.html
c:\program files (x86)\Hotspot Shield\htdocs\green_btn_point.png
c:\program files (x86)\Hotspot Shield\htdocs\green_btn_point_big.png
c:\program files (x86)\Hotspot Shield\htdocs\green_shield_tool.png
c:\program files (x86)\Hotspot Shield\htdocs\green_tape_new.png
c:\program files (x86)\Hotspot Shield\htdocs\greenico.png
c:\program files (x86)\Hotspot Shield\htdocs\hover.html
c:\program files (x86)\Hotspot Shield\htdocs\chbox_off.png
c:\program files (x86)\Hotspot Shield\htdocs\chbox_on.png
c:\program files (x86)\Hotspot Shield\htdocs\ico_attention.png
c:\program files (x86)\Hotspot Shield\htdocs\ico_clock.png
c:\program files (x86)\Hotspot Shield\htdocs\ico_ok.png
c:\program files (x86)\Hotspot Shield\htdocs\lang.js
c:\program files (x86)\Hotspot Shield\htdocs\logo.png
c:\program files (x86)\Hotspot Shield\htdocs\logo_.png
c:\program files (x86)\Hotspot Shield\htdocs\logo_elite.png
c:\program files (x86)\Hotspot Shield\htdocs\logo2.png
c:\program files (x86)\Hotspot Shield\htdocs\mail.html
c:\program files (x86)\Hotspot Shield\htdocs\main_bg.png
c:\program files (x86)\Hotspot Shield\htdocs\menu.html
c:\program files (x86)\Hotspot Shield\htdocs\message.html
c:\program files (x86)\Hotspot Shield\htdocs\oac.html
c:\program files (x86)\Hotspot Shield\htdocs\preuninstall.html
c:\program files (x86)\Hotspot Shield\htdocs\progress.gif
c:\program files (x86)\Hotspot Shield\htdocs\prompt.html
c:\program files (x86)\Hotspot Shield\htdocs\radio_off.png
c:\program files (x86)\Hotspot Shield\htdocs\radio_on.png
c:\program files (x86)\Hotspot Shield\htdocs\red_btn_point.png
c:\program files (x86)\Hotspot Shield\htdocs\red_shield_tool.png
c:\program files (x86)\Hotspot Shield\htdocs\red_tape_new.png
c:\program files (x86)\Hotspot Shield\htdocs\redico.png
c:\program files (x86)\Hotspot Shield\htdocs\s_checkbox.png
c:\program files (x86)\Hotspot Shield\htdocs\settings_tape.png
c:\program files (x86)\Hotspot Shield\htdocs\t.gif
c:\program files (x86)\Hotspot Shield\htdocs\t.png
c:\program files (x86)\Hotspot Shield\htdocs\t_in.gif
c:\program files (x86)\Hotspot Shield\htdocs\t_out.gif
c:\program files (x86)\Hotspot Shield\htdocs\tooltip.html
c:\program files (x86)\Hotspot Shield\htdocs\tooltip_bg.png
c:\program files (x86)\Hotspot Shield\htdocs\up_hss_logo.png
c:\program files (x86)\Hotspot Shield\htdocs\update.gif
c:\program files (x86)\Hotspot Shield\htdocs\updatestatus.html
c:\program files (x86)\Hotspot Shield\htdocs\yellow_shield_tool.png
c:\program files (x86)\Hotspot Shield\htdocs\yellow_tape_new.png
c:\program files (x86)\Hotspot Shield\htdocs\yelred_tape_new.png
c:\program files (x86)\Hotspot Shield\license.txt
c:\program files (x86)\Hotspot Shield\log\config.log
c:\program files (x86)\Hotspot Shield\log\oas.log
c:\program files (x86)\Hotspot Shield\Uninstall.exe
c:\program files (x86)\Hotspot Shield\update\hss-update.upd
c:\programdata\Hotspot Shield
c:\programdata\Hotspot Shield\config\defprxy.cfg
c:\programdata\Hotspot Shield\config\fbw-info-direct.cfg
c:\programdata\Hotspot Shield\config\firstrun_update.rpt
c:\programdata\Hotspot Shield\config\hsspx\hsspx.cfg
c:\programdata\Hotspot Shield\config\hsspx\proxy.pac
c:\programdata\Hotspot Shield\config\hssstate.cfg
c:\programdata\Hotspot Shield\config\hsswd\config\saved_ai.cfg
c:\programdata\Hotspot Shield\config\hsswd\hsswd.cfg
c:\programdata\Hotspot Shield\config\startup.cfg
c:\programdata\Hotspot Shield\config\wlnet.cfg
c:\programdata\Hotspot Shield\config\wlnet_st.cfg
c:\programdata\Hotspot Shield\na\na_stats1365702641.log
c:\programdata\Hotspot Shield\na\na_stats1365711880.log
c:\programdata\Hotspot Shield\na\na_stats1365786406.log
c:\programdata\Hotspot Shield\na\na_stats1365786439.log
c:\programdata\Hotspot Shield\na\na_stats1365791257.log
c:\programdata\Hotspot Shield\na\na_stats1365947528.log
c:\users\Andrej\AppData\Roaming\Hotspot Shield
c:\users\Andrej\AppData\Roaming\Hotspot Shield\report\af_proxy.dll
c:\users\Andrej\AppData\Roaming\Hotspot Shield\report\af_proxy_cmd.exe
c:\users\Andrej\AppData\Roaming\Hotspot Shield\report\zlib1.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_hshld
-------\Service_HssSrv
-------\Service_HssTrayService
-------\Service_HssWd
-------\Service_hshld
-------\Service_HssSrv
-------\Service_HssTrayService
-------\Service_HssWd
.
.
((((((((((((((((((((((((( Files Created from 2013-03-17 to 2013-04-17 )))))))))))))))))))))))))))))))
.
.
2013-04-17 13:47 . 2013-04-17 13:47 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-04-17 13:47 . 2013-04-17 13:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-17 13:47 . 2013-04-17 13:47 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-04-17 00:48 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{64E4FDB4-71FE-419B-A4D7-7F3D79F901F5}\mpengine.dll
2013-04-14 14:14 . 2013-04-14 14:15 98 ----a-w- c:\windows\DeleteOnReboot.bat
2013-04-11 20:27 . 2013-04-11 20:27 -------- d-----w- c:\users\fbwuser
2013-04-11 19:46 . 2013-04-11 19:47 -------- d-----w- c:\program files (x86)\trend micro
2013-04-11 19:46 . 2013-04-11 19:47 -------- d-----w- C:\rsit
2013-04-11 18:26 . 2013-04-11 18:26 -------- d-----w- c:\users\Andrej\AppData\Roaming\TeamViewer
2013-04-11 17:16 . 2013-04-17 11:21 -------- d-----w- c:\users\Andrej\AppData\Roaming\uTorrent
2013-04-11 16:57 . 2013-04-11 16:58 -------- d-----w- c:\windows\SysWow64\jmdp
2013-04-11 16:57 . 2013-04-11 16:57 -------- d-----w- c:\windows\SysWow64\ARFC
2013-04-11 16:57 . 2013-02-27 11:24 1273648 ----a-w- c:\windows\system32\dmwu.exe
2013-04-11 16:57 . 2013-02-27 11:23 35328 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-04-11 16:57 . 2011-06-10 23:15 829264 ----a-w- c:\windows\system32\msvcr100.dll
2013-04-11 16:57 . 2011-06-10 23:15 608080 ----a-w- c:\windows\system32\msvcp100.dll
2013-04-11 01:03 . 2013-02-22 06:29 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-04-09 13:34 . 2013-04-09 13:34 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-04-08 20:05 . 2013-04-10 15:30 -------- d-----w- c:\users\Andrej\AppData\Roaming\vlc
2013-04-08 20:04 . 2013-04-08 20:04 -------- d-----w- c:\program files (x86)\VideoLAN
2013-04-03 00:54 . 2013-04-03 00:54 46280 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2013-03-26 06:52 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-11 01:07 . 2012-07-07 07:16 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-13 00:45 . 2012-07-07 06:53 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 00:45 . 2012-07-07 06:53 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-11 23:10 . 2012-07-07 06:39 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-06 23:33 . 2013-03-15 02:33 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-06 23:33 . 2013-03-15 02:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-06 23:33 . 2012-07-08 05:47 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2012-07-08 05:47 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2012-07-08 05:46 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2012-07-07 06:52 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-06 23:33 . 2013-03-15 02:33 22600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-03-06 23:33 . 2012-07-08 05:47 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:33 . 2012-07-08 05:46 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:32 . 2012-07-08 05:46 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2012-07-07 06:52 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-02-25 22:32 . 2013-02-25 22:32 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-25 22:32 . 2012-10-10 20:22 2505144 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-02-25 22:32 . 2012-10-10 20:22 15129960 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-02-25 22:32 . 2013-02-25 22:32 6262608 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-02-25 22:32 . 2012-10-10 20:23 2826040 ----a-w- c:\windows\system32\nvapi64.dll
2013-02-25 22:32 . 2013-02-25 22:32 18055184 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-02-25 22:32 . 2012-02-09 20:43 1814304 ----a-w- c:\windows\system32\nvdispco64.dll
