Obrázek :
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o radu!
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Prosím o radu!
Dobrý den, moc se tu nevyznám, jsem tu nový, ale potřebuji nutně pomoct! Nedávno jsem si stáhl hru, která měla virus a já to ignoroval a vypl avast, aby to už nic nehlásilo. Ale když avast spustím, tak začně mazat viry a už to smazalo okolo 600 viru. Problém jsem zjístil!!! Když se mi z ničeho nic snižovala paměť v PC. Měl jsem něka 100gb volného místa a najednou mám 0, tak smažu film (2gb) a to se mi po chvíli taky ztratí ..:/ Proč?..A ještě něco, když avast zapnu ať hledá a maže dál, paměť se mi vrací a když vypnu, tak zase ztrácí..
Obrázek :
Obrázek :
Re: Prosím o radu!
Dobrý večer 
jelikož nemám křišťálovou kouli, začneme tím, že vložíte log ze rsitu http://forum.viry.cz/viewtopic.php?f=13&t=105895
jelikož nemám křišťálovou kouli, začneme tím, že vložíte log ze rsitu http://forum.viry.cz/viewtopic.php?f=13&t=105895
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o radu!
Dobře-
Logfile of random's system information tool 1.09 (written by random/random)
Run by DENIS at 2012-09-01 23:34:53
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 15 GB (10%) free of 153 GB
Total RAM: 1470 MB (12% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:36:20, on 1.9.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zrychleni Pocitace\PCSUService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\RelevantKnowledge\rlvknlg.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Guard-ICQ\GuardICQ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\PROGRA~1\ICQ6TO~1\ICQSER~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Guard-ICQ\GuardICQ.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Cirrus Processing\CirrusProcessing.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tunngle\TnglCtrl.exe
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\DENIS\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\DENIS.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx ... =11&lng=cs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80093
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?st=1&barid={25 ... 155807E224}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss ... ffID=16553
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80093
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:57000;https=127.0.0.1:57000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
R3 - URLSearchHook: SpeedUpToolbar BHO - {0D52B2CA-C02E-4EC1-8E80-0A5CD2A640BD} - C:\Program Files\SpeedUpToolbar\IEToolbar.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe,C:\Program Files\olhewjqd\wrvthjwq.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SpeedUpToolbar BHO - {0D52B2CA-C02E-4EC1-8E80-0A5CD2A640BD} - C:\Program Files\SpeedUpToolbar\IEToolbar.dll
O2 - BHO: AC-Pro - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\DENIS\Data aplikací\Complitly\AutocompletePro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
O2 - BHO: (no name) - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - (no file)
O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll
O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: MrFroggy - {856E12B5-22D7-4E22-9ACA-EA9A008DD65B} - C:\Program Files\Minibar\Froggy.dll
O2 - BHO: BitTorrentBar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: GdfrDUEn - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files\Stylish Profile\enlbrdr.dll
O2 - BHO: Minibar BHO - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files\Minibar\Kango.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
O3 - Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - (no file)
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll
O3 - Toolbar: SpeedUp Toolbar - {005B8FC3-0F7E-45DD-8A2F-E352D67EDBFC} - C:\Program Files\SpeedUpToolbar\IEToolbar.dll
O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll
O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Guard.Mail.ru.gui] "C:\Program Files\Guard-ICQ\GuardICQ.exe" /gui
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MediaGet2] C:\Documents and Settings\DENIS\Local Settings\Data aplikací\MediaGet2\mediaget.exe --minimized
O4 - HKCU\..\Run: [CirrusProcessing] C:\Program Files\Cirrus Processing\CirrusProcessing.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\DENIS\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7M\ICQ.exe" silent loginmode=4
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Facebook Messenger.lnk = ?
O4 - Startup: wrvthjwq.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Share Your Mood - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - C:\Program Files\Minibar\MinibarButton.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{58E50765-7AB6-486A-B049-343E7B05CAFB}: NameServer = 62.129.50.20,85.135.32.100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: speeduptoolbar - {A59E71FA-63AB-4695-B7B0-7B97BAA3CF9E} - C:\Program Files\SpeedUpToolbar\IEToolbar.dll
O20 - Winlogon Notify: RelevantKnowledge - C:\Program Files\RelevantKnowledge\rlls.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Guard.Mail.ru - Unknown owner - C:\Program Files\Guard-ICQ\GuardICQ.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\PROGRA~1\ICQ6TO~1\ICQSER~1.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Speed Up Service (PCSUService) - Unknown owner - C:\Program Files\Zrychleni Pocitace\PCSUService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files\Tunngle\TnglCtrl.exe
O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 17151 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1060284298-1450960922-725345543-1003Core.job
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1060284298-1450960922-725345543-1003UA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-1450960922-725345543-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-1450960922-725345543-1003.job
C:\WINDOWS\tasks\WGASetup.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\DENIS\Data aplikací\Mozilla\Firefox\Profiles\d4ckz2su.default
prefs.js - "browser.startup.homepage" - "http://start.icq.com/"
prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=green ... =937811&p="
"Cetrumcz@igeared"=C:\Program Files\CentrumczToolbar\Firefox\Cetrumcz@igeared
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
"{336D0C35-8A85-403a-B9D2-65C292C39087}"=C:\Program Files\Web Assistant\Firefox
"{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}"=C:\Program Files\RelevantKnowledge\firefox
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.271 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@bittorrent.com/BitTorrentDNA]
"Description"=Delivery Network Acceleration by BitTorrent™
"Path"=C:\Program Files\DNA\plugins\npbtdna.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi]
"Description"=ZoneAlarm Toolbar Api
"Path"=C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.5.1]
"Description"=
"Path"=C:\WINDOWS\system32\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6]
"Description"=Yahoo Messenger State Plugin
"Path"=C:\Program Files\Yahoo!\Shared\npYState.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@protectdisc.com/NPMPDRM]
"Description"=MPDRM License Acquisition Plugin
"Path"=C:\Program Files\Common Files\mpDRM\NPMPDRM.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files\Mozilla Firefox\searchplugins\
babylon.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml
C:\Documents and Settings\DENIS\Data aplikací\Mozilla\Firefox\Profiles\d4ckz2su.default\searchplugins\
icqplugin-1.xml
icqplugin.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0D52B2CA-C02E-4EC1-8E80-0A5CD2A640BD}]
SpeedUpToolbar BHO - C:\Program Files\SpeedUpToolbar\IEToolbar.dll [2011-11-08 2376792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}]
AC-Pro - C:\Documents and Settings\DENIS\Data aplikací\Complitly\AutocompletePro.dll [2011-02-27 139768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
Babylon toolbar helper - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll [2011-08-14 270960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23 115072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
Web Assistant - C:\Program Files\Web Assistant\Extension32.dll [2012-08-28 421255]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}]
StartNow Toolbar Helper - C:\Program Files\StartNow Toolbar\Toolbar32.dll [2011-10-25 420576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}]
Incredibar.com Helper Object - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll [2012-01-22 362002]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-07-05 453544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{856E12B5-22D7-4E22-9ACA-EA9A008DD65B}]
MrFroggy Class - C:\Program Files\Minibar\Froggy.dll [2011-06-01 224622]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
BitTorrentBar Toolbar - C:\Program Files\BitTorrentBar\prxtbBit0.dll [2011-05-09 176936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-08-21 1227224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
GdfrDUEn Class - C:\Program Files\Stylish Profile\enlbrdr.dll [2012-08-28 444275]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA74D58F-ACD0-450D-A85E-6C04B171C044}]
MinibarBHO - C:\Program Files\Minibar\Kango.dll [2012-08-28 596874]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-08-28 4084210]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-07-05 157616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2011-08-24 1299248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
YTD Toolbar - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll [2012-07-26 1213832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D5D47440-0750-463D-BAEF-A47D02414806}
{98889811-442D-49dd-99D7-DC866BE87DBC} - Babylon Toolbar - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll [2011-08-14 237680]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll []
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2011-08-24 1299248]
{5911488E-9D1E-40ec-8CBB-06B231CC153F} - StartNow Toolbar - C:\Program Files\StartNow Toolbar\Toolbar32.dll [2011-10-25 420576]
{005B8FC3-0F7E-45DD-8A2F-E352D67EDBFC} - SpeedUp Toolbar - C:\Program Files\SpeedUpToolbar\IEToolbar.dll [2011-11-08 2376792]
{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - BitTorrentBar Toolbar - C:\Program Files\BitTorrentBar\prxtbBit0.dll [2011-05-09 176936]
{F9639E4A-801B-4843-AEE3-03D9DA199E77} - Incredibar Toolbar - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll [2012-01-22 370585]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2012-03-20 1056320]
{F3FEE66E-E034-436a-86E4-9690573BEE8A} - YTD Toolbar - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll [2012-07-26 1213832]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-08-21 1227224]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-02-17 8523776]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]
"PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"Guard.Mail.ru.gui"=C:\Program Files\Guard-ICQ\GuardICQ.exe [2012-08-19 1564368]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2012-08-29 1996200]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-05-30 59280]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2012-06-07 421776]
""= []
"SearchSettings"=C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2012-07-26 1095560]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-08-21 4282728]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"MediaGet2"=C:\Documents and Settings\DENIS\Local Settings\Data aplikací\MediaGet2\mediaget.exe --minimized []
"CirrusProcessing"=C:\Program Files\Cirrus Processing\CirrusProcessing.exe [2012-03-12 1079808]
"Facebook Update"=C:\Documents and Settings\DENIS\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe [2012-08-02 138096]
"ICQ"=C:\Program Files\ICQ7M\ICQ.exe [2012-08-19 127040]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe [2012-08-15 686792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BabylonToolbar]
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe [2012-08-27 549249]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-29 1259376]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
C:\WINDOWS\system32\Macromed\Flash\FlashUtil11c_Plugin.exe -update plugin []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2012-08-29 1996200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2008-02-17 8523776]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2008-02-17 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
C:\Program Files\Pando Networks\Media Booster\PMB.exe [2012-05-08 3089488]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2012-07-26 1095560]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2008-02-17 577536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\SweetIM\Messenger\SweetIM.exe [2011-08-01 114992]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
C:\PROGRA~1\MCAFEE~1\20DE3A~1.189\SSSCHE~1.EXE [2010-09-02 255536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^DENIS^Nabídka Start^Programy^Po spuštění^hamachi.lnk]
C:\PROGRA~1\Hamachi\hamachi.exe []
C:\Documents and Settings\DENIS\Nabídka Start\Programy\Po spuštění
Facebook Messenger.lnk - C:\Documents and Settings\DENIS\Local Settings\Data aplikací\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe
wrvthjwq.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RelevantKnowledge]
C:\Program Files\RelevantKnowledge\rlls.dll [2012-08-21 578608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"sysdiag64.exe"="C:\windows\sysdiag64.exe"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Denis\´´ĘŔÁúľÔ\csyt2.exe"="C:\Denis\´´ĘŔÁúľÔ\csyt2.exe:*:Enabled:csyt2"
"I:\´´ĘŔÁúľÔ- DENIS\csyt2.exe"="I:\´´ĘŔÁúľÔ- DENIS\csyt2.exe:*:Enabled:csyt2"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Denis\Mt2\LocMt2\´´ĘŔÁúľÔ\csyt2.exe"="C:\Denis\Mt2\LocMt2\´´ĘŔÁúľÔ\csyt2.exe:*:Enabled:csyt2"
"C:\Program Files\Mozilla Firefox\SindicateM2\metin2client.bin"="C:\Program Files\Mozilla Firefox\SindicateM2\metin2client.bin:*:Enabled:metin2client"
"C:\Program Files\Mozilla Firefox\SindicateM2\mc.exe"="C:\Program Files\Mozilla Firefox\SindicateM2\mc.exe:*:Enabled:mc"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Documents and Settings\DENIS\Plocha\Nová složka\XtremeMt2\XtremeMt2.exe"="C:\Documents and Settings\DENIS\Plocha\Nová složka\XtremeMt2\XtremeMt2.exe:*:Enabled:XtremeMt2"
"C:\Documents and Settings\DENIS\Plocha\Nová složka\XtremeMt2\mc.exe"="C:\Documents and Settings\DENIS\Plocha\Nová složka\XtremeMt2\mc.exe:*:Enabled:mc"
"C:\Documents and Settings\DENIS\Plocha\Nová složka (2)\CandyLongju Client 2.5\CandyLongju.exe"="C:\Documents and Settings\DENIS\Plocha\Nová složka (2)\CandyLongju Client 2.5\CandyLongju.exe:*:Enabled:CandyLongju"
"C:\Documents and Settings\DENIS\Plocha\Nová složka (2)\CandyLongju Client 2.5\LopMt2.exe"="C:\Documents and Settings\DENIS\Plocha\Nová složka (2)\CandyLongju Client 2.5\LopMt2.exe:*:Enabled:LopMt2"
"C:\Documents and Settings\DENIS\Plocha\Nová složka\XtremeMt2\LopMt2.exe"="C:\Documents and Settings\DENIS\Plocha\Nová složka\XtremeMt2\LopMt2.exe:*:Enabled:LopMt2"
"C:\Documents and Settings\DENIS\Plocha\Složky metin2\cz\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\LopMt2.exe"="C:\Documents and Settings\DENIS\Plocha\Složky metin2\cz\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\LopMt2.exe:*:Enabled:LopMt2"
"C:\Documents and Settings\DENIS\Plocha\Složky metin2\cz\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\KingYT2.exe"="C:\Documents and Settings\DENIS\Plocha\Složky metin2\cz\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\KingYT2.exe:*:Enabled:KingYT2"
"C:\Documents and Settings\DENIS\Plocha\Složky metin2\italia\LandOfPowa\KingYT2.exe"="C:\Documents and Settings\DENIS\Plocha\Složky metin2\italia\LandOfPowa\KingYT2.exe:*:Enabled:KingYT2"
"C:\Documents and Settings\DENIS\Plocha\Složky metin2\cz\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\YitianMT2-CH2.exe"="C:\Documents and Settings\DENIS\Plocha\Složky metin2\cz\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\YitianMT2-CH2.exe:*:Enabled:YitianMT2-CH2"
"C:\Documents and Settings\DENIS\Plocha\Složky metin2\cz\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\Cylj2.exe"="C:\Documents and Settings\DENIS\Plocha\Složky metin2\cz\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\Cylj2.exe:*:Enabled:Cylj2"
"C:\Documents and Settings\DENIS\Plocha\Složky metin2\cz\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\mc.exe"="C:\Documents and Settings\DENIS\Plocha\Složky metin2\cz\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\mc.exe:*:Enabled:mc"
"C:\Documents and Settings\DENIS\Plocha\Složky metin2\cz\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\BrosMt2.exe"="C:\Documents and Settings\DENIS\Plocha\Složky metin2\cz\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\BrosMt2.exe:*:Enabled:BrosMt2"
"C:\Documents and Settings\DENIS\Plocha\Složky metin2\cz\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\0_metin5.exe"="C:\Documents and Settings\DENIS\Plocha\Složky metin2\cz\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\0_metin5.exe:*:Enabled:0_metin5"
"C:\Documents and Settings\DENIS\Plocha\Složky metin2\cz\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\DomikMT2.exe"="C:\Documents and Settings\DENIS\Plocha\Složky metin2\cz\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\DomikMT2.exe:*:Enabled:DomikMT2"
"C:\Documents and Settings\DENIS\Plocha\Složky metin2\Nová složka\XtremeMt2\mc.exe"="C:\Documents and Settings\DENIS\Plocha\Složky metin2\Nová složka\XtremeMt2\mc.exe:*:Enabled:mc"
"C:\Program Files\Thunder Network\Thunder\Program\FileLink\XLFileLink.exe"="C:\Program Files\Thunder Network\Thunder\Program\FileLink\XLFileLink.exe:*:Enabled:FileLink5.9.26.1538"
"C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe"="C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe:*:Enabled:Thunder5.9.26.1538"
"C:\Program Files\Thunder Network\Thunder\Program\ThunderLiveUD.exe"="C:\Program Files\Thunder Network\Thunder\Program\ThunderLiveUD.exe:*:Enabled:Thunder LiveUpdate5.9.26.1538"
"C:\Program Files\Thunder Network\Thunder\Program\XMPBoot.exe"="C:\Program Files\Thunder Network\Thunder\Program\XMPBoot.exe:*:Enabled:XMP5.9.26.1538"
"C:\WINDOWS\system32\winver.exe"="C:\WINDOWS\system32\winver.exe:*:Enabled:winver"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\IpSharkkEvolution\IpSharkkEvo.exe"="C:\Program Files\IpSharkkEvolution\IpSharkkEvo.exe:*:Enabled:IpSharkk Evolution"
"C:\Program Files\IpSharkkEvolution\PHelperIpSharkkEvoProxy.exe"="C:\Program Files\IpSharkkEvolution\PHelperIpSharkkEvoProxy.exe:*:Enabled:IpSharkk Evolution Helper"
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Program Files\LunaRis-Online\Lunaris.exe"="C:\Program Files\LunaRis-Online\Lunaris.exe:*:Enabled:Lunaris"
"C:\Documents and Settings\DENIS\Plocha\kn\hl2.exe"="C:\Documents and Settings\DENIS\Plocha\kn\hl2.exe:*:Enabled:hl2"
"C:\Program Files\SpacialAudio\SAMBC\SAMBC.exe"="C:\Program Files\SpacialAudio\SAMBC\SAMBC.exe:*:Enabled:SAMBC"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Documents and Settings\DENIS\Plocha\grtgtr\metin2client.exe"="C:\Documents and Settings\DENIS\Plocha\grtgtr\metin2client.exe:*:Enabled:metin2client"
"C:\Documents and Settings\DENIS\Plocha\laurent\metin2client.exe"="C:\Documents and Settings\DENIS\Plocha\laurent\metin2client.exe:*:Enabled:metin2client"
"C:\Documents and Settings\DENIS\Plocha\harmonia\metin2client.exe"="C:\Documents and Settings\DENIS\Plocha\harmonia\metin2client.exe:*:Enabled:metin2client"
"C:\Documents and Settings\DENIS\Plocha\Nová složka\MexiliaMt2.exe"="C:\Documents and Settings\DENIS\Plocha\Nová složka\MexiliaMt2.exe:*:Enabled:MexiliaMt2"
"C:\Documents and Settings\DENIS\Plocha\hhh\MexiliaMt2.exe"="C:\Documents and Settings\DENIS\Plocha\hhh\MexiliaMt2.exe:*:Enabled:MexiliaMt2"
"C:\Documents and Settings\DENIS\Plocha\NeonWorld2-Client\NeonWorld2-Starter.exe"="C:\Documents and Settings\DENIS\Plocha\NeonWorld2-Client\NeonWorld2-Starter.exe:*:Enabled:NeonWorld2-Starter"
"C:\Metin2\metin2mod_2011sf.exe"="C:\Metin2\metin2mod_2011sf.exe:*:Enabled:metin2mod_2011sf"
"C:\Metin2\game.bin"="C:\Metin2\game.bin:*:Enabled:game"
"C:\Documents and Settings\DENIS\Plocha\kddd\start.exe"="C:\Documents and Settings\DENIS\Plocha\kddd\start.exe:*:Enabled:start"
"C:\Documents and Settings\DENIS\Plocha\dasda\Atlantica.exe"="C:\Documents and Settings\DENIS\Plocha\dasda\Atlantica.exe:*:Enabled:Atlantica"
"C:\Documents and Settings\DENIS\Plocha\zep\metin2client.exe"="C:\Documents and Settings\DENIS\Plocha\zep\metin2client.exe:*:Enabled:metin2client"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Documents and Settings\DENIS\Plocha\metyn\mc.exe"="C:\Documents and Settings\DENIS\Plocha\metyn\mc.exe:*:Enabled:mc"
"C:\Documents and Settings\DENIS\Plocha\zep\oven.exe"="C:\Documents and Settings\DENIS\Plocha\zep\oven.exe:*:Enabled:oven"
"C:\Documents and Settings\DENIS\Plocha\metyn\oven.exe"="C:\Documents and Settings\DENIS\Plocha\metyn\oven.exe:*:Enabled:oven"
"C:\Documents and Settings\DENIS\Plocha\metyn\metin2client.bin"="C:\Documents and Settings\DENIS\Plocha\metyn\metin2client.bin:*:Enabled:metin2client"
"C:\Documents and Settings\DENIS\Plocha\xasx\metin2.bin"="C:\Documents and Settings\DENIS\Plocha\xasx\metin2.bin:*:Enabled:metin2"
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe"="C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\Documents and Settings\DENIS\Plocha\Nová složka\mc.exe"="C:\Documents and Settings\DENIS\Plocha\Nová složka\mc.exe:*:Enabled:mc"
"C:\Documents and Settings\DENIS\Plocha\Heylo2\mc.exe"="C:\Documents and Settings\DENIS\Plocha\Heylo2\mc.exe:*:Enabled:mc"
"C:\Documents and Settings\DENIS\Plocha\Saphir\Saphir2.exe"="C:\Documents and Settings\DENIS\Plocha\Saphir\Saphir2.exe:*:Enabled:Saphir2"
"C:\Documents and Settings\DENIS\Plocha\Heylo2\metin2client.bin"="C:\Documents and Settings\DENIS\Plocha\Heylo2\metin2client.bin:*:Enabled:metin2client"
"C:\Documents and Settings\DENIS\Plocha\Celestial\metin2client.bin"="C:\Documents and Settings\DENIS\Plocha\Celestial\metin2client.bin:*:Enabled:metin2client"
"C:\Documents and Settings\DENIS\Local Settings\Temp\Rar$EX04.234\Metyn2\mc.exe"="C:\Documents and Settings\DENIS\Local Settings\Temp\Rar$EX04.234\Metyn2\mc.exe:*:Enabled:mc"
"C:\Documents and Settings\DENIS\Plocha\fdv\metin2client.bin"="C:\Documents and Settings\DENIS\Plocha\fdv\metin2client.bin:*:Enabled:metin2client"
"C:\Documents and Settings\DENIS\Plocha\25156\client\metin2client.bin"="C:\Documents and Settings\DENIS\Plocha\25156\client\metin2client.bin:*:Enabled:metin2client"
"C:\Documents and Settings\DENIS\Plocha\dsadas\metin2client.bin"="C:\Documents and Settings\DENIS\Plocha\dsadas\metin2client.bin:*:Enabled:metin2client"
"C:\Documents and Settings\DENIS\Plocha\dddd\metin2client.bin"="C:\Documents and Settings\DENIS\Plocha\dddd\metin2client.bin:*:Enabled:metin2client"
"C:\Documents and Settings\DENIS\Plocha\ff\fds.exe"="C:\Documents and Settings\DENIS\Plocha\ff\fds.exe:*:Enabled:fds"
"C:\Documents and Settings\DENIS\Plocha\ff\Celestial.exe"="C:\Documents and Settings\DENIS\Plocha\ff\Celestial.exe:*:Enabled:Celestial"
"C:\Program Files\MoonMt2 2012\metin2client.exe"="C:\Program Files\MoonMt2 2012\metin2client.exe:*:Enabled:metin2client"
"C:\Documents and Settings\DENIS\Plocha\Nová složka\metin2client.bin"="C:\Documents and Settings\DENIS\Plocha\Nová složka\metin2client.bin:*:Enabled:metin2client"
"C:\Documents and Settings\DENIS\Plocha\Nová složka (2)\metin2client.bin"="C:\Documents and Settings\DENIS\Plocha\Nová složka (2)\metin2client.bin:*:Enabled:metin2client"
"C:\Games\TrackMania 2\ManiaPlanet.exe"="C:\Games\TrackMania 2\ManiaPlanet.exe:*:Enabled:ManiaPlanet"
"C:\Documents and Settings\DENIS\Plocha\celestial\metin2.bin"="C:\Documents and Settings\DENIS\Plocha\celestial\metin2.bin:*:Enabled:metin2"
"C:\Documents and Settings\DENIS\Local Settings\Data aplikací\Opera\Opera\temporary_downloads\bulanci.exe"="C:\Documents and Settings\DENIS\Local Settings\Data aplikací\Opera\Opera\temporary_downloads\bulanci.exe:*:Enabled:bulanci"
"C:\Program Files\EA Games\Battlefield Play4Free\BFP4f.exe"="C:\Program Files\EA Games\Battlefield Play4Free\BFP4f.exe:*:Enabled:BFP4f"
"C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Electronic Arts\Need For Speed World\Data\nfsw.exe"="C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Electronic Arts\Need For Speed World\Data\nfsw.exe:*:Enabled:Need for Speed World"
"C:\Documents and Settings\DENIS\Plocha\celestial\historia2.bin"="C:\Documents and Settings\DENIS\Plocha\celestial\historia2.bin:*:Enabled:historia2"
"C:\Program Files\Counter-Strike Source\hl2.exe"="C:\Program Files\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"C:\PacSteamT\SteamApps\txx9x\half-life 2 deathmatch\hl2.exe"="C:\PacSteamT\SteamApps\txx9x\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"C:\Documents and Settings\DENIS\Plocha\mega\Metin2Mage.exe"="C:\Documents and Settings\DENIS\Plocha\mega\Metin2Mage.exe:*:Enabled:Metin2Mage"
"C:\PacSteamT\SteamApps\txx9x\counter-strike source\hl2.exe"="C:\PacSteamT\SteamApps\txx9x\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source"
"C:\Documents and Settings\DENIS\Plocha\mage\Metin2Mage.exe"="C:\Documents and Settings\DENIS\Plocha\mage\Metin2Mage.exe:*:Enabled:Metin2Mage"
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\Metin2\metin2client.bin"="C:\Program Files\Metin2\metin2client.bin:*:Enabled:metin2client"
"C:\Program Files\Metin2\metin2mod_2011sf.exe"="C:\Program Files\Metin2\metin2mod_2011sf.exe:*:Enabled:metin2mod_2011sf"
"C:\PacSteamT\SteamApps\txx9x2\counter-strike source\hl2.exe"="C:\PacSteamT\SteamApps\txx9x2\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe"="C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper"
"C:\Program Files\Counter-Strike 1.6 Non-Steam\hl.exe"="C:\Program Files\Counter-Strike 1.6 Non-Steam\hl.exe:*:Enabled:Half-Life Launcher"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Documents and Settings\DENIS\Plocha\klient\Camerion.exe"="C:\Documents and Settings\DENIS\Plocha\klient\Camerion.exe:*:Enabled:Camerion"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\ICQ7M\ICQ.exe"="C:\Program Files\ICQ7M\ICQ.exe:*:Enabled:ICQ7M"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"msacm.vorbis"=vorbis.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"msacm.ac3filter"=ac3filter.acm
"msacm.l3fhg"=mp3fhg.acm
"VIDC.XVID"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll
======File associations======
.reg - open - "regedit.exe" "%1"
======List of files/folders created in the last 1 month======
2012-09-01 23:35:05 ----D---- C:\Program Files\trend micro
2012-09-01 23:34:53 ----D---- C:\rsit
2012-09-01 17:53:18 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2012-09-01 17:53:17 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2012-09-01 17:53:12 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2012-09-01 17:53:11 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2012-09-01 17:53:11 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2012-09-01 17:53:10 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2012-09-01 17:53:10 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2012-09-01 17:53:09 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2012-09-01 17:52:23 ----A---- C:\WINDOWS\avastSS.scr
2012-09-01 17:52:22 ----A---- C:\WINDOWS\system32\aswBoot.exe
2012-09-01 17:51:50 ----D---- C:\Program Files\AVAST Software
2012-09-01 17:51:50 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\AVAST Software
2012-08-31 10:10:22 ----D---- C:\Documents and Settings\DENIS\Data aplikací\YTD
2012-08-31 10:10:21 ----D---- C:\Documents and Settings\DENIS\Data aplikací\wtxpcom
2012-08-30 23:17:02 ----D---- C:\Documents and Settings\DENIS\Data aplikací\Search Settings
2012-08-30 23:16:16 ----D---- C:\Program Files\Application Updater
2012-08-30 23:16:14 ----D---- C:\Program Files\YTD Toolbar
2012-08-30 23:16:14 ----D---- C:\Program Files\Common Files\Spigot
2012-08-30 23:15:35 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\YTD Video Downloader
2012-08-30 23:15:26 ----D---- C:\Program Files\GreenTree Applications
2012-08-30 22:57:24 ----D---- C:\Program Files\Mp3 Knife
2012-08-30 15:46:34 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2012-08-30 15:46:34 ----A---- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2012-08-30 15:45:21 ----D---- C:\Program Files\iPod
2012-08-30 15:45:17 ----D---- C:\Program Files\iTunes
2012-08-30 15:45:17 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-08-30 15:44:14 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2012-08-30 15:44:14 ----A---- C:\WINDOWS\system32\drivers\usbaapl.sys
2012-08-30 15:43:05 ----D---- C:\Program Files\Common Files\Apple
2012-08-29 21:50:21 ----D---- C:\Program Files\LogMeIn Hamachi
2012-08-27 22:48:47 ----D---- C:\Program Files\olhewjqd
2012-08-27 22:48:44 ----D---- C:\Program Files\Microsoft
2012-08-23 02:10:54 ----D---- C:\Program Files\Rowbelik
2012-08-22 14:01:08 ----D---- C:\Program Files\Valve
2012-08-19 20:44:57 ----D---- C:\Documents and Settings\DENIS\Data aplikací\ICQ
2012-08-19 20:44:22 ----D---- C:\Program Files\ICQ7M
2012-08-18 16:05:49 ----D---- C:\Program Files\Drakensang Online
2012-08-18 13:30:36 ----D---- C:\Program Files\ICQ6Toolbar
2012-08-18 13:29:31 ----D---- C:\Documents and Settings\DENIS\Data aplikací\ICQ Search
2012-08-18 13:29:13 ----D---- C:\Program Files\Guard-ICQ
2012-08-15 15:12:02 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-08-15 15:12:02 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Mozilla
2012-08-14 00:14:35 ----D---- C:\Program Files\Oracle
2012-08-14 00:14:21 ----D---- C:\Documents and Settings\DENIS\Data aplikací\Oracle
2012-08-14 00:14:08 ----A---- C:\WINDOWS\system32\npDeployJava1.dll
2012-08-14 00:14:08 ----A---- C:\WINDOWS\system32\javaws.exe
2012-08-14 00:13:37 ----A---- C:\WINDOWS\system32\javaw.exe
2012-08-14 00:13:37 ----A---- C:\WINDOWS\system32\java.exe
2012-08-08 11:46:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952011$
======List of files/folders modified in the last 1 month======
2012-09-01 23:35:05 ----RD---- C:\Program Files
2012-09-01 23:20:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-09-01 22:39:17 ----D---- C:\Program Files\Common Files\PAC7302
2012-09-01 22:18:49 ----D---- C:\WINDOWS\Temp
2012-09-01 21:49:33 ----D---- C:\Program Files\AC3Filter
2012-09-01 21:24:36 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\mpDRM
2012-09-01 21:22:06 ----D---- C:\Program Files\RelevantKnowledge
2012-09-01 19:30:02 ----D---- C:\Program Files\Stylish Profile
2012-09-01 19:25:03 ----D---- C:\Program Files\Outlook Express
2012-09-01 19:23:53 ----D---- C:\Program Files\Movie Maker
2012-09-01 19:23:35 ----D---- C:\WINDOWS\system32\CatRoot2
2012-09-01 18:00:08 ----D---- C:\WINDOWS\system32
2012-09-01 18:00:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-09-01 17:58:37 ----SHD---- C:\Config.Msi
2012-09-01 17:54:25 ----SHD---- C:\WINDOWS\Installer
2012-09-01 17:54:25 ----SD---- C:\WINDOWS\Tasks
2012-09-01 17:54:25 ----D---- C:\Program Files\Google
2012-09-01 17:53:18 ----D---- C:\WINDOWS\system32\drivers
2012-09-01 17:52:23 ----D---- C:\WINDOWS
2012-09-01 17:27:28 ----D---- C:\Program Files\Internet Explorer
2012-09-01 16:00:50 ----D---- C:\Documents and Settings\DENIS\Data aplikací\BitTorrent
2012-09-01 00:34:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-08-31 12:59:38 ----D---- C:\Program Files\WinRAR
2012-08-31 10:55:22 ----D---- C:\Program Files\Counter-Strike 1.6 Non-Steam
2012-08-31 10:25:24 ----D---- C:\Denis
2012-08-31 10:10:18 ----D---- C:\Program Files\Mozilla Firefox
2012-08-30 23:16:17 ----D---- C:\WINDOWS\WinSxS
2012-08-30 23:16:14 ----D---- C:\Program Files\Common Files
2012-08-30 18:23:24 ----D---- C:\Documents and Settings\DENIS\Data aplikací\Apple Computer
2012-08-30 16:23:28 ----HD---- C:\WINDOWS\inf
2012-08-30 15:46:34 ----DC---- C:\WINDOWS\system32\DRVSTORE
2012-08-30 15:45:17 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Apple Computer
2012-08-30 15:44:34 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Apple
2012-08-30 15:43:32 ----D---- C:\Program Files\Bonjour
2012-08-30 07:48:39 ----D---- C:\WINDOWS\Prefetch
2012-08-28 14:57:32 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-08-28 14:52:56 ----D---- C:\WINDOWS\system32\Restore
2012-08-26 23:27:39 ----A---- C:\WINDOWS\win.ini
2012-08-25 00:33:33 ----D---- C:\Documents and Settings
2012-08-22 14:01:07 ----HD---- C:\Program Files\InstallShield Installation Information
2012-08-20 15:03:12 ----D---- C:\Program Files\Gameforge
2012-08-20 14:56:55 ----D---- C:\Program Files\Java
2012-08-19 22:01:36 ----D---- C:\Program Files\BitTorrentBar
2012-08-19 21:57:21 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ICQ
2012-08-15 15:13:10 ----D---- C:\Documents and Settings\DENIS\Data aplikací\Mozilla
2012-08-15 14:21:15 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-08-14 00:37:16 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Adobe
2012-08-09 13:19:20 ----D---- C:\WINDOWS\Downloaded Installations
2012-08-08 11:46:33 ----A---- C:\WINDOWS\imsins.BAK
2012-08-05 18:57:53 ----A---- C:\WINDOWS\ModemLog_PCI SoftV92 Data Fax Modem.txt
2012-08-03 12:27:29 ----D---- C:\Program Files\Opera
2012-08-02 23:50:04 ----SD---- C:\Documents and Settings\DENIS\Data aplikací\Microsoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-03-31 44944]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2011-10-27 443448]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-08-21 25256]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2012-08-21 35928]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-08-21 729752]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-08-21 355632]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-08-21 54232]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-10-25 232512]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-08-21 21256]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-08-21 97608]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2008-02-17 12672]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-02-17 4127488]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2008-02-17 988800]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2008-02-17 244480]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-02-17 7435136]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-02-17 54144]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-02-17 22016]
R3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2012-04-25 43520]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2008-02-17 730112]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 PAC7302;CANYON USB PC CAMERA; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-11-08 458752]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva390;XDva390; \??\C:\WINDOWS\system32\XDva390.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-05-24 55184]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2012-07-26 794560]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-08-21 44808]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 Guard.Mail.ru;Guard.Mail.ru; C:\Program Files\Guard-ICQ\GuardICQ.exe [2012-08-19 1564368]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 1385896]
R2 ICQ Service;ICQ Service; C:\PROGRA~1\ICQ6TO~1\ICQSER~1.EXE [2012-03-20 247872]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe [2012-07-05 161704]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-02-17 155716]
R2 PCSUService;PC Speed Up Service; C:\Program Files\Zrychleni Pocitace\PCSUService.exe [2011-09-28 234720]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2012-03-24 75136]
R2 TunngleService;TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [2011-10-14 745832]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar; C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe [2011-10-25 244960]
R2 Web Assistant Updater;Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-05-08 185856]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-06-07 821648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-10 136120]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe [2010-09-02 227232]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-31 114144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe []
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Logfile of random's system information tool 1.09 (written by random/random)
Run by DENIS at 2012-09-01 23:34:53
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 15 GB (10%) free of 153 GB
Total RAM: 1470 MB (12% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:36:20, on 1.9.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zrychleni Pocitace\PCSUService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\RelevantKnowledge\rlvknlg.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Guard-ICQ\GuardICQ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\PROGRA~1\ICQ6TO~1\ICQSER~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Guard-ICQ\GuardICQ.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Cirrus Processing\CirrusProcessing.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tunngle\TnglCtrl.exe
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\DENIS\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\DENIS.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx ... =11&lng=cs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80093
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?st=1&barid={25 ... 155807E224}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss ... ffID=16553
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80093
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:57000;https=127.0.0.1:57000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
R3 - URLSearchHook: SpeedUpToolbar BHO - {0D52B2CA-C02E-4EC1-8E80-0A5CD2A640BD} - C:\Program Files\SpeedUpToolbar\IEToolbar.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe,C:\Program Files\olhewjqd\wrvthjwq.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SpeedUpToolbar BHO - {0D52B2CA-C02E-4EC1-8E80-0A5CD2A640BD} - C:\Program Files\SpeedUpToolbar\IEToolbar.dll
O2 - BHO: AC-Pro - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\DENIS\Data aplikací\Complitly\AutocompletePro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
O2 - BHO: (no name) - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - (no file)
O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll
O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: MrFroggy - {856E12B5-22D7-4E22-9ACA-EA9A008DD65B} - C:\Program Files\Minibar\Froggy.dll
O2 - BHO: BitTorrentBar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: GdfrDUEn - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files\Stylish Profile\enlbrdr.dll
O2 - BHO: Minibar BHO - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files\Minibar\Kango.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
O3 - Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - (no file)
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll
O3 - Toolbar: SpeedUp Toolbar - {005B8FC3-0F7E-45DD-8A2F-E352D67EDBFC} - C:\Program Files\SpeedUpToolbar\IEToolbar.dll
O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll
O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Guard.Mail.ru.gui] "C:\Program Files\Guard-ICQ\GuardICQ.exe" /gui
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MediaGet2] C:\Documents and Settings\DENIS\Local Settings\Data aplikací\MediaGet2\mediaget.exe --minimized
O4 - HKCU\..\Run: [CirrusProcessing] C:\Program Files\Cirrus Processing\CirrusProcessing.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\DENIS\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7M\ICQ.exe" silent loginmode=4
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Facebook Messenger.lnk = ?
O4 - Startup: wrvthjwq.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Share Your Mood - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - C:\Program Files\Minibar\MinibarButton.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{58E50765-7AB6-486A-B049-343E7B05CAFB}: NameServer = 62.129.50.20,85.135.32.100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: speeduptoolbar - {A59E71FA-63AB-4695-B7B0-7B97BAA3CF9E} - C:\Program Files\SpeedUpToolbar\IEToolbar.dll
O20 - Winlogon Notify: RelevantKnowledge - C:\Program Files\RelevantKnowledge\rlls.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Guard.Mail.ru - Unknown owner - C:\Program Files\Guard-ICQ\GuardICQ.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\PROGRA~1\ICQ6TO~1\ICQSER~1.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Speed Up Service (PCSUService) - Unknown owner - C:\Program Files\Zrychleni Pocitace\PCSUService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files\Tunngle\TnglCtrl.exe
O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 17151 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1060284298-1450960922-725345543-1003Core.job
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1060284298-1450960922-725345543-1003UA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-1450960922-725345543-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-1450960922-725345543-1003.job
C:\WINDOWS\tasks\WGASetup.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\DENIS\Data aplikací\Mozilla\Firefox\Profiles\d4ckz2su.default
prefs.js - "browser.startup.homepage" - "http://start.icq.com/"
prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=green ... =937811&p="
"Cetrumcz@igeared"=C:\Program Files\CentrumczToolbar\Firefox\Cetrumcz@igeared
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
"{336D0C35-8A85-403a-B9D2-65C292C39087}"=C:\Program Files\Web Assistant\Firefox
"{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}"=C:\Program Files\RelevantKnowledge\firefox
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.271 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@bittorrent.com/BitTorrentDNA]
"Description"=Delivery Network Acceleration by BitTorrent™
"Path"=C:\Program Files\DNA\plugins\npbtdna.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi]
"Description"=ZoneAlarm Toolbar Api
"Path"=C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.5.1]
"Description"=
"Path"=C:\WINDOWS\system32\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6]
"Description"=Yahoo Messenger State Plugin
"Path"=C:\Program Files\Yahoo!\Shared\npYState.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@protectdisc.com/NPMPDRM]
"Description"=MPDRM License Acquisition Plugin
"Path"=C:\Program Files\Common Files\mpDRM\NPMPDRM.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files\Mozilla Firefox\searchplugins\
babylon.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml
C:\Documents and Settings\DENIS\Data aplikací\Mozilla\Firefox\Profiles\d4ckz2su.default\searchplugins\
icqplugin-1.xml
icqplugin.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0D52B2CA-C02E-4EC1-8E80-0A5CD2A640BD}]
SpeedUpToolbar BHO - C:\Program Files\SpeedUpToolbar\IEToolbar.dll [2011-11-08 2376792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}]
AC-Pro - C:\Documents and Settings\DENIS\Data aplikací\Complitly\AutocompletePro.dll [2011-02-27 139768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
Babylon toolbar helper - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll [2011-08-14 270960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23 115072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
Web Assistant - C:\Program Files\Web Assistant\Extension32.dll [2012-08-28 421255]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}]
StartNow Toolbar Helper - C:\Program Files\StartNow Toolbar\Toolbar32.dll [2011-10-25 420576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}]
Incredibar.com Helper Object - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll [2012-01-22 362002]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-07-05 453544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{856E12B5-22D7-4E22-9ACA-EA9A008DD65B}]
MrFroggy Class - C:\Program Files\Minibar\Froggy.dll [2011-06-01 224622]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
BitTorrentBar Toolbar - C:\Program Files\BitTorrentBar\prxtbBit0.dll [2011-05-09 176936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-08-21 1227224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
GdfrDUEn Class - C:\Program Files\Stylish Profile\enlbrdr.dll [2012-08-28 444275]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA74D58F-ACD0-450D-A85E-6C04B171C044}]
MinibarBHO - C:\Program Files\Minibar\Kango.dll [2012-08-28 596874]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-08-28 4084210]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-07-05 157616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2011-08-24 1299248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
YTD Toolbar - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll [2012-07-26 1213832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D5D47440-0750-463D-BAEF-A47D02414806}
{98889811-442D-49dd-99D7-DC866BE87DBC} - Babylon Toolbar - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll [2011-08-14 237680]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll []
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2011-08-24 1299248]
{5911488E-9D1E-40ec-8CBB-06B231CC153F} - StartNow Toolbar - C:\Program Files\StartNow Toolbar\Toolbar32.dll [2011-10-25 420576]
{005B8FC3-0F7E-45DD-8A2F-E352D67EDBFC} - SpeedUp Toolbar - C:\Program Files\SpeedUpToolbar\IEToolbar.dll [2011-11-08 2376792]
{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - BitTorrentBar Toolbar - C:\Program Files\BitTorrentBar\prxtbBit0.dll [2011-05-09 176936]
{F9639E4A-801B-4843-AEE3-03D9DA199E77} - Incredibar Toolbar - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll [2012-01-22 370585]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2012-03-20 1056320]
{F3FEE66E-E034-436a-86E4-9690573BEE8A} - YTD Toolbar - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll [2012-07-26 1213832]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-08-21 1227224]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-02-17 8523776]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]
"PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"Guard.Mail.ru.gui"=C:\Program Files\Guard-ICQ\GuardICQ.exe [2012-08-19 1564368]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2012-08-29 1996200]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-05-30 59280]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2012-06-07 421776]
""= []
"SearchSettings"=C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2012-07-26 1095560]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-08-21 4282728]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"MediaGet2"=C:\Documents and Settings\DENIS\Local Settings\Data aplikací\MediaGet2\mediaget.exe --minimized []
"CirrusProcessing"=C:\Program Files\Cirrus Processing\CirrusProcessing.exe [2012-03-12 1079808]
"Facebook Update"=C:\Documents and Settings\DENIS\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe [2012-08-02 138096]
"ICQ"=C:\Program Files\ICQ7M\ICQ.exe [2012-08-19 127040]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe [2012-08-15 686792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BabylonToolbar]
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe [2012-08-27 549249]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-29 1259376]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
C:\WINDOWS\system32\Macromed\Flash\FlashUtil11c_Plugin.exe -update plugin []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2012-08-29 1996200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2008-02-17 8523776]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2008-02-17 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
C:\Program Files\Pando Networks\Media Booster\PMB.exe [2012-05-08 3089488]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2012-07-26 1095560]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2008-02-17 577536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\SweetIM\Messenger\SweetIM.exe [2011-08-01 114992]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
C:\PROGRA~1\MCAFEE~1\20DE3A~1.189\SSSCHE~1.EXE [2010-09-02 255536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^DENIS^Nabídka Start^Programy^Po spuštění^hamachi.lnk]
C:\PROGRA~1\Hamachi\hamachi.exe []
C:\Documents and Settings\DENIS\Nabídka Start\Programy\Po spuštění
Facebook Messenger.lnk - C:\Documents and Settings\DENIS\Local Settings\Data aplikací\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe
wrvthjwq.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RelevantKnowledge]
C:\Program Files\RelevantKnowledge\rlls.dll [2012-08-21 578608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"sysdiag64.exe"="C:\windows\sysdiag64.exe"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Denis\´´ĘŔÁúľÔ\csyt2.exe"="C:\Denis\´´ĘŔÁúľÔ\csyt2.exe:*:Enabled:csyt2"
"I:\´´ĘŔÁúľÔ- DENIS\csyt2.exe"="I:\´´ĘŔÁúľÔ- DENIS\csyt2.exe:*:Enabled:csyt2"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Denis\Mt2\LocMt2\´´ĘŔÁúľÔ\csyt2.exe"="C:\Denis\Mt2\LocMt2\´´ĘŔÁúľÔ\csyt2.exe:*:Enabled:csyt2"
"C:\Program Files\Mozilla Firefox\SindicateM2\metin2client.bin"="C:\Program Files\Mozilla Firefox\SindicateM2\metin2client.bin:*:Enabled:metin2client"
"C:\Program Files\Mozilla Firefox\SindicateM2\mc.exe"="C:\Program Files\Mozilla Firefox\SindicateM2\mc.exe:*:Enabled:mc"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Documents and Settings\DENIS\Plocha\Nová složka\XtremeMt2\XtremeMt2.exe"="C:\Documents and Settings\DENIS\Plocha\Nová složka\XtremeMt2\XtremeMt2.exe:*:Enabled:XtremeMt2"
"C:\Documents and Settings\DENIS\Plocha\Nová složka\XtremeMt2\mc.exe"="C:\Documents and Settings\DENIS\Plocha\Nová složka\XtremeMt2\mc.exe:*:Enabled:mc"
"C:\Documents and Settings\DENIS\Plocha\Nová složka (2)\CandyLongju Client 2.5\CandyLongju.exe"="C:\Documents and Settings\DENIS\Plocha\Nová složka (2)\CandyLongju Client 2.5\CandyLongju.exe:*:Enabled:CandyLongju"
"C:\Documents and Settings\DENIS\Plocha\Nová složka (2)\CandyLongju Client 2.5\LopMt2.exe"="C:\Documents and Settings\DENIS\Plocha\Nová složka (2)\CandyLongju Client 2.5\LopMt2.exe:*:Enabled:LopMt2"
"C:\Documents and Settings\DENIS\Plocha\Nová složka\XtremeMt2\LopMt2.exe"="C:\Documents and Settings\DENIS\Plocha\Nová složka\XtremeMt2\LopMt2.exe:*:Enabled:LopMt2"
"C:\Documents and Settings\DENIS\Plocha\Složky metin2\cz\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\LopMt2.exe"="C:\Documents and Settings\DENIS\Plocha\Složky metin2\cz\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\LopMt2.exe:*:Enabled:LopMt2"
"C:\Documents and Settings\DENIS\Plocha\Složky metin2\cz\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\KingYT2.exe"="C:\Documents and Settings\DENIS\Plocha\Složky metin2\cz\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\KingYT2.exe:*:Enabled:KingYT2"
"C:\Documents and Settings\DENIS\Plocha\Složky metin2\italia\LandOfPowa\KingYT2.exe"="C:\Documents and Settings\DENIS\Plocha\Složky metin2\italia\LandOfPowa\KingYT2.exe:*:Enabled:KingYT2"
"C:\Documents and Settings\DENIS\Plocha\Složky metin2\cz\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\YitianMT2-CH2.exe"="C:\Documents and Settings\DENIS\Plocha\Složky metin2\cz\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\YitianMT2-CH2.exe:*:Enabled:YitianMT2-CH2"
"C:\Documents and Settings\DENIS\Plocha\Složky metin2\cz\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\Cylj2.exe"="C:\Documents and Settings\DENIS\Plocha\Složky metin2\cz\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\Cylj2.exe:*:Enabled:Cylj2"
"C:\Documents and Settings\DENIS\Plocha\Složky metin2\cz\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\mc.exe"="C:\Documents and Settings\DENIS\Plocha\Složky metin2\cz\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\mc.exe:*:Enabled:mc"
"C:\Documents and Settings\DENIS\Plocha\Složky metin2\cz\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\BrosMt2.exe"="C:\Documents and Settings\DENIS\Plocha\Složky metin2\cz\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\BrosMt2.exe:*:Enabled:BrosMt2"
"C:\Documents and Settings\DENIS\Plocha\Složky metin2\cz\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\0_metin5.exe"="C:\Documents and Settings\DENIS\Plocha\Složky metin2\cz\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\0_metin5.exe:*:Enabled:0_metin5"
"C:\Documents and Settings\DENIS\Plocha\Složky metin2\cz\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\DomikMT2.exe"="C:\Documents and Settings\DENIS\Plocha\Složky metin2\cz\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\DomikMT2.exe:*:Enabled:DomikMT2"
"C:\Documents and Settings\DENIS\Plocha\Složky metin2\Nová složka\XtremeMt2\mc.exe"="C:\Documents and Settings\DENIS\Plocha\Složky metin2\Nová složka\XtremeMt2\mc.exe:*:Enabled:mc"
"C:\Program Files\Thunder Network\Thunder\Program\FileLink\XLFileLink.exe"="C:\Program Files\Thunder Network\Thunder\Program\FileLink\XLFileLink.exe:*:Enabled:FileLink5.9.26.1538"
"C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe"="C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe:*:Enabled:Thunder5.9.26.1538"
"C:\Program Files\Thunder Network\Thunder\Program\ThunderLiveUD.exe"="C:\Program Files\Thunder Network\Thunder\Program\ThunderLiveUD.exe:*:Enabled:Thunder LiveUpdate5.9.26.1538"
"C:\Program Files\Thunder Network\Thunder\Program\XMPBoot.exe"="C:\Program Files\Thunder Network\Thunder\Program\XMPBoot.exe:*:Enabled:XMP5.9.26.1538"
"C:\WINDOWS\system32\winver.exe"="C:\WINDOWS\system32\winver.exe:*:Enabled:winver"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\IpSharkkEvolution\IpSharkkEvo.exe"="C:\Program Files\IpSharkkEvolution\IpSharkkEvo.exe:*:Enabled:IpSharkk Evolution"
"C:\Program Files\IpSharkkEvolution\PHelperIpSharkkEvoProxy.exe"="C:\Program Files\IpSharkkEvolution\PHelperIpSharkkEvoProxy.exe:*:Enabled:IpSharkk Evolution Helper"
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Program Files\LunaRis-Online\Lunaris.exe"="C:\Program Files\LunaRis-Online\Lunaris.exe:*:Enabled:Lunaris"
"C:\Documents and Settings\DENIS\Plocha\kn\hl2.exe"="C:\Documents and Settings\DENIS\Plocha\kn\hl2.exe:*:Enabled:hl2"
"C:\Program Files\SpacialAudio\SAMBC\SAMBC.exe"="C:\Program Files\SpacialAudio\SAMBC\SAMBC.exe:*:Enabled:SAMBC"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Documents and Settings\DENIS\Plocha\grtgtr\metin2client.exe"="C:\Documents and Settings\DENIS\Plocha\grtgtr\metin2client.exe:*:Enabled:metin2client"
"C:\Documents and Settings\DENIS\Plocha\laurent\metin2client.exe"="C:\Documents and Settings\DENIS\Plocha\laurent\metin2client.exe:*:Enabled:metin2client"
"C:\Documents and Settings\DENIS\Plocha\harmonia\metin2client.exe"="C:\Documents and Settings\DENIS\Plocha\harmonia\metin2client.exe:*:Enabled:metin2client"
"C:\Documents and Settings\DENIS\Plocha\Nová složka\MexiliaMt2.exe"="C:\Documents and Settings\DENIS\Plocha\Nová složka\MexiliaMt2.exe:*:Enabled:MexiliaMt2"
"C:\Documents and Settings\DENIS\Plocha\hhh\MexiliaMt2.exe"="C:\Documents and Settings\DENIS\Plocha\hhh\MexiliaMt2.exe:*:Enabled:MexiliaMt2"
"C:\Documents and Settings\DENIS\Plocha\NeonWorld2-Client\NeonWorld2-Starter.exe"="C:\Documents and Settings\DENIS\Plocha\NeonWorld2-Client\NeonWorld2-Starter.exe:*:Enabled:NeonWorld2-Starter"
"C:\Metin2\metin2mod_2011sf.exe"="C:\Metin2\metin2mod_2011sf.exe:*:Enabled:metin2mod_2011sf"
"C:\Metin2\game.bin"="C:\Metin2\game.bin:*:Enabled:game"
"C:\Documents and Settings\DENIS\Plocha\kddd\start.exe"="C:\Documents and Settings\DENIS\Plocha\kddd\start.exe:*:Enabled:start"
"C:\Documents and Settings\DENIS\Plocha\dasda\Atlantica.exe"="C:\Documents and Settings\DENIS\Plocha\dasda\Atlantica.exe:*:Enabled:Atlantica"
"C:\Documents and Settings\DENIS\Plocha\zep\metin2client.exe"="C:\Documents and Settings\DENIS\Plocha\zep\metin2client.exe:*:Enabled:metin2client"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Documents and Settings\DENIS\Plocha\metyn\mc.exe"="C:\Documents and Settings\DENIS\Plocha\metyn\mc.exe:*:Enabled:mc"
"C:\Documents and Settings\DENIS\Plocha\zep\oven.exe"="C:\Documents and Settings\DENIS\Plocha\zep\oven.exe:*:Enabled:oven"
"C:\Documents and Settings\DENIS\Plocha\metyn\oven.exe"="C:\Documents and Settings\DENIS\Plocha\metyn\oven.exe:*:Enabled:oven"
"C:\Documents and Settings\DENIS\Plocha\metyn\metin2client.bin"="C:\Documents and Settings\DENIS\Plocha\metyn\metin2client.bin:*:Enabled:metin2client"
"C:\Documents and Settings\DENIS\Plocha\xasx\metin2.bin"="C:\Documents and Settings\DENIS\Plocha\xasx\metin2.bin:*:Enabled:metin2"
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe"="C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\Documents and Settings\DENIS\Plocha\Nová složka\mc.exe"="C:\Documents and Settings\DENIS\Plocha\Nová složka\mc.exe:*:Enabled:mc"
"C:\Documents and Settings\DENIS\Plocha\Heylo2\mc.exe"="C:\Documents and Settings\DENIS\Plocha\Heylo2\mc.exe:*:Enabled:mc"
"C:\Documents and Settings\DENIS\Plocha\Saphir\Saphir2.exe"="C:\Documents and Settings\DENIS\Plocha\Saphir\Saphir2.exe:*:Enabled:Saphir2"
"C:\Documents and Settings\DENIS\Plocha\Heylo2\metin2client.bin"="C:\Documents and Settings\DENIS\Plocha\Heylo2\metin2client.bin:*:Enabled:metin2client"
"C:\Documents and Settings\DENIS\Plocha\Celestial\metin2client.bin"="C:\Documents and Settings\DENIS\Plocha\Celestial\metin2client.bin:*:Enabled:metin2client"
"C:\Documents and Settings\DENIS\Local Settings\Temp\Rar$EX04.234\Metyn2\mc.exe"="C:\Documents and Settings\DENIS\Local Settings\Temp\Rar$EX04.234\Metyn2\mc.exe:*:Enabled:mc"
"C:\Documents and Settings\DENIS\Plocha\fdv\metin2client.bin"="C:\Documents and Settings\DENIS\Plocha\fdv\metin2client.bin:*:Enabled:metin2client"
"C:\Documents and Settings\DENIS\Plocha\25156\client\metin2client.bin"="C:\Documents and Settings\DENIS\Plocha\25156\client\metin2client.bin:*:Enabled:metin2client"
"C:\Documents and Settings\DENIS\Plocha\dsadas\metin2client.bin"="C:\Documents and Settings\DENIS\Plocha\dsadas\metin2client.bin:*:Enabled:metin2client"
"C:\Documents and Settings\DENIS\Plocha\dddd\metin2client.bin"="C:\Documents and Settings\DENIS\Plocha\dddd\metin2client.bin:*:Enabled:metin2client"
"C:\Documents and Settings\DENIS\Plocha\ff\fds.exe"="C:\Documents and Settings\DENIS\Plocha\ff\fds.exe:*:Enabled:fds"
"C:\Documents and Settings\DENIS\Plocha\ff\Celestial.exe"="C:\Documents and Settings\DENIS\Plocha\ff\Celestial.exe:*:Enabled:Celestial"
"C:\Program Files\MoonMt2 2012\metin2client.exe"="C:\Program Files\MoonMt2 2012\metin2client.exe:*:Enabled:metin2client"
"C:\Documents and Settings\DENIS\Plocha\Nová složka\metin2client.bin"="C:\Documents and Settings\DENIS\Plocha\Nová složka\metin2client.bin:*:Enabled:metin2client"
"C:\Documents and Settings\DENIS\Plocha\Nová složka (2)\metin2client.bin"="C:\Documents and Settings\DENIS\Plocha\Nová složka (2)\metin2client.bin:*:Enabled:metin2client"
"C:\Games\TrackMania 2\ManiaPlanet.exe"="C:\Games\TrackMania 2\ManiaPlanet.exe:*:Enabled:ManiaPlanet"
"C:\Documents and Settings\DENIS\Plocha\celestial\metin2.bin"="C:\Documents and Settings\DENIS\Plocha\celestial\metin2.bin:*:Enabled:metin2"
"C:\Documents and Settings\DENIS\Local Settings\Data aplikací\Opera\Opera\temporary_downloads\bulanci.exe"="C:\Documents and Settings\DENIS\Local Settings\Data aplikací\Opera\Opera\temporary_downloads\bulanci.exe:*:Enabled:bulanci"
"C:\Program Files\EA Games\Battlefield Play4Free\BFP4f.exe"="C:\Program Files\EA Games\Battlefield Play4Free\BFP4f.exe:*:Enabled:BFP4f"
"C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Electronic Arts\Need For Speed World\Data\nfsw.exe"="C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Electronic Arts\Need For Speed World\Data\nfsw.exe:*:Enabled:Need for Speed World"
"C:\Documents and Settings\DENIS\Plocha\celestial\historia2.bin"="C:\Documents and Settings\DENIS\Plocha\celestial\historia2.bin:*:Enabled:historia2"
"C:\Program Files\Counter-Strike Source\hl2.exe"="C:\Program Files\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"C:\PacSteamT\SteamApps\txx9x\half-life 2 deathmatch\hl2.exe"="C:\PacSteamT\SteamApps\txx9x\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"C:\Documents and Settings\DENIS\Plocha\mega\Metin2Mage.exe"="C:\Documents and Settings\DENIS\Plocha\mega\Metin2Mage.exe:*:Enabled:Metin2Mage"
"C:\PacSteamT\SteamApps\txx9x\counter-strike source\hl2.exe"="C:\PacSteamT\SteamApps\txx9x\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source"
"C:\Documents and Settings\DENIS\Plocha\mage\Metin2Mage.exe"="C:\Documents and Settings\DENIS\Plocha\mage\Metin2Mage.exe:*:Enabled:Metin2Mage"
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\Metin2\metin2client.bin"="C:\Program Files\Metin2\metin2client.bin:*:Enabled:metin2client"
"C:\Program Files\Metin2\metin2mod_2011sf.exe"="C:\Program Files\Metin2\metin2mod_2011sf.exe:*:Enabled:metin2mod_2011sf"
"C:\PacSteamT\SteamApps\txx9x2\counter-strike source\hl2.exe"="C:\PacSteamT\SteamApps\txx9x2\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe"="C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper"
"C:\Program Files\Counter-Strike 1.6 Non-Steam\hl.exe"="C:\Program Files\Counter-Strike 1.6 Non-Steam\hl.exe:*:Enabled:Half-Life Launcher"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Documents and Settings\DENIS\Plocha\klient\Camerion.exe"="C:\Documents and Settings\DENIS\Plocha\klient\Camerion.exe:*:Enabled:Camerion"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\ICQ7M\ICQ.exe"="C:\Program Files\ICQ7M\ICQ.exe:*:Enabled:ICQ7M"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"msacm.vorbis"=vorbis.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"msacm.ac3filter"=ac3filter.acm
"msacm.l3fhg"=mp3fhg.acm
"VIDC.XVID"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll
======File associations======
.reg - open - "regedit.exe" "%1"
======List of files/folders created in the last 1 month======
2012-09-01 23:35:05 ----D---- C:\Program Files\trend micro
2012-09-01 23:34:53 ----D---- C:\rsit
2012-09-01 17:53:18 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2012-09-01 17:53:17 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2012-09-01 17:53:12 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2012-09-01 17:53:11 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2012-09-01 17:53:11 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2012-09-01 17:53:10 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2012-09-01 17:53:10 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2012-09-01 17:53:09 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2012-09-01 17:52:23 ----A---- C:\WINDOWS\avastSS.scr
2012-09-01 17:52:22 ----A---- C:\WINDOWS\system32\aswBoot.exe
2012-09-01 17:51:50 ----D---- C:\Program Files\AVAST Software
2012-09-01 17:51:50 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\AVAST Software
2012-08-31 10:10:22 ----D---- C:\Documents and Settings\DENIS\Data aplikací\YTD
2012-08-31 10:10:21 ----D---- C:\Documents and Settings\DENIS\Data aplikací\wtxpcom
2012-08-30 23:17:02 ----D---- C:\Documents and Settings\DENIS\Data aplikací\Search Settings
2012-08-30 23:16:16 ----D---- C:\Program Files\Application Updater
2012-08-30 23:16:14 ----D---- C:\Program Files\YTD Toolbar
2012-08-30 23:16:14 ----D---- C:\Program Files\Common Files\Spigot
2012-08-30 23:15:35 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\YTD Video Downloader
2012-08-30 23:15:26 ----D---- C:\Program Files\GreenTree Applications
2012-08-30 22:57:24 ----D---- C:\Program Files\Mp3 Knife
2012-08-30 15:46:34 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2012-08-30 15:46:34 ----A---- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2012-08-30 15:45:21 ----D---- C:\Program Files\iPod
2012-08-30 15:45:17 ----D---- C:\Program Files\iTunes
2012-08-30 15:45:17 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-08-30 15:44:14 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2012-08-30 15:44:14 ----A---- C:\WINDOWS\system32\drivers\usbaapl.sys
2012-08-30 15:43:05 ----D---- C:\Program Files\Common Files\Apple
2012-08-29 21:50:21 ----D---- C:\Program Files\LogMeIn Hamachi
2012-08-27 22:48:47 ----D---- C:\Program Files\olhewjqd
2012-08-27 22:48:44 ----D---- C:\Program Files\Microsoft
2012-08-23 02:10:54 ----D---- C:\Program Files\Rowbelik
2012-08-22 14:01:08 ----D---- C:\Program Files\Valve
2012-08-19 20:44:57 ----D---- C:\Documents and Settings\DENIS\Data aplikací\ICQ
2012-08-19 20:44:22 ----D---- C:\Program Files\ICQ7M
2012-08-18 16:05:49 ----D---- C:\Program Files\Drakensang Online
2012-08-18 13:30:36 ----D---- C:\Program Files\ICQ6Toolbar
2012-08-18 13:29:31 ----D---- C:\Documents and Settings\DENIS\Data aplikací\ICQ Search
2012-08-18 13:29:13 ----D---- C:\Program Files\Guard-ICQ
2012-08-15 15:12:02 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-08-15 15:12:02 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Mozilla
2012-08-14 00:14:35 ----D---- C:\Program Files\Oracle
2012-08-14 00:14:21 ----D---- C:\Documents and Settings\DENIS\Data aplikací\Oracle
2012-08-14 00:14:08 ----A---- C:\WINDOWS\system32\npDeployJava1.dll
2012-08-14 00:14:08 ----A---- C:\WINDOWS\system32\javaws.exe
2012-08-14 00:13:37 ----A---- C:\WINDOWS\system32\javaw.exe
2012-08-14 00:13:37 ----A---- C:\WINDOWS\system32\java.exe
2012-08-08 11:46:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952011$
======List of files/folders modified in the last 1 month======
2012-09-01 23:35:05 ----RD---- C:\Program Files
2012-09-01 23:20:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-09-01 22:39:17 ----D---- C:\Program Files\Common Files\PAC7302
2012-09-01 22:18:49 ----D---- C:\WINDOWS\Temp
2012-09-01 21:49:33 ----D---- C:\Program Files\AC3Filter
2012-09-01 21:24:36 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\mpDRM
2012-09-01 21:22:06 ----D---- C:\Program Files\RelevantKnowledge
2012-09-01 19:30:02 ----D---- C:\Program Files\Stylish Profile
2012-09-01 19:25:03 ----D---- C:\Program Files\Outlook Express
2012-09-01 19:23:53 ----D---- C:\Program Files\Movie Maker
2012-09-01 19:23:35 ----D---- C:\WINDOWS\system32\CatRoot2
2012-09-01 18:00:08 ----D---- C:\WINDOWS\system32
2012-09-01 18:00:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-09-01 17:58:37 ----SHD---- C:\Config.Msi
2012-09-01 17:54:25 ----SHD---- C:\WINDOWS\Installer
2012-09-01 17:54:25 ----SD---- C:\WINDOWS\Tasks
2012-09-01 17:54:25 ----D---- C:\Program Files\Google
2012-09-01 17:53:18 ----D---- C:\WINDOWS\system32\drivers
2012-09-01 17:52:23 ----D---- C:\WINDOWS
2012-09-01 17:27:28 ----D---- C:\Program Files\Internet Explorer
2012-09-01 16:00:50 ----D---- C:\Documents and Settings\DENIS\Data aplikací\BitTorrent
2012-09-01 00:34:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-08-31 12:59:38 ----D---- C:\Program Files\WinRAR
2012-08-31 10:55:22 ----D---- C:\Program Files\Counter-Strike 1.6 Non-Steam
2012-08-31 10:25:24 ----D---- C:\Denis
2012-08-31 10:10:18 ----D---- C:\Program Files\Mozilla Firefox
2012-08-30 23:16:17 ----D---- C:\WINDOWS\WinSxS
2012-08-30 23:16:14 ----D---- C:\Program Files\Common Files
2012-08-30 18:23:24 ----D---- C:\Documents and Settings\DENIS\Data aplikací\Apple Computer
2012-08-30 16:23:28 ----HD---- C:\WINDOWS\inf
2012-08-30 15:46:34 ----DC---- C:\WINDOWS\system32\DRVSTORE
2012-08-30 15:45:17 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Apple Computer
2012-08-30 15:44:34 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Apple
2012-08-30 15:43:32 ----D---- C:\Program Files\Bonjour
2012-08-30 07:48:39 ----D---- C:\WINDOWS\Prefetch
2012-08-28 14:57:32 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-08-28 14:52:56 ----D---- C:\WINDOWS\system32\Restore
2012-08-26 23:27:39 ----A---- C:\WINDOWS\win.ini
2012-08-25 00:33:33 ----D---- C:\Documents and Settings
2012-08-22 14:01:07 ----HD---- C:\Program Files\InstallShield Installation Information
2012-08-20 15:03:12 ----D---- C:\Program Files\Gameforge
2012-08-20 14:56:55 ----D---- C:\Program Files\Java
2012-08-19 22:01:36 ----D---- C:\Program Files\BitTorrentBar
2012-08-19 21:57:21 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ICQ
2012-08-15 15:13:10 ----D---- C:\Documents and Settings\DENIS\Data aplikací\Mozilla
2012-08-15 14:21:15 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-08-14 00:37:16 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Adobe
2012-08-09 13:19:20 ----D---- C:\WINDOWS\Downloaded Installations
2012-08-08 11:46:33 ----A---- C:\WINDOWS\imsins.BAK
2012-08-05 18:57:53 ----A---- C:\WINDOWS\ModemLog_PCI SoftV92 Data Fax Modem.txt
2012-08-03 12:27:29 ----D---- C:\Program Files\Opera
2012-08-02 23:50:04 ----SD---- C:\Documents and Settings\DENIS\Data aplikací\Microsoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-03-31 44944]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2011-10-27 443448]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-08-21 25256]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2012-08-21 35928]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-08-21 729752]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-08-21 355632]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-08-21 54232]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-10-25 232512]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-08-21 21256]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-08-21 97608]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2008-02-17 12672]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-02-17 4127488]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2008-02-17 988800]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2008-02-17 244480]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-02-17 7435136]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-02-17 54144]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-02-17 22016]
R3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2012-04-25 43520]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2008-02-17 730112]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 PAC7302;CANYON USB PC CAMERA; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-11-08 458752]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva390;XDva390; \??\C:\WINDOWS\system32\XDva390.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-05-24 55184]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2012-07-26 794560]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-08-21 44808]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 Guard.Mail.ru;Guard.Mail.ru; C:\Program Files\Guard-ICQ\GuardICQ.exe [2012-08-19 1564368]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 1385896]
R2 ICQ Service;ICQ Service; C:\PROGRA~1\ICQ6TO~1\ICQSER~1.EXE [2012-03-20 247872]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe [2012-07-05 161704]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-02-17 155716]
R2 PCSUService;PC Speed Up Service; C:\Program Files\Zrychleni Pocitace\PCSUService.exe [2011-09-28 234720]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2012-03-24 75136]
R2 TunngleService;TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [2011-10-14 745832]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar; C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe [2011-10-25 244960]
R2 Web Assistant Updater;Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-05-08 185856]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-06-07 821648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-10 136120]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe [2010-09-02 227232]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-31 114144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe []
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Re: Prosím o radu!
Kromě kupy toolbarů a podobných nesmyslů tam breberky máte. Ale máte také torenty, stahujete cracky a nemáte aktualizovaný systém.
Je systém legální?
Je systém legální?Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o radu!
Vůbec nevím, zda-li je systém legální ..Takže jediná možnost je přeinstalovat win?
Re: Prosím o radu!
To ne, zkusíme ho ještě odvirovat, ale domnívám se, že bude i nabořený.
Zazálohujte si důležitá data, pro jistotu
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-souhlaste s instalací konzole pro zotavení
- ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem
Zazálohujte si důležitá data, pro jistotu Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe -souhlaste s instalací konzole pro zotavení
- ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o radu!
A můžete prosím poradit, jak si zalohovat data? Děkuji.
Re: Prosím o radu!
Takže tady je log -
ComboFix 12-08-31.08 - DENIS 02.09.2012 8:16.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1470.772 [GMT 2:00]
Spuštěný z: c:\documents and settings\DENIS\Dokumenty\Sta×enÚ soubory\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\program files\Complitly
c:\program files\Complitly\FireFoxExtension.exe
c:\program files\Complitly\chrome\autocompleteprochrome.crx
c:\program files\Complitly\InstTracker.exe
c:\program files\Complitly\support@Complitly.com\defaults\preferences\predictad.js
c:\program files\Complitly\support@Complitly.com\chrome.manifest
c:\program files\Complitly\support@Complitly.com\chrome\content\appIcon.png
c:\program files\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul
c:\program files\Complitly\support@Complitly.com\chrome\content\options.js
c:\program files\Complitly\support@Complitly.com\chrome\content\options.xul
c:\program files\Complitly\support@Complitly.com\chrome\content\utils.js
c:\program files\Complitly\support@Complitly.com\install.rdf
c:\program files\Complitly\unins000.dat
c:\program files\Complitly\unins000.exe
c:\program files\Incredibar.com
c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
c:\program files\Minibar\FrOGgy.dll
c:\program files\Minibar\KaNGo.dll
c:\program files\Minibar\MiNIbarbutton.dll
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\components\rlxg.dll
c:\program files\RelevantKnowledge\firefox\bootstrap.js
c:\program files\RelevantKnowledge\firefox\defaults\preferences\prefs.js
c:\program files\RelevantKnowledge\firefox\harness-options.json
c:\program files\RelevantKnowledge\firefox\install.rdf
c:\program files\RelevantKnowledge\firefox\locale\en-GB.json
c:\program files\RelevantKnowledge\firefox\locale\eo.json
c:\program files\RelevantKnowledge\firefox\locale\fr-FR.json
c:\program files\RelevantKnowledge\firefox\locales.json
c:\program files\RelevantKnowledge\firefox\resources\addon-kit\lib\page-mod.js
c:\program files\RelevantKnowledge\firefox\resources\addon-kit\lib\tabs.js
c:\program files\RelevantKnowledge\firefox\resources\addon-kit\lib\windows.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\data\content-proxy.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\data\test-content-symbiont.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\data\test-message-manager.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\api-utils.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\byte-streams.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\collection.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\content.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\content\loader.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\content\symbiont.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\content\worker.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\cortex.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\cuddlefish.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\dom\events.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\environment.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\errors.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\events.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\events\assembler.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\file.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\globals!.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\hidden-frame.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\channel.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\light-traits.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\list.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\match-pattern.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\memory.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\message-manager.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\namespace.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\observer-service.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\plain-text-console.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\process.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\runtime.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\sandbox.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\self!.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\system.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\events.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\observer.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\tab.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\utils.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\text-streams.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\timer.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\traceback.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\traits.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\traits\core.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\unload.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\url.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\utils\data.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\utils\function.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\utils\object.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\utils\registry.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\utils\thumbnail.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\window-utils.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\windows\dom.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\windows\loader.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\windows\observer.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\windows\tabs.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\xpcom.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\xul-app.js
c:\program files\RelevantKnowledge\firefox\resources\dpjs\data\content.js
c:\program files\RelevantKnowledge\firefox\resources\dpjs\lib\dompilot.js
c:\program files\RelevantKnowledge\firefox\resources\dpjs\lib\dputil.js
c:\program files\RelevantKnowledge\firefox\resources\dpjs\lib\main.js
c:\program files\RelevantKnowledge\firefox\resources\chrome.manifest
c:\program files\RelevantKnowledge\firefox\rlnx.dll
c:\program files\RelevantKnowledge\chrome.manifest
c:\program files\RelevantKnowledge\install.rdf
c:\program files\RelevantKnowledge\nscf.dat
c:\program files\RelevantKnowledge\rlcm.crx
c:\program files\RelevantKnowledge\rlcm.txt
c:\program files\RelevantKnowledge\rlls.dll
c:\program files\RelevantKnowledge\rlls64.dll
c:\program files\RelevantKnowledge\rloci.bin
c:\program files\RelevantKnowledge\rlph.dll
c:\program files\RelevantKnowledge\rlservice.exe
c:\program files\RelevantKnowledge\rlvknlg.exe
c:\program files\RelevantKnowledge\rlvknlg64.exe
c:\program files\RelevantKnowledge\rlxf.dll
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\ReactivateIE.exe
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files\StartNow Toolbar\Toolbar32.dll
c:\program files\StartNow Toolbar\ToolbarBroker.exe
c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files\StartNow Toolbar\uninstall.dat
c:\program files\Web Assistant\ExTEnsion32.dll
c:\windows\msmqinst.log
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\SET98D.tmp
c:\windows\system32\SET991.tmp
c:\windows\system32\SET99A.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_Updater_Service_for_StartNow_Toolbar
-------\Legacy_Updater_Service_for_StartNow_Toolbar
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-02 do 2012-09-02 )))))))))))))))))))))))))))))))
.
.
2012-09-02 06:06 . 2012-09-02 06:06 -------- d-----w- c:\program files\Cobian Backup 11
2012-09-01 21:35 . 2012-09-01 21:57 -------- d-----w- c:\program files\trend micro
2012-09-01 21:34 . 2012-09-01 21:37 -------- d-----w- C:\rsit
2012-09-01 15:53 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-01 15:53 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-01 15:53 . 2012-08-21 09:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-09-01 15:53 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-01 15:53 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-01 15:53 . 2012-08-21 09:13 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-09-01 15:53 . 2012-08-21 09:13 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-09-01 15:53 . 2012-08-21 09:13 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-09-01 15:52 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-01 15:52 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-01 15:51 . 2012-09-01 15:51 -------- d-----w- c:\program files\AVAST Software
2012-09-01 15:51 . 2012-09-01 15:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\AVAST Software
2012-08-31 08:10 . 2012-08-31 08:10 -------- d-----w- c:\documents and settings\DENIS\Data aplikací\YTD
2012-08-31 08:10 . 2012-08-31 08:10 -------- d-----w- c:\documents and settings\DENIS\Data aplikací\wtxpcom
2012-08-31 08:09 . 2012-08-31 08:09 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-30 21:17 . 2012-08-30 21:17 -------- d-----w- c:\documents and settings\DENIS\Data aplikací\Search Settings
2012-08-30 21:16 . 2012-08-30 21:16 -------- d-----w- c:\program files\Application Updater
2012-08-30 21:16 . 2012-08-30 21:16 -------- d-----w- c:\program files\YTD Toolbar
2012-08-30 21:16 . 2012-08-30 21:16 -------- d-----w- c:\program files\Common Files\Spigot
2012-08-30 21:15 . 2012-08-30 21:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\YTD Video Downloader
2012-08-30 21:15 . 2012-08-30 21:15 -------- d-----w- c:\program files\GreenTree Applications
2012-08-30 20:57 . 2012-08-30 20:57 -------- d-----w- c:\program files\Mp3 Knife
2012-08-30 20:57 . 2004-04-13 04:57 609584 ----a-w- c:\windows\system32\comctl32.ocx
2012-08-30 14:22 . 2012-08-30 14:22 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Data aplikací\Apple Computer
2012-08-30 13:46 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-30 13:46 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-30 13:45 . 2012-08-30 13:45 -------- d-----w- c:\program files\iPod
2012-08-30 13:45 . 2012-08-30 13:46 -------- d-----w- c:\program files\iTunes
2012-08-30 13:45 . 2012-08-30 13:46 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-08-30 13:44 . 2012-08-30 13:44 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Data aplikací\Apple Computer
2012-08-30 13:44 . 2012-04-25 10:11 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-08-30 13:44 . 2012-04-25 10:11 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-08-30 13:43 . 2012-08-30 13:45 -------- d-----w- c:\program files\Common Files\Apple
2012-08-29 19:50 . 2012-08-29 19:50 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-08-27 20:48 . 2012-08-31 08:55 -------- d-----w- c:\program files\olhewjqd
2012-08-27 20:48 . 2012-09-02 06:01 -------- d-----w- c:\program files\Microsoft
2012-08-23 00:10 . 2012-08-27 11:17 -------- d-----w- c:\program files\Rowbelik
2012-08-22 12:01 . 2012-08-22 12:03 -------- d-----w- c:\program files\Valve
2012-08-19 18:44 . 2012-08-27 21:27 -------- d-----w- c:\documents and settings\DENIS\Data aplikací\ICQ
2012-08-19 18:44 . 2012-09-02 06:01 -------- d-----w- c:\program files\ICQ7M
2012-08-18 18:34 . 2012-08-18 18:35 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Data aplikací\{DCD48218-E972-4d0c-9E5F-43462BC13E3B}
2012-08-18 14:05 . 2012-09-02 06:01 -------- d-----w- c:\program files\Drakensang Online
2012-08-18 11:30 . 2012-08-20 09:54 -------- d-----w- c:\program files\ICQ6Toolbar
2012-08-18 11:29 . 2012-08-18 11:29 -------- d-----w- c:\documents and settings\DENIS\Data aplikací\ICQ Search
2012-08-18 11:29 . 2012-08-19 19:57 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Data aplikací\{DCD48218-E972-4d0c-9E5F-43462BC13E3B}
2012-08-18 11:29 . 2012-08-18 11:29 -------- d-----w- c:\program files\Guard-ICQ
2012-08-17 12:56 . 2011-05-29 16:43 75264 ----a-w- c:\program files\Mozilla Firefox\mod\DLLs\ZFishBot.dll
2012-08-17 12:56 . 2012-08-28 11:29 602500 ----a-w- c:\program files\Mozilla Firefox\python22.dll
2012-08-17 12:56 . 2012-08-15 13:08 29184 ----a-w- c:\program files\Mozilla Firefox\mod\DLLs\pythonloader.dll
2012-08-17 12:56 . 2012-06-20 19:00 94977 ----a-w- c:\program files\Mozilla Firefox\ServerInfo.exe
2012-08-17 12:56 . 2012-03-04 15:43 108544 ----a-w- c:\program files\Mozilla Firefox\mod\DLLs\pong_ch.dll
2012-08-17 12:56 . 2011-05-21 18:26 84992 ----a-w- c:\program files\Mozilla Firefox\mod\DLLs\ExpIsEasy3.0.dll
2012-08-17 12:56 . 2011-05-19 22:57 59904 ----a-w- c:\program files\Mozilla Firefox\mod\DLLs\MobberHack_d.dll
2012-08-17 12:56 . 2012-08-15 12:40 6207421 ----a-w- c:\program files\Mozilla Firefox\metin2mod_2011sf.exe
2012-08-15 13:12 . 2012-08-31 19:48 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-08-13 22:55 . 2012-08-13 22:55 -------- d-----w- c:\documents and settings\DENIS\Local Settings\Data aplikací\Sun
2012-08-13 22:14 . 2012-08-13 22:14 -------- d-----w- c:\program files\Oracle
2012-08-13 22:14 . 2012-08-13 22:14 -------- d-----w- c:\documents and settings\DENIS\Data aplikací\Oracle
2012-08-13 22:14 . 2012-07-05 20:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 12:21 . 2012-06-09 10:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 12:21 . 2011-11-07 10:44 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-13 22:12 . 2010-10-19 14:53 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-05 20:06 . 2010-10-19 14:53 687544 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-16 20:20 . 2010-05-16 20:20 1520004 ----a-w- c:\program files\wrar393cz.exe
2012-08-31 08:09 . 2012-08-15 13:11 266720 ------w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0D52B2CA-C02E-4EC1-8E80-0A5CD2A640BD}"= "c:\program files\SpeedUpToolbar\IEToolbar.dll" [2011-11-08 2376792]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2011-08-24 130864]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBit0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{0d52b2ca-c02e-4ec1-8e80-0a5cd2a640bd}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D52B2CA-C02E-4EC1-8E80-0A5CD2A640BD}]
2011-11-08 00:45 2376792 ----a-w- c:\program files\SpeedUpToolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-05-09 09:49 176936 ----a-w- c:\program files\BitTorrentBar\prxtbBit0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2012-08-28 11:49 444275 ----a-w- c:\program files\Stylish Profile\enlbrdr.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-08-24 17:21 1299248 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
"{005B8FC3-0F7E-45DD-8A2F-E352D67EDBFC}"= "c:\program files\SpeedUpToolbar\IEToolbar.dll" [2011-11-08 2376792]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBit0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{005b8fc3-0f7e-45dd-8a2f-e352d67edbfc}]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{005B8FC3-0F7E-45DD-8A2F-E352D67EDBFC}"= "c:\program files\SpeedUpToolbar\IEToolbar.dll" [2011-11-08 2376792]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\prxtbBit0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{005b8fc3-0f7e-45dd-8a2f-e352d67edbfc}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ------w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CirrusProcessing"="c:\program files\Cirrus Processing\CirrusProcessing.exe" [2012-03-12 1079808]
"Facebook Update"="c:\documents and settings\DENIS\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" [2012-08-02 138096]
"ICQ"="c:\program files\ICQ7M\ICQ.exe" [2012-08-19 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-17 8523776]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"Guard.Mail.ru.gui"="c:\program files\Guard-ICQ\GuardICQ.exe" [2012-08-19 1564368]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-07-26 1095560]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"Cobian Backup 11 interface"="c:\program files\Cobian Backup 11\cbInterface.exe" [2012-07-31 4407808]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\DENIS\Nabídka Start\Programy\Po spuštění\
Facebook Messenger.lnk - c:\documents and settings\DENIS\Local Settings\Data aplikací\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe [2012-7-26 244656]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"80.84.58.203,255.255.255.255,164.215.119.118,1"=""
"199.27.135.167,255.255.255.255,164.215.119.118,1"=""
"79.110.87.198,255.255.255.255,164.215.119.118,1"=""
"94.102.0.108,255.255.255.255,164.215.119.118,1"=""
"203.85.0.92,255.255.255.255,164.215.119.118,1"=""
"46.252.196.1,255.255.255.255,164.215.119.118,1"=""
"85.153.48.2,255.255.255.255,164.215.119.118,1"=""
"188.138.106.112,255.255.255.255,164.215.119.118,1"=""
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:228a16cb78
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^DENIS^Nabídka Start^Programy^Po spuštění^hamachi.lnk]
path=c:\documents and settings\DENIS\Nabídka Start\Programy\Po spuštění\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-08-29 10:03 1996200 ------w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-02-17 18:17 8523776 ----a-r- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-02-17 18:17 81920 ----a-r- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-02-17 18:17 1626112 ----a-r- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2012-05-08 15:53 3089488 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2012-07-26 17:52 1095560 ------w- c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2008-02-17 18:17 577536 ----a-r- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2011-08-01 13:35 114992 ----a-r- c:\program files\SweetIM\Messenger\SweetIM.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"sysdiag64.exe"= c:\windows\sysdiag64.exe
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Thunder Network\\Thunder\\Program\\FileLink\\XLFileLink.exe"=
"c:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder.exe"=
"c:\\Program Files\\Thunder Network\\Thunder\\Program\\ThunderLiveUD.exe"=
"c:\\Program Files\\Thunder Network\\Thunder\\Program\\XMPBoot.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
"c:\\Program Files\\Counter-Strike 1.6 Non-Steam\\hl.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\ICQ7M\\ICQ.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"57009:TCP"= 57009:TCP:Pando Media Booster
"57009:UDP"= 57009:UDP:Pando Media Booster
"57357:TCP"= 57357:TCP:Pando Media Booster
"57357:UDP"= 57357:UDP:Pando Media Booster
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1.9.2012 17:53 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1.9.2012 17:53 355632]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [25.10.2011 20:13 232512]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [24.2.2010 12:22 185472]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [26.7.2012 19:40 794560]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.9.2012 17:53 21256]
R2 cbVSCService11;Cobian Backup 11 Stínová kopie - Requester;c:\program files\Cobian Backup 11\cbVSCService11.exe [2.9.2012 8:06 67584]
R2 Guard.Mail.ru;Guard.Mail.ru;c:\program files\Guard-ICQ\GuardICQ.exe [18.8.2012 13:29 1564368]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.8.2012 12:03 1385896]
R2 ICQ Service;ICQ Service;c:\progra~1\ICQ6TO~1\ICQSER~1.EXE [18.8.2012 13:30 247872]
R2 PCSUService;PC Speed Up Service;c:\program files\Zrychleni Pocitace\PCSUService.exe [24.3.2012 20:38 234720]
R2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [17.3.2012 15:40 745832]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [25.5.2012 14:30 185856]
S2 CobianBackup11;Cobian Backup 11 Gravity;c:\program files\Cobian Backup 11\cbService.exe [2.9.2012 8:06 1131008]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [9.6.2012 12:22 250056]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.189\McCHSvc.exe [2.9.2010 22:18 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [15.8.2012 15:12 114144]
S3 XDva390;XDva390;\??\c:\windows\system32\XDva390.sys --> c:\windows\system32\XDva390.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 12:21]
.
2012-05-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-09-02 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-01 09:12]
.
2012-09-02 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-05-17 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uDefault_Search_URL = hxxp://search13.net/
mStart Page = hxxp://home.sweetim.com/?st=1&barid={25AD9C11-1D1C-11E1-886C-00155807E224}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:57000;https=127.0.0.1:57000
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ7M\ICQ.exe
TCP: Interfaces\{58E50765-7AB6-486A-B049-343E7B05CAFB}: NameServer = 62.129.50.20,85.135.32.100
Handler: speeduptoolbar - {A59E71FA-63AB-4695-B7B0-7B97BAA3CF9E} - c:\program files\SpeedUpToolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\DENIS\Data aplikací\Mozilla\Firefox\Profiles\d4ckz2su.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-MediaGet2 - c:\documents and settings\DENIS\Local Settings\Data aplikací\MediaGet2\mediaget.exe
MSConfigStartUp-BabylonToolbar - c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe
MSConfigStartUp-BitTorrent DNA - c:\program files\DNA\btdna.exe
MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil11c_Plugin.exe
AddRemove-Complitly_is1 - c:\program files\Complitly\unins000.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-GameSpy Arcade - c:\progra~1\GAMESP~1\UNWISE.EXE
AddRemove-incredibar - c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
AddRemove-Steam App 33730 - c:\pacsteamt\steam.exe
AddRemove-{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\InstallShield Installation Information\{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}\ICQ7.exe
AddRemove-{86693815-D500-4887-B6EF-B5F0BFA97736}_is1 - c:\program files\MoonMt2 2012\unins000.exe
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe
AddRemove-Yahoo! BrowserPlus - c:\documents and settings\DENIS\Local Settings\Data aplikací\Yahoo!\BrowserPlus\BrowserPlusUninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-02 08:28
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1060284298-1450960922-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3D0D8EDE-CD4E-0601-6D97-EF9DEBCB883D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"pakileceplpemcghjpjeohfjlgcjfkjp"=hex:6a,61,66,61,64,6e,69,70,66,63,6c,62,6e,
6e,6e,6a,62,69,6c,70,00,00
"oaijjpjhhdbhbcnmfmfapeglafedhm"=hex:6a,61,66,61,64,6e,69,70,66,63,6c,62,6e,6e,
6e,6a,62,69,6c,70,00,00
.
[HKEY_USERS\S-1-5-21-1060284298-1450960922-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7479926D-73F7-FA89-9D20-D98E850EE94F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1060284298-1450960922-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FE337229-7DB8-7A5E-F268-4A456B0355A4}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaocmigicmnpgmkhhj"=hex:6a,61,6b,70,6f,6b,6d,67,62,6c,6d,64,68,66,63,62,67,63,
64,6e,00,00
"haiccioamnopdedi"=hex:6a,61,6c,70,6a,6c,68,6c,66,6e,62,61,63,64,62,6b,66,65,
62,64,00,00
"iakbmodhhfonlfoaoh"=hex:62,61,6d,70,00,8a
"dbopjoignojlbpjjpjekcemmnafbnnhlhknmagpe"=hex:6a,62,6e,62,6f,6c,6e,6c,66,64,
64,69,6c,6a,68,6f,66,6d,68,70,6b,6a,6a,6c,6b,68,65,61,63,66,64,62,68,68,62,\
"jbopjoignojlbpjjpjekpccdefcolllecccfofmaobdpokjnmfca"=hex:62,62,70,61,6f,66,
6a,63,62,61,6d,68,6b,65,69,67,70,6a,6c,65,6c,69,66,67,6e,6d,67,6a,63,62,6a,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3984)
c:\program files\Common Files\Spigot\Search Settings\wth.dll
c:\windows\system32\MSCTF.dll
c:\windows\system32\browselc.dll
c:\program files\Microsoft Office\Office12\1029\GrooveIntlResource.dll
c:\windows\system32\webcheck.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Celkový čas: 2012-09-02 08:33:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-09-02 06:33
.
Před spuštěním: Volných bajtů: 55 950 745 600
Po spuštění: Volných bajtů: 56 925 093 888
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /kernel=kernel1.exe
.
- - End Of File - - 97038870ABDE853E1D378FA8C4A4612C
ComboFix 12-08-31.08 - DENIS 02.09.2012 8:16.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1470.772 [GMT 2:00]
Spuštěný z: c:\documents and settings\DENIS\Dokumenty\Sta×enÚ soubory\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\program files\Complitly
c:\program files\Complitly\FireFoxExtension.exe
c:\program files\Complitly\chrome\autocompleteprochrome.crx
c:\program files\Complitly\InstTracker.exe
c:\program files\Complitly\support@Complitly.com\defaults\preferences\predictad.js
c:\program files\Complitly\support@Complitly.com\chrome.manifest
c:\program files\Complitly\support@Complitly.com\chrome\content\appIcon.png
c:\program files\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul
c:\program files\Complitly\support@Complitly.com\chrome\content\options.js
c:\program files\Complitly\support@Complitly.com\chrome\content\options.xul
c:\program files\Complitly\support@Complitly.com\chrome\content\utils.js
c:\program files\Complitly\support@Complitly.com\install.rdf
c:\program files\Complitly\unins000.dat
c:\program files\Complitly\unins000.exe
c:\program files\Incredibar.com
c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
c:\program files\Minibar\FrOGgy.dll
c:\program files\Minibar\KaNGo.dll
c:\program files\Minibar\MiNIbarbutton.dll
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\components\rlxg.dll
c:\program files\RelevantKnowledge\firefox\bootstrap.js
c:\program files\RelevantKnowledge\firefox\defaults\preferences\prefs.js
c:\program files\RelevantKnowledge\firefox\harness-options.json
c:\program files\RelevantKnowledge\firefox\install.rdf
c:\program files\RelevantKnowledge\firefox\locale\en-GB.json
c:\program files\RelevantKnowledge\firefox\locale\eo.json
c:\program files\RelevantKnowledge\firefox\locale\fr-FR.json
c:\program files\RelevantKnowledge\firefox\locales.json
c:\program files\RelevantKnowledge\firefox\resources\addon-kit\lib\page-mod.js
c:\program files\RelevantKnowledge\firefox\resources\addon-kit\lib\tabs.js
c:\program files\RelevantKnowledge\firefox\resources\addon-kit\lib\windows.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\data\content-proxy.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\data\test-content-symbiont.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\data\test-message-manager.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\api-utils.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\byte-streams.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\collection.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\content.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\content\loader.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\content\symbiont.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\content\worker.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\cortex.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\cuddlefish.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\dom\events.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\environment.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\errors.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\events.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\events\assembler.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\file.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\globals!.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\hidden-frame.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\channel.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\light-traits.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\list.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\match-pattern.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\memory.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\message-manager.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\namespace.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\observer-service.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\plain-text-console.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\process.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\runtime.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\sandbox.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\self!.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\system.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\events.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\observer.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\tab.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\utils.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\text-streams.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\timer.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\traceback.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\traits.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\traits\core.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\unload.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\url.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\utils\data.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\utils\function.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\utils\object.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\utils\registry.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\utils\thumbnail.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\window-utils.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\windows\dom.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\windows\loader.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\windows\observer.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\windows\tabs.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\xpcom.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\xul-app.js
c:\program files\RelevantKnowledge\firefox\resources\dpjs\data\content.js
c:\program files\RelevantKnowledge\firefox\resources\dpjs\lib\dompilot.js
c:\program files\RelevantKnowledge\firefox\resources\dpjs\lib\dputil.js
c:\program files\RelevantKnowledge\firefox\resources\dpjs\lib\main.js
c:\program files\RelevantKnowledge\firefox\resources\chrome.manifest
c:\program files\RelevantKnowledge\firefox\rlnx.dll
c:\program files\RelevantKnowledge\chrome.manifest
c:\program files\RelevantKnowledge\install.rdf
c:\program files\RelevantKnowledge\nscf.dat
c:\program files\RelevantKnowledge\rlcm.crx
c:\program files\RelevantKnowledge\rlcm.txt
c:\program files\RelevantKnowledge\rlls.dll
c:\program files\RelevantKnowledge\rlls64.dll
c:\program files\RelevantKnowledge\rloci.bin
c:\program files\RelevantKnowledge\rlph.dll
c:\program files\RelevantKnowledge\rlservice.exe
c:\program files\RelevantKnowledge\rlvknlg.exe
c:\program files\RelevantKnowledge\rlvknlg64.exe
c:\program files\RelevantKnowledge\rlxf.dll
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\ReactivateIE.exe
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files\StartNow Toolbar\Toolbar32.dll
c:\program files\StartNow Toolbar\ToolbarBroker.exe
c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files\StartNow Toolbar\uninstall.dat
c:\program files\Web Assistant\ExTEnsion32.dll
c:\windows\msmqinst.log
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\SET98D.tmp
c:\windows\system32\SET991.tmp
c:\windows\system32\SET99A.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_Updater_Service_for_StartNow_Toolbar
-------\Legacy_Updater_Service_for_StartNow_Toolbar
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-02 do 2012-09-02 )))))))))))))))))))))))))))))))
.
.
2012-09-02 06:06 . 2012-09-02 06:06 -------- d-----w- c:\program files\Cobian Backup 11
2012-09-01 21:35 . 2012-09-01 21:57 -------- d-----w- c:\program files\trend micro
2012-09-01 21:34 . 2012-09-01 21:37 -------- d-----w- C:\rsit
2012-09-01 15:53 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-01 15:53 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-01 15:53 . 2012-08-21 09:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-09-01 15:53 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-01 15:53 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-01 15:53 . 2012-08-21 09:13 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-09-01 15:53 . 2012-08-21 09:13 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-09-01 15:53 . 2012-08-21 09:13 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-09-01 15:52 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-01 15:52 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-01 15:51 . 2012-09-01 15:51 -------- d-----w- c:\program files\AVAST Software
2012-09-01 15:51 . 2012-09-01 15:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\AVAST Software
2012-08-31 08:10 . 2012-08-31 08:10 -------- d-----w- c:\documents and settings\DENIS\Data aplikací\YTD
2012-08-31 08:10 . 2012-08-31 08:10 -------- d-----w- c:\documents and settings\DENIS\Data aplikací\wtxpcom
2012-08-31 08:09 . 2012-08-31 08:09 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-30 21:17 . 2012-08-30 21:17 -------- d-----w- c:\documents and settings\DENIS\Data aplikací\Search Settings
2012-08-30 21:16 . 2012-08-30 21:16 -------- d-----w- c:\program files\Application Updater
2012-08-30 21:16 . 2012-08-30 21:16 -------- d-----w- c:\program files\YTD Toolbar
2012-08-30 21:16 . 2012-08-30 21:16 -------- d-----w- c:\program files\Common Files\Spigot
2012-08-30 21:15 . 2012-08-30 21:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\YTD Video Downloader
2012-08-30 21:15 . 2012-08-30 21:15 -------- d-----w- c:\program files\GreenTree Applications
2012-08-30 20:57 . 2012-08-30 20:57 -------- d-----w- c:\program files\Mp3 Knife
2012-08-30 20:57 . 2004-04-13 04:57 609584 ----a-w- c:\windows\system32\comctl32.ocx
2012-08-30 14:22 . 2012-08-30 14:22 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Data aplikací\Apple Computer
2012-08-30 13:46 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-30 13:46 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-30 13:45 . 2012-08-30 13:45 -------- d-----w- c:\program files\iPod
2012-08-30 13:45 . 2012-08-30 13:46 -------- d-----w- c:\program files\iTunes
2012-08-30 13:45 . 2012-08-30 13:46 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-08-30 13:44 . 2012-08-30 13:44 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Data aplikací\Apple Computer
2012-08-30 13:44 . 2012-04-25 10:11 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-08-30 13:44 . 2012-04-25 10:11 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-08-30 13:43 . 2012-08-30 13:45 -------- d-----w- c:\program files\Common Files\Apple
2012-08-29 19:50 . 2012-08-29 19:50 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-08-27 20:48 . 2012-08-31 08:55 -------- d-----w- c:\program files\olhewjqd
2012-08-27 20:48 . 2012-09-02 06:01 -------- d-----w- c:\program files\Microsoft
2012-08-23 00:10 . 2012-08-27 11:17 -------- d-----w- c:\program files\Rowbelik
2012-08-22 12:01 . 2012-08-22 12:03 -------- d-----w- c:\program files\Valve
2012-08-19 18:44 . 2012-08-27 21:27 -------- d-----w- c:\documents and settings\DENIS\Data aplikací\ICQ
2012-08-19 18:44 . 2012-09-02 06:01 -------- d-----w- c:\program files\ICQ7M
2012-08-18 18:34 . 2012-08-18 18:35 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Data aplikací\{DCD48218-E972-4d0c-9E5F-43462BC13E3B}
2012-08-18 14:05 . 2012-09-02 06:01 -------- d-----w- c:\program files\Drakensang Online
2012-08-18 11:30 . 2012-08-20 09:54 -------- d-----w- c:\program files\ICQ6Toolbar
2012-08-18 11:29 . 2012-08-18 11:29 -------- d-----w- c:\documents and settings\DENIS\Data aplikací\ICQ Search
2012-08-18 11:29 . 2012-08-19 19:57 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Data aplikací\{DCD48218-E972-4d0c-9E5F-43462BC13E3B}
2012-08-18 11:29 . 2012-08-18 11:29 -------- d-----w- c:\program files\Guard-ICQ
2012-08-17 12:56 . 2011-05-29 16:43 75264 ----a-w- c:\program files\Mozilla Firefox\mod\DLLs\ZFishBot.dll
2012-08-17 12:56 . 2012-08-28 11:29 602500 ----a-w- c:\program files\Mozilla Firefox\python22.dll
2012-08-17 12:56 . 2012-08-15 13:08 29184 ----a-w- c:\program files\Mozilla Firefox\mod\DLLs\pythonloader.dll
2012-08-17 12:56 . 2012-06-20 19:00 94977 ----a-w- c:\program files\Mozilla Firefox\ServerInfo.exe
2012-08-17 12:56 . 2012-03-04 15:43 108544 ----a-w- c:\program files\Mozilla Firefox\mod\DLLs\pong_ch.dll
2012-08-17 12:56 . 2011-05-21 18:26 84992 ----a-w- c:\program files\Mozilla Firefox\mod\DLLs\ExpIsEasy3.0.dll
2012-08-17 12:56 . 2011-05-19 22:57 59904 ----a-w- c:\program files\Mozilla Firefox\mod\DLLs\MobberHack_d.dll
2012-08-17 12:56 . 2012-08-15 12:40 6207421 ----a-w- c:\program files\Mozilla Firefox\metin2mod_2011sf.exe
2012-08-15 13:12 . 2012-08-31 19:48 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-08-13 22:55 . 2012-08-13 22:55 -------- d-----w- c:\documents and settings\DENIS\Local Settings\Data aplikací\Sun
2012-08-13 22:14 . 2012-08-13 22:14 -------- d-----w- c:\program files\Oracle
2012-08-13 22:14 . 2012-08-13 22:14 -------- d-----w- c:\documents and settings\DENIS\Data aplikací\Oracle
2012-08-13 22:14 . 2012-07-05 20:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 12:21 . 2012-06-09 10:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 12:21 . 2011-11-07 10:44 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-13 22:12 . 2010-10-19 14:53 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-05 20:06 . 2010-10-19 14:53 687544 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-16 20:20 . 2010-05-16 20:20 1520004 ----a-w- c:\program files\wrar393cz.exe
2012-08-31 08:09 . 2012-08-15 13:11 266720 ------w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0D52B2CA-C02E-4EC1-8E80-0A5CD2A640BD}"= "c:\program files\SpeedUpToolbar\IEToolbar.dll" [2011-11-08 2376792]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2011-08-24 130864]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBit0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{0d52b2ca-c02e-4ec1-8e80-0a5cd2a640bd}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D52B2CA-C02E-4EC1-8E80-0A5CD2A640BD}]
2011-11-08 00:45 2376792 ----a-w- c:\program files\SpeedUpToolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-05-09 09:49 176936 ----a-w- c:\program files\BitTorrentBar\prxtbBit0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2012-08-28 11:49 444275 ----a-w- c:\program files\Stylish Profile\enlbrdr.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-08-24 17:21 1299248 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
"{005B8FC3-0F7E-45DD-8A2F-E352D67EDBFC}"= "c:\program files\SpeedUpToolbar\IEToolbar.dll" [2011-11-08 2376792]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBit0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{005b8fc3-0f7e-45dd-8a2f-e352d67edbfc}]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{005B8FC3-0F7E-45DD-8A2F-E352D67EDBFC}"= "c:\program files\SpeedUpToolbar\IEToolbar.dll" [2011-11-08 2376792]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\prxtbBit0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{005b8fc3-0f7e-45dd-8a2f-e352d67edbfc}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ------w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CirrusProcessing"="c:\program files\Cirrus Processing\CirrusProcessing.exe" [2012-03-12 1079808]
"Facebook Update"="c:\documents and settings\DENIS\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" [2012-08-02 138096]
"ICQ"="c:\program files\ICQ7M\ICQ.exe" [2012-08-19 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-17 8523776]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"Guard.Mail.ru.gui"="c:\program files\Guard-ICQ\GuardICQ.exe" [2012-08-19 1564368]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-07-26 1095560]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"Cobian Backup 11 interface"="c:\program files\Cobian Backup 11\cbInterface.exe" [2012-07-31 4407808]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\DENIS\Nabídka Start\Programy\Po spuštění\
Facebook Messenger.lnk - c:\documents and settings\DENIS\Local Settings\Data aplikací\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe [2012-7-26 244656]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"80.84.58.203,255.255.255.255,164.215.119.118,1"=""
"199.27.135.167,255.255.255.255,164.215.119.118,1"=""
"79.110.87.198,255.255.255.255,164.215.119.118,1"=""
"94.102.0.108,255.255.255.255,164.215.119.118,1"=""
"203.85.0.92,255.255.255.255,164.215.119.118,1"=""
"46.252.196.1,255.255.255.255,164.215.119.118,1"=""
"85.153.48.2,255.255.255.255,164.215.119.118,1"=""
"188.138.106.112,255.255.255.255,164.215.119.118,1"=""
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:228a16cb78
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^DENIS^Nabídka Start^Programy^Po spuštění^hamachi.lnk]
path=c:\documents and settings\DENIS\Nabídka Start\Programy\Po spuštění\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-08-29 10:03 1996200 ------w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-02-17 18:17 8523776 ----a-r- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-02-17 18:17 81920 ----a-r- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-02-17 18:17 1626112 ----a-r- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2012-05-08 15:53 3089488 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2012-07-26 17:52 1095560 ------w- c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2008-02-17 18:17 577536 ----a-r- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2011-08-01 13:35 114992 ----a-r- c:\program files\SweetIM\Messenger\SweetIM.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"sysdiag64.exe"= c:\windows\sysdiag64.exe
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Thunder Network\\Thunder\\Program\\FileLink\\XLFileLink.exe"=
"c:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder.exe"=
"c:\\Program Files\\Thunder Network\\Thunder\\Program\\ThunderLiveUD.exe"=
"c:\\Program Files\\Thunder Network\\Thunder\\Program\\XMPBoot.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
"c:\\Program Files\\Counter-Strike 1.6 Non-Steam\\hl.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\ICQ7M\\ICQ.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"57009:TCP"= 57009:TCP:Pando Media Booster
"57009:UDP"= 57009:UDP:Pando Media Booster
"57357:TCP"= 57357:TCP:Pando Media Booster
"57357:UDP"= 57357:UDP:Pando Media Booster
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1.9.2012 17:53 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1.9.2012 17:53 355632]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [25.10.2011 20:13 232512]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [24.2.2010 12:22 185472]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [26.7.2012 19:40 794560]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.9.2012 17:53 21256]
R2 cbVSCService11;Cobian Backup 11 Stínová kopie - Requester;c:\program files\Cobian Backup 11\cbVSCService11.exe [2.9.2012 8:06 67584]
R2 Guard.Mail.ru;Guard.Mail.ru;c:\program files\Guard-ICQ\GuardICQ.exe [18.8.2012 13:29 1564368]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.8.2012 12:03 1385896]
R2 ICQ Service;ICQ Service;c:\progra~1\ICQ6TO~1\ICQSER~1.EXE [18.8.2012 13:30 247872]
R2 PCSUService;PC Speed Up Service;c:\program files\Zrychleni Pocitace\PCSUService.exe [24.3.2012 20:38 234720]
R2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [17.3.2012 15:40 745832]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [25.5.2012 14:30 185856]
S2 CobianBackup11;Cobian Backup 11 Gravity;c:\program files\Cobian Backup 11\cbService.exe [2.9.2012 8:06 1131008]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [9.6.2012 12:22 250056]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.189\McCHSvc.exe [2.9.2010 22:18 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [15.8.2012 15:12 114144]
S3 XDva390;XDva390;\??\c:\windows\system32\XDva390.sys --> c:\windows\system32\XDva390.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 12:21]
.
2012-05-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-09-02 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-01 09:12]
.
2012-09-02 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-05-17 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uDefault_Search_URL = hxxp://search13.net/
mStart Page = hxxp://home.sweetim.com/?st=1&barid={25AD9C11-1D1C-11E1-886C-00155807E224}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:57000;https=127.0.0.1:57000
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ7M\ICQ.exe
TCP: Interfaces\{58E50765-7AB6-486A-B049-343E7B05CAFB}: NameServer = 62.129.50.20,85.135.32.100
Handler: speeduptoolbar - {A59E71FA-63AB-4695-B7B0-7B97BAA3CF9E} - c:\program files\SpeedUpToolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\DENIS\Data aplikací\Mozilla\Firefox\Profiles\d4ckz2su.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-MediaGet2 - c:\documents and settings\DENIS\Local Settings\Data aplikací\MediaGet2\mediaget.exe
MSConfigStartUp-BabylonToolbar - c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe
MSConfigStartUp-BitTorrent DNA - c:\program files\DNA\btdna.exe
MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil11c_Plugin.exe
AddRemove-Complitly_is1 - c:\program files\Complitly\unins000.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-GameSpy Arcade - c:\progra~1\GAMESP~1\UNWISE.EXE
AddRemove-incredibar - c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
AddRemove-Steam App 33730 - c:\pacsteamt\steam.exe
AddRemove-{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\InstallShield Installation Information\{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}\ICQ7.exe
AddRemove-{86693815-D500-4887-B6EF-B5F0BFA97736}_is1 - c:\program files\MoonMt2 2012\unins000.exe
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe
AddRemove-Yahoo! BrowserPlus - c:\documents and settings\DENIS\Local Settings\Data aplikací\Yahoo!\BrowserPlus\BrowserPlusUninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-02 08:28
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1060284298-1450960922-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3D0D8EDE-CD4E-0601-6D97-EF9DEBCB883D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"pakileceplpemcghjpjeohfjlgcjfkjp"=hex:6a,61,66,61,64,6e,69,70,66,63,6c,62,6e,
6e,6e,6a,62,69,6c,70,00,00
"oaijjpjhhdbhbcnmfmfapeglafedhm"=hex:6a,61,66,61,64,6e,69,70,66,63,6c,62,6e,6e,
6e,6a,62,69,6c,70,00,00
.
[HKEY_USERS\S-1-5-21-1060284298-1450960922-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7479926D-73F7-FA89-9D20-D98E850EE94F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1060284298-1450960922-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FE337229-7DB8-7A5E-F268-4A456B0355A4}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaocmigicmnpgmkhhj"=hex:6a,61,6b,70,6f,6b,6d,67,62,6c,6d,64,68,66,63,62,67,63,
64,6e,00,00
"haiccioamnopdedi"=hex:6a,61,6c,70,6a,6c,68,6c,66,6e,62,61,63,64,62,6b,66,65,
62,64,00,00
"iakbmodhhfonlfoaoh"=hex:62,61,6d,70,00,8a
"dbopjoignojlbpjjpjekcemmnafbnnhlhknmagpe"=hex:6a,62,6e,62,6f,6c,6e,6c,66,64,
64,69,6c,6a,68,6f,66,6d,68,70,6b,6a,6a,6c,6b,68,65,61,63,66,64,62,68,68,62,\
"jbopjoignojlbpjjpjekpccdefcolllecccfofmaobdpokjnmfca"=hex:62,62,70,61,6f,66,
6a,63,62,61,6d,68,6b,65,69,67,70,6a,6c,65,6c,69,66,67,6e,6d,67,6a,63,62,6a,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3984)
c:\program files\Common Files\Spigot\Search Settings\wth.dll
c:\windows\system32\MSCTF.dll
c:\windows\system32\browselc.dll
c:\program files\Microsoft Office\Office12\1029\GrooveIntlResource.dll
c:\windows\system32\webcheck.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Celkový čas: 2012-09-02 08:33:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-09-02 06:33
.
Před spuštěním: Volných bajtů: 55 950 745 600
Po spuštění: Volných bajtů: 56 925 093 888
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /kernel=kernel1.exe
.
- - End Of File - - 97038870ABDE853E1D378FA8C4A4612C
Re: Prosím o radu!
Večer ještě něco domažu, zatím použijte mbam
Stahněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=115222
-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Stahněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=115222-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o radu!
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.62.0.1300
www.malwarebytes.org
Verze databáze: v2012.09.02.02
Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
DENIS :: DENIS-89890992F [administrátor]
Ochrana: Povolena
2.9.2012 11:19:00
mbam-log-2012-09-02 (14-52-41).txt
Typ: Úplná kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 431234
Uplynulý čas: 3 hodin, 31 minut, 39 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 3
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Špatný: (http://search13.net/) Dobrý: (http://www.Google.com) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (Hijack.SearchPage) -> Špatný: (http://search13.net/) Dobrý: (http://www.Google.com/) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|CustomizeSearch (Hijack.SearchPage) -> Špatný: (http://search13.net/) Dobrý: (http://www.Google.com/) -> Žádná instrukce nebyla provedena.
Nalezené složky: 2
C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\RelevantKnowledge (PUP.Spyware.MarketScore) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\BUI VAN DENIS\Local Settings\Temp\E_N4 (Worm.Autorun) -> Žádná instrukce nebyla provedena.
Nalezené soubory: 92
C:\Program Files\Opera\Client-Fenix\client.bin (Backdoor.Hupigon) -> Žádná instrukce nebyla provedena.
C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlls.dll.vir (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlls64.dll.vir (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlph.dll.vir (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlservice.exe.vir (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlvknlg.exe.vir (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlvknlg64.exe.vir (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlxf.dll.vir (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\components\rlxg.dll.vir (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\firefox\rlnx.dll.vir (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP317\A0416096.exe (Trojan.Downloader) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP318\A0417073.exe (Trojan.Downloader) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP325\A0419084.exe (Trojan.Downloader) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP326\A0419306.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP326\A0420484.exe (Trojan.Downloader) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP327\A0421424.exe (Trojan.Downloader) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP327\A0421444.exe (Trojan.Downloader) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP327\A0421445.exe (Trojan.Downloader) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP327\A0421508.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP327\A0421916.exe (Trojan.Downloader) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP327\A0422241.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP327\A0422273.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP327\A0422287.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP327\A0422313.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP327\A0422330.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP339\A0428424.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP344\A0432437.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP350\A0439446.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP352\A0441540.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP354\A0442597.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP355\A0443646.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP357\A0444630.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP359\A0445707.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP360\A0445867.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP361\A0445888.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP361\A0446624.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP362\A0446705.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP363\A0447641.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP363\A0448639.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP364\A0449673.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP365\A0449822.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP366\A0450638.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP376\A0456128.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP377\A0458935.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP379\A0463994.exe (Trojan.FlyStudio) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP379\A0464004.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP381\A0465904.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP382\A0465916.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP387\A0470044.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP388\A0471014.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP389\A0471061.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP389\A0472002.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP390\A0473015.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP390\A0473999.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP392\A0475001.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP393\A0475024.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP395\A0475168.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP395\A0476004.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP396\A0476094.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP397\A0477011.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP397\A0478013.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP410\A0485128.exe (Trojan.Downloader) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP410\A0485446.exe (Trojan.FlyStudio) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP416\A0514406.exe (Riskware.KG) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP416\A0514408.exe (Riskware.KG) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP416\A0514431.exe (Trojan.Downloader) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP416\A0514461.exe (Trojan.Downloader) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{63A15C7A-A0D2-4147-8FC8-D9727007E83F}\RP639\A1186920.dll (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{63A15C7A-A0D2-4147-8FC8-D9727007E83F}\RP639\A1186921.dll (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{63A15C7A-A0D2-4147-8FC8-D9727007E83F}\RP639\A1186922.dll (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{63A15C7A-A0D2-4147-8FC8-D9727007E83F}\RP639\A1186923.dll (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{63A15C7A-A0D2-4147-8FC8-D9727007E83F}\RP639\A1186924.exe (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{63A15C7A-A0D2-4147-8FC8-D9727007E83F}\RP639\A1186925.exe (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{63A15C7A-A0D2-4147-8FC8-D9727007E83F}\RP639\A1186926.dll (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{63A15C7A-A0D2-4147-8FC8-D9727007E83F}\RP639\A1187966.dll (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{63A15C7A-A0D2-4147-8FC8-D9727007E83F}\RP639\A1187967.exe (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\BUI VAN DENIS\Data aplikací\addon.dat (Malware.Trace) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\RelevantKnowledge\About RelevantKnowledge.lnk (PUP.Spyware.MarketScore) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\RelevantKnowledge\Member of GRID - Goodware Repository Information Database.lnk (PUP.Spyware.MarketScore) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (PUP.Spyware.MarketScore) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\RelevantKnowledge\Support.lnk (PUP.Spyware.MarketScore) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\RelevantKnowledge\Uninstall Instructions.lnk (PUP.Spyware.MarketScore) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\BUI VAN DENIS\Local Settings\Temp\E_N4\eAPI.fne (Worm.Autorun) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\BUI VAN DENIS\Local Settings\Temp\E_N4\eCompress.fne (Worm.Autorun) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\BUI VAN DENIS\Local Settings\Temp\E_N4\EThread.fne (Worm.Autorun) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\BUI VAN DENIS\Local Settings\Temp\E_N4\HtmlView.fne (Worm.Autorun) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\BUI VAN DENIS\Local Settings\Temp\E_N4\iext.fnr (Worm.Autorun) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\BUI VAN DENIS\Local Settings\Temp\E_N4\iext2.fne (Worm.Autorun) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\BUI VAN DENIS\Local Settings\Temp\E_N4\internet.fne (Worm.Autorun) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\BUI VAN DENIS\Local Settings\Temp\E_N4\krnln.fnr (Worm.Autorun) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\BUI VAN DENIS\Local Settings\Temp\E_N4\SHELL.fne (Worm.Autorun) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\BUI VAN DENIS\Local Settings\Temp\E_N4\xplib.fne (Worm.Autorun) -> Žádná instrukce nebyla provedena.
(konec)
www.malwarebytes.org
Verze databáze: v2012.09.02.02
Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
DENIS :: DENIS-89890992F [administrátor]
Ochrana: Povolena
2.9.2012 11:19:00
mbam-log-2012-09-02 (14-52-41).txt
Typ: Úplná kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 431234
Uplynulý čas: 3 hodin, 31 minut, 39 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 3
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Špatný: (http://search13.net/) Dobrý: (http://www.Google.com) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (Hijack.SearchPage) -> Špatný: (http://search13.net/) Dobrý: (http://www.Google.com/) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|CustomizeSearch (Hijack.SearchPage) -> Špatný: (http://search13.net/) Dobrý: (http://www.Google.com/) -> Žádná instrukce nebyla provedena.
Nalezené složky: 2
C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\RelevantKnowledge (PUP.Spyware.MarketScore) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\BUI VAN DENIS\Local Settings\Temp\E_N4 (Worm.Autorun) -> Žádná instrukce nebyla provedena.
Nalezené soubory: 92
C:\Program Files\Opera\Client-Fenix\client.bin (Backdoor.Hupigon) -> Žádná instrukce nebyla provedena.
C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlls.dll.vir (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlls64.dll.vir (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlph.dll.vir (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlservice.exe.vir (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlvknlg.exe.vir (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlvknlg64.exe.vir (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlxf.dll.vir (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\components\rlxg.dll.vir (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\firefox\rlnx.dll.vir (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP317\A0416096.exe (Trojan.Downloader) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP318\A0417073.exe (Trojan.Downloader) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP325\A0419084.exe (Trojan.Downloader) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP326\A0419306.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP326\A0420484.exe (Trojan.Downloader) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP327\A0421424.exe (Trojan.Downloader) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP327\A0421444.exe (Trojan.Downloader) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP327\A0421445.exe (Trojan.Downloader) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP327\A0421508.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP327\A0421916.exe (Trojan.Downloader) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP327\A0422241.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP327\A0422273.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP327\A0422287.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP327\A0422313.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP327\A0422330.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP339\A0428424.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP344\A0432437.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP350\A0439446.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP352\A0441540.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP354\A0442597.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP355\A0443646.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP357\A0444630.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP359\A0445707.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP360\A0445867.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP361\A0445888.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP361\A0446624.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP362\A0446705.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP363\A0447641.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP363\A0448639.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP364\A0449673.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP365\A0449822.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP366\A0450638.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP376\A0456128.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP377\A0458935.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP379\A0463994.exe (Trojan.FlyStudio) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP379\A0464004.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP381\A0465904.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP382\A0465916.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP387\A0470044.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP388\A0471014.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP389\A0471061.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP389\A0472002.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP390\A0473015.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP390\A0473999.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP392\A0475001.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP393\A0475024.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP395\A0475168.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP395\A0476004.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP396\A0476094.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP397\A0477011.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP397\A0478013.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP410\A0485128.exe (Trojan.Downloader) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP410\A0485446.exe (Trojan.FlyStudio) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP416\A0514406.exe (Riskware.KG) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP416\A0514408.exe (Riskware.KG) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP416\A0514431.exe (Trojan.Downloader) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{40DD91C9-D2B9-4685-806F-3E66382BA15C}\RP416\A0514461.exe (Trojan.Downloader) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{63A15C7A-A0D2-4147-8FC8-D9727007E83F}\RP639\A1186920.dll (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{63A15C7A-A0D2-4147-8FC8-D9727007E83F}\RP639\A1186921.dll (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{63A15C7A-A0D2-4147-8FC8-D9727007E83F}\RP639\A1186922.dll (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{63A15C7A-A0D2-4147-8FC8-D9727007E83F}\RP639\A1186923.dll (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{63A15C7A-A0D2-4147-8FC8-D9727007E83F}\RP639\A1186924.exe (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{63A15C7A-A0D2-4147-8FC8-D9727007E83F}\RP639\A1186925.exe (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{63A15C7A-A0D2-4147-8FC8-D9727007E83F}\RP639\A1186926.dll (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{63A15C7A-A0D2-4147-8FC8-D9727007E83F}\RP639\A1187966.dll (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{63A15C7A-A0D2-4147-8FC8-D9727007E83F}\RP639\A1187967.exe (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\BUI VAN DENIS\Data aplikací\addon.dat (Malware.Trace) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\RelevantKnowledge\About RelevantKnowledge.lnk (PUP.Spyware.MarketScore) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\RelevantKnowledge\Member of GRID - Goodware Repository Information Database.lnk (PUP.Spyware.MarketScore) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (PUP.Spyware.MarketScore) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\RelevantKnowledge\Support.lnk (PUP.Spyware.MarketScore) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\RelevantKnowledge\Uninstall Instructions.lnk (PUP.Spyware.MarketScore) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\BUI VAN DENIS\Local Settings\Temp\E_N4\eAPI.fne (Worm.Autorun) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\BUI VAN DENIS\Local Settings\Temp\E_N4\eCompress.fne (Worm.Autorun) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\BUI VAN DENIS\Local Settings\Temp\E_N4\EThread.fne (Worm.Autorun) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\BUI VAN DENIS\Local Settings\Temp\E_N4\HtmlView.fne (Worm.Autorun) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\BUI VAN DENIS\Local Settings\Temp\E_N4\iext.fnr (Worm.Autorun) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\BUI VAN DENIS\Local Settings\Temp\E_N4\iext2.fne (Worm.Autorun) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\BUI VAN DENIS\Local Settings\Temp\E_N4\internet.fne (Worm.Autorun) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\BUI VAN DENIS\Local Settings\Temp\E_N4\krnln.fnr (Worm.Autorun) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\BUI VAN DENIS\Local Settings\Temp\E_N4\SHELL.fne (Worm.Autorun) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\BUI VAN DENIS\Local Settings\Temp\E_N4\xplib.fne (Worm.Autorun) -> Žádná instrukce nebyla provedena.
(konec)
Re: Prosím o radu!
V mbamu vše smažte.
Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Pokud nemáte, přesuňte Combofix na plochu-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
Kód: Vybrat vše
Regnull::
[HKEY_USERS\S-1-5-21-1060284298-1450960922-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FE337229-7DB8-7A5E-F268-4A456B0355A4}*]
[HKEY_USERS\S-1-5-21-1060284298-1450960922-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3D0D8EDE-CD4E-0601-6D97-EF9DEBCB883D}*]
DDS::
uStart Page = hxxp://start.icq.com/
uDefault_Search_URL = hxxp://search13.net/
mStart Page = hxxp://home.sweetim.com/?st=1&barid={25AD9C11-1D1C-11E1-886C-00155807E224}
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
Firefox::
FF - ProfilePath - c:\documents and settings\DENIS\Data aplikací\Mozilla\Firefox\Profiles\d4ckz2su.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =937811&p=
Driver::
XDva390
File::
c:\windows\system32\XDva390.sys
Folder::
c:\program files\SweetIM
c:\program files\Common Files\Spigot
c:\documents and settings\DENIS\Local Settings\Data aplikací\Facebook
c:\program files\SpeedUpToolbar
c:\program files\BitTorrentBar
c:\program files\Stylish Profile
c:\program files\olhewjqd
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0D52B2CA-C02E-4EC1-8E80-0A5CD2A640BD}"=-
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= -
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"=-
[-HKEY_CLASSES_ROOT\clsid\{0d52b2ca-c02e-4ec1-8e80-0a5cd2a640bd}]
[-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[-HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D52B2CA-C02E-4EC1-8E80-0A5CD2A640BD}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= -
"{005B8FC3-0F7E-45DD-8A2F-E352D67EDBFC}"= -
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"=-
[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[-HKEY_CLASSES_ROOT\clsid\{005b8fc3-0f7e-45dd-8a2f-e352d67edbfc}]
[-HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{005B8FC3-0F7E-45DD-8A2F-E352D67EDBFC}"=-
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= -
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"=-
[-HKEY_CLASSES_ROOT\clsid\{005b8fc3-0f7e-45dd-8a2f-e352d67edbfc}]
[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[-HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o radu!
Prosím vás, co pokud nemám?
Re: Prosím o radu!
Pokud nemáte combofix na ploše, tak ho tam přesuňte.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o radu!
No já jsem totiž vypl pc, budu tam mít ty viry uložené?
Přispějete na provoz fóra?