VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Policie ČR na slovenký sposob

https://forum.viry.cz:443/viewtopic.php?t=130822

Stránka 1 z 1

Policie ČR na slovenký sposob

Napsal: 09 čer 2013 14:06
od blade6591
Ahojte, bol by som vdacny za fixlist, virus bude asi zhodny s tym českým.

Tu je log s FRST :

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-06-2013
Ran by Notebook (administrator) on 09-06-2013 14:58:42
Running from G:\
Windows 7 Home Premium Service Pack 1 (X86) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] [x]
HKLM\...\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [288312 2009-07-27] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4282728 2012-08-21] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE [1683456 2013-01-16] (Bandoo Media Inc)
HKLM\...\Run: [ApnTBMon] "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [1495712 2013-06-07] (APN)
HKLM\...\Run: [InboxToolbar] "C:\Program Files\Inbox Toolbar\Inbox.exe" /STARTUP [1713288 2013-03-18] (Inbox.com, Inc.)
HKLM\...\Run: [SiteRanker] "C:\Program Files\SiteRanker\SiteRankTray.exe" [320000 2013-03-20] (Crawler, LLC)
HKCU\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
HKCU\...\Run: [Sony PC Companion] "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background [448736 2013-03-18] (Sony)
HKCU\...\Run: [RebateInformer] C:\PROGRA~1\REBATE~1\REBATE~1.EXE /STARTUP [1430664 2013-03-21] (Inbox.com, Inc.)
HKCU\...\Run: [AGupdate] C:\Program Files\AppGraffiti\AGupdate.exe [894048 2013-03-19] (Omega Partners Ltd)
HKCU\...\Run: [ctfmon32.exe] C:\PROGRA~2\rundll32.exe C:\PROGRA~2\qqeb9.dat,XFG00 [173568 2013-06-09] (?????????? ??????????)
MountPoints2: {a9b6b617-8bc4-11e1-ab29-001560c41f73} - F:\SETUP.EXE /AUTORUN
Startup: C:\Users\Notebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\PROGRA~2\qqeb9.dat (?????????? ??????????)
Startup: C:\Users\Notebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RT-Updater.lnk
ShortcutTarget: RT-Updater.lnk -> C:\Ross-Tech\VCDS\VCDS.EXE (Ross-Tech, LLC)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?l=dis&o=APN1 ... 2013-03-31
URLSearchHook: SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - "C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll" No File
HKLM SearchScopes: DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
HKCU SearchScopes: DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
BHO: No Name - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~1\SITERA~1\SiteRank.dll (Crawler, LLC)
BHO: Ask Shopping Toolbar - {4B4D502D-5341-5400-76A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\KMP-SAT\Passport.dll" No File
BHO: KMP Media Toolbar - {4B4D5056-3600-A76A-76A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\KMPV6\Passport.dll" No File
BHO: AppGraffiti - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~1\APPGRA~1\APPGRA~1.DLL (Omega Partners Ltd)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: DataMngr - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\PROGRA~1\SEARCH~1\Datamngr\BROWSE~1.DLL (Bandoo Media Inc)
BHO: No Name - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\PROGRA~1\REBATE~1\RebateI.dll (Inbox.com, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Search-Results Toolbar - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Search-Results Toolbar - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
Toolbar: HKLM - KMP Media Toolbar - {4B4D5056-3600-A76A-76A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\KMPV6\Passport.dll" No File
Toolbar: HKLM - Ask Shopping Toolbar - {4B4D502D-5341-5400-76A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\KMP-SAT\Passport.dll" No File
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\PROGRA~1\REBATE~1\RebateI.dll (Inbox.com, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome:
=======
CHR DefaultSearchURL: (Search Results) - http://dts.search-results.com/sr?src=cr ... earchTerms}
CHR DefaultSuggestURL: (Search Results) - "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll ()
CHR Extension: (KMP Media Toolbar) - C:\Users\Notebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaknbnblifjbchcfcaibjkccmfhmed\11.40826_0
CHR Extension: (Ask Shopping Toolbar) - C:\Users\Notebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaampmbjjgfcidbopolonnhcejcoipm\11.38337_0
CHR Extension: (AppGraffiti) - C:\Users\Notebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl\1.0.1.0_0
CHR Extension: (Inbox Toolbar) - C:\Users\Notebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\apgjagobplilmcdfelodhgefiidomnfl\1.0.0.9_0
CHR Extension: (avast! WebRep) - C:\Users\Notebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_1
CHR Extension: (Torch Share) - C:\Users\Notebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof\1.0.0.2023_1
CHR Extension: (RebateInformer) - C:\Users\Notebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\odbbfaealmlpnodchplhdomkgpdkeeal\1.0.0.10_0

========================== Services (Whitelisted) =================

S2 24x7HelpSvc; C:\Program Files\24x7Help\App24x7Svc.exe [342608 2013-03-17] (PCRx.com, LLC)
S2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [169640 2013-06-07] (APN LLC.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-08-21] (AVAST Software)
S2 PanService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S2 Winmgmt; C:\PROGRA~2\qqeb9.dat [173568 2013-06-09] (?????????? ??????????)

==================== Drivers (Whitelisted) ====================

S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-08-21] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [58680 2012-08-21] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [44784 2012-08-21] (AVAST Software)
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [729752 2012-08-21] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [355632 2012-08-21] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [54232 2012-08-21] (AVAST Software)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-04-21] (DT Soft Ltd)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [61704 2011-03-18] (FTDI Ltd.)
S2 HOSTNT; C:\Windows\System32\Drivers\HOSTNT.sys [4032 2012-07-28] ()
S3 RT-USB; C:\Windows\System32\drivers\RT-USB.SYS [59464 2010-06-16] (Ross-Tech LLC)
S2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2007-01-10] (Samsung Electronics)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-09 14:51 - 2013-06-09 14:51 - 00000000 ____D C:\FRST
2013-06-09 05:39 - 2013-06-09 05:39 - 00002649 ____A C:\ProgramData\9beqq.js
2013-06-09 00:52 - 2013-06-09 00:52 - 00003288 ____N C:\bootsqm.dat
2013-06-09 00:45 - 2013-06-09 14:53 - 95023320 ___AT C:\ProgramData\9beqq.pad
2013-06-09 00:45 - 2013-06-09 14:53 - 00000000 ____A C:\ProgramData\kjhy64.txt
2013-06-09 00:45 - 2013-06-09 00:45 - 00173568 ____A (?????????? ??????????) C:\ProgramData\qqeb9.dat
2013-06-09 00:45 - 2013-06-09 00:45 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-06-06 12:54 - 2013-06-06 12:54 - 00000000 ____A C:\Users\Notebook\Desktop\Nový textový dokument (2).txt
2013-06-04 22:55 - 2013-06-04 23:00 - 164413215 ____A C:\Users\Notebook\Desktop\Mientras.duermes.2011.BRRip.XviD-5rFF.rar
2013-06-03 22:04 - 2013-06-03 22:14 - 00000000 ____D C:\Users\Notebook\Desktop\psych
2013-06-03 21:55 - 2013-06-03 21:55 - 00198062 ____A C:\Users\Notebook\Desktop\psychotest-osobnost-inteligence-vykon-povaha_4.52.zip
2013-06-03 21:39 - 2013-06-03 21:39 - 00000000 _RASH C:\MSDOS.SYS
2013-06-03 21:39 - 2013-06-03 21:39 - 00000000 _RASH C:\IO.SYS
2013-06-02 14:57 - 2013-06-02 14:57 - 00000000 ____D C:\Users\Notebook\AppData\Roaming\Kastner software
2013-06-02 14:56 - 2013-06-02 14:56 - 00002124 ____A C:\Users\Public\Desktop\FORM studio.lnk
2013-06-02 14:56 - 2013-06-02 14:56 - 00000000 ____D C:\ProgramData\KASTNER software
2013-06-02 14:56 - 2013-06-02 14:56 - 00000000 ____D C:\Program Files\KASTNER software
2013-06-02 14:54 - 2013-06-02 14:54 - 18695816 ____A (KASTNER software s.r.o. ) C:\Users\Notebook\Desktop\fsstart.exe
2013-05-21 19:34 - 2013-05-21 19:34 - 00000234 ____A C:\Users\Notebook\Desktop\Nový textový dokument.txt
2013-05-19 16:36 - 2013-04-05 00:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-19 16:36 - 2013-04-05 00:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-19 16:36 - 2013-04-05 00:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-19 16:36 - 2013-04-05 00:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-19 16:36 - 2013-04-05 00:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-19 16:36 - 2013-04-05 00:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-19 16:36 - 2013-04-04 23:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-19 16:36 - 2013-04-04 23:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-19 16:36 - 2013-04-04 23:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-19 16:36 - 2013-04-04 23:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-19 16:36 - 2013-04-04 23:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-19 16:36 - 2013-04-04 23:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-19 16:36 - 2013-04-04 23:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-19 16:36 - 2013-04-04 23:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-19 16:30 - 2013-05-05 21:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-19 16:30 - 2013-05-05 21:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-19 14:51 - 2012-08-22 19:16 - 00712048 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2013-05-19 14:51 - 2012-07-04 21:45 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2013-05-19 14:50 - 2013-04-10 05:14 - 02347520 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-19 14:50 - 2013-03-19 06:53 - 00186368 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-19 14:50 - 2013-03-19 05:33 - 00040960 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-19 14:50 - 2012-10-03 18:42 - 00242176 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2013-05-19 14:50 - 2012-10-03 18:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2013-05-19 14:50 - 2012-10-03 18:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2013-05-19 14:50 - 2012-10-03 18:42 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2013-05-19 14:50 - 2012-10-03 18:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2013-05-19 14:50 - 2012-10-03 18:40 - 00499712 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2013-05-19 14:50 - 2012-10-03 17:21 - 00035328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2013-05-19 14:50 - 2012-08-21 22:12 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2013-05-19 14:49 - 2013-04-10 07:18 - 00728424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-19 14:49 - 2013-04-10 07:18 - 00218984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-19 14:49 - 2012-11-23 04:48 - 00049152 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-05-19 14:49 - 2012-10-09 19:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2013-05-19 14:49 - 2012-10-09 19:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2013-05-19 14:48 - 2013-02-27 07:05 - 00101720 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-19 14:48 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-19 14:48 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-19 14:48 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-19 14:48 - 2013-02-27 06:49 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-18 22:37 - 2013-05-18 22:37 - 00000000 ____D C:\Windows\System32\SPReview

==================== One Month Modified Files and Folders ========

2013-06-09 14:53 - 2013-06-09 00:45 - 95023320 ___AT C:\ProgramData\9beqq.pad
2013-06-09 14:53 - 2013-06-09 00:45 - 00000000 ____A C:\ProgramData\kjhy64.txt
2013-06-09 14:51 - 2013-06-09 14:51 - 00000000 ____D C:\FRST
2013-06-09 14:29 - 2012-05-25 00:05 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-09 14:29 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-09 14:29 - 2009-07-14 06:39 - 00085037 ____A C:\Windows\setupact.log
2013-06-09 07:32 - 2011-06-26 06:19 - 01381893 ____A C:\Windows\WindowsUpdate.log
2013-06-09 05:39 - 2013-06-09 05:39 - 00002649 ____A C:\ProgramData\9beqq.js
2013-06-09 05:37 - 2012-05-25 00:05 - 00000928 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-09 05:27 - 2012-05-25 00:05 - 00000914 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-09 01:02 - 2009-07-14 06:34 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-09 01:02 - 2009-07-14 06:34 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-09 00:52 - 2013-06-09 00:52 - 00003288 ____N C:\bootsqm.dat
2013-06-09 00:45 - 2013-06-09 00:45 - 00173568 ____A (?????????? ??????????) C:\ProgramData\qqeb9.dat
2013-06-09 00:45 - 2013-06-09 00:45 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-06-08 22:08 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-06-07 20:42 - 2012-05-25 00:06 - 00002129 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-06 12:54 - 2013-06-06 12:54 - 00000000 ____A C:\Users\Notebook\Desktop\Nový textový dokument (2).txt
2013-06-05 22:17 - 2012-01-16 12:26 - 00000138 ____A C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url
2013-06-04 23:07 - 2013-03-31 15:54 - 00000000 ____D C:\Program Files\The KMPlayer
2013-06-04 23:00 - 2013-06-04 22:55 - 164413215 ____A C:\Users\Notebook\Desktop\Mientras.duermes.2011.BRRip.XviD-5rFF.rar
2013-06-04 16:00 - 2011-06-28 23:21 - 01478586 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-03 22:14 - 2013-06-03 22:04 - 00000000 ____D C:\Users\Notebook\Desktop\psych
2013-06-03 21:55 - 2013-06-03 21:55 - 00198062 ____A C:\Users\Notebook\Desktop\psychotest-osobnost-inteligence-vykon-povaha_4.52.zip
2013-06-03 21:39 - 2013-06-03 21:39 - 00000000 _RASH C:\MSDOS.SYS
2013-06-03 21:39 - 2013-06-03 21:39 - 00000000 _RASH C:\IO.SYS
2013-06-02 14:57 - 2013-06-02 14:57 - 00000000 ____D C:\Users\Notebook\AppData\Roaming\Kastner software
2013-06-02 14:56 - 2013-06-02 14:56 - 00002124 ____A C:\Users\Public\Desktop\FORM studio.lnk
2013-06-02 14:56 - 2013-06-02 14:56 - 00000000 ____D C:\ProgramData\KASTNER software
2013-06-02 14:56 - 2013-06-02 14:56 - 00000000 ____D C:\Program Files\KASTNER software
2013-06-02 14:54 - 2013-06-02 14:54 - 18695816 ____A (KASTNER software s.r.o. ) C:\Users\Notebook\Desktop\fsstart.exe
2013-05-28 07:06 - 2012-04-22 14:39 - 00008098 ____A C:\Windows\PFRO.log
2013-05-27 17:59 - 2012-10-09 20:42 - 00000000 ____D C:\Program Files\Sony Ericsson
2013-05-21 19:34 - 2013-05-21 19:34 - 00000234 ____A C:\Users\Notebook\Desktop\Nový textový dokument.txt
2013-05-20 22:36 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-05-19 23:58 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-19 20:26 - 2009-07-14 06:33 - 00357192 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-19 10:01 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Windows Journal
2013-05-19 10:01 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-05-19 10:01 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-05-19 10:01 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-05-19 10:01 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\DVD Maker
2013-05-19 10:00 - 2009-07-14 10:44 - 00000000 ____D C:\Windows\System32\cs
2013-05-19 10:00 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-05-19 10:00 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2013-05-19 10:00 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\System
2013-05-18 22:44 - 2009-07-14 04:05 - 00152576 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2013-05-18 22:37 - 2013-05-18 22:37 - 00000000 ____D C:\Windows\System32\SPReview
2013-05-17 19:35 - 2013-04-06 23:14 - 00000000 ____D C:\Users\Notebook\Desktop\ewa
2013-05-15 16:12 - 2011-06-29 00:01 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-14 22:27 - 2012-05-25 00:04 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-14 22:27 - 2011-11-13 12:52 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-12 10:51 - 2011-11-12 16:56 - 00000000 ____D C:\Program Files\Opera

Files to move or delete:
====================
C:\ProgramData\rundll32.exe
C:\ProgramData\9beqq.pad
C:\ProgramData\qqeb9.dat

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-03 15:07

==================== End Of Log ============================


dakujem

Re: Policie ČR na slovenký sposob

Napsal: 09 čer 2013 15:48
od blade6591
dakujem za ochotu, ale uz sa mi to podarilo zlikvidovat s RogueKiller.

este raz dakujem.

Re: Policie ČR na slovenký sposob

Napsal: 09 čer 2013 16:43
od blade6591
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Nouzový režim
Uživatel : Notebook [Práva správce]
Mód : Kontrola -- Datum : 06/09/2013 16:34:59
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 9 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : ctfmon32.exe (C:\PROGRA~2\rundll32.exe C:\PROGRA~2\qqeb9.dat,XFG00) [7] -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-4278536885-1745303371-2988832772-1000[...]\Run : ctfmon32.exe (C:\PROGRA~2\rundll32.exe C:\PROGRA~2\qqeb9.dat,XFG00) [7] -> NALEZENO
[STARTUP][BLACKLISTDLL] regmonstd.lnk @Notebook : C:\Windows\System32\rundll32.exe|C:\PROGRA~2\qqeb9.dat,XFG00 -> NALEZENO
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJ] HKLM\[...]\System : EnableLUA (0) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
[HJ DLL][SUSP PATH] HKLM\[...]\ControlSet001\Services\winmgmt\Parameters : ServiceDll (C:\ProgramData\qqeb9.dat) [-] -> NALEZENO
[HJ DLL][SUSP PATH] HKLM\[...]\ControlSet002\Services\winmgmt\Parameters : ServiceDll (C:\ProgramData\qqeb9.dat) [-] -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 8abf19ade041e01416cda1850fce695d
[BSP] ccd813f11c8a90b283fafdce925c3151 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 55295 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 113451008 | Size: 39999 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 570126af28f4ad9c7457ff509f21bd9f
[BSP] f2e920cbb348efa659923a6ba441194e : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8064 | Size: 3820 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[1]_S_06092013_02d1634.txt >>
RKreport[1]_S_06092013_02d1634.txt






RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Nouzový režim
Uživatel : Notebook [Práva správce]
Mód : Odebrat -- Datum : 06/09/2013 16:38:14
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 8 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : ctfmon32.exe (C:\PROGRA~2\rundll32.exe C:\PROGRA~2\qqeb9.dat,XFG00) [7] -> VYMAZÁNO
[STARTUP][BLACKLISTDLL] regmonstd.lnk @Notebook : C:\Windows\System32\rundll32.exe|C:\PROGRA~2\qqeb9.dat,XFG00 -> VYMAZÁNO
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NAHRAZENO (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> NAHRAZENO (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
[HJ DLL][SUSP PATH] HKLM\[...]\ControlSet001\Services\winmgmt\Parameters : ServiceDll (C:\ProgramData\qqeb9.dat) [-] -> NAHRAZENO (%SystemRoot%\system32\wbem\WMIsvc.dll)
[HJ DLL][SUSP PATH] HKLM\[...]\ControlSet002\Services\winmgmt\Parameters : ServiceDll (C:\ProgramData\qqeb9.dat) [-] -> NAHRAZENO (%SystemRoot%\system32\wbem\WMIsvc.dll)

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 8abf19ade041e01416cda1850fce695d
[BSP] ccd813f11c8a90b283fafdce925c3151 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 55295 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 113451008 | Size: 39999 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 570126af28f4ad9c7457ff509f21bd9f
[BSP] f2e920cbb348efa659923a6ba441194e : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8064 | Size: 3820 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[2]_D_06092013_02d1638.txt >>
RKreport[1]_S_06092013_02d1634.txt ; RKreport[2]_D_06092013_02d1638.txt

Re: Policie ČR na slovenký sposob

Napsal: 09 čer 2013 16:45
od blade6591
Logfile of random's system information tool 1.09 (written by random/random)
Run by Notebook at 2013-06-09 17:32:57
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 20 GB (37%) free of 55 GB
Total RAM: 2039 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:33:06, on 9. 6. 2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16483)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files\Opera\opera.exe
C:\Users\Notebook\Desktop\RSIT.exe
C:\Program Files\trend micro\Notebook.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - "C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll" (file missing)
O2 - BHO: Ask Shopping Toolbar BHO - {4B4D502D-5341-5400-76A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\KMP-SAT\Passport.dll" (file missing)
O2 - BHO: KMP Media Toolbar BHO - {4B4D5056-3600-A76A-76A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\KMPV6\Passport.dll" (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: KMP Media Toolbar - {4B4D5056-3600-A76A-76A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\KMPV6\Passport.dll" (file missing)
O3 - Toolbar: Ask Shopping Toolbar - {4B4D502D-5341-5400-76A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\KMP-SAT\Passport.dll" (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SiteRanker] "C:\Program Files\SiteRanker\SiteRankTray.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [AGupdate] C:\Program Files\AppGraffiti\AGupdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: RT-Updater.lnk = C:\Ross-Tech\VCDS\VCDS.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: C:\PROGRA~2\Wincert\WIN32C~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe

--
End of file - 6410 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B4D502D-5341-5400-76A7-7A786E7484D7}]
Ask Shopping Toolbar - C:\Program Files\AskPartnerNetwork\Toolbar\KMP-SAT\Passport.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B4D5056-3600-A76A-76A7-7A786E7484D7}]
KMP Media Toolbar - C:\Program Files\AskPartnerNetwork\Toolbar\KMPV6\Passport.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-10-09 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-10-09 157672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]
{4B4D5056-3600-A76A-76A7-7A786E7484D7} - KMP Media Toolbar - C:\Program Files\AskPartnerNetwork\Toolbar\KMPV6\Passport.dll []
{4B4D502D-5341-5400-76A7-7A786E7484D7} - Ask Shopping Toolbar - C:\Program Files\AskPartnerNetwork\Toolbar\KMP-SAT\Passport.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
""= []
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-07-27 288312]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-02-21 1183744]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-05-09 4858968]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"SiteRanker"=C:\Program Files\SiteRanker\SiteRankTray.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]
"Sony PC Companion"=C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [2013-03-18 448736]
"AGupdate"=C:\Program Files\AppGraffiti\AGupdate.exe []

C:\Users\Notebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
RT-Updater.lnk - C:\Ross-Tech\VCDS\VCDS.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~2\Wincert\WIN32C~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-06-09 17:32:57 ----D---- C:\rsit
2013-06-09 17:32:57 ----D---- C:\Program Files\trend micro
2013-06-09 17:23:53 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2013-06-09 17:23:52 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2013-06-09 17:06:24 ----D---- C:\Users\Notebook\AppData\Roaming\Malwarebytes
2013-06-09 17:06:14 ----D---- C:\ProgramData\Malwarebytes
2013-06-09 17:06:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2013-06-09 17:06:12 ----A---- C:\Windows\system32\drivers\mbam.sys
2013-06-09 17:00:15 ----A---- C:\TDSSKiller.2.8.16.0_09.06.2013_17.00.15_log.txt
2013-06-09 16:52:53 ----A---- C:\Windows\DeleteOnReboot.bat
2013-06-09 16:52:46 ----A---- C:\AdwCleaner[S1].txt
2013-06-09 16:52:20 ----A---- C:\AdwCleaner[R1].txt
2013-06-09 16:45:40 ----D---- C:\Program Files\CCleaner
2013-06-09 14:51:10 ----D---- C:\FRST
2013-06-09 00:52:43 ----N---- C:\bootsqm.dat
2013-06-09 00:45:56 ----A---- C:\ProgramData\kjhy64.txt
2013-06-08 22:09:54 ----SHD---- C:\Config.Msi
2013-06-03 21:39:22 ----RASH---- C:\MSDOS.SYS
2013-06-03 21:39:22 ----RASH---- C:\IO.SYS
2013-06-02 14:57:04 ----D---- C:\Users\Notebook\AppData\Roaming\Kastner software
2013-06-02 14:56:44 ----D---- C:\ProgramData\KASTNER software
2013-06-02 14:56:44 ----D---- C:\Program Files\KASTNER software
2013-05-19 16:36:19 ----A---- C:\Windows\system32\vbscript.dll
2013-05-19 16:36:19 ----A---- C:\Windows\system32\mshtmled.dll
2013-05-19 16:36:18 ----A---- C:\Windows\system32\jsproxy.dll
2013-05-19 16:36:17 ----A---- C:\Windows\system32\msfeeds.dll
2013-05-19 16:36:17 ----A---- C:\Windows\system32\ieUnatt.exe
2013-05-19 16:36:17 ----A---- C:\Windows\system32\ieui.dll
2013-05-19 16:36:16 ----A---- C:\Windows\system32\wininet.dll
2013-05-19 16:36:15 ----A---- C:\Windows\system32\jscript.dll
2013-05-19 16:36:14 ----A---- C:\Windows\system32\url.dll
2013-05-19 16:36:14 ----A---- C:\Windows\system32\jscript9.dll
2013-05-19 16:36:13 ----A---- C:\Windows\system32\iertutil.dll
2013-05-19 16:36:12 ----A---- C:\Windows\system32\urlmon.dll
2013-05-19 16:36:09 ----A---- C:\Windows\system32\ieframe.dll
2013-05-19 16:30:53 ----A---- C:\Windows\system32\mshtml.dll
2013-05-19 14:51:14 ----A---- C:\Windows\system32\drivers\ndis.sys
2013-05-19 14:51:13 ----A---- C:\Windows\system32\drivers\RNDISMP.sys
2013-05-19 14:50:45 ----A---- C:\Windows\system32\wwansvc.dll
2013-05-19 14:50:44 ----A---- C:\Windows\system32\wwanprotdim.dll
2013-05-19 14:50:42 ----A---- C:\Windows\system32\OxpsConverter.exe
2013-05-19 14:50:21 ----A---- C:\Windows\system32\win32k.sys
2013-05-19 14:50:18 ----A---- C:\Windows\system32\ncsi.dll
2013-05-19 14:50:17 ----A---- C:\Windows\system32\netcorehc.dll
2013-05-19 14:50:17 ----A---- C:\Windows\system32\iphlpsvc.dll
2013-05-19 14:50:16 ----A---- C:\Windows\system32\nlasvc.dll
2013-05-19 14:50:15 ----A---- C:\Windows\system32\nlaapi.dll
2013-05-19 14:50:15 ----A---- C:\Windows\system32\netevent.dll
2013-05-19 14:50:15 ----A---- C:\Windows\system32\drivers\tcpipreg.sys
2013-05-19 14:49:14 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2013-05-19 14:49:14 ----A---- C:\Windows\system32\dhcpcore6.dll
2013-05-19 14:49:04 ----A---- C:\Windows\system32\taskhost.exe
2013-05-19 14:49:03 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2013-05-19 14:49:03 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2013-05-19 14:48:54 ----A---- C:\Windows\system32\shell32.dll
2013-05-19 14:48:53 ----A---- C:\Windows\system32\shdocvw.dll
2013-05-19 14:48:53 ----A---- C:\Windows\system32\consent.exe
2013-05-19 14:48:53 ----A---- C:\Windows\system32\authui.dll
2013-05-19 14:48:52 ----A---- C:\Windows\system32\appinfo.dll
2013-05-18 22:37:46 ----D---- C:\Windows\system32\SPReview

======List of files/folders modified in the last 1 month======

2013-06-09 17:33:00 ----D---- C:\Windows\Temp
2013-06-09 17:32:57 ----RD---- C:\Program Files
2013-06-09 17:30:48 ----D---- C:\Windows\system32\config
2013-06-09 17:28:53 ----D---- C:\Windows\system32\DriverStore
2013-06-09 17:23:54 ----D---- C:\Windows\system32\Tasks
2013-06-09 17:23:53 ----D---- C:\Windows\system32\drivers
2013-06-09 17:23:47 ----D---- C:\Windows
2013-06-09 17:14:01 ----HD---- C:\ProgramData
2013-06-09 17:14:01 ----D---- C:\Windows\Offline Web Pages
2013-06-09 16:55:13 ----D---- C:\Windows\inf
2013-06-09 16:52:55 ----D---- C:\Program Files\Search Results Toolbar
2013-06-09 16:49:24 ----D---- C:\Users\Notebook\AppData\Roaming\DAEMON Tools Lite
2013-06-09 16:48:36 ----D---- C:\Windows\Panther
2013-06-09 16:48:36 ----D---- C:\Windows\Logs
2013-06-09 16:48:36 ----D---- C:\Windows\debug
2013-06-09 16:48:35 ----D---- C:\Windows\Minidump
2013-06-09 05:34:14 ----D---- C:\Windows\Prefetch
2013-06-08 22:10:11 ----SHD---- C:\Windows\Installer
2013-06-07 20:19:12 ----SHD---- C:\System Volume Information
2013-06-05 22:16:50 ----D---- C:\Windows\system32\catroot
2013-06-04 23:07:34 ----D---- C:\Program Files\The KMPlayer
2013-06-04 16:00:07 ----D---- C:\Windows\System32
2013-06-04 16:00:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-05-28 23:03:52 ----D---- C:\Windows\system32\catroot2
2013-05-27 17:59:16 ----D---- C:\Program Files\Sony Ericsson
2013-05-20 22:36:53 ----D---- C:\Windows\rescache
2013-05-19 23:58:27 ----D---- C:\Windows\Microsoft.NET
2013-05-19 23:58:26 ----RSD---- C:\Windows\assembly
2013-05-19 20:21:19 ----D---- C:\Windows\winsxs
2013-05-19 20:17:49 ----D---- C:\Windows\system32\migration
2013-05-19 20:17:49 ----D---- C:\Program Files\Internet Explorer
2013-05-19 20:17:44 ----D---- C:\Windows\system32\cs-CZ
2013-05-19 20:17:40 ----D---- C:\Windows\AppPatch
2013-05-19 10:01:07 ----D---- C:\Program Files\Windows Sidebar
2013-05-19 10:01:07 ----D---- C:\Program Files\Windows Mail
2013-05-19 10:01:07 ----D---- C:\Program Files\DVD Maker
2013-05-19 10:01:06 ----D---- C:\Program Files\Windows Portable Devices
2013-05-19 10:01:05 ----D---- C:\Program Files\Windows Media Player
2013-05-19 10:01:04 ----D---- C:\Program Files\Windows Photo Viewer
2013-05-19 10:01:03 ----D---- C:\Program Files\Windows Journal
2013-05-19 10:00:59 ----D---- C:\Program Files\Common Files\System
2013-05-19 10:00:54 ----D---- C:\Program Files\Windows Defender
2013-05-19 10:00:53 ----D---- C:\Windows\servicing
2013-05-19 10:00:52 ----D---- C:\Windows\ehome
2013-05-19 10:00:34 ----D---- C:\Windows\system32\oobe
2013-05-19 10:00:34 ----D---- C:\Windows\system32\en-US
2013-05-19 10:00:34 ----D---- C:\Windows\system32\da-DK
2013-05-19 10:00:33 ----D---- C:\Windows\system32\sysprep
2013-05-19 10:00:33 ----D---- C:\Windows\system32\Setup
2013-05-19 10:00:33 ----D---- C:\Windows\system32\AdvancedInstallers
2013-05-19 10:00:32 ----D---- C:\Windows\system32\cs
2013-05-19 10:00:27 ----D---- C:\Windows\system32\sppui
2013-05-19 10:00:27 ----D---- C:\Windows\system32\manifeststore
2013-05-19 10:00:27 ----D---- C:\Windows\system32\es-ES
2013-05-19 10:00:24 ----D---- C:\Windows\system32\wbem
2013-05-19 10:00:24 ----D---- C:\Windows\system32\drivers\cs-CZ
2013-05-19 10:00:22 ----D---- C:\Windows\system32\migwiz
2013-05-19 10:00:22 ----D---- C:\Windows\system32\Dism
2013-05-19 09:59:19 ----RSD---- C:\Windows\Fonts
2013-05-19 09:58:57 ----D---- C:\Windows\system32\Boot
2013-05-18 22:44:36 ----A---- C:\Windows\system32\msclmd.dll
2013-05-15 16:12:08 ----A---- C:\Windows\system32\MRT.exe
2013-05-14 22:27:31 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-05-13 20:35:55 ----D---- C:\Windows\system32\wdi
2013-05-12 10:51:03 ----D---- C:\Program Files\Opera

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2013-05-09 49376]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2013-05-09 174664]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2013-05-09 61680]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2013-05-09 765736]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2013-05-09 368944]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2013-05-09 56080]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-21 242240]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2013-05-09 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]
R2 HOSTNT;HOSTNT; C:\Windows\system32\drivers\HOSTNT.sys [2012-07-28 4032]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2007-01-10 5120]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2008-04-24 309248]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-14 1035776]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver; C:\Windows\System32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2009-04-20 9344]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2009-04-29 15872]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 84992]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-05-02 290816]
S2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2011-03-18 61704]
S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2011-03-18 73096]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2012-10-09 12400]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2012-10-09 25200]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RT-USB;Ross-Tech USB driver; C:\Windows\system32\drivers\RT-USB.SYS [2010-06-16 59464]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2007-02-06 69632]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-05-09 46808]
R2 PanService;PandoraService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [2012-09-28 625304]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-05-25 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-14 256904]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-05-25 136176]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-06-29 1343400]

-----------------EOF-----------------

Re: Policie ČR na slovenký sposob

Napsal: 09 čer 2013 18:59
od blade6591
dakujem, pomohol som si jednym clankom co som vyguglil, bolo tam odporucane pouzite tych programov po RK. :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz