VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Vir Policie ČR

https://forum.viry.cz:443/viewtopic.php?t=131727

Stránka 1 z 1

Vir Policie ČR

Napsal: 27 črc 2013 12:02
od uja5
Dobry den
Omlouvam se, ze vytvarim nove forum, ale dnes rano se mi bohuzel na pocitaci objevil znamy vir s blokaci od Policie ČR! Koukal jsem na nejaka vlakna na foru a podle toho jsem v nouzovem rezimu nechal probehnout scan MBAM. Pomozte mi prosim protoze bohuzel vubec nevim co dal delat!
Scan zde prikladam!
Diky moc! :)

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2013.04.04.07

Windows 7 Service Pack 1 x64 NTFS (Nouzový režim s podporou sítě)
Internet Explorer 10.0.9200.16635
Lukáš :: PC_PRACOVNI [administrátor]

1.1.2002 10:55:17
mbam-log-2002-01-01 (10-55-17).txt

Typ: Kompletní kontrola (A:\|C:\|D:\|F:\|G:\|H:\|I:\|W:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 561596
Uplynulý čas: 49 minut, 21 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

Re: Vir Policie ČR

Napsal: 27 črc 2013 12:07
od vyosek
Zdravim :)

Prosim o spusteni nasledujiciho

:arrow: Aplikace ke stažení:
:arrow: Po stažení je nutné na systémech Vista, W7 a W8 spustit utilitu jako Správce - kliknutí pravým tlačítkem myši na ikonu a zvolení možnosti Spustit jako správce či Run As Administrator
Obrázek


:arrow: Následně dojde ke stažení FRST a inicializaci
  • Po spuštění FRST odsouhlasíme licenční podmínky kliknutím na Ano.
  • Dooznačíme položku Addition.txt - viz obrázek.
    Obrázek
  • Klikneme na tlačítko Scan čímž spustíme skenování.
  • Počkáme na dokončení skenování FRST a vytvoření doplňkových informací naší nástavbou.
  • Otevře se nám textový soubor FRST.txt, což je požadovaný log a jehož obsah vložíme do svého tématu na fóru.
  • Po uzavření logu se Test.exe ukončí a na ploše nám zbyde utilta FRST a dva logy FRST.txt a Addition.txt - nic z toho zatím nemažeme.

Re: Vir Policie ČR

Napsal: 27 črc 2013 12:13
od uja5
Program mi pise "System Windows nemuze najit polozku FRST64.exe. Ujistete se, zda je nazev zadan spravne, a akci opakujte." Nevim kde stahnout tu druhou :)

Re: Vir Policie ČR

Napsal: 27 črc 2013 12:16
od vyosek
Zrejme nejaka chybka s pripojenim...

Stahnete si FRST64.exe odsud http://download.bleepingcomputer.com/farbar/FRST64.exe ulozte na plochu a spustte, dale pak nastaveni je stejne.

Po dokonceni skenu mi sem vlozte log FRST.txt

Re: Vir Policie ČR

Napsal: 27 črc 2013 12:20
od uja5
Zde je log z FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-07-2013
Ran by Lukáš (administrator) on 27-07-2013 13:17:39
Running from C:\Users\Lukáš\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [x]
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [x]
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Runonce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x]
HKCU\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG)
HKCU\...\Run: [ICQ] - ~"C:\Program Files (x86)\ICQ7.7\ICQ.exe" silent loginmode=4 [x]
HKCU\...\Run: [Optimizer Pro] - C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [x]
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd)
HKCU\...\Run: [PCSpeedUp] - C:\Program Files (x86)\Zrychleni Pocitace\PCSpeedUp.lnk [x]
HKCU\...\Run: [Steam] - "C:\Program Files (x86)\Steam\Steam.exe" -silent [x]
MountPoints2: E - E:\setup.exe
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SweetIM] - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [114992 2012-02-16] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [Sweetpacks Communicator] - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [295728 2012-02-26] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [HPUsageTracking] - C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe [24576 2009-05-11] (Hewlett-Packard Company)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - D:\DATA\LUKAS\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\Administrator\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG)
HKU\Default\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\Petr\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG)
HKU\TEMP.pc_pracovni.001\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\Users\LUK~1\AppData\Local\Temp\b34btbztdb0vavaw.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://searchfunmoods.com/results.php?f ... =965457571
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://searchfunmoods.com/results.php?f ... =965457571
SearchScopes: HKLM-x32 - {04968698-623E-9438-45C6-636217D6F7D9} URL = http://search.sweetim.com/search.asp?sr ... earchTerms}
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://searchfunmoods.com/results.php?f ... =965457571
SearchScopes: HKCU - {ECA26DEB-23AC-4344-840C-0EE3FF97C122} URL = http://websearch.ask.com/redirect?clien ... AF281DA761
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?sr ... earchTerms}
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1

FireFox:
========
FF ProfilePath: C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\c1zu50kc.default
FF SelectedSearchEngine: SweetIM Search
FF Homepage: hxxp://home.sweetim.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\DATA\LUKAS\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\c1zu50kc.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\c1zu50kc.default\searchplugins\sweetim.xml
FF Extension: TheBflix - C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\c1zu50kc.default\Extensions\info@bflix.info
FF Extension: Ask Toolbar - C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\c1zu50kc.default\Extensions\toolbar@ask.com
FF Extension: No Name - C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\c1zu50kc.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

Chrome:
=======
CHR Extension: (YouTube) - C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Petr\AppData\Local\funmoods.crx
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Petr\AppData\Local\funmoods-speeddial_sf.crx
CHR HKLM-x32\...\Chrome\Extension: [aaaapoomnboffjcgcebabolakmhbblbk] - C:\Users\Lukáš\AppData\Local\APN\GoogleCRXs\aaaapoomnboffjcgcebabolakmhbblbk_7.14.1.0.crx
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx
CHR HKLM-x32\...\Chrome\Extension: [joifgdlkhokekeaenpkaehbnjhncglbh] - C:\ProgramData\TheBflix\joifgdlkhokekeaenpkaehbnjhncglbh.crx

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation)
S2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-02-18] (Nero AG)
S2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2012-10-30] (Nitro PDF Software)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [529704 2008-02-28] (Nero AG)
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] ()
S2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.)
S3 SonicStage Back-End Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation)
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)
S3 SSScsiSV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2365792 2012-09-17] (TuneUp Software)
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [x]
S2 PCSUService; C:\Program Files (x86)\Zrychleni Pocitace\PCSUService.exe [x]

==================== Drivers (Whitelisted) ====================

S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-26] (Applian Technologies Inc.)
R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-26] (Applian Technologies Inc.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-07-23] ()
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-08] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-08] (Avira GmbH)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-09-16] (Avira GmbH)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-07-23] (DT Soft Ltd)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-07-23] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2002-01-01] (Duplex Secure Ltd.)
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2020-10-03 10:32 - 2020-10-03 11:17 - 00000000 ____D C:\Users\Petr\Desktop\disk
2020-10-03 07:10 - 2013-01-08 13:34 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-07-27 13:17 - 2013-07-27 13:17 - 00000000 ____D C:\FRST
2013-07-27 13:16 - 2013-07-27 13:16 - 01780407 _____ (Farbar) C:\Users\Lukáš\Desktop\FRST64.exe
2013-07-27 13:10 - 2013-07-27 13:15 - 00154232 _____ (Noël Danjou) C:\Users\LUK~1\AppData\Local\download.exe
2013-07-26 20:40 - 2013-07-26 20:40 - 00000000 ____D C:\Windows\pss
2013-07-26 19:41 - 2013-07-26 19:41 - 00000162 _____ C:\ProgramData\wavav0bdtzbtb43b.reg
2013-07-26 19:41 - 2013-07-26 19:41 - 00000067 _____ C:\ProgramData\wavav0bdtzbtb43b.bat
2013-07-26 15:52 - 2013-07-26 15:52 - 00000000 ____D C:\Program Files\BlackIsle
2013-07-26 15:52 - 2013-07-26 15:52 - 00000000 _____ C:\uninst.log
2013-07-24 12:52 - 2013-07-24 12:52 - 00000000 ____D C:\Program Files (x86)\Free MOV to AVI Converter
2013-07-24 12:52 - 2007-09-10 04:01 - 00088379 _____ (Open Source Software community project) C:\Windows\SysWOW64\pthreadGC2.dll
2013-07-24 12:52 - 2007-08-16 17:25 - 01576960 _____ (http://mediainfo.sourceforge.net) C:\Windows\SysWOW64\MediaInfo.dll
2013-07-23 17:28 - 2013-07-23 17:28 - 01017510 _____ C:\Users\Lukáš\Desktop\TheBoysAreBack-DropkickMurphys1.m4r
2013-07-23 17:26 - 2013-07-23 17:26 - 01020034 _____ C:\Users\Lukáš\Desktop\TheBoysAreBack-DropkickMurphys.m4r
2013-07-16 17:24 - 2013-07-16 17:24 - 00000000 ____D D:\DATA\LUKAS\Dokumenty\My Cheat Tables
2013-07-15 11:27 - 2013-07-15 11:27 - 00000000 ____D C:\Windows\system32\MRT
2013-07-14 21:45 - 2013-07-14 21:45 - 00001516 _____ C:\Users\Lukáš\Desktop\FIFA 13.lnk
2013-07-14 13:03 - 2013-07-23 16:36 - 00000000 ____D D:\DATA\LUKAS\Dokumenty\FIFA 13
2013-07-12 08:04 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 08:04 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 08:04 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-12 08:04 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 08:04 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 08:04 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 08:04 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 08:04 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 08:04 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 08:04 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-12 08:04 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-12 08:04 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-12 08:04 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-12 08:04 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 08:04 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 08:04 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-12 08:04 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 08:04 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 08:04 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 08:04 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 08:04 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 08:04 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 08:04 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 08:04 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-12 08:04 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-12 08:04 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 08:04 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-12 08:04 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 08:04 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-12 08:04 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 08:04 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 07:58 - 2013-07-12 07:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 21:06 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 21:06 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 21:06 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 21:06 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 21:06 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 21:06 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 21:06 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-05 08:33 - 2013-07-05 08:39 - 00000000 ____D D:\DATA\LUKAS\Dokumenty\St. Mary Huana Ganja
2013-07-01 11:07 - 2013-07-01 11:07 - 00000000 ____D C:\Users\Petr\Desktop\fleška

