VIRY.CZ

Kód: Vybrat vše

Start
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [VNT] - C:\Program Files (x86)\VNT\vntldr.exe [195536 2014-01-06] (APN LLC.)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKCU\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [802136 2013-05-02] (BitTorrent Inc.)
HKCU\...\Run: [cz.seznam.software.autoupdate] - C:\Users\Jirka a Aneta\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKCU\...\Run: [cz.seznam.software.szndesktop] - C:\Users\Jirka a Aneta\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\Aňula\...\Run: [MyWebSearch Email Plugin] - C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
HKU\Aňula\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\Aňula\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKU\Aňula\...\Run: [Vagex] - C:\Users\Aňula\Desktop\Vagex\Vagex.exe
HKU\Aňula\...\Run: [KPeerNexonEU] - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
HKU\Aňula\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1815976 2014-01-27] (Valve Corporation)
HKU\Aňula\...\Run: [] - [x]
HKU\Aňula\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1088424 2012-10-13] (Nokia)
HKU\Aňula\...\Run: [AdobeBridge] - [x]
HKU\Aňula\...\Run: [cz.seznam.software.szndesktop] - C:\Users\Aňula\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\Aňula\...\Run: [cz.seznam.software.autoupdate] - C:\Users\Aňula\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\Guest\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKU\Guest\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\Guest\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKU\Guest\...\Run: [Vagex] - C:\Users\Guest\Desktop\Vagex\Vagex.exe
HKU\Guest\...\Run: [KPeerNexonEU] - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
HKU\Guest\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [802136 2013-05-02] (BitTorrent Inc.)
HKU\Guest\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1815976 2014-01-27] (Valve Corporation)
HKU\Guest\...\Run: [] - [x]
HKU\Guest\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1088424 2012-10-13] (Nokia)
HKU\Guest\...\Run: [LSVP] - C:\Program Files (x86)\LS\Vypnutí PC\vp.exe [155648 2005-05-18] (Ladislav SKOKAN, +420602507810, ladislav.skokan@seznam.cz)
HKU\Guest\...\Run: [AdobeBridge] - [x]
HKU\Guest\...\RunOnce: [LSVP] - C:\Program Files (x86)\LS\Vypnutí PC\vp.exe [155648 2005-05-18] (Ladislav SKOKAN, +420602507810, ladislav.skokan@seznam.cz)
HKU\Tata\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\Tata\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKU\Tata\...\Run: [Vagex] - C:\Users\Tata\Desktop\Vagex\Vagex.exe
HKU\Tata\...\Run: [KPeerNexonEU] - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
HKU\Tata\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1815976 2014-01-27] (Valve Corporation)
HKU\Tata\...\Run: [] - [x]
HKU\Tata\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1088424 2012-10-13] (Nokia)
HKU\Tata\...\Run: [AdobeBridge] - [x]
HKU\Tata\...\Run: [cz.seznam.software.szndesktop] - C:\Users\Tata\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\Tata\...\Run: [cz.seznam.software.autoupdate] - C:\Users\Tata\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\UpdatusUser\...\Run: [] - [x]
HKU\UpdatusUser\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
Startup: C:\Users\Tata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.alawarhry.cz
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.jobego.com/search/
FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Jirka a Aneta\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\searchplugins\jobegocom.xml
FF Extension: Vagex Firefox Add-On - C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\Extensions\ffaddon@vagex.com [2013-03-29]
FF Extension: VideoFileDownload - Download YouTube Videos - C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\Extensions\plugin@videofiledownload.com [2012-07-06]
FF Extension: The Saloon Bar - C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\Extensions\saloonbar@ligny.org.uk [2011-02-18]
FF Extension: Seznam lištička - C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2013-05-17]
FF Extension: Illimitux - C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\Extensions\illimitux@illimitux.net.xpi [2011-07-31]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-03-11]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-04-27]
FF HKLM-x32\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files (x86)\BetterSurf\ff
FF HKLM-x32\...\Firefox\Extensions: [12x3q@3244516.com] - C:\Program Files (x86)\Better-Surf\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@bettersurfplus.com] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha510.net] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta63.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta63\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaPlayerV1alpha142.net] - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha142\ff
FF Extension: Media Player - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha142\ff [2014-01-29]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

CHR HKCU\...\Chrome\Extension: [bdkdmpigoicnmdhmhiafmpcfnfgpfnol] - C:\Users\Jirka a Aneta\AppData\Local\CRE\bdkdmpigoicnmdhmhiafmpcfnfgpfnol.crx [2011-12-19]
CHR HKLM-x32\...\Chrome\Extension: [aaaajfocmnnhjaajccaelhippajhaeod] - C:\ProgramData\AskPartnerNetwork\Toolbar\ATU4-V7\CRX\ToolbarCR.crx [2014-01-06]
CHR HKLM-x32\...\Chrome\Extension: [bdkdmpigoicnmdhmhiafmpcfnfgpfnol] - C:\Users\Jirka a Aneta\AppData\Local\CRE\bdkdmpigoicnmdhmhiafmpcfnfgpfnol.crx [2014-01-06]
CHR HKLM-x32\...\Chrome\Extension: [egnimkioipookhfihpljiedpgjffibpa] - C:\Program Files (x86)\MyBrowserCash\MBC_chrome.crx [2014-01-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\JIRKAA~1\AppData\Local\Temp\crxE74B.tmp [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [pfekkhdmhmddhjhfmkmfhojbjlihbopc] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta63\ch\VideoPlayerV3beta63.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [pjbnadgnhhkoohnkddbceoldfibijgpk] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ch\WebexpEnhancedV1alpha510.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx [2013-10-09]

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-01-06] (APN LLC.)
U3 tmlwf;
U3 tmwfp;
S3 usbbus; system32\DRIVERS\lgx64bus.sys [x]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [x]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [x]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]

2014-01-31 12:28 - 2014-01-31 12:28 - 00031323 _____ C:\Users\Jirka a Aneta\Desktop\FRST.txt
2014-01-31 12:28 - 2014-01-31 12:28 - 00029696 _____ C:\Users\Jirka a Aneta\AppData\Local\MSGBOX.EXE
2014-01-31 12:28 - 2014-01-31 12:28 - 00015327 _____ C:\Users\Jirka a Aneta\Desktop\LM.bat
2014-01-31 12:27 - 2014-01-31 12:27 - 00052510 _____ C:\Users\Jirka a Aneta\Desktop\FRST3.txt
2014-01-31 11:50 - 2014-01-31 11:50 - 04009167 _____ C:\Users\Jirka a Aneta\Desktop\ServicesRepair.exe
2014-01-31 11:50 - 2014-01-31 11:50 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2014-01-31 11:43 - 2014-01-31 11:43 - 00002614 _____ C:\Users\Jirka a Aneta\Desktop\FSS.txt
2014-01-31 11:28 - 2014-01-31 11:28 - 00361185 _____ (Farbar) C:\Users\Jirka a Aneta\Desktop\FSS.exe
2014-01-31 11:26 - 2014-01-31 11:26 - 01166132 _____ C:\Users\Jirka a Aneta\Desktop\adwcleaner.exe
2014-01-31 11:02 - 2014-01-31 11:02 - 00008667 _____ C:\ComboFix.rar
2014-01-31 10:55 - 2014-01-31 10:55 - 00104485 _____ C:\ComboFix.txt
2014-01-31 10:22 - 2014-01-31 10:24 - 00005670 _____ C:\Users\Jirka a Aneta\Desktop\Rkill.txt
2014-01-31 10:22 - 2014-01-31 10:22 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Jirka a Aneta\Desktop\rkill64.com
2014-01-31 10:21 - 2014-01-31 10:22 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Jirka a Aneta\Desktop\rkill.com
2014-01-31 09:19 - 2014-01-31 09:19 - 00112640 _____ (forum.viry.cz) C:\Users\Jirka a Aneta\Desktop\FRSTLauncher (2).exe
2014-01-30 23:43 - 2014-01-30 23:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jirka a Aneta\Desktop\mbam-setup-1.75.0.1300.exe
2014-01-30 15:33 - 2014-01-30 15:33 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
C:\Users\Jirka a Aneta\Desktop\FRSTLauncher (2).exe
2014-01-30 15:18 - 2014-01-30 15:34 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-29 23:48 - 2014-01-29 23:48 - 00000000 ____D C:\Program Files (x86)\MediaPlayerV1
C:\Users\Jirka a Aneta\AppData\Local\Temp\avgnt.exe
C:\Users\Jirka a Aneta\AppData\Local\Temp\Quarantine.exe
C:\ProgramData\AskPartnerNetwork
C:\Program Files (x86)\BetterSurf
C:\Program Files (x86)\WebexpEnhancedV1
C:\Program Files (x86)\MediaPlayerV1
C:\Program Files (x86)\AskPartnerNetwork

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
AlternateDataStreams: C:\ProgramData\Temp:07F6D9E4
AlternateDataStreams: C:\ProgramData\Temp:15024E60
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:596E2371
AlternateDataStreams: C:\ProgramData\Temp:68C295D4
AlternateDataStreams: C:\ProgramData\Temp:734E442A
AlternateDataStreams: C:\ProgramData\Temp:75D366A3
AlternateDataStreams: C:\ProgramData\Temp:A724744F
AlternateDataStreams: C:\ProgramData\Temp:A8ADE5D8
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:B88E99C8
AlternateDataStreams: C:\ProgramData\Temp:BB24555F
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPeerNexonEU" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Soluto" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ JCC - AutoClickerBot.lnk" /f

CMD: shutdown /r /f /t 2

End

Kód: Vybrat vše

KillAll::

Folder::
c:\program files (x86)\MediaPlayerV1
c:\program files (x86)\IObit

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

Driver::
WinRing0_1_2_0
X6va012

DDS::
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com

Firefox::
FF - ProfilePath - c:\users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.jobego.com/search/
FF - ExtSQL: 2013-12-20 18:48; ext@WebexpEnhancedV1alpha510.net; c:\program files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ff
FF - ExtSQL: 2014-01-10 18:48; ext@VideoPlayerV3beta63.net; c:\program files (x86)\VideoPlayerV3\VideoPlayerV3beta63\ff
FF - ExtSQL: 2014-01-29 23:48; ext@MediaPlayerV1alpha142.net; c:\program files (x86)\MediaPlayerV1\MediaPlayerV1alpha142\ff

RegLock::
[HKEY_USERS\S-1-5-21-3908090792-2955568676-2883752157-1001_Classes\CLSID]

ClearJavaCache::

Reboot::