2013-02-25 22:32 . 2013-02-25 22:32 2720544 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32 26929440 ----a-w- c:\windows\system32\nvoglv64.dll
2013-02-25 22:32 . 2013-02-25 22:32 7932256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32 2346784 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32 11036448 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 22:32 . 2012-10-10 20:23 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll
2013-02-25 22:32 . 2013-02-25 22:32 2904352 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32 20449056 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-02-25 22:32 . 2012-10-10 20:23 15053264 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-02-25 22:32 . 2013-02-25 22:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32 7564040 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32 1985824 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32 12641992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-02-25 22:32 . 2013-02-25 22:32 9390760 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-22 01:53 . 2013-02-22 01:53 42184 ----a-w- c:\windows\system32\drivers\taphss6.sys
2013-02-12 05:45 . 2013-03-14 05:44 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-14 05:44 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-14 05:44 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 05:45 . 2013-03-14 05:44 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 04:48 . 2013-03-14 05:44 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 05:44 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-18 15:00 . 2012-07-08 10:17 3460896 ----a-w- c:\windows\system32\nvsvc64.dll
2013-01-18 15:00 . 2012-07-08 10:17 6390048 ----a-w- c:\windows\system32\nvcpl.dll
2013-01-18 15:00 . 2012-11-18 14:04 2558240 ----a-w- c:\windows\system32\nvsvcr.dll
2013-01-18 15:00 . 2012-07-08 10:17 884512 ----a-w- c:\windows\system32\nvvsvc.exe
2013-01-18 15:00 . 2012-07-08 10:17 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-01-18 15:00 . 2012-07-08 10:17 118560 ----a-w- c:\windows\system32\nvmctray.dll
2013-01-18 06:15 . 2013-01-18 06:15 550176 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2012-07-08 36864]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2012-07-08 1310720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 aswVmm;aswVmm; [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-09-22 14448]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-08 1255736]
S0 aswRvrt;aswRvrt; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-08 283200]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2013-04-03 46280]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-03-19 3289208]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-02-22 42184]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-07 00:45]
.
2013-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-01 22:18]
.
2013-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-01 22:18]
.
2013-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57048970-2663454264-3034485676-1000Core.job
- c:\users\Andrej\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-17 08:02]
.
2013-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57048970-2663454264-3034485676-1000UA.job
- c:\users\Andrej\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-17 08:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.sk/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\g03iqxe0.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-HotspotShield - c:\program files (x86)\Hotspot Shield\Uninstall.exe
AddRemove-SweetIM Bundle by SweetPacks - c:\program files (x86)\sweetpacks bundle uninstaller\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2013-04-17 15:55:06 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-17 13:55
ComboFix2.txt 2013-04-16 21:33
.
Pre-Run: 64 399 097 856 bytes free
Post-Run: 63 912 632 320 bytes free
.
- - End Of File - - 09A3894C4E11CB39BB635960939C8306