==================== One Month Modified Files and Folders =======

2020-10-03 11:17 - 2020-10-03 10:32 - 00000000 ____D C:\Users\Petr\Desktop\disk
2020-10-03 07:35 - 2012-02-09 11:51 - 00000000 ____D C:\Users\Petr\AppData\Local\Apple Computer
2020-10-03 07:12 - 2012-01-31 14:20 - 00110472 _____ C:\Users\Petr\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-27 13:17 - 2013-07-27 13:17 - 00000000 ____D C:\FRST
2013-07-27 13:17 - 2002-01-01 00:06 - 00000000 ____D C:\Users\TEMP.pc_pracovni.001
2013-07-27 13:16 - 2013-07-27 13:16 - 01780407 _____ (Farbar) C:\Users\Lukáš\Desktop\FRST64.exe
2013-07-27 13:15 - 2013-07-27 13:10 - 00154232 _____ (Noël Danjou) C:\Users\LUK~1\AppData\Local\download.exe
2013-07-26 23:31 - 2013-03-22 09:55 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-26 23:26 - 2012-01-31 11:41 - 00000966 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-26 20:49 - 2009-07-14 06:45 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-26 20:49 - 2009-07-14 06:45 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-26 20:40 - 2013-07-26 20:40 - 00000000 ____D C:\Windows\pss
2013-07-26 20:24 - 2012-06-06 11:11 - 00000000 ____D C:\Users\Petr\AppData\Roaming\DAEMON Tools Lite
2013-07-26 19:56 - 2013-04-25 18:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-26 19:41 - 2013-07-26 19:41 - 00000162 _____ C:\ProgramData\wavav0bdtzbtb43b.reg
2013-07-26 19:41 - 2013-07-26 19:41 - 00000067 _____ C:\ProgramData\wavav0bdtzbtb43b.bat
2013-07-26 19:41 - 2012-01-31 13:35 - 00000000 ___RD C:\Users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-26 18:54 - 2013-01-12 11:37 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\Nitro PDF
2013-07-26 15:52 - 2013-07-26 15:52 - 00000000 ____D C:\Program Files\BlackIsle
2013-07-26 15:52 - 2013-07-26 15:52 - 00000000 _____ C:\uninst.log
2013-07-26 11:54 - 2012-07-23 11:51 - 00000000 ____D D:\DATA\LUKAS\Dokumenty\OpenTTD
2013-07-26 09:50 - 2013-03-19 01:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-25 11:35 - 2012-11-02 15:35 - 00000000 ____D C:\Users\Lukáš\Desktop\PAPRSEK 2013 Jihozemí
2013-07-24 12:55 - 2012-02-06 21:40 - 00000000 ____D C:\Users\LUK~1\AppData\Local\Apple Computer
2013-07-24 12:52 - 2013-07-24 12:52 - 00000000 ____D C:\Program Files (x86)\Free MOV to AVI Converter
2013-07-23 17:28 - 2013-07-23 17:28 - 01017510 _____ C:\Users\Lukáš\Desktop\TheBoysAreBack-DropkickMurphys1.m4r
2013-07-23 17:26 - 2013-07-23 17:26 - 01020034 _____ C:\Users\Lukáš\Desktop\TheBoysAreBack-DropkickMurphys.m4r
2013-07-23 16:36 - 2013-07-14 13:03 - 00000000 ____D D:\DATA\LUKAS\Dokumenty\FIFA 13
2013-07-16 17:24 - 2013-07-16 17:24 - 00000000 ____D D:\DATA\LUKAS\Dokumenty\My Cheat Tables
2013-07-15 11:31 - 2013-07-15 11:27 - 00000000 ____D C:\Windows\system32\MRT
2013-07-15 11:26 - 2012-01-31 10:15 - 01564220 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-07-14 21:45 - 2013-07-14 21:45 - 00001516 _____ C:\Users\Lukáš\Desktop\FIFA 13.lnk
2013-07-13 01:21 - 2012-01-31 11:41 - 00003962 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 01:21 - 2012-01-31 11:41 - 00003710 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 14:39 - 2009-07-14 06:45 - 00422072 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-12 12:27 - 2009-07-14 17:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 12:27 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 12:27 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-12 08:05 - 2012-01-31 10:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-12 07:58 - 2013-07-12 07:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 07:58 - 2013-03-14 09:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-07 13:27 - 2012-07-23 11:48 - 00000880 _____ C:\Users\Public\Desktop\OpenTTD.lnk
2013-07-05 08:39 - 2013-07-05 08:33 - 00000000 ____D D:\DATA\LUKAS\Dokumenty\St. Mary Huana Ganja
2013-07-01 13:47 - 2013-02-12 11:30 - 00000000 ____D C:\Users\Lukáš\Desktop\Bc Workin!
2013-07-01 11:07 - 2013-07-01 11:07 - 00000000 ____D C:\Users\Petr\Desktop\fleška
2013-06-29 15:27 - 2012-12-30 10:00 - 00000000 ____D C:\Users\Petr\Desktop\starší sezóny

Files to move or delete:
====================
C:\Users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
C:\Users\Petr\5430262.dll
C:\Users\Petr\6114940.dll
C:\Users\Petr\8446211.dll
C:\ProgramData\19hj.dat
C:\ProgramData\6878002.bat
C:\ProgramData\6878002.pad
C:\ProgramData\6878002.reg
C:\ProgramData\7999643.bat
C:\ProgramData\7999643.pad
C:\ProgramData\7999643.reg
C:\ProgramData\80ji.dat
C:\ProgramData\dbwj.bat
C:\ProgramData\dbwj.pad
C:\ProgramData\dbwj.reg
C:\ProgramData\g2bo.bat
C:\ProgramData\g2bo.pad
C:\ProgramData\g2bo.reg
C:\ProgramData\gdo6z1.dat
C:\ProgramData\ij08.bat
C:\ProgramData\ij08.pad
C:\ProgramData\ij08.reg
C:\ProgramData\jwbd.dat
C:\ProgramData\ob2g.dat
C:\ProgramData\wavav0bdtzbtb43b.bat
C:\ProgramData\wavav0bdtzbtb43b.reg

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-26 14:39

==================== End Of Log ============================

Re: Vir Policie ČR

Napsal: 27 črc 2013 12:26
od vyosek
:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Runonce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x]
HKCU\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG)
HKCU\...\Run: [ICQ] - ~"C:\Program Files (x86)\ICQ7.7\ICQ.exe" silent loginmode=4 [x]
HKCU\...\Run: [Optimizer Pro] - C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [x]
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd)
HKCU\...\Run: [PCSpeedUp] - C:\Program Files (x86)\Zrychleni Pocitace\PCSpeedUp.lnk [x]
HKCU\...\Run: [Steam] - "C:\Program Files (x86)\Steam\Steam.exe" -silent [x]
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SweetIM] - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [114992 2012-02-16] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [Sweetpacks Communicator] - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [295728 2012-02-26] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - D:\DATA\LUKAS\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\Administrator\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\Users\LUK~1\AppData\Local\Temp\b34btbztdb0vavaw.exe (Microsoft Corporation)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyD0D0B0E0DyEtBtB0FyCtBtN0D0Tzu0CtBzzyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=965457571
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyD0D0B0E0DyEtBtB0FyCtBtN0D0Tzu0CtBzzyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=965457571
SearchScopes: HKLM-x32 - {04968698-623E-9438-45C6-636217D6F7D9} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyD0D0B0E0DyEtBtB0FyCtBtN0D0Tzu0CtBzzyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=965457571
SearchScopes: HKCU - {ECA26DEB-23AC-4344-840C-0EE3FF97C122} URL = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=T8&apn_dtid=YYYYYYYYCZ&apn_uid=3be4bbe5-7b77-4b7d-b91a-5f41f2f5ac86&apn_sauid=CD1F022B-BE18-464E-9B06-40AF281DA761
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
FF SelectedSearchEngine: SweetIM Search
FF Homepage: hxxp://home.sweetim.com
FF SearchPlugin: C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\c1zu50kc.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\c1zu50kc.default\searchplugins\sweetim.xml
FF Extension: TheBflix - C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\c1zu50kc.default\Extensions\info@bflix.info
FF Extension: Ask Toolbar - C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\c1zu50kc.default\Extensions\toolbar@ask.com
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Petr\AppData\Local\funmoods.crx
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Petr\AppData\Local\funmoods-speeddial_sf.crx
CHR HKLM-x32\...\Chrome\Extension: [aaaapoomnboffjcgcebabolakmhbblbk] - C:\Users\Lukáš\AppData\Local\APN\GoogleCRXs\aaaapoomnboffjcgcebabolakmhbblbk_7.14.1.0.crx
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx
CHR HKLM-x32\...\Chrome\Extension: [joifgdlkhokekeaenpkaehbnjhncglbh] - C:\ProgramData\TheBflix\joifgdlkhokekeaenpkaehbnjhncglbh.crx
S2 PCSUService; C:\Program Files (x86)\Zrychleni Pocitace\PCSUService.exe [x]
C:\Users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
C:\Users\Petr\5430262.dll
C:\Users\Petr\6114940.dll
C:\Users\Petr\8446211.dll
C:\ProgramData\19hj.dat
C:\ProgramData\6878002.bat
C:\ProgramData\6878002.pad
C:\ProgramData\6878002.reg
C:\ProgramData\7999643.bat
C:\ProgramData\7999643.pad
C:\ProgramData\7999643.reg
C:\ProgramData\80ji.dat
C:\ProgramData\dbwj.bat
C:\ProgramData\dbwj.pad
C:\ProgramData\dbwj.reg
C:\ProgramData\g2bo.bat
C:\ProgramData\g2bo.pad
C:\ProgramData\g2bo.reg
C:\ProgramData\gdo6z1.dat
C:\ProgramData\ij08.bat
C:\ProgramData\ij08.pad
C:\ProgramData\ij08.reg
C:\ProgramData\jwbd.dat
C:\ProgramData\ob2g.dat
C:\ProgramData\wavav0bdtzbtb43b.bat
C:\ProgramData\wavav0bdtzbtb43b.reg
C:\Users\LUK~1\AppData\Local\Temp\b34btbztdb0vavaw.exe
C:\Program Files (x86)\Zrychleni Pocitace
C:\Program Files (x86)\Ask.com
C:\Program Files (x86)\SweetIM
Hosts:
REG: reg delete HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v NtVdmSrv /f
CMD: shutdown -r
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny fixlist vedle FRST
:arrow: Spustte znovu FRST.exe
  • Kliknete na Fix
  • Probehne oprava, restart PC a vytvori log Fixlog.txt
:arrow: Po restartu PC sem dejte fixlog.txt

Re: Vir Policie ČR

Napsal: 27 črc 2013 12:34
od uja5
Zde je fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-07-2013
Ran by Lukáš at 2013-07-27 13:30:35 Run:1
Running from C:\Users\Lukáš\Desktop
Boot Mode: Safe Mode (with Networking)
==============================================

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes Anti-Malware => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes Anti-Malware (cleanup) => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Optimizer Pro => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\PCSpeedUp => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Steam => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SweetIM => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Sweetpacks Communicator => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\VirtualCloneDrive => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\Run\\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => Value deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => Moved successfully.
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe => Moved successfully.
C:\Users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk => Moved successfully.
C:\Users\LUK~1\AppData\Local\Temp\b34btbztdb0vavaw.exe => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{00000000-6E41-4FD3-8538-502F5495E5FC} => Value deleted successfully.
HKCR\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key deleted successfully.
HKCR\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{04968698-623E-9438-45C6-636217D6F7D9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{04968698-623E-9438-45C6-636217D6F7D9} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ECA26DEB-23AC-4344-840C-0EE3FF97C122} => Key deleted successfully.
HKCR\CLSID\{ECA26DEB-23AC-4344-840C-0EE3FF97C122} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key deleted successfully.
HKCR\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} => Key deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\c1zu50kc.default\searchplugins\askcom.xml => Moved successfully.
C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\c1zu50kc.default\searchplugins\sweetim.xml => Moved successfully.
C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\c1zu50kc.default\Extensions\info@bflix.info => Moved successfully.
C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\c1zu50kc.default\Extensions\toolbar@ask.com => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh => Key deleted successfully.
"C:\Users\Petr\AppData\Local\funmoods.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj => Key deleted successfully.
"C:\Users\Petr\AppData\Local\funmoods-speeddial_sf.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaapoomnboffjcgcebabolakmhbblbk => Key deleted successfully.
C:\Users\Lukáš\AppData\Local\APN\GoogleCRXs\aaaapoomnboffjcgcebabolakmhbblbk_7.14.1.0.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn => Key deleted successfully.
C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\joifgdlkhokekeaenpkaehbnjhncglbh => Key deleted successfully.
"C:\ProgramData\TheBflix\joifgdlkhokekeaenpkaehbnjhncglbh.crx" => File/Directory not found.
PCSUService => Service deleted successfully.
"C:\Users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk" => File/Directory not found.
C:\Users\Petr\5430262.dll => Moved successfully.
C:\Users\Petr\6114940.dll => Moved successfully.
C:\Users\Petr\8446211.dll => Moved successfully.
C:\ProgramData\19hj.dat => Moved successfully.
C:\ProgramData\6878002.bat => Moved successfully.
C:\ProgramData\6878002.pad => Moved successfully.
C:\ProgramData\6878002.reg => Moved successfully.
C:\ProgramData\7999643.bat => Moved successfully.
C:\ProgramData\7999643.pad => Moved successfully.
C:\ProgramData\7999643.reg => Moved successfully.
C:\ProgramData\80ji.dat => Moved successfully.
C:\ProgramData\dbwj.bat => Moved successfully.
C:\ProgramData\dbwj.pad => Moved successfully.
C:\ProgramData\dbwj.reg => Moved successfully.
C:\ProgramData\g2bo.bat => Moved successfully.
C:\ProgramData\g2bo.pad => Moved successfully.
C:\ProgramData\g2bo.reg => Moved successfully.
C:\ProgramData\gdo6z1.dat => Moved successfully.
C:\ProgramData\ij08.bat => Moved successfully.
C:\ProgramData\ij08.pad => Moved successfully.
C:\ProgramData\ij08.reg => Moved successfully.
C:\ProgramData\jwbd.dat => Moved successfully.
C:\ProgramData\ob2g.dat => Moved successfully.
C:\ProgramData\wavav0bdtzbtb43b.bat => Moved successfully.
C:\ProgramData\wavav0bdtzbtb43b.reg => Moved successfully.
"C:\Users\LUK~1\AppData\Local\Temp\b34btbztdb0vavaw.exe" => File/Directory not found.
"C:\Program Files (x86)\Zrychleni Pocitace" => File/Directory not found.
C:\Program Files (x86)\Ask.com => Moved successfully.
C:\Program Files (x86)\SweetIM => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= reg delete HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v NtVdmSrv /f =========

Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.

========= End of Reg: =========


========= shutdown -r =========


========= End of CMD: =========


==== End of Fixlog ====

Re: Vir Policie ČR

Napsal: 27 črc 2013 13:17
od vyosek
Poprosim nyni o log z RSIT http://forum.viry.cz/viewtopic.php?f=24&t=130784

Re: Vir Policie ČR

Napsal: 27 črc 2013 13:54
od uja5
Zde je log z RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Lukáš at 2013-07-27 14:53:37
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 2 GB (4%) free of 51 GB
Total RAM: 4095 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:53:38, on 27.7.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
D:\DATA\LUKAS\Stažené soubory\RSIT.exe
C:\Program Files (x86)\trend micro\Lukáš.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe "C:\Program Files (x86)\HP\HP UT\"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Unknown owner - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFReaderDriverCreatorReadSpool3 (NitroReaderDriverReadSpool3) - Nitro PDF Software - C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10534 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\c1zu50kc.default

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.224 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=D:\DATA\LUKAS\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/McAfeeMssPlugin]
"Description"=McAfee Mss Plugin
"Path"=C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nitropdf.com/NitroPDF]
"Description"=NitroPDF Web Browser Plugin
"Path"=C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


C:\Program Files (x86)\Mozilla Firefox\components\
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-04-27 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-04-27 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2012-08-14 348664]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-11-28 59280]
"HPUsageTracking"=C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe [2009-05-11 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FMVC"=fmcodec.dll
"VIDC.XVID"=xvidvfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-07-27 14:46:57 ----D---- C:\rsit
2013-07-27 14:46:57 ----D---- C:\Program Files (x86)\trend micro
2013-07-27 13:17:08 ----D---- C:\FRST
2013-07-26 20:40:48 ----D---- C:\Windows\pss
2013-07-24 12:52:02 ----A---- C:\Windows\SysWOW64\pthreadGC2.dll
2013-07-24 12:52:02 ----A---- C:\Windows\SysWOW64\MediaInfo.dll
2013-07-24 12:52:01 ----D---- C:\Program Files (x86)\Free MOV to AVI Converter
2013-07-12 08:04:18 ----A---- C:\Windows\SysWOW64\ieui.dll
2013-07-12 08:04:17 ----A---- C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 08:04:17 ----A---- C:\Windows\SysWOW64\iesysprep.dll
2013-07-12 08:04:17 ----A---- C:\Windows\SysWOW64\iesetup.dll
2013-07-12 08:04:17 ----A---- C:\Windows\SysWOW64\iernonce.dll
2013-07-12 08:04:16 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 08:04:16 ----A---- C:\Windows\SysWOW64\iertutil.dll
2013-07-12 08:04:15 ----A---- C:\Windows\SysWOW64\jscript.dll
2013-07-12 08:04:14 ----A---- C:\Windows\SysWOW64\urlmon.dll
2013-07-12 08:04:14 ----A---- C:\Windows\SysWOW64\jscript9.dll
2013-07-12 08:04:12 ----A---- C:\Windows\SysWOW64\wininet.dll
2013-07-12 08:04:12 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 08:04:11 ----A---- C:\Windows\SysWOW64\ieframe.dll
2013-07-12 08:04:07 ----A---- C:\Windows\SysWOW64\mshtml.dll
2013-07-11 21:06:45 ----A---- C:\Windows\SysWOW64\qedit.dll
2013-07-11 21:06:42 ----A---- C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 21:06:13 ----A---- C:\Windows\SysWOW64\DWrite.dll

======List of files/folders modified in the last 1 month======

2013-07-27 14:53:37 ----D---- C:\Windows\Temp
2013-07-27 14:52:54 ----D---- C:\Windows\Prefetch
2013-07-27 14:46:57 ----RD---- C:\Program Files (x86)
2013-07-27 13:36:42 ----D---- C:\Windows\System32
2013-07-27 13:36:42 ----D---- C:\Windows\inf
2013-07-27 13:32:06 ----D---- C:\ProgramData\NVIDIA
2013-07-27 13:30:36 ----D---- C:\Windows
2013-07-27 13:30:35 ----HD---- C:\ProgramData
2013-07-26 21:12:46 ----SHD---- C:\System Volume Information
2013-07-26 19:56:34 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-26 18:54:50 ----D---- C:\Users\Lukáš\AppData\Roaming\Nitro PDF
2013-07-26 15:52:47 ----RD---- C:\Program Files
2013-07-26 09:50:39 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-07-24 14:42:10 ----SD---- C:\Users\Lukáš\AppData\Roaming\Microsoft
2013-07-24 12:52:02 ----D---- C:\Windows\SysWOW64
2013-07-21 16:10:54 ----SHD---- C:\Windows\Installer
2013-07-15 11:26:48 ----A---- C:\Windows\SysWOW64\PerfStringBackup.INI
2013-07-14 12:58:47 ----D---- C:\Windows\Logs
2013-07-12 12:27:47 ----D---- C:\Program Files (x86)\Windows Defender
2013-07-12 12:27:46 ----D---- C:\Program Files (x86)\Internet Explorer
2013-07-12 08:05:10 ----D---- C:\ProgramData\Microsoft Help
2013-07-12 07:58:17 ----D---- C:\Program Files (x86)\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys []
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys []
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys []
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys []
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys []
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys []
R3 appliandMP;appliandMP; C:\Windows\system32\DRIVERS\appliand.sys []
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys []
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys []
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
S3 appliand;Applian Network Service; C:\Windows\system32\DRIVERS\appliand.sys []
S3 aprr9g0a;aprr9g0a; C:\Windows\SysWOW64\drivers\aprr9g0a.sys []
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys []
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]
R2 AntiVirService;Avira Realtime Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-05-08 110032]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-08-11 55184]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2012-10-30 230416]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [2006-12-19 81920]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-09-17 2365792]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 136176]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-02-26 1260320]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12 256904]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-06-07 936848]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe []
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SonicStage Back-End Service;SonicStage Back-End Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe [2007-02-05 112184]
S3 SPTISRV;Sony SPTI Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2007-02-05 75320]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-01-19 541608]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Re: Vir Policie ČR

Napsal: 27 črc 2013 13:57
od vyosek
:arrow: Odinstalujte McAfee Security Scan a tez i Malwarebytes - moc se s Avirou nemusi

:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Kliknete na Prohledat
  • Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

Re: Vir Policie ČR

Napsal: 27 črc 2013 14:00
od uja5
zde je log:

# AdwCleaner v2.306 - Log vytvooen 27/07/2013 v 14:59:28
# Aktualizováno 19/07/2013 Xplode
# Operaení systém : Windows 7 Professional Service Pack 1 (64 bits)
# Uživatel : Lukáš - PC_PRACOVNI
# Spuštin systém : Normální
# Spuštino z : C:\Users\Lukáš\Desktop\adwcleaner.exe
# Volba [Prohledat]


***** [Služby] *****


***** [Soubory / Složky] *****

Složka Nalezeno : C:\ProgramData\Ask
Složka Nalezeno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro
Složka Nalezeno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TheBflix
Složka Nalezeno : C:\ProgramData\Premium
Složka Nalezeno : C:\Users\Lukáš\AppData\Local\APN
Složka Nalezeno : C:\Users\Lukáš\AppData\LocalLow\AskToolbar
Složka Nalezeno : C:\Users\Lukáš\AppData\LocalLow\TheBflix
Složka Nalezeno : C:\Users\Lukáš\AppData\Roaming\OpenCandy
Složka Nalezeno : C:\Users\Lukáš\AppData\Roaming\optimizer pro
Složka Nalezeno : C:\Users\Petr\AppData\LocalLow\AskToolbar
Složka Nalezeno : C:\Users\Petr\AppData\LocalLow\TheBflix
Složka Nalezeno : C:\Users\Petr\AppData\Roaming\Funmoods
Složka Nalezeno : C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\yryy5w60.default\extensions\ffxtlbr@funmoods.com
Složka Nalezeno : C:\Users\Petr\AppData\Roaming\OpenCandy
Složka Nalezeno : C:\Windows\Installer\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Složka Nalezeno : C:\Windows\Installer\{5B58EF61-85F2-4977-97A5-84C19F926579}
Složka Nalezeno : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Složka Nalezeno : C:\Windows\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Soubor Nalezeno : C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\c1zu50kc.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Soubor Nalezeno : C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\yryy5w60.default\searchplugins\funmoods.xml

***** [Registry] *****

Hodnota Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Hodnota Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Klíe Nalezeno : HKCU\Software\APN
Klíe Nalezeno : HKCU\Software\APN PIP
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\AskToolbar
Klíe Nalezeno : HKCU\Software\Ask.com
Klíe Nalezeno : HKCU\Software\incredibar.com
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Klíe Nalezeno : HKCU\Software\Optimizer Pro
Klíe Nalezeno : HKCU\Software\PIP
Klíe Nalezeno : HKLM\Software\APN
Klíe Nalezeno : HKLM\Software\AskToolbar
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Klíe Nalezeno : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Klíe Nalezeno : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Klíe Nalezeno : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Klíe Nalezeno : HKLM\Software\Classes\Installer\Features\16FE85B52F587794795A481CF9295697
Klíe Nalezeno : HKLM\Software\Classes\Installer\Features\254796BF4AC84B64891B61C529A2E23F
Klíe Nalezeno : HKLM\Software\Classes\Installer\Features\758F5690DAAD39F40845E0E23C8C5C0B
Klíe Nalezeno : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Klíe Nalezeno : HKLM\Software\Classes\Installer\Products\16FE85B52F587794795A481CF9295697
Klíe Nalezeno : HKLM\Software\Classes\Installer\Products\254796BF4AC84B64891B61C529A2E23F
Klíe Nalezeno : HKLM\Software\Classes\Installer\Products\758F5690DAAD39F40845E0E23C8C5C0B
Klíe Nalezeno : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Klíe Nalezeno : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Klíe Nalezeno : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Klíe Nalezeno : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\sim-packages
Klíe Nalezeno : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Klíe Nalezeno : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Klíe Nalezeno : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Klíe Nalezeno : HKLM\Software\PIP
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5B58EF61-85F2-4977-97A5-84C19F926579}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry jsou eisté.

-\\ Mozilla Firefox v22.0 (cs)

Soubor : C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\yryy5w60.default\prefs.js

Nalezeno : user_pref("browser.search.defaultengine", "Ask.com");
Nalezeno : user_pref("browser.search.defaultenginename", "Funmoods");
Nalezeno : user_pref("browser.search.order.1", "Ask.com");
Nalezeno : user_pref("browser.startup.homepage", "hxxp://searchfunmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2Xzu[...]
Nalezeno : user_pref("extensions.asktb.ff-original-keyword-url", "");
Nalezeno : user_pref("extensions.enabledAddons", "ffxtlbr%40funmoods.com:1.5.1,%7B972ce4c6-7e08-4474-a285-32081[...]
Nalezeno : user_pref("extensions.funmoods.aflt", "ironpub");
Nalezeno : user_pref("extensions.funmoods.autoRvrt", false);
Nalezeno : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Nalezeno : user_pref("extensions.funmoods.cntry", "CZ");
Nalezeno : user_pref("extensions.funmoods.cv", "cv5");
Nalezeno : user_pref("extensions.funmoods.dfltLng", "");
Nalezeno : user_pref("extensions.funmoods.dfltSrch", true);
Nalezeno : user_pref("extensions.funmoods.dfltlng", "en");
Nalezeno : user_pref("extensions.funmoods.dfltsrch", "false");
Nalezeno : user_pref("extensions.funmoods.dnsErr", true);
Nalezeno : user_pref("extensions.funmoods.envrmnt", "production");
Nalezeno : user_pref("extensions.funmoods.excTlbr", false);
Nalezeno : user_pref("extensions.funmoods.fmupdtFirst", false);
Nalezeno : user_pref("extensions.funmoods.hdrMd5", "EBDE15824028DE2FB3192C9B389BEC23");
Nalezeno : user_pref("extensions.funmoods.hmpg", true);
Nalezeno : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2[...]
Nalezeno : user_pref("extensions.funmoods.hrdid", "002215DBED422F62");
Nalezeno : user_pref("extensions.funmoods.id", "002215DBED422F62");
Nalezeno : user_pref("extensions.funmoods.instlDay", "15625");
Nalezeno : user_pref("extensions.funmoods.instlRef", "ironpub");
Nalezeno : user_pref("extensions.funmoods.instlday", "15625");
Nalezeno : user_pref("extensions.funmoods.instlref", "ironpub");
Nalezeno : user_pref("extensions.funmoods.isdcmntcmplt", true);
Nalezeno : user_pref("extensions.funmoods.keywordurl", "");
Nalezeno : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.227:12:39");
Nalezeno : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Nalezeno : user_pref("extensions.funmoods.monitorreport", true);
Nalezeno : user_pref("extensions.funmoods.newTab", true);
Nalezeno : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=ironpub&chnl=ironpub&cd[...]
Nalezeno : user_pref("extensions.funmoods.newtab", true);
Nalezeno : user_pref("extensions.funmoods.newtaburl", "hxxp://searchfunmoods.com/?f=2&a=ironpub&chnl=ironpub&cd[...]
Nalezeno : user_pref("extensions.funmoods.pnu_base", "{\"newVrsn\":\"198\",\"lastVrsn\":\"198\",\"vrsnLoad\":\"[...]
Nalezeno : user_pref("extensions.funmoods.prdct", "funmoods");
Nalezeno : user_pref("extensions.funmoods.prtnrId", "funmoods");
Nalezeno : user_pref("extensions.funmoods.prtnrid", "funmoods");
Nalezeno : user_pref("extensions.funmoods.savedVrsnTs", "1");
Nalezeno : user_pref("extensions.funmoods.sg", "none");
Nalezeno : user_pref("extensions.funmoods.smplGrp", "none");
Nalezeno : user_pref("extensions.funmoods.smplgrp", "none");
Nalezeno : user_pref("extensions.funmoods.srch", "");
Nalezeno : user_pref("extensions.funmoods.srchPrvdr", "Search");
Nalezeno : user_pref("extensions.funmoods.srchprvdr", "Search");
Nalezeno : user_pref("extensions.funmoods.tlbrId", "base");
Nalezeno : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=ironpub&chnl=ironpub&[...]
Nalezeno : user_pref("extensions.funmoods.tlbrid", "base");
Nalezeno : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://searchfunmoods.com/?f=3&a=ironpub&chnl=ironpub&[...]
Nalezeno : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Nalezeno : user_pref("extensions.funmoods.vrsnTs", "1.5.23.227:12:39");
Nalezeno : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Nalezeno : user_pref("extensions.funmoods.vrsnts", "1.5.23.227:12:39");
Nalezeno : user_pref("extensions.funmoods_i.newTab", true);
Nalezeno : user_pref("extensions.funmoods_i.smplGrp", "none");
Nalezeno : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.227:12:39");
Nalezeno : user_pref("keyword.URL", "hxxp://searchfunmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzut[...]

Soubor : C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\c1zu50kc.default\prefs.js

Nalezeno : user_pref("browser.search.defaultengine", "Ask.com");
Nalezeno : user_pref("browser.search.defaultenginename", "SweetIM Search");
Nalezeno : user_pref("browser.search.order.1", "Ask.com");
Nalezeno : user_pref("extensions.3499ur3ur4hfsudfs.scode", "(function(){try{if('aol.com,mail.google.com,mystart[...]
Nalezeno : user_pref("extensions.asktb.ff-original-keyword-url", "");
Nalezeno : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Ask.com");
Nalezeno : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "");
Nalezeno : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Ask.com");
Nalezeno : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.seznam.cz/");
Nalezeno : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");

-\\ Google Chrome v28.0.1500.72

Soubor : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Preferences

Nalezeno [l.26] : icon_url = "hxxp://searchfunmoods.com/favicon.ico",
Nalezeno [l.29] : keyword = "funmoods.com",
Nalezeno [l.33] : search_url = "hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyD0D0B0E0DyEtBtB0FyCtBtN0D0Tzu0CtBzzyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=965457571",
Nalezeno [l.1812] : homepage = "hxxp://searchfunmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyD0D0B0E0DyEtBtB0FyCtBtN0D0Tzu0CtBzzyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=965457571",
Nalezeno [l.2071] : urls_to_restore_on_startup = [ "hxxp://searchfunmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyD0D0B0E0DyEtBtB0FyCtBtN0D0Tzu0CtBzzyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=965457571" ]

Soubor : C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Preferences

Nalezeno [l.2273] : homepage = "hxxp://home.sweetim.com/?barid={846C7F34-B078-11E1-A156-002215DBED42}",

Soubor : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [19779 octets] - [27/07/2013 14:59:28]

########## EOF - C:\AdwCleaner[R1].txt - [19840 octets] ##########

Re: Vir Policie ČR

Napsal: 27 črc 2013 14:01
od vyosek
:arrow: Spustte znovu AdwCleaner
  • Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
  • Kliknete na Smazat
  • PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz