vyskakování nežádoucí reklamy

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Odpovědět
geralt1
Level 2
Level 2
Příspěvky: 232
Registrován: srpen 12
Pohlaví: Muž
Stav:
Offline

Re: vyskakování nežádoucí reklamy

Příspěvekod geralt1 » 05 dub 2015 18:15

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CustomCLSID: HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\Application\41.0.2272.118\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B}\InprocServer32 -> C:\Program Files\Zoner\Photo Studio 11\Program\SHELLEXT.DLL (ZONER software)
CustomCLSID: HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\AutoCAD 2010\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Update\1.3.26.9\psuser.dll (Google Inc.)

==================== Restore Points =========================

06-01-2015 15:33:16 Kontrolní bod systému
07-01-2015 20:24:21 Kontrolní bod systému
09-01-2015 18:24:18 Kontrolní bod systému
10-01-2015 21:13:59 Kontrolní bod systému
11-01-2015 21:18:45 Kontrolní bod systému
12-01-2015 22:27:27 Instalace nepodepsaného ovladače
13-01-2015 23:24:35 Kontrolní bod systému
14-01-2015 21:00:15 Software Distribution Service 3.0
15-01-2015 21:23:22 Kontrolní bod systému
16-01-2015 22:47:04 Kontrolní bod systému
18-01-2015 10:39:58 Kontrolní bod systému
19-01-2015 12:02:38 Kontrolní bod systému
20-01-2015 14:27:54 Kontrolní bod systému
21-01-2015 15:04:41 Kontrolní bod systému
22-01-2015 15:35:33 Kontrolní bod systému
23-01-2015 19:52:08 Kontrolní bod systému
24-01-2015 23:00:36 Kontrolní bod systému
26-01-2015 10:18:03 Kontrolní bod systému
27-01-2015 18:44:22 Kontrolní bod systému
28-01-2015 18:48:24 Kontrolní bod systému
29-01-2015 19:49:31 Kontrolní bod systému
30-01-2015 20:19:49 Kontrolní bod systému
31-01-2015 21:59:17 Kontrolní bod systému
02-02-2015 17:14:26 Kontrolní bod systému
03-02-2015 17:39:05 Kontrolní bod systému
04-02-2015 20:04:55 Kontrolní bod systému
05-02-2015 21:27:17 Kontrolní bod systému
06-02-2015 21:56:29 Kontrolní bod systému
07-02-2015 23:47:53 Kontrolní bod systému
08-02-2015 23:48:22 Kontrolní bod systému
09-02-2015 20:17:41 Nainstalováno rozhraní DirectX
09-02-2015 22:24:26 Nainstalováno rozhraní DirectX
09-02-2015 22:27:35 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
10-02-2015 23:07:30 Kontrolní bod systému
11-02-2015 16:04:27 Software Distribution Service 3.0
11-02-2015 16:18:26 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
11-02-2015 16:19:10 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
11-02-2015 16:29:42 Software Distribution Service 3.0
11-02-2015 22:18:07 Instalováno REALTEK 11n USB Wireless LAN Software
13-02-2015 13:40:32 Kontrolní bod systému
14-02-2015 17:51:24 Kontrolní bod systému
15-02-2015 19:29:37 Kontrolní bod systému
16-02-2015 20:16:59 Kontrolní bod systému
16-02-2015 22:21:28 Removed Call of Duty(R) 2
16-02-2015 22:58:22 Installed Call of Duty(R) 2
17-02-2015 22:17:53 Aktualizovat na nepodepsaný ovladač
17-02-2015 22:18:52 Aktualizovat na nepodepsaný ovladač
17-02-2015 22:28:38 Aktualizovat na nepodepsaný ovladač
17-02-2015 22:35:25 Configured ASUS nVidia Driver
17-02-2015 22:39:24 Installed ASUS Enhanced Display Driver
21-02-2015 21:14:32 Kontrolní bod systému
23-02-2015 11:40:57 Kontrolní bod systému
24-02-2015 12:08:51 Kontrolní bod systému
25-02-2015 12:16:54 Kontrolní bod systému
26-02-2015 13:20:44 Kontrolní bod systému
27-02-2015 14:23:18 Kontrolní bod systému
28-02-2015 17:44:55 Kontrolní bod systému
01-03-2015 18:55:15 Kontrolní bod systému
03-03-2015 15:19:37 Kontrolní bod systému
04-03-2015 15:59:17 Kontrolní bod systému
05-03-2015 20:14:09 Kontrolní bod systému
06-03-2015 23:09:53 Kontrolní bod systému
07-03-2015 12:40:54 Nainstalováno rozhraní DirectX
08-03-2015 15:21:26 Kontrolní bod systému
09-03-2015 15:23:48 Kontrolní bod systému
10-03-2015 13:30:22 Nainstalováno rozhraní DirectX
11-03-2015 13:33:53 Kontrolní bod systému
11-03-2015 21:01:21 Software Distribution Service 3.0
12-03-2015 21:19:49 Kontrolní bod systému
14-03-2015 15:49:41 Kontrolní bod systému
15-03-2015 16:48:19 Kontrolní bod systému
16-03-2015 21:15:18 Kontrolní bod systému
17-03-2015 21:20:31 Kontrolní bod systému
19-03-2015 11:44:15 Kontrolní bod systému
20-03-2015 17:52:09 Kontrolní bod systému
21-03-2015 18:16:05 Kontrolní bod systému
21-03-2015 21:46:36 Installed The Witcher 2
22-03-2015 22:19:54 Kontrolní bod systému
23-03-2015 22:52:47 Kontrolní bod systému
24-03-2015 23:43:34 Kontrolní bod systému
26-03-2015 10:06:52 Kontrolní bod systému
27-03-2015 18:02:00 Kontrolní bod systému
28-03-2015 19:06:26 Kontrolní bod systému
29-03-2015 19:10:21 Kontrolní bod systému
31-03-2015 09:35:25 Kontrolní bod systému
01-04-2015 12:43:40 Kontrolní bod systému
02-04-2015 15:15:01 Kontrolní bod systému
03-04-2015 16:29:36 Kontrolní bod systému
04-04-2015 16:42:57 Kontrolní bod systému
05-04-2015 11:12:55 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-03-02 14:00 - 2015-04-05 11:13 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Automatická údržba.job => C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1229272821-725345543-1004Core.job => C:\Documents and Settings\U~ivatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1229272821-725345543-1004UA.job => C:\Documents and Settings\U~ivatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) ==============

2006-03-02 14:00 - 2008-04-14 09:51 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2012-11-21 20:15 - 2007-07-12 11:03 - 00077824 _____ () C:\WINDOWS\system32\xvid.ax
2011-08-28 16:13 - 2012-12-29 12:31 - 00357224 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
2010-02-16 21:44 - 2008-09-16 21:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2010-02-16 21:44 - 2008-10-11 23:18 - 00319488 _____ () C:\Program Files\WinRAR\rarlng.dll
2015-03-04 11:20 - 2005-07-18 14:43 - 00160256 _____ () C:\Program Files\MSI\Live Update\unrar.dll
2011-12-23 23:28 - 2009-01-21 17:11 - 00184320 _____ () C:\Program Files\AMT Media Manager\AMTDeviceService.exe
2009-11-02 17:59 - 2009-11-02 17:59 - 01328480 _____ () C:\Program Files\Seagate\DiscWizard\fox.dll
2008-07-09 23:33 - 2008-07-09 23:33 - 00036352 _____ () C:\Program Files\Winamp\winampa.exe
2007-12-21 16:16 - 2008-04-16 07:24 - 00617984 _____ () C:\Program Files\TuneUp Utilities 2008\MSI_D6.bpl
2007-12-21 16:16 - 2008-04-16 07:24 - 00053760 _____ () C:\Program Files\TuneUp Utilities 2008\ehs_d6.bpl
2010-03-16 13:22 - 2010-03-16 13:22 - 00014848 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
2013-06-18 16:49 - 2013-06-18 16:49 - 00016384 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-04-11 13:17 - 2013-04-11 13:17 - 00270336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-02-16 22:29 - 2015-03-10 13:32 - 00076888 _____ () C:\WINDOWS\system32\PnkBstrA.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Data aplikací\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1715567821-1229272821-725345543-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
DNS Servers: 10.0.0.138

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1715567821-1229272821-725345543-500 - Administrator - Enabled)
ASPNET (S-1-5-21-1715567821-1229272821-725345543-1005 - Limited - Enabled)
Guest (S-1-5-21-1715567821-1229272821-725345543-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1715567821-1229272821-725345543-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1715567821-1229272821-725345543-1002 - Limited - Disabled)
Uživatel (S-1-5-21-1715567821-1229272821-725345543-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Uživatel

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/04/2015 02:27:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Zablokovaná aplikace farcry3.exe, verze 0.1.0.1, zablokovaný modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error: (04/04/2015 09:42:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace mbam.exe, verze 1.0.1.711, chybující modul msvcr100.dll, verze 10.0.40219.325, adresa chyby 0x0008d6fd.
Zpracování události, specifické pro médium ([mbam.exe!ws!])

Error: (04/04/2015 09:41:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace mbam.exe, verze 1.0.1.711, chybující modul msvcr100.dll, verze 10.0.40219.325, adresa chyby 0x0008d6fd.
Zpracování události, specifické pro médium ([mbam.exe!ws!])

Error: (04/04/2015 09:41:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace mbam.exe, verze 1.0.1.711, chybující modul msvcr100.dll, verze 10.0.40219.325, adresa chyby 0x0008d6fd.
Zpracování události, specifické pro médium ([mbam.exe!ws!])

Error: (04/04/2015 09:35:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace mbam.exe, verze 1.0.0.532, chybující modul msvcr100.dll, verze 10.0.40219.325, adresa chyby 0x0008d6fd.
Zpracování události, specifické pro médium ([mbam.exe!ws!])

Error: (04/04/2015 09:34:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace mbam.exe, verze 1.0.0.532, chybující modul msvcr100.dll, verze 10.0.40219.325, adresa chyby 0x0008d6fd.
Zpracování události, specifické pro médium ([mbam.exe!ws!])

Error: (04/04/2015 09:34:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace mbam.exe, verze 1.0.0.532, chybující modul , verze 0.0.0.0, adresa chyby 0x00000000.
Zpracování události, specifické pro médium ([mbam.exe!ws!])

Error: (04/04/2015 09:34:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace mbam.exe, verze 1.0.0.532, chybující modul msvcr100.dll, verze 10.0.40219.325, adresa chyby 0x0008d6fd.
Zpracování události, specifické pro médium ([mbam.exe!ws!])

Error: (04/04/2015 09:34:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace mbam.exe, verze 1.0.0.532, chybující modul msvcr100.dll, verze 10.0.40219.325, adresa chyby 0x0008d6fd.
Zpracování události, specifické pro médium ([mbam.exe!ws!])

Error: (03/31/2015 11:05:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace explorer.exe, verze 6.0.2900.5512, chybující modul unknown, verze 0.0.0.0, adresa chyby 0x04aa91e0.
Zpracování události, specifické pro médium ([explorer.exe!ws!])


System errors:
=============
Error: (04/05/2015 09:02:32 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Zapůjčení adresy IP 10.0.0.1 pro síťovou kartu s adresou 001BFCAFA909 byla
serverem DHCP 10.0.0.138 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error: (04/04/2015 05:52:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Služba brány aplikačního rozhraní byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/04/2015 05:52:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba SQL Server VSS Writer byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/04/2015 05:52:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Seagate Scheduler2 Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/04/2015 05:52:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba PnkBstrA byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/04/2015 05:52:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Network Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/04/2015 05:52:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba SQL Server (SQLEXPRESS) byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/04/2015 05:52:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba MSSQL$AUTODESKVAULT byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/04/2015 05:52:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba MSI_SuperCharger byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/04/2015 05:52:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba MSI_LiveUpdate_Service byla neočekávaně ukončena. Tento stav nastal již 1krát.


Microsoft Office Sessions:
=========================
Error: (12/12/2013 02:13:21 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash.

Error: (03/15/2013 00:37:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash.

Error: (02/19/2013 10:32:17 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/30/2012 10:25:51 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 31 seconds with 0 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+
Percentage of memory in use: 28%
Total physical RAM: 2558.42 MB
Available physical RAM: 1823.05 MB
Total Pagefile: 4446.42 MB
Available Pagefile: 3829.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932.07 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:368.12 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (Far Cry 3) (CDROM) (Total:4.9 GB) (Free:0 GB) UDF
Drive f: (sr-tw2a) (CDROM) (Total:7.81 GB) (Free:0 GB) UDF
Drive i: (sr-tw2b) (CDROM) (Total:6.15 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 4C76F33F)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Nahoru
Reklama
Top
Uživatelský avatar
jerabina
člen Security týmu
Level 6
Level 6
Příspěvky: 3647
Registrován: březen 13
Bydliště: Litoměřice
Pohlaví: Muž
Stav:
Offline

Re: vyskakování nežádoucí reklamy

Příspěvekod jerabina » 06 dub 2015 00:00

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

HKLM\...\Policies\Explorer: [NoCDBurning] 0
Lsa: [Authentication Packages] msv1_0 relog_ap

HKU\S-1-5-21-1715567821-1229272821-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1715567821-1229272821-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1715567821-1229272821-725345543-1004 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1715567821-1229272821-725345543-1004 -> {B095BCF3-9EEF-4A7B-8380-0F48E5384782} URL = http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab

FF ProfilePath: C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\t05in2fb.default-1353513489031
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-1715567821-1229272821-725345543-1004: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-1715567821-1229272821-725345543-1004: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
Extension: jid1sNL73VCI4UB0Fwjetpack - C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\t05in2fb.default-1353513489031\Extensions\jid1-sNL73VCI4UB0Fw@jetpack [2015-04-02]

CHR Extension: (Google Slides) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-05]
CHR Extension: (Google Docs) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-05]
CHR Extension: (Google Drive) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-05]
CHR Extension: (YouTube) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-05]
CHR Extension: (Google Search) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-05]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-05]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]
CHR Profile: C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-05]
CHR Extension: (Google Docs) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-05]
CHR Extension: (Google Drive) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-05]
CHR Extension: (YouTube) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-05]
CHR Extension: (Google Search) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-05]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-05]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Gmail) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]

U3 asn0qaf6; C:\WINDOWS\system32\Drivers\asn0qaf6.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
C:\WINDOWS\system32\Drivers\asn0qaf6.sys
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
System32\drivers\dgderdrv.sys

CustomCLSID: HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\Application\41.0.2272.118\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Update\1.3.26.9\psuser.dll (Google Inc.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1229272821-725345543-1004Core.job => C:\Documents and Settings\U~ivatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1229272821-725345543-1004UA.job => C:\Documents and Settings\U~ivatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\Documents and Settings\All Users\Data aplikací\TEMP:373E1720

DNS Servers: 10.0.0.138


(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt

Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

============================================================

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal:
C:\WINDOWS\system32\epmntdrv.sys
C:\WINDOWS\system32\EuGdiDrv.sys
C:\WINDOWS\System32\drivers\hid3331.sys

Klikni vpravo od okénka na Choose file a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

============================================================

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod

Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Nahoru
geralt1
Level 2
Level 2
Příspěvky: 232
Registrován: srpen 12
Pohlaví: Muž
Stav:
Offline

Re: vyskakování nežádoucí reklamy

Příspěvekod geralt1 » 06 dub 2015 12:26

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Uživatel at 2015-04-06 12:22:31 Run:1
Running from C:\Documents and Settings\Uživatel\Plocha
Loaded Profiles: Uživatel (Available profiles: Uživatel)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Policies\Explorer: [NoCDBurning] 0
Lsa: [Authentication Packages] msv1_0 relog_ap

HKU\S-1-5-21-1715567821-1229272821-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1715567821-1229272821-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1715567821-1229272821-725345543-1004 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1715567821-1229272821-725345543-1004 -> {B095BCF3-9EEF-4A7B-8380-0F48E5384782} URL = http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab

FF ProfilePath: C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\t05in2fb.default-1353513489031
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-1715567821-1229272821-725345543-1004: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-1715567821-1229272821-725345543-1004: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
Extension: jid1sNL73VCI4UB0Fwjetpack - C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\t05in2fb.default-1353513489031\Extensions\jid1-sNL73VCI4UB0Fw@jetpack [2015-04-02]

CHR Extension: (Google Slides) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-05]
CHR Extension: (Google Docs) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-05]
CHR Extension: (Google Drive) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-05]
CHR Extension: (YouTube) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-05]
CHR Extension: (Google Search) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-05]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-05]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]
CHR Profile: C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-05]
CHR Extension: (Google Docs) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-05]
CHR Extension: (Google Drive) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-05]
CHR Extension: (YouTube) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-05]
CHR Extension: (Google Search) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-05]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-05]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Gmail) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]

U3 asn0qaf6; C:\WINDOWS\system32\Drivers\asn0qaf6.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
C:\WINDOWS\system32\Drivers\asn0qaf6.sys
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
System32\drivers\dgderdrv.sys

CustomCLSID: HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\Application\41.0.2272.118\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Update\1.3.26.9\psuser.dll (Google Inc.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1229272821-725345543-1004Core.job => C:\Documents and Settings\U~ivatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1229272821-725345543-1004UA.job => C:\Documents and Settings\U~ivatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\Documents and Settings\All Users\Data aplikací\TEMP:373E1720

DNS Servers: 10.0.0.138
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoCDBurning => value deleted successfully.
HKLM\System\CurrentControlSet\Control\Lsa\\Authentication Packages => Value was restored successfully.
"HKU\S-1-5-21-1715567821-1229272821-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value deleted successfully.
HKU\S-1-5-21-1715567821-1229272821-725345543-1004\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1715567821-1229272821-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => Key deleted successfully.
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => Key not found.
"HKU\S-1-5-21-1715567821-1229272821-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B095BCF3-9EEF-4A7B-8380-0F48E5384782}" => Key deleted successfully.
HKCR\CLSID\{B095BCF3-9EEF-4A7B-8380-0F48E5384782} => Key not found.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully.
"HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully.
FF ProfilePath: C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\t05in2fb.default-1353513489031 => Should not be moved.
"HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key deleted successfully.
C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll => Moved successfully.
"HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key deleted successfully.
C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll not found.
"HKU\S-1-5-21-1715567821-1229272821-725345543-1004\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key deleted successfully.
C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Update\1.3.26.9\npGoogleUpdate3.dll => Moved successfully.
"HKU\S-1-5-21-1715567821-1229272821-725345543-1004\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key deleted successfully.
C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Update\1.3.26.9\npGoogleUpdate3.dll not found.
Extension: jid1sNL73VCI4UB0Fwjetpack - C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\t05in2fb.default-1353513489031\Extensions\jid1-sNL73VCI4UB0Fw@jetpack [2015-04-02] => Error: No automatic fix found for this entry.
C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek => Moved successfully.
C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake => Moved successfully.
C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf => Moved successfully.
C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo => Moved successfully.
C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf => Moved successfully.
C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap => Moved successfully.
C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia => Moved successfully.

========================= CHR Profile: C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1 ========================

"CHR ProC:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1" not found.
====== End Of File: ======

C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek => Moved successfully.
C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake => Moved successfully.
C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf => Moved successfully.
C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo => Moved successfully.
C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf => Moved successfully.
C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap => Moved successfully.
C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia => Moved successfully.
asn0qaf6 => Service not found.
"C:\WINDOWS\system32\Drivers\asn0qaf6.sys" => File/Directory not found.
dgderdrv => Service deleted successfully.
System32\drivers\dgderdrv.sys => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}" => Key deleted successfully.
"HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}" => Key deleted successfully.
"HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}" => Key deleted successfully.
"HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}" => Key deleted successfully.
"HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}" => Key deleted successfully.
"HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}" => Key deleted successfully.
"HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => Key deleted successfully.
"HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}" => Key deleted successfully.
"HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}" => Key deleted successfully.
"HKU\S-1-5-21-1715567821-1229272821-725345543-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => Key deleted successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1229272821-725345543-1004Core.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1229272821-725345543-1004UA.job => Moved successfully.
C:\Documents and Settings\All Users\Data aplikací\TEMP => ":373E1720" ADS removed successfully.
DNS Servers: 10.0.0.138 => Error: No automatic fix found for this entry.

==== End of Fixlog 12:22:32 ====
Nahoru
geralt1
Level 2
Level 2
Příspěvky: 232
Registrován: srpen 12
Pohlaví: Muž
Stav:
Offline

Re: vyskakování nežádoucí reklamy

Příspěvekod geralt1 » 06 dub 2015 12:37

C:\WINDOWS\system32\epmntdrv.sys
https://www.virustotal.com/cs/file/a720 ... 428316318/

C:\WINDOWS\system32\EuGdiDrv.sys
https://www.virustotal.com/cs/file/fb06 ... 428316423/

C:\WINDOWS\System32\drivers\hid3331.sys
https://www.virustotal.com/cs/file/8c54 ... 428316484/
Nahoru
geralt1
Level 2
Level 2
Příspěvky: 232
Registrován: srpen 12
Pohlaví: Muž
Stav:
Offline

Re: vyskakování nežádoucí reklamy

Příspěvekod geralt1 » 06 dub 2015 13:02

ComboFix 15-04-01.01 - Uživatel 06.04.2015 12:41:05.8.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2558.1728 [GMT 2:00]
Spuštěný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$msi31uninstall_kb893803v2$
c:\windows\$msi31uninstall_kb893803v2$\msi.dll
c:\windows\$msi31uninstall_kb893803v2$\msiexec.exe
c:\windows\$msi31uninstall_kb893803v2$\msihnd.dll
c:\windows\$msi31uninstall_kb893803v2$\msimsg.dll
c:\windows\$msi31uninstall_kb893803v2$\msisip.dll
c:\windows\$msi31uninstall_kb893803v2$\reg00013
c:\windows\$msi31uninstall_kb893803v2$\reg00014
c:\windows\$msi31uninstall_kb893803v2$\reg00015
c:\windows\$msi31uninstall_kb893803v2$\reg00016
c:\windows\$msi31uninstall_kb893803v2$\reg00017
c:\windows\$msi31uninstall_kb893803v2$\reg00018
c:\windows\$msi31uninstall_kb893803v2$\reg00019
c:\windows\$msi31uninstall_kb893803v2$\reg00020
c:\windows\$msi31uninstall_kb893803v2$\reg00021
c:\windows\$msi31uninstall_kb893803v2$\reg00022
c:\windows\$msi31uninstall_kb893803v2$\reg00023
c:\windows\$msi31uninstall_kb893803v2$\reg00024
c:\windows\$msi31uninstall_kb893803v2$\reg00025
c:\windows\$msi31uninstall_kb893803v2$\reg00026
c:\windows\$msi31uninstall_kb893803v2$\reg00027
c:\windows\$msi31uninstall_kb893803v2$\reg00028
c:\windows\$msi31uninstall_kb893803v2$\reg00029
c:\windows\$msi31uninstall_kb893803v2$\reg00030
c:\windows\$msi31uninstall_kb893803v2$\reg00031
c:\windows\$msi31uninstall_kb893803v2$\reg00032
c:\windows\$msi31uninstall_kb893803v2$\reg00033
c:\windows\$msi31uninstall_kb893803v2$\reg00034
c:\windows\$msi31uninstall_kb893803v2$\reg00035
c:\windows\$msi31uninstall_kb893803v2$\reg00036
c:\windows\$msi31uninstall_kb893803v2$\reg00037
c:\windows\$msi31uninstall_kb893803v2$\reg00038
c:\windows\$msi31uninstall_kb893803v2$\reg00039
c:\windows\$msi31uninstall_kb893803v2$\reg00040
c:\windows\$msi31uninstall_kb893803v2$\reg00041
c:\windows\$msi31uninstall_kb893803v2$\reg00042
c:\windows\$msi31uninstall_kb893803v2$\reg00043
c:\windows\$msi31uninstall_kb893803v2$\reg00044
c:\windows\$msi31uninstall_kb893803v2$\reg00045
c:\windows\$msi31uninstall_kb893803v2$\reg00046
c:\windows\$msi31uninstall_kb893803v2$\reg00047
c:\windows\$msi31uninstall_kb893803v2$\reg00048
c:\windows\$msi31uninstall_kb893803v2$\reg00051
c:\windows\$msi31uninstall_kb893803v2$\reg00052
c:\windows\$msi31uninstall_kb893803v2$\reg00053
c:\windows\$msi31uninstall_kb893803v2$\reg00054
c:\windows\$msi31uninstall_kb893803v2$\reg00055
c:\windows\$msi31uninstall_kb893803v2$\reg00056
c:\windows\$msi31uninstall_kb893803v2$\reg00057
c:\windows\$msi31uninstall_kb893803v2$\reg00058
c:\windows\$msi31uninstall_kb893803v2$\reg00059
c:\windows\$msi31uninstall_kb893803v2$\reg00060
c:\windows\$msi31uninstall_kb893803v2$\reg00061
c:\windows\$msi31uninstall_kb893803v2$\reg00062
c:\windows\$msi31uninstall_kb893803v2$\reg00063
c:\windows\$msi31uninstall_kb893803v2$\reg00064
c:\windows\$msi31uninstall_kb893803v2$\reg00065
c:\windows\$msi31uninstall_kb893803v2$\reg00066
c:\windows\$msi31uninstall_kb893803v2$\reg00067
c:\windows\$msi31uninstall_kb893803v2$\reg00068
c:\windows\$msi31uninstall_kb893803v2$\reg00069
c:\windows\$msi31uninstall_kb893803v2$\reg00070
c:\windows\$msi31uninstall_kb893803v2$\reg00071
c:\windows\$msi31uninstall_kb893803v2$\reg00072
c:\windows\$msi31uninstall_kb893803v2$\reg00073
c:\windows\$msi31uninstall_kb893803v2$\reg00074
c:\windows\$msi31uninstall_kb893803v2$\reg00075
c:\windows\$msi31uninstall_kb893803v2$\reg00076
c:\windows\$msi31uninstall_kb893803v2$\reg00077
c:\windows\$msi31uninstall_kb893803v2$\reg00078
c:\windows\$msi31uninstall_kb893803v2$\reg00079
c:\windows\$msi31uninstall_kb893803v2$\reg00080
c:\windows\$msi31uninstall_kb893803v2$\reg00081
c:\windows\$msi31uninstall_kb893803v2$\reg00082
c:\windows\$msi31uninstall_kb893803v2$\reg00083
c:\windows\$msi31uninstall_kb893803v2$\reg00084
c:\windows\$msi31uninstall_kb893803v2$\reg00085
c:\windows\$msi31uninstall_kb893803v2$\reg00086
c:\windows\$msi31uninstall_kb893803v2$\reg00087
c:\windows\$msi31uninstall_kb893803v2$\reg00088
c:\windows\$msi31uninstall_kb893803v2$\reg00089
c:\windows\$msi31uninstall_kb893803v2$\reg00090
c:\windows\$msi31uninstall_kb893803v2$\reg00091
c:\windows\$msi31uninstall_kb893803v2$\reg00092
c:\windows\$msi31uninstall_kb893803v2$\reg00093
c:\windows\$msi31uninstall_kb893803v2$\reg00094
c:\windows\$msi31uninstall_kb893803v2$\reg00095
c:\windows\$msi31uninstall_kb893803v2$\reg00096
c:\windows\$msi31uninstall_kb893803v2$\reg00097
c:\windows\$msi31uninstall_kb893803v2$\reg00098
c:\windows\$msi31uninstall_kb893803v2$\reg00099
c:\windows\$msi31uninstall_kb893803v2$\reg00100
c:\windows\$msi31uninstall_kb893803v2$\reg00101
c:\windows\$msi31uninstall_kb893803v2$\reg00102
c:\windows\$msi31uninstall_kb893803v2$\reg00103
c:\windows\$msi31uninstall_kb893803v2$\reg00104
c:\windows\$msi31uninstall_kb893803v2$\reg00105
c:\windows\$msi31uninstall_kb893803v2$\reg00106
c:\windows\$msi31uninstall_kb893803v2$\reg00107
c:\windows\$msi31uninstall_kb893803v2$\reg00108
c:\windows\$msi31uninstall_kb893803v2$\reg00109
c:\windows\$msi31uninstall_kb893803v2$\reg00110
c:\windows\$msi31uninstall_kb893803v2$\reg00111
c:\windows\$msi31uninstall_kb893803v2$\reg00112
c:\windows\$msi31uninstall_kb893803v2$\reg00113
c:\windows\$msi31uninstall_kb893803v2$\reg00114
c:\windows\$msi31uninstall_kb893803v2$\reg00115
c:\windows\$msi31uninstall_kb893803v2$\reg00116
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
c:\windows\dasetup.log
c:\windows\EventSystem.log
c:\windows\system32\AegisI5Installer.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-03-06 do 2015-04-06 )))))))))))))))))))))))))))))))
.
.
2015-04-05 16:04 . 2015-04-06 10:22 -------- d-----w- C:\FRST
2015-04-05 09:37 . 2015-04-05 09:09 24064 ----a-w- c:\windows\zoek-delete.exe
2015-04-05 09:09 . 2015-04-05 09:32 -------- d-----w- C:\zoek_backup
2015-04-04 16:46 . 2015-04-05 08:54 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-04-04 16:46 . 2015-04-04 16:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RogueKiller
2015-04-04 16:34 . 2015-04-04 16:34 -------- d-----w- C:\RegBackup
2015-04-04 12:46 . 2015-04-04 15:53 -------- d-----w- C:\AdwCleaner
2015-03-21 19:46 . 2015-03-21 20:20 -------- d-----w- c:\program files\The Witcher 2
2015-03-10 11:36 . 2015-03-10 11:36 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\Far Cry 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-01 08:32 . 2010-02-16 20:29 139832 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2015-04-01 08:32 . 2010-02-18 17:46 281768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2015-04-01 08:32 . 2010-02-16 20:29 281768 ----a-w- c:\windows\system32\PnkBstrB.exe
2015-03-31 10:57 . 2010-02-16 20:29 281768 ----a-w- c:\windows\system32\PnkBstrB.ex0
2015-03-10 11:32 . 2010-02-16 20:29 138904 ----a-w- c:\documents and settings\Uživatel\Data aplikací\PnkBstrK.sys
2015-03-10 11:32 . 2010-02-16 20:29 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2015-02-17 15:04 . 2015-02-17 15:04 1202848 ----a-w- c:\windows\system32\FM20.DLL
2015-02-11 20:18 . 2015-02-11 20:18 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2015-02-05 17:24 . 2012-07-02 13:43 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-02-05 17:24 . 2011-05-27 13:03 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-28 20:37 . 2015-01-28 20:37 48392 ----a-w- c:\windows\system32\certsentry.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-07-31 139264]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-04-16 154368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"AMTDeviceService"="c:\program files\AMT Media Manager\AMTDeviceService.exe" [2009-01-21 184320]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2009-11-02 1346000]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2009-11-02 906288]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-11-02 136544]
"USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-07-09 36352]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-01-16 2585744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-12-29 15635896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-12-29 108984]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-12-29 1982312]
"Super Charger"="c:\program files\MSI\Super Charger\Super Charger.exe" [2014-07-22 1014736]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-11 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ASUS SmartDoctor"=c:\program files\ASUS\SmartDoctor\SmartDoctor.exe /start
"Comrade.exe"=c:\program files\GameSpy\Comrade\Comrade.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Google Update"="c:\documents and settings\Uživatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
"EPSON Stylus DX4400 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "c:\docume~1\UIVATE~1\LOCALS~1\Temp\E_S566.tmp" /EF "HKCU"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"DivXMediaServer"=c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
"ASUSGamerOSD"=c:\program files\ASUS\GamerOSD\GamerOSD.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Sierra\\Empire Earth - The Art of Conquest\\EE-AOC.exe"=
"c:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"c:\\Program Files\\Landwirtschafts Simulator 2011\\FarmingSimulator2011.exe"=
"c:\\Program Files\\Landwirtschafts Simulator 2011\\game.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
"c:\\Games\\World_of_Tanks\\WOTLauncher.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sierra\\Empire Earth\\Empire Earth.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.0.game"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Games\\World_of_Warplanes\\WOWpLauncher.exe"=
"c:\\Games\\World_of_Warplanes\\WorldOfWarplanes.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\DivX\\DivX Media Server\\DivXMediaServer.exe"=
"c:\\Documents and Settings\\Uživatel\\Data aplikací\\GameMaker-Studio\\Runner.exe"=
"c:\\4GF.CZ\\4GF Game Client\\client.exe"=
"c:\\4GF.CZ\\4GF Game Client\\core.exe"=
"c:\\Documents and Settings\\Uživatel\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
"c:\\Program Files\\REALTEK\\11n USB Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\REALTEK\\11n USB Wireless LAN Utility\\RTLDHCP.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50088:TCP"= 50088:TCP:4GF Client
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
.
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [13.10.2005 15:46 35328]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.2.2010 20:20 715248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 16:47 108792]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [27.5.2014 14:58 2139328]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16.11.2009 9:04 735960]
R2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [28.8.2012 9:10 47616]
R2 MSI_LiveUpdate_Service;MSI_LiveUpdate_Service;c:\program files\MSI\Live Update\MSI_LiveUpdate_Service.exe [4.3.2015 11:20 1732048]
R2 MSI_SuperCharger;MSI_SuperCharger;c:\program files\MSI\Super Charger\ChargeService.exe [4.3.2015 11:35 162800]
R2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [13.2.2015 14:56 1706128]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [2.11.2009 18:52 431456]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2.3.2015 18:52 103040]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files\MSI\Super Charger\NTIOLib.sys [4.3.2015 11:35 14392]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update\NTIOLib.sys [4.3.2015 11:20 7680]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [24.8.2012 19:52 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [24.8.2012 19:52 8456]
S3 hid3331;hid3331;c:\windows\system32\drivers\Hid3331.sys [15.6.2010 21:15 41336]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [17.12.2012 23:02 25856]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [4.1.2014 23:50 13440]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [11.2.2015 22:23 606440]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;c:\program files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE [3.5.2005 22:42 323584]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [10.7.2008 18:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 3:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [10.7.2008 18:28 369688]
.
Obsah adresáře 'Naplánované úlohy'
.
2015-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-02 17:24]
.
2015-04-06 c:\windows\Tasks\Automatická údržba.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2010-02-16 08:59]
.
2015-03-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-20 23:28]
.
2015-04-06 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-20 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-Math Optimize - c:\documents and settings\Uživatel\Local Settings\Data aplikací\Math Problem Solver\Optimize.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\documents and settings\All Users\Data aplikací\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{Princ z Persie a hamizny kalif}_is1 - c:\program files\Princ z Persie a hamizny kalif\unins000.exe
AddRemove-MyFreeCodec - c:\program files\MyFree Codec\1.0b beta\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-04-06 12:51
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1715567821-1229272821-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1715567821-1229272821-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:52,63,7f,64,8c,61,f3,46,42,84,0b,ed,f0,4a,ed,5b,cd,01,22,41,55,47,67,
25,39,10,91,67,22,6d,2b,d1,64,43,58,9e,63,d8,81,a9,4d,ae,fd,d1,9a,49,74,6f,\
"??"=hex:8e,9a,71,27,c0,78,ba,e1,15,31,a5,22,8e,53,d3,16
.
[HKEY_USERS\S-1-5-21-1715567821-1229272821-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:ee,b9,34,cd,d8,30,61,c2,be,30,7e,08,ee,ff,41,01,28,c4,47,6c,33,
07,b9,71,ce,0d,6e,77,c1,7e,09,7f,10,1e,52,61,54,06,91,92,eb,b3,4e,e5,e1,35,\
"rkeysecu"=hex:0f,e2,41,90,8e,40,dc,e4,69,72,3e,12,1f,c9,07,8d
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1432)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(1488)
c:\windows\system32\relog_ap.dll
.
Celkový čas: 2015-04-06 12:55:00
ComboFix-quarantined-files.txt 2015-04-06 10:54
.
Před spuštěním: Volných bajtů: 394 893 586 432
Po spuštění: Volných bajtů: 394 884 775 936
.
- - End Of File - - 8970B1963002F28B2887DBF940212141
3B00EB857BBA060EBA3B17F7019E492F
Nahoru
Uživatelský avatar
Orcus
člen Security týmu
Elite Level 10.5
Elite Level 10.5
Příspěvky: 10645
Registrován: duben 10
Bydliště: Okolo rostou 3 růže =o)
Pohlaví: Muž
Stav:
Offline

Re: vyskakování nežádoucí reklamy

Příspěvekod Orcus » 06 dub 2015 19:49

Combofix znovu, zůstal zaplý FW od Esetu:
"ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}"
Láska hřeje, ale uhlí je uhlí. :fire:


Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.

Pár rad k bezpečnosti PC.

Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix

Pokud budete spokojeni , můžete podpořit naše fórum.
Nahoru
geralt1
Level 2
Level 2
Příspěvky: 232
Registrován: srpen 12
Pohlaví: Muž
Stav:
Offline

Re: vyskakování nežádoucí reklamy

Příspěvekod geralt1 » 06 dub 2015 23:47

ComboFix 15-04-01.01 - Uživatel 06.04.2015 23:26:17.9.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2558.1710 [GMT 2:00]
Spuštěný z: c:\documents and settings\Uživatel\Plocha\udržba\ComboFix.exe
AV: ESET Smart Security 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-03-06 do 2015-04-06 )))))))))))))))))))))))))))))))
.
.
2015-04-05 16:04 . 2015-04-06 10:22 -------- d-----w- C:\FRST
2015-04-05 09:37 . 2015-04-05 09:09 24064 ----a-w- c:\windows\zoek-delete.exe
2015-04-05 09:09 . 2015-04-05 09:32 -------- d-----w- C:\zoek_backup
2015-04-04 16:46 . 2015-04-05 08:54 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-04-04 16:46 . 2015-04-04 16:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RogueKiller
2015-04-04 16:34 . 2015-04-04 16:34 -------- d-----w- C:\RegBackup
2015-04-04 12:46 . 2015-04-04 15:53 -------- d-----w- C:\AdwCleaner
2015-03-21 19:46 . 2015-03-21 20:20 -------- d-----w- c:\program files\The Witcher 2
2015-03-10 11:36 . 2015-03-10 11:36 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\Far Cry 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-01 08:32 . 2010-02-16 20:29 139832 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2015-04-01 08:32 . 2010-02-18 17:46 281768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2015-04-01 08:32 . 2010-02-16 20:29 281768 ----a-w- c:\windows\system32\PnkBstrB.exe
2015-03-31 10:57 . 2010-02-16 20:29 281768 ----a-w- c:\windows\system32\PnkBstrB.ex0
2015-03-10 11:32 . 2010-02-16 20:29 138904 ----a-w- c:\documents and settings\Uživatel\Data aplikací\PnkBstrK.sys
2015-03-10 11:32 . 2010-02-16 20:29 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2015-02-17 15:04 . 2015-02-17 15:04 1202848 ----a-w- c:\windows\system32\FM20.DLL
2015-02-11 20:18 . 2015-02-11 20:18 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2015-02-05 17:24 . 2012-07-02 13:43 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-02-05 17:24 . 2011-05-27 13:03 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-28 20:37 . 2015-01-28 20:37 48392 ----a-w- c:\windows\system32\certsentry.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-07-31 139264]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-04-16 154368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"AMTDeviceService"="c:\program files\AMT Media Manager\AMTDeviceService.exe" [2009-01-21 184320]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2009-11-02 1346000]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2009-11-02 906288]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-11-02 136544]
"USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-07-09 36352]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-01-16 2585744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-12-29 15635896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-12-29 108984]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-12-29 1982312]
"Super Charger"="c:\program files\MSI\Super Charger\Super Charger.exe" [2014-07-22 1014736]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-11 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ASUS SmartDoctor"=c:\program files\ASUS\SmartDoctor\SmartDoctor.exe /start
"Comrade.exe"=c:\program files\GameSpy\Comrade\Comrade.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Google Update"="c:\documents and settings\Uživatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
"EPSON Stylus DX4400 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "c:\docume~1\UIVATE~1\LOCALS~1\Temp\E_S566.tmp" /EF "HKCU"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"DivXMediaServer"=c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
"ASUSGamerOSD"=c:\program files\ASUS\GamerOSD\GamerOSD.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Sierra\\Empire Earth - The Art of Conquest\\EE-AOC.exe"=
"c:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"c:\\Program Files\\Landwirtschafts Simulator 2011\\FarmingSimulator2011.exe"=
"c:\\Program Files\\Landwirtschafts Simulator 2011\\game.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
"c:\\Games\\World_of_Tanks\\WOTLauncher.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sierra\\Empire Earth\\Empire Earth.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.0.game"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Games\\World_of_Warplanes\\WOWpLauncher.exe"=
"c:\\Games\\World_of_Warplanes\\WorldOfWarplanes.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\DivX\\DivX Media Server\\DivXMediaServer.exe"=
"c:\\Documents and Settings\\Uživatel\\Data aplikací\\GameMaker-Studio\\Runner.exe"=
"c:\\4GF.CZ\\4GF Game Client\\client.exe"=
"c:\\4GF.CZ\\4GF Game Client\\core.exe"=
"c:\\Documents and Settings\\Uživatel\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
"c:\\Program Files\\REALTEK\\11n USB Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\REALTEK\\11n USB Wireless LAN Utility\\RTLDHCP.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50088:TCP"= 50088:TCP:4GF Client
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
.
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [13.10.2005 15:46 35328]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.2.2010 20:20 715248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 16:47 108792]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [27.5.2014 14:58 2139328]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16.11.2009 9:04 735960]
R2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [28.8.2012 9:10 47616]
R2 MSI_LiveUpdate_Service;MSI_LiveUpdate_Service;c:\program files\MSI\Live Update\MSI_LiveUpdate_Service.exe [4.3.2015 11:20 1732048]
R2 MSI_SuperCharger;MSI_SuperCharger;c:\program files\MSI\Super Charger\ChargeService.exe [4.3.2015 11:35 162800]
R2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [13.2.2015 14:56 1706128]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [2.11.2009 18:52 431456]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2.3.2015 18:52 103040]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files\MSI\Super Charger\NTIOLib.sys [4.3.2015 11:35 14392]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update\NTIOLib.sys [4.3.2015 11:20 7680]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [24.8.2012 19:52 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [24.8.2012 19:52 8456]
S3 hid3331;hid3331;c:\windows\system32\drivers\Hid3331.sys [15.6.2010 21:15 41336]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [17.12.2012 23:02 25856]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [4.1.2014 23:50 13440]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [11.2.2015 22:23 606440]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;c:\program files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE [3.5.2005 22:42 323584]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [10.7.2008 18:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 3:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [10.7.2008 18:28 369688]
.
Obsah adresáře 'Naplánované úlohy'
.
2015-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-02 17:24]
.
2015-04-06 c:\windows\Tasks\Automatická údržba.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2010-02-16 08:59]
.
2015-03-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-20 23:28]
.
2015-04-06 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-20 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-04-06 23:37
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1715567821-1229272821-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1715567821-1229272821-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:52,63,7f,64,8c,61,f3,46,42,84,0b,ed,f0,4a,ed,5b,cd,01,22,41,55,47,67,
25,39,10,91,67,22,6d,2b,d1,64,43,58,9e,63,d8,81,a9,4d,ae,fd,d1,9a,49,74,6f,\
"??"=hex:8e,9a,71,27,c0,78,ba,e1,15,31,a5,22,8e,53,d3,16
.
[HKEY_USERS\S-1-5-21-1715567821-1229272821-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:ee,b9,34,cd,d8,30,61,c2,be,30,7e,08,ee,ff,41,01,28,c4,47,6c,33,
07,b9,71,ce,0d,6e,77,c1,7e,09,7f,10,1e,52,61,54,06,91,92,eb,b3,4e,e5,e1,35,\
"rkeysecu"=hex:0f,e2,41,90,8e,40,dc,e4,69,72,3e,12,1f,c9,07,8d
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1432)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(1488)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(1924)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2015-04-06 23:40:31
ComboFix-quarantined-files.txt 2015-04-06 21:40
ComboFix2.txt 2015-04-06 10:55
.
Před spuštěním: Volných bajtů: 394 627 620 864
Po spuštění: Volných bajtů: 394 605 928 448
.
- - End Of File - - 18502AA5188EE3467284367DBF5057D5
3B00EB857BBA060EBA3B17F7019E492F
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: vyskakování nežádoucí reklamy

Příspěvekod jaro3 » 07 dub 2015 08:56

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Vlož nový log z HJT + informuj o problémech
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
geralt1
Level 2
Level 2
Příspěvky: 232
Registrován: srpen 12
Pohlaví: Muž
Stav:
Offline

Re: vyskakování nežádoucí reklamy

Příspěvekod geralt1 » 07 dub 2015 11:32

ComboFix - odinstalováno

Ccleaner - vyčištěno

OTC - vyčištěno

aswMBR
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-04-07 11:23:40
-----------------------------
11:23:40.171 OS Version: Windows 5.1.2600 Service Pack 3
11:23:40.171 Number of processors: 2 586 0x6B01
11:23:40.171 ComputerName: UZIVATEL-8E8F10 UserName: Uživatel
11:23:41.421 Initialize success
11:23:41.546 VM: initialized successfully
11:23:41.546 VM: Amd CPU virtualization not supported
11:23:49.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000093
11:23:49.937 Disk 0 Vendor: ST1000VX000-9YW162 CV12 Size: 953869MB BusType: 3
11:23:49.937 Device \Driver\nvata -> MajorFunction 8ad451f8
11:23:49.953 Disk 0 MBR read successfully
11:23:49.953 Disk 0 MBR scan
11:23:49.953 Disk 0 Windows XP default MBR code
11:23:49.968 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 63
11:23:49.968 Hidden System thread @ 0x899d0250
11:23:49.968 Disk 0 Boot: NTFS code=1
11:23:49.968 Disk 0 scanning sectors +1953520065
11:23:50.046 Disk 0 scanning C:\WINDOWS\system32\drivers
11:23:58.671 Service scanning
11:24:06.156 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
11:24:08.078 Modules scanning
11:24:08.078 \Driver\nvata MajorFunction[ IRP_MJ_CREATE ] @ 0x8ad451f8 suspicious
11:24:08.078 \Driver\nvata MajorFunction[ IRP_MJ_CREATE_NAMED_PIPE ] @ 0x8ad451f8 suspicious
11:24:08.093 \Driver\nvata MajorFunction[ IRP_MJ_CLOSE ] @ 0x8ad451f8 suspicious
11:24:08.093 \Driver\nvata MajorFunction[ IRP_MJ_READ ] @ 0x8ad451f8 suspicious
11:24:08.093 \Driver\nvata MajorFunction[ IRP_MJ_WRITE ] @ 0x8ad451f8 suspicious
11:24:08.093 \Driver\nvata MajorFunction[ IRP_MJ_QUERY_INFORMATION ] @ 0x8ad451f8 suspicious
11:24:08.109 \Driver\nvata MajorFunction[ IRP_MJ_SET_INFORMATION ] @ 0x8ad451f8 suspicious
11:24:08.109 \Driver\nvata MajorFunction[ IRP_MJ_QUERY_EA ] @ 0x8ad451f8 suspicious
11:24:08.109 \Driver\nvata MajorFunction[ IRP_MJ_SET_EA ] @ 0x8ad451f8 suspicious
11:24:08.109 \Driver\nvata MajorFunction[ IRP_MJ_FLUSH_BUFFERS ] @ 0x8ad451f8 suspicious
11:24:08.109 \Driver\nvata MajorFunction[ IRP_MJ_QUERY_VOLUME_INFORMATION ] @ 0x8ad451f8 suspicious
11:24:08.125 \Driver\nvata MajorFunction[ IRP_MJ_SET_VOLUME_INFORMATION ] @ 0x8ad451f8 suspicious
11:24:08.125 \Driver\nvata MajorFunction[ IRP_MJ_DIRECTORY_CONTROL ] @ 0x8ad451f8 suspicious
11:24:08.125 \Driver\nvata MajorFunction[ IRP_MJ_FILE_SYSTEM_CONTROL ] @ 0x8ad451f8 suspicious
11:24:08.125 \Driver\nvata MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8ad451f8 suspicious
11:24:08.125 \Driver\nvata MajorFunction[ IRP_MJ_SHUTDOWN ] @ 0x8ad451f8 suspicious
11:24:08.125 \Driver\nvata MajorFunction[ IRP_MJ_LOCK_CONTROL ] @ 0x8ad451f8 suspicious
11:24:08.140 \Driver\nvata MajorFunction[ IRP_MJ_CLEANUP ] @ 0x8ad451f8 suspicious
11:24:08.140 \Driver\nvata MajorFunction[ IRP_MJ_CREATE_MAILSLOT ] @ 0x8ad451f8 suspicious
11:24:08.140 \Driver\nvata MajorFunction[ IRP_MJ_QUERY_SECURITY ] @ 0x8ad451f8 suspicious
11:24:08.140 \Driver\nvata MajorFunction[ IRP_MJ_SET_SECURITY ] @ 0x8ad451f8 suspicious
11:24:08.140 \Driver\nvata MajorFunction[ IRP_MJ_POWER ] @ 0x8ad451f8 suspicious
11:24:08.140 \Driver\nvata MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8ad451f8 suspicious
11:24:08.156 \Driver\nvata MajorFunction[ IRP_MJ_DEVICE_CHANGE ] @ 0x8ad451f8 suspicious
11:24:08.156 \Driver\nvata MajorFunction[ IRP_MJ_QUERY_QUOTA ] @ 0x8ad451f8 suspicious
11:24:08.156 \Driver\nvata MajorFunction[ IRP_MJ_SET_QUOTA ] @ 0x8ad451f8 suspicious
11:24:08.156 \Driver\atapi DriverInit @ 0x8acd7298 suspicious
11:24:08.156 \Driver\usbohci MajorFunction[ IRP_MJ_CREATE ] @ 0x8aac5500 suspicious
11:24:08.156 \Driver\usbohci MajorFunction[ IRP_MJ_CLOSE ] @ 0x8aac5500 suspicious
11:24:08.171 \Driver\usbohci MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8aac5500 suspicious
11:24:08.171 \Driver\usbohci MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8aac5500 suspicious
11:24:08.171 \Driver\usbohci MajorFunction[ IRP_MJ_POWER ] @ 0x8aac5500 suspicious
11:24:08.171 \Driver\usbohci MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8aac5500 suspicious
11:24:08.171 \Driver\ao6oljjf MajorFunction[ IRP_MJ_CREATE ] @ 0x8a9b31f8 suspicious
11:24:08.171 \Driver\ao6oljjf MajorFunction[ IRP_MJ_CLOSE ] @ 0x8a9b31f8 suspicious
11:24:08.187 \Driver\ao6oljjf MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8a9b31f8 suspicious
11:24:08.187 \Driver\ao6oljjf MajorFunction[ IRP_MJ_POWER ] @ 0x8a9b31f8 suspicious
11:24:08.187 \Driver\ao6oljjf MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8a9b31f8 suspicious
11:24:08.187 \Driver\Ftdisk MajorFunction[ IRP_MJ_CREATE ] @ 0x8ad461f8 suspicious
11:24:08.187 \Driver\Ftdisk MajorFunction[ IRP_MJ_READ ] @ 0x8ad461f8 suspicious
11:24:08.187 \Driver\Ftdisk MajorFunction[ IRP_MJ_WRITE ] @ 0x8ad461f8 suspicious
11:24:08.187 \Driver\Ftdisk MajorFunction[ IRP_MJ_FLUSH_BUFFERS ] @ 0x8ad461f8 suspicious
11:24:08.203 \Driver\Ftdisk MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8ad461f8 suspicious
11:24:08.203 \Driver\Ftdisk MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8ad461f8 suspicious
11:24:08.203 \Driver\Ftdisk MajorFunction[ IRP_MJ_SHUTDOWN ] @ 0x8ad461f8 suspicious
11:24:08.203 \Driver\Ftdisk MajorFunction[ IRP_MJ_CLEANUP ] @ 0x8ad461f8 suspicious
11:24:08.203 \Driver\Ftdisk MajorFunction[ IRP_MJ_POWER ] @ 0x8ad461f8 suspicious
11:24:08.203 \Driver\Ftdisk MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8ad461f8 suspicious
11:24:08.218 \Driver\NetBT MajorFunction[ IRP_MJ_CREATE ] @ 0x89bb71f8 suspicious
11:24:08.218 \Driver\NetBT MajorFunction[ IRP_MJ_CLOSE ] @ 0x89bb71f8 suspicious
11:24:08.218 \Driver\NetBT MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x89bb71f8 suspicious
11:24:08.218 \Driver\NetBT MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x89bb71f8 suspicious
11:24:08.218 \Driver\NetBT MajorFunction[ IRP_MJ_CLEANUP ] @ 0x89bb71f8 suspicious
11:24:08.218 \Driver\Cdrom MajorFunction[ IRP_MJ_CREATE ] @ 0x8aa9e1f8 suspicious
11:24:08.234 \Driver\Cdrom MajorFunction[ IRP_MJ_CLOSE ] @ 0x8aa9e1f8 suspicious
11:24:08.234 \Driver\Cdrom MajorFunction[ IRP_MJ_READ ] @ 0x8aa9e1f8 suspicious
11:24:08.234 \Driver\Cdrom MajorFunction[ IRP_MJ_WRITE ] @ 0x8aa9e1f8 suspicious
11:24:08.234 \Driver\Cdrom MajorFunction[ IRP_MJ_FLUSH_BUFFERS ] @ 0x8aa9e1f8 suspicious
11:24:08.234 \Driver\Cdrom MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8aa9e1f8 suspicious
11:24:08.234 \Driver\Cdrom MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8aa9e1f8 suspicious
11:24:08.250 \Driver\Cdrom MajorFunction[ IRP_MJ_SHUTDOWN ] @ 0x8aa9e1f8 suspicious
11:24:08.250 \Driver\Cdrom MajorFunction[ IRP_MJ_POWER ] @ 0x8aa9e1f8 suspicious
11:24:08.250 \Driver\Cdrom MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8aa9e1f8 suspicious
11:24:08.250 \Driver\usbehci MajorFunction[ IRP_MJ_CREATE ] @ 0x8aaaf1f8 suspicious
11:24:08.250 \Driver\usbehci MajorFunction[ IRP_MJ_CLOSE ] @ 0x8aaaf1f8 suspicious
11:24:08.250 \Driver\usbehci MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8aaaf1f8 suspicious
11:24:08.265 \Driver\usbehci MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8aaaf1f8 suspicious
11:24:08.265 \Driver\usbehci MajorFunction[ IRP_MJ_POWER ] @ 0x8aaaf1f8 suspicious
11:24:08.265 \Driver\usbehci MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8aaaf1f8 suspicious
11:24:08.265 Disk 0 trace - called modules:
11:24:08.281 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync03.sys sfsync02.sys >>UNKNOWN [0x8ad451f8]<<
11:24:08.296 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8abd0ab8]
11:24:08.296 3 CLASSPNP.SYS[b8128fd7] -> nt!IofCallDriver -> \Device\00000095[0x8ac5fac0]
11:24:08.296 5 ACPI.sys[b7e69620] -> nt!IofCallDriver -> \Device\00000093[0x8ac8f030]
11:24:08.296 \Driver\nvata[0x8abd1f38] -> IRP_MJ_CREATE -> 0x8ad451f8
11:24:08.296 Disk 0 statistics 72701/0/0 @ 5,98 MB/s
11:24:08.296 Scan finished successfully
11:24:21.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Uživatel\Plocha\MBR.dat"
11:24:21.203 The log file has been saved successfully to "C:\Documents and Settings\Uživatel\Plocha\aswMBR.txt"


HJT
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:24:56, on 7.4.2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\AMT Media Manager\AMTDeviceService.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\MSI\Super Charger\Super Charger.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Comodo\Dragon\dragon_updater.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\LGScsiCommandService.exe
C:\Program Files\MSI\Live Update\MSI_LiveUpdate_Service.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\MSI\Super Charger\ChargeService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Uživatel\Plocha\udržba\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AMTDeviceService] "C:\Program Files\AMT Media Manager\AMTDeviceService.exe"
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Seagate Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [Super Charger] C:\Program Files\MSI\Super Charger\Super Charger.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Comodo Security Solutions, Inc. - C:\Program Files\Comodo\Dragon\dragon_updater.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LG SCSI command service (LGScsiCommandService) - Mobile Leader Co.,Ltd. - C:\WINDOWS\system32\LGScsiCommandService.exe
O23 - Service: MSI_LiveUpdate_Service - Micro-Star International - C:\Program Files\MSI\Live Update\MSI_LiveUpdate_Service.exe
O23 - Service: MSI_SuperCharger - MSI - C:\Program Files\MSI\Super Charger\ChargeService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9548 bytes


problémy
problémy jsou pořád stejné :( pořád vyskakuje ta reklama od "ADS by name", občas se mi při kliknutí na jakýkoliv odkaz otevře uplně jiná stránka (popsal sem to v předchozim příspěvku) a firefox je cely zpomalený do doby než reklamy naběhnou
tento problém je jen v prohlížeči firefox, google chrom ho nemá a neměl
Nahoru
Uživatelský avatar
Orcus
člen Security týmu
Elite Level 10.5
Elite Level 10.5
Příspěvky: 10645
Registrován: duben 10
Bydliště: Okolo rostou 3 růže =o)
Pohlaví: Muž
Stav:
Offline

Re: vyskakování nežádoucí reklamy

Příspěvekod Orcus » 07 dub 2015 14:40

Stáhni si OTL by OldTimer
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.
Láska hřeje, ale uhlí je uhlí. :fire:


Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.

Pár rad k bezpečnosti PC.

Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix

Pokud budete spokojeni , můžete podpořit naše fórum.
Nahoru
geralt1
Level 2
Level 2
Příspěvky: 232
Registrován: srpen 12
Pohlaví: Muž
Stav:
Offline

Re: vyskakování nežádoucí reklamy

Příspěvekod geralt1 » 07 dub 2015 14:44

třeba vám to pomůže najít zdroj problému, u firefoxu se tam něco opakuje
protokoly z esetu


6.4.2015 19:24:08 HTTP filtr soubor http://storage29-free.uloz.to/Ps;Hs;fid ... e&redirs=1 NSIS/StartPage.AQ trojský kůň přerušeno spojení - uložen do karantény UZIVATEL-8E8F10\Uživatel Infiltrace byla zachycena při přístupu na web aplikací: C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe.

6.4.2015 19:15:21 HTTP filtr soubor http://storage29-free.uloz.to/Ps;Hs;fid ... e&redirs=1 NSIS/StartPage.AQ trojský kůň přerušeno spojení - uložen do karantény UZIVATEL-8E8F10\Uživatel Infiltrace byla zachycena při přístupu na web aplikací: C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe.

5.4.2015 12:17:58 Rezidentní ochrana soubor C:\System Volume Information\_restore{15FD2C00-B628-4BCF-BCC8-710A16082974}\RP829\A0164600.exe varianta infiltrace Win32/Toolbar.CrossRider.CJ potenciálně nechtěná aplikace vyléčen smazáním - uložen do karantény NT AUTHORITY\SYSTEM Tato skutečnost byla zjištěna na souboru, který byl modifikován aplikací: C:\WINDOWS\System32\svchost.exe.

5.4.2015 11:28:55 Rezidentní ochrana soubor C:\zoek_backup\C_Program Files_Bechiro S.L\smartbar\1.8.8.12\uninstall.exe Win32/Toolbar.Montiera.B potenciálně nechtěná aplikace UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací: C:\WINDOWS\system32\xcopy.exe.

5.4.2015 11:28:55 Rezidentní ochrana soubor C:\zoek_backup\C_Program Files_Bechiro S.L\smartbar\1.8.8.12\smartbarTlbr.dll varianta infiltrace Win32/Toolbar.Montiera.F potenciálně nechtěná aplikace UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací: C:\WINDOWS\system32\xcopy.exe.

5.4.2015 11:28:54 Rezidentní ochrana soubor C:\zoek_backup\C_Program Files_Bechiro S.L\smartbar\1.8.8.12\smartbarsrv.exe varianta infiltrace Win32/Toolbar.Montiera.A potenciálně nechtěná aplikace UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací: C:\WINDOWS\system32\xcopy.exe.

5.4.2015 11:28:53 Rezidentní ochrana soubor C:\zoek_backup\C_Program Files_Bechiro S.L\smartbar\1.8.8.12\smartbarEng.dll varianta infiltrace Win32/Toolbar.Montiera.U potenciálně nechtěná aplikace UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací: C:\WINDOWS\system32\xcopy.exe.

5.4.2015 11:28:51 Rezidentní ochrana soubor C:\zoek_backup\C_Program Files_Bechiro S.L\smartbar\1.8.8.12\smartbarApp.dll varianta infiltrace Win32/Toolbar.Montiera.A potenciálně nechtěná aplikace UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací: C:\WINDOWS\system32\xcopy.exe.

5.4.2015 11:28:27 Rezidentní ochrana soubor C:\Program Files\Bechiro S.L\smartbar\1.8.8.12\escortShld.dll Win32/Toolbar.Funmoods potenciálně nechtěná aplikace smazán - uložen do karantény UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna při pokusu o přístup k souboru aplikací: C:\WINDOWS\system32\xcopy.exe.

4.4.2015 17:52:46 Rezidentní ochrana soubor C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\Download\{6688B795-F6F1-4676-92A7-9B58B287F367}\1.3.25.27\setup.exe.vir varianta infiltrace Win32/Toolbar.CrossRider.CJ potenciálně nechtěná aplikace nelze léčit UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na souboru, který byl modifikován aplikací: C:\Documents and Settings\Uživatel\Plocha\adwcleaner_4.200.exe.

4.4.2015 17:42:54 Rezidentní ochrana soubor C:\System Volume Information\_restore{15FD2C00-B628-4BCF-BCC8-710A16082974}\RP828\A0164341.exe Win32/Toolbar.CrossRider.CI potenciálně nechtěná aplikace smazán - uložen do karantény NT AUTHORITY\SYSTEM Tato skutečnost byla zjištěna při pokusu o přístup k souboru aplikací: C:\WINDOWS\System32\svchost.exe.

4.4.2015 9:33:40 Kontrola při startu soubor C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\ext coupons\ext_coupons_updating_service.exe Win32/Toolbar.CrossRider.CI potenciálně nechtěná aplikace smazán - uložen do karantény

4.4.2015 9:32:44 Rezidentní ochrana soubor C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\t05in2fb.default-1353513489031\cache2\entries\FE6950DC6DBFFB9759F231284FFD79A4BEB5B83B HTML/ScrInject.B.Gen virus smazán - uložen do karantény UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací: C:\Program Files\Mozilla Firefox\firefox.exe.

4.4.2015 9:32:42 Rezidentní ochrana soubor C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\t05in2fb.default-1353513489031\cache2\entries\9802088038668956CD5AB5629127B45EF1A99E02 HTML/ScrInject.B.Gen virus smazán - uložen do karantény UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací: C:\Program Files\Mozilla Firefox\firefox.exe.

4.4.2015 9:31:47 Rezidentní ochrana soubor C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\t05in2fb.default-1353513489031\cache2\entries\A7128F736BC95B53F47164E2C05FABA6B09426CB HTML/ScrInject.B.Gen virus smazán - uložen do karantény UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací: C:\Program Files\Mozilla Firefox\firefox.exe.

4.4.2015 9:31:45 Rezidentní ochrana soubor C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\t05in2fb.default-1353513489031\cache2\entries\469F89ED7F6E3D71A70D9CE68045257F86CEB456 HTML/ScrInject.B.Gen virus smazán - uložen do karantény UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací: C:\Program Files\Mozilla Firefox\firefox.exe.

2.4.2015 22:15:19 Kontrola při startu soubor Operační paměť » C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\ext coupons\ext_coupons_notification_service.exe varianta infiltrace Win32/Toolbar.CrossRider.CD potenciálně nechtěná aplikace vyléčen smazáním - uložen do karantény

2.4.2015 16:23:55 Rezidentní ochrana soubor C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\t05in2fb.default-1353513489031\extensions\jid1-sNL73VCI4UB0Fw@jetpack\content\overlay.js JS/Toolbar.Crossrider.C potenciálně nechtěná aplikace smazán - uložen do karantény UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací: C:\Documents and Settings\Uživatel\Data aplikací\kcqbDN60QT8AF954.exe.

2.4.2015 16:23:39 Rezidentní ochrana soubor C:\Documents and Settings\Uživatel\Data aplikací\Ndzsh2hUl6pCH466CLrx.exe varianta infiltrace Win32/Toolbar.CrossRider.CB potenciálně nechtěná aplikace smazán - uložen do karantény UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací: C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\1309828.exe.

2.4.2015 16:23:39 Rezidentní ochrana soubor C:\Documents and Settings\Uživatel\Data aplikací\kcqbDN60QT8AF954.exe varianta infiltrace Win32/Toolbar.CrossRider.CB potenciálně nechtěná aplikace UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací: C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\1309828.exe.

2.4.2015 16:23:39 Rezidentní ochrana soubor C:\Documents and Settings\Uživatel\Data aplikací\T4u35OJ62JO7cJp.exe varianta infiltrace Win32/Toolbar.CrossRider.CB potenciálně nechtěná aplikace smazán UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací: C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\1309828.exe.

2.4.2015 16:23:01 Rezidentní ochrana soubor C:\Documents and Settings\Uživatel\Data aplikací\QhmSEZ7JixlP3xPc4FsvNWuxz.exe varianta infiltrace Win32/Toolbar.CrossRider.CB potenciálně nechtěná aplikace smazán - uložen do karantény UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací: C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\1309828.exe.

2.4.2015 16:22:53 Rezidentní ochrana soubor C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\1309828.exe varianta infiltrace Win32/Toolbar.CrossRider.CB potenciálně nechtěná aplikace UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací: C:\Program Files\globalUpdate\Update\Install\{1707E91A-3EA9-4C04-8D9B-E2675EFE41D8}\setup.exe.

2.4.2015 16:22:52 Rezidentní ochrana soubor C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\ext coupons\ext_coupons_notification_service.exe varianta infiltrace Win32/Toolbar.CrossRider.CD potenciálně nechtěná aplikace UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací: C:\Program Files\globalUpdate\Update\Install\{1707E91A-3EA9-4C04-8D9B-E2675EFE41D8}\setup.exe.

21.3.2015 22:31:32 HTTP filtr soubor http://rp.t9e.net/crack/download.php?p= ... 3339b68f0b varianta infiltrace Win32/CoinMiner.VR.gen trojský kůň přerušeno spojení - uložen do karantény UZIVATEL-8E8F10\Uživatel Infiltrace byla zachycena při přístupu na web aplikací: C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe.

21.3.2015 22:17:54 Rezidentní ochrana soubor I:\SKIDROW\bin\paul.dll varianta infiltrace Win32/Packed.VMProtect.AAA trojský kůň vyléčen smazáním (po nejbližším restartu) - uložen do karantény UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna při pokusu o spuštění souboru aplikací: C:\WINDOWS\Explorer.EXE.
21.3.2015 21:48:50 Rezidentní ochrana soubor C:\RECYCLER\S-1-5-21-1715567821-1229272821-725345543-1004\Dc21.exe varianta infiltrace Win32/Systweak.H potenciálně nechtěná aplikace smazán - uložen do karantény UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na souboru, který byl modifikován aplikací: C:\WINDOWS\Explorer.EXE.

21.3.2015 21:48:50 Rezidentní ochrana soubor C:\RECYCLER\S-1-5-21-1715567821-1229272821-725345543-1004\Dc36.exe varianta infiltrace MSIL/Solimba.AL potenciálně nechtěná aplikace smazán - uložen do karantény UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na souboru, který byl modifikován aplikací: C:\WINDOWS\Explorer.EXE.

28.2.2015 21:38:03 HTTP filtr archiv http://dream.viralpostm.info/video/girl ... ota-supera JS/TrojanClicker.Agent.NFV trojský kůň přerušeno spojení - uložen do karantény UZIVATEL-8E8F10\Uživatel Infiltrace byla zachycena při přístupu na web aplikací: C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe.

21.2.2015 22:15:27 Rezidentní ochrana soubor C:\System Volume Information\_restore{15FD2C00-B628-4BCF-BCC8-710A16082974}\RP790\A0154804.dll varianta infiltrace Win32/Toolbar.Escort.A potenciálně nechtěná aplikace smazán - uložen do karantény NT AUTHORITY\SYSTEM Tato skutečnost byla zjištěna na souboru, který byl modifikován aplikací: C:\WINDOWS\System32\svchost.exe.

18.2.2015 10:52:22 Kontrola při startu soubor C:\Program Files\Bechiro S.L\smartbar\1.8.8.12\bh\smartbar.dll varianta infiltrace Win32/Toolbar.Escort.A potenciálně nechtěná aplikace smazán - uložen do karantény

17.2.2015 22:32:41 Rezidentní ochrana soubor C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\n7040\s7040.exe varianta infiltrace MSIL/Solimba.B potenciálně nechtěná aplikace UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací: C:\Documents and Settings\Uživatel\Dokumenty\Downloads\Enhanced Display Driver Helper Service 1.0.0.1.exe.

17.2.2015 22:25:03 Rezidentní ochrana soubor C:\Program Files\Bechiro S.L\smartbar\1.8.8.12\smartbarsrv.exe varianta infiltrace Win32/Toolbar.Montiera.A potenciálně nechtěná aplikace UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací: C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\Bechiro S.L\smartbar\1.8.8.12\smartbar4ie.exe.

17.2.2015 22:25:03 Rezidentní ochrana soubor C:\Program Files\Bechiro S.L\smartbar\1.8.8.12\smartbarTlbr.dll varianta infiltrace Win32/Toolbar.Montiera.F potenciálně nechtěná aplikace UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna při pokusu o spuštění souboru aplikací: C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\Bechiro S.L\smartbar\1.8.8.12\smartbar4ie.exe.

17.2.2015 22:24:48 Rezidentní ochrana soubor C:\Program Files\Bechiro S.L\smartbar\1.8.8.12\smartbarTlbr.dll varianta infiltrace Win32/Toolbar.Montiera.F potenciálně nechtěná aplikace UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací: C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\Bechiro S.L\smartbar\1.8.8.12\smartbar4ie.exe.

17.2.2015 22:24:48 Rezidentní ochrana soubor C:\Program Files\Bechiro S.L\smartbar\1.8.8.12\escortShld.dll Win32/Toolbar.Funmoods potenciálně nechtěná aplikace UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací: C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\Bechiro S.L\smartbar\1.8.8.12\smartbar4ie.exe.

17.2.2015 22:24:46 Rezidentní ochrana soubor C:\Program Files\Bechiro S.L\smartbar\1.8.8.12\smartbarEng.dll varianta infiltrace Win32/Toolbar.Montiera.U potenciálně nechtěná aplikace UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací: C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\Bechiro S.L\smartbar\1.8.8.12\smartbar4ie.exe.

17.2.2015 22:24:35 Rezidentní ochrana soubor C:\Program Files\Bechiro S.L\smartbar\1.8.8.12\smartbarApp.dll varianta infiltrace Win32/Toolbar.Montiera.A potenciálně nechtěná aplikace UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací: C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\Bechiro S.L\smartbar\1.8.8.12\smartbar4ie.exe.

17.2.2015 22:24:34 Rezidentní ochrana soubor C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\nsg34B.tmp\mt.dll Win32/Toolbar.Montiera.B potenciálně nechtěná aplikace UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna při pokusu o spuštění souboru aplikací: C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\Bechiro S.L\smartbar\1.8.8.12\smartbar4ffx.exe.

17.2.2015 22:24:34 Rezidentní ochrana soubor C:\Program Files\Bechiro S.L\smartbar\1.8.8.12\bh\smartbar.dll varianta infiltrace Win32/Toolbar.Escort.A potenciálně nechtěná aplikace UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací: C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\Bechiro S.L\smartbar\1.8.8.12\smartbar4ie.exe.

17.2.2015 22:24:30 Rezidentní ochrana soubor C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\nsw349.tmp\mt.dll Win32/Toolbar.Montiera.B potenciálně nechtěná aplikace UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna při pokusu o spuštění souboru aplikací: C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\Bechiro S.L\smartbar\1.8.8.12\smartbar4ie.exe.

17.2.2015 22:24:29 Rezidentní ochrana soubor C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\nsg34B.tmp\mt.dll Win32/Toolbar.Montiera.B potenciálně nechtěná aplikace UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací: C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\Bechiro S.L\smartbar\1.8.8.12\smartbar4ffx.exe.

17.2.2015 22:24:29 Rezidentní ochrana soubor C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\nsw349.tmp\mt.dll Win32/Toolbar.Montiera.B potenciálně nechtěná aplikace UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací: C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\Bechiro S.L\smartbar\1.8.8.12\smartbar4ie.exe.

17.2.2015 22:24:27 Rezidentní ochrana soubor C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\Bechiro S.L\smartbar\1.8.8.12\smartbar4ie.exe Win32/Toolbar.Montiera.E potenciálně nechtěná aplikace UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací: C:\Documents and Settings\Uživatel\Local Settings\Temp\n5155\smartbar_2501-73d63cb7.exe.

17.2.2015 22:24:22 Rezidentní ochrana soubor C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\Bechiro S.L\smartbar\1.8.8.12\smartbar4ffx.exe Win32/Toolbar.Montiera.E potenciálně nechtěná aplikace UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací: C:\Documents and Settings\Uživatel\Local Settings\Temp\n5155\smartbar_2501-73d63cb7.exe.

17.2.2015 22:24:22 Rezidentní ochrana soubor C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\nsn2E0.tmp\mt.dll Win32/Toolbar.Montiera.B potenciálně nechtěná aplikace UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací: C:\Documents and Settings\Uživatel\Local Settings\Temp\n5155\smartbar_2501-73d63cb7.exe.

17.2.2015 22:24:21 Rezidentní ochrana soubor C:\Documents and Settings\Uživatel\Local Settings\Temp\n5155\smartbar_2501-73d63cb7.exe Win32/Toolbar.Montiera.I potenciálně nechtěná aplikace UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na souboru, který byl modifikován aplikací: C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\n5155\s5155.exe.

17.2.2015 22:24:20 Rezidentní ochrana soubor C:\Documents and Settings\Uživatel\Local Settings\Temp\n5155\smartbar_2501-73d63cb7.exe Win32/Toolbar.Montiera.I potenciálně nechtěná aplikace UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací: C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\n5155\s5155.exe.

17.2.2015 22:23:45 HTTP filtr soubor http://d1qd2jv3uw36vk.cloudfront.net/sm ... d63cb7.exe Win32/Toolbar.Montiera.I potenciálně nechtěná aplikace UZIVATEL-8E8F10\Uživatel Infiltrace byla zachycena při přístupu na web aplikací: C:\Documents and Settings\Uživatel\Local Settings\temp\n5155\s5155.exe.

17.2.2015 22:23:04 Rezidentní ochrana soubor C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\n5155\s5155.exe varianta infiltrace MSIL/Solimba.B potenciálně nechtěná aplikace UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací: C:\Documents and Settings\Uživatel\Dokumenty\Downloads\Enhanced Display Driver Helper Service 1.0.0.1.exe.

17.2.2015 22:22:57 Rezidentní ochrana soubor C:\Documents and Settings\Uživatel\Dokumenty\Downloads\Enhanced Display Driver Helper Service 1.0.0.1.exe varianta infiltrace MSIL/Solimba.AL potenciálně nechtěná aplikace UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na souboru, který byl modifikován aplikací: C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe.

17.2.2015 22:22:36 Rezidentní ochrana soubor C:\Documents and Settings\Uživatel\Dokumenty\Downloads\Nepotvrzeno 517981.crdownload varianta infiltrace MSIL/Solimba.AL potenciálně nechtěná aplikace UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na souboru, který byl modifikován aplikací: C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe.

17.2.2015 22:22:34 HTTP filtr soubor http://get.smiledmanager.com/n/3.2.128/ ... 0/Enhanced Display Driver Helper Service 1.0.0.1.exe?secure=1424204831_ccf2e4c392f482bb0ab31005136e240f varianta infiltrace MSIL/Solimba.AL potenciálně nechtěná aplikace UZIVATEL-8E8F10\Uživatel Infiltrace byla zachycena při přístupu na web aplikací: C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe.

14.2.2015 19:35:11 Rezidentní ochrana soubor C:\System Volume Information\_restore{15FD2C00-B628-4BCF-BCC8-710A16082974}\RP780\A0147257.exe Win32/AdClicker.NBH trojský kůň vyléčen smazáním - uložen do karantény NT AUTHORITY\SYSTEM Tato skutečnost byla zjištěna při pokusu o přístup k souboru aplikací: C:\WINDOWS\System32\svchost.exe.

13.2.2015 20:42:56 Rezidentní ochrana soubor C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\PXd0m+Cd.exe.part Win32/CentrumDownloader.A potenciálně nechtěná aplikace smazán UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na souboru, který byl modifikován aplikací: C:\Program Files\Mozilla Firefox\firefox.exe.

13.2.2015 20:42:35 HTTP filtr archiv http://www.stahuj.centrum.cz/primo/down ... trumcz.exe Win32/CentrumDownloader.A potenciálně nechtěná aplikace přerušeno spojení - uložen do karantény UZIVATEL-8E8F10\Uživatel Infiltrace byla zachycena při přístupu na web aplikací: C:\Program Files\Mozilla Firefox\firefox.exe.

13.2.2015 17:29:14 Kontrola při startu soubor C:\Documents and Settings\Uživatel\Data aplikací\IESecure.exe Win32/AdClicker.NBH trojský kůň vyléčen smazáním - uložen do karantény

19.1.2015 21:55:04 Rezidentní ochrana soubor G:\SÃ-Å¥ový_adaptér_Ethernet_Ovladač_aktualizace_10-2014.exe varianta infiltrace Win32/Systweak.H potenciálně nechtěná aplikace UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací: C:\WINDOWS\Explorer.EXE.

19.1.2015 21:54:48 Rezidentní ochrana soubor C:\Documents and Settings\Uživatel\Dokumenty\Downloads\SÃ-Å¥ový_adaptér_Ethernet_Ovladač_aktualizace_10-2014.exe varianta infiltrace Win32/Systweak.H potenciálně nechtěná aplikace UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na souboru, který byl modifikován aplikací: C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe.

19.1.2015 21:54:40 Rezidentní ochrana soubor C:\Documents and Settings\Uživatel\Dokumenty\Downloads\Nepotvrzeno 821348.crdownload varianta infiltrace Win32/Systweak.H potenciálně nechtěná aplikace UZIVATEL-8E8F10\Uživatel Tato skutečnost byla zjištěna na souboru, který byl modifikován aplikací: C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe.

19.1.2015 21:54:37 HTTP filtr soubor http://www.solvusoft.com/cs/download/driverdoc/Síťový_adaptér_Ethernet_Ovladač_aktualizace_10-2014.exe varianta infiltrace Win32/Systweak.H potenciálně nechtěná aplikace UZIVATEL-8E8F10\Uživatel Infiltrace byla zachycena při přístupu na web aplikací: C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe.
Nahoru
geralt1
Level 2
Level 2
Příspěvky: 232
Registrován: srpen 12
Pohlaví: Muž
Stav:
Offline

Re: vyskakování nežádoucí reklamy

Příspěvekod geralt1 » 07 dub 2015 15:14

OTL logfile created on: 7.4.2015 14:51:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Uživatel\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,50 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 73,49% Memory free
4,34 Gb Paging File | 3,76 Gb Available in Paging File | 86,54% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931,51 Gb Total Space | 384,01 Gb Free Space | 41,22% Space Free | Partition Type: NTFS

Computer Name: UZIVATEL-8E8F10 | User Name: Uživatel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Uživatel\Plocha\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
PRC - C:\Program Files\MSI\Live Update\MSI_LiveUpdate_Service.exe (Micro-Star International)
PRC - C:\Program Files\MSI\Super Charger\Super Charger.exe (MSI)
PRC - C:\Program Files\Comodo\Dragon\dragon_updater.exe (Comodo Security Solutions, Inc.)
PRC - C:\Program Files\MSI\Super Charger\ChargeService.exe (MSI)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\WINDOWS\system32\LGScsiCommandService.exe (Mobile Leader Co.,Ltd.)
PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
PRC - C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
PRC - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Seagate)
PRC - C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
PRC - C:\Program Files\AMT Media Manager\AMTDeviceService.exe ()
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe (TuneUp Software GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\USB Disk Win98 Driver\Res.exe (ali)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\f0b0625c2db624ba9c97ad1b12490d79\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\fd639d8d8def70deaf3b26cd073577f3\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\06b454361516e65eca55a743cd93cefc\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1cdfe1998ad6794db3237006906c6fa2\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Program Files\NVIDIA Corporation\nView\nvShell.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_cs_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files\Seagate\DiscWizard\fox.dll ()
MOD - C:\Program Files\AMT Media Manager\AMTDeviceService.exe ()
MOD - C:\Program Files\WinRAR\rarlng.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Winamp\winampa.exe ()
MOD - C:\Program Files\TuneUp Utilities 2008\MSI_D6.bpl ()
MOD - C:\Program Files\TuneUp Utilities 2008\ehs_d6.bpl ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\xvid.ax ()
MOD - C:\Program Files\MSI\Live Update\unrar.dll ()


========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NvNetworkService) -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
SRV - (MSI_LiveUpdate_Service) -- C:\Program Files\MSI\Live Update\MSI_LiveUpdate_Service.exe (Micro-Star International)
SRV - (DragonUpdater) -- C:\Program Files\Comodo\Dragon\dragon_updater.exe (Comodo Security Solutions, Inc.)
SRV - (MSI_SuperCharger) -- C:\Program Files\MSI\Super Charger\ChargeService.exe (MSI)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (LGScsiCommandService) -- C:\WINDOWS\system32\LGScsiCommandService.exe (Mobile Leader Co.,Ltd.)
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (SgtSch2Svc) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Seagate)
SRV - (ATKKeyboardService) -- C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)


========== Driver Services (SafeList) ==========

DRV - (PCIDump) -- File not found
DRV - (aswVmm) -- C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\aswVmm.sys File not found
DRV - (aswMBR) -- C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\aswMBR.sys File not found
DRV - (ao6oljjf) -- File not found
DRV - (TrueSight) -- C:\WINDOWS\system32\drivers\TrueSight.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (NTIOLib_1_0_3) -- C:\Program Files\MSI\Super Charger\NTIOLib.sys (MSI)
DRV - (timounter) -- C:\WINDOWS\system32\drivers\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\drivers\snapman.sys (Acronis)
DRV - (tdrpman) -- C:\WINDOWS\system32\drivers\tdrpman.sys (Acronis)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (AtiHDAudioService) -- C:\WINDOWS\system32\drivers\AtihdXP3.sys (Advanced Micro Devices)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (pneteth) -- C:\WINDOWS\system32\drivers\pneteth.sys (June Fabrics Technology Inc.)
DRV - (RTL8192su) -- C:\WINDOWS\system32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (NTIOLib_1_0_4) -- C:\Program Files\MSI\Live Update\NTIOLib.sys (MSI)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (epfwtdi) -- C:\WINDOWS\system32\drivers\epfwtdi.sys (ESET)
DRV - (epfw) -- C:\WINDOWS\system32\drivers\epfw.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (motandroidusb) -- C:\WINDOWS\system32\drivers\motoandroid.sys (Motorola)
DRV - (Epfwndis) -- C:\WINDOWS\system32\drivers\epfwndis.sys (ESET)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (RsFx0102) -- C:\WINDOWS\system32\drivers\RsFx0102.sys (Microsoft Corporation)
DRV - (hid3331) -- C:\WINDOWS\system32\drivers\Hid3331.sys ( )
DRV - (asusgsb) -- C:\WINDOWS\system32\drivers\asusgsb.sys (ASUSTeK Computer Inc.)
DRV - (Video3D) -- C:\WINDOWS\system32\drivers\Video3D32.sys (ASUSTeK COMPUTER INC.)
DRV - (EIO) -- C:\WINDOWS\system32\drivers\EIO.sys (ASUSTeK Computer Inc.)
DRV - (asuskbnt) -- C:\WINDOWS\system32\drivers\atkkbnt.sys (ASUSTeK COMPUTER INC.)
DRV - (BlueletAudio) -- C:\WINDOWS\system32\drivers\blueletaudio.sys (IVT Corporation.)
DRV - (Btcsrusb) -- C:\WINDOWS\system32\drivers\btcusb.sys (IVT Corporation.)
DRV - (BlueletSCOAudio) -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys (IVT Corporation.)
DRV - (BT) -- C:\WINDOWS\system32\drivers\btnetdrv.sys (IVT Corporation.)
DRV - (BTHidMgr) -- C:\WINDOWS\system32\drivers\BTHidMgr.sys (IVT Corporation.)
DRV - (BTHidEnum) -- C:\WINDOWS\system32\drivers\vbtenum.sys (IVT Corporation.)
DRV - (VcommMgr) -- C:\WINDOWS\system32\drivers\VcommMgr.sys (IVT Corporation.)
DRV - (VComm) -- C:\WINDOWS\system32\drivers\VComm.sys (IVT Corporation.)
DRV - (ASUSVRC) -- C:\WINDOWS\system32\drivers\AsusVRC.sys (ASUSTeK COMPUTER INC.)
DRV - (BTNetFilter) -- C:\Program Files\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys (IVT Corporation.)
DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (cm102u32) -- C:\WINDOWS\system32\drivers\c6501.sys (C-Media Inc)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (sfsync03) -- C:\WINDOWS\system32\drivers\sfsync03.sys (Protection Technology)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvata) -- C:\WINDOWS\system32\drivers\nvata.sys (NVIDIA Corporation)
DRV - (sfdrv01) -- C:\WINDOWS\system32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) -- C:\WINDOWS\system32\drivers\sfhlp02.sys (Protection Technology)
DRV - (sfsync02) -- C:\WINDOWS\system32\drivers\sfsync02.sys (Protection Technology)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "CZ"
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.region: "CZ"
FF - prefs.js..browser.startup.homepage: "https://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: jid1-sNL73VCI4UB0Fw%40jetpack:1006.7.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:37.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010.02.21 20:45:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2015.04.06 15:37:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011.10.11 20:26:25 | 000,000,000 | ---D | M]

[2012.12.29 01:40:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Extensions
[2015.04.05 11:06:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\t05in2fb.default-1353513489031\extensions
[2015.04.02 16:08:09 | 000,000,000 | ---D | M] (jid1sNL73VCI4UB0Fwjetpack) -- C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\t05in2fb.default-1353513489031\extensions\jid1-sNL73VCI4UB0Fw@jetpack
[2015.04.04 09:49:46 | 000,970,672 | ---- | M] () (No name found) -- C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\t05in2fb.default-1353513489031\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2015.04.06 15:37:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2015.04.06 15:37:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\UĹĽIVATEL\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\T05IN2FB.DEFAULT-1353513489031\EXTENSIONS\JID1-SNL73VCI4UB0FW@JETPACK
[2012.12.27 13:19:41 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006.10.26 21:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2014.08.05 19:20:22 | 000,227,728 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

========== Chrome ==========

CHR - plugin: Error reading preferences file

O1 HOSTS File: ([2015.04.06 12:51:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AMTDeviceService] C:\Program Files\AMT Media Manager\AMTDeviceService.exe ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvBackend] C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Super Charger] C:\Program Files\MSI\Super Charger\Super Charger.exe (MSI)
O4 - HKLM..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.exe (ali)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [TuneUp MemOptimizer] C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe (TuneUp Software GmbH)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]http in Internet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49FA7B41-3A30-492C-8108-7471F854FB0A}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.02.15 21:03:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012.11.20 17:22:46 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2015.04.07 14:46:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Uživatel\Plocha\OTL.exe
[2015.04.07 11:14:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Uživatel\Recent
[2015.04.07 11:11:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2015.04.06 15:37:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2015.04.05 11:37:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2015.04.05 11:09:30 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2015.04.04 18:46:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\RogueKiller
[2015.04.04 18:34:33 | 000,000,000 | ---D | C] -- C:\RegBackup
[2015.04.04 14:46:03 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015.03.21 22:13:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uživatel\Dokumenty\The Witcher 2
[2015.03.21 22:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\The Witcher 2
[2015.03.21 21:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\The Witcher 2
[2015.03.10 13:36:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\R.G. Mechanics
[2015.03.10 13:36:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uživatel\Data aplikací\Far Cry 3

========== Files - Modified Within 30 Days ==========

[2015.04.07 14:46:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Uživatel\Plocha\OTL.exe
[2015.04.07 11:24:21 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Uživatel\Plocha\MBR.dat
[2015.04.07 11:24:15 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015.04.07 11:18:52 | 000,000,518 | ---- | M] () -- C:\WINDOWS\tasks\Automatická údržba.job
[2015.04.07 11:18:52 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
[2015.04.07 11:18:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015.04.07 11:18:44 | 000,359,344 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2015.04.07 11:05:03 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2015.04.06 12:51:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2015.04.06 11:50:55 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Uživatel\Plocha\Firefox.lnk
[2015.04.06 11:47:46 | 000,115,712 | ---- | M] () -- C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2015.04.05 11:09:29 | 000,024,064 | ---- | M] () -- C:\WINDOWS\zoek-delete.exe
[2015.04.05 10:54:42 | 000,035,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2015.04.02 17:07:00 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\029B560A371F4E00AB32838EBC01B9E7
[2015.04.02 16:28:05 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2015.04.01 10:32:23 | 000,139,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2015.04.01 10:32:03 | 000,281,768 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2015.03.31 12:57:40 | 000,281,768 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2015.03.21 22:29:59 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\Uživatel\default.pls
[2015.03.21 22:11:02 | 000,000,539 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Start The Witcher 2.lnk
[2015.03.14 14:35:54 | 000,002,563 | ---- | M] () -- C:\Documents and Settings\Uživatel\Plocha\Microsoft Office Word 2007.lnk
[2015.03.10 13:36:24 | 000,000,959 | ---- | M] () -- C:\Documents and Settings\Uživatel\Plocha\Far Cry 3.lnk
[2015.03.10 13:32:24 | 000,138,904 | ---- | M] () -- C:\Documents and Settings\Uživatel\Data aplikací\PnkBstrK.sys
[2015.03.08 16:50:14 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job

========== Files Created - No Company Name ==========

[2015.04.07 11:24:21 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Uživatel\Plocha\MBR.dat
[2015.04.06 11:50:55 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Uživatel\Plocha\Firefox.lnk
[2015.04.05 11:37:38 | 000,024,064 | ---- | C] () -- C:\WINDOWS\zoek-delete.exe
[2015.04.04 18:46:27 | 000,035,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2015.04.02 17:07:00 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\029B560A371F4E00AB32838EBC01B9E7
[2015.04.01 19:58:52 | 1027,064,218 | ---- | C] () -- C:\Documents and Settings\Uživatel\Plocha\Rok-jedna-2009-DVDrip-cz-dabing-(Xvid.mp3).avi
[2015.03.21 22:11:02 | 000,000,539 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Start The Witcher 2.lnk
[2015.03.10 13:36:24 | 000,000,959 | ---- | C] () -- C:\Documents and Settings\Uživatel\Plocha\Far Cry 3.lnk
[2015.03.02 18:51:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2015.03.02 18:51:10 | 000,662,787 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2015.02.17 22:37:54 | 000,643,142 | ---- | C] () -- C:\WINDOWS\aticlocklib.dll
[2015.02.17 22:37:54 | 000,110,592 | ---- | C] () -- C:\WINDOWS\R5ClkLib.dll
[2015.02.17 22:37:54 | 000,020,480 | ---- | C] () -- C:\WINDOWS\HyperDrive.exe
[2015.02.17 22:37:52 | 000,196,653 | ---- | C] () -- C:\WINDOWS\System32\drivers\aVivid.bin
[2015.02.17 22:37:52 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nVivid.bin
[2015.02.17 22:37:52 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nStandard.bin
[2015.02.17 22:37:52 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAsmedia.bin
[2015.02.17 22:37:52 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAdvanced.bin
[2015.02.17 22:37:52 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAdvanced.bin
[2015.02.17 22:37:52 | 000,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aStandard.bin
[2015.02.17 22:37:52 | 000,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAsmedia.bin
[2015.02.17 22:37:52 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2015.02.17 22:37:51 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2015.02.17 22:37:51 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2015.02.17 22:37:51 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2015.02.17 22:37:51 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2015.02.17 22:37:51 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2015.02.17 22:37:51 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2015.02.17 22:37:51 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2015.02.17 22:37:51 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2015.02.16 23:06:21 | 000,000,287 | ---- | C] () -- C:\WINDOWS\game.ini
[2015.02.13 15:59:50 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2015.02.11 22:18:10 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2014.01.05 17:13:55 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\ra3.ini
[2013.12.14 22:01:49 | 003,190,168 | R--- | C] () -- C:\WINDOWS\System32\pb.exe
[2013.10.20 23:31:35 | 000,799,536 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2013.08.28 18:54:14 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2012.12.30 12:39:39 | 000,115,712 | ---- | C] () -- C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.20 19:10:49 | 001,863,339 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-1715567821-1229272821-725345543-1004-0.dat
[2012.12.20 19:10:48 | 000,327,042 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
[2012.11.12 18:24:38 | 000,124,845 | ---- | C] () -- C:\Documents and Settings\Uživatel\AdobeFnt10.lst
[2010.07.14 16:06:27 | 000,003,898 | ---- | C] () -- C:\Documents and Settings\Uživatel\backup.reg
[2010.02.22 13:18:47 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\fusioncache.dat
[2010.02.21 18:16:45 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\fusioncache.dat
[2010.02.21 17:49:19 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\fusioncache.dat
[2010.02.20 23:15:32 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\Uživatel\default.pls
[2010.02.16 22:29:18 | 000,138,904 | ---- | C] () -- C:\Documents and Settings\Uživatel\Data aplikací\PnkBstrK.sys

========== ZeroAccess Check ==========

[2010.02.16 22:06:54 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.06.28 23:33:24 | 001,510,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:56:05 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 09:52:06 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2015.02.16 21:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Ashampoo
[2013.10.31 15:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk
[2014.09.11 21:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVG
[2010.05.09 13:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Bluetooth
[2012.11.01 14:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Caphyon
[2014.09.11 21:57:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\Common Files
[2012.01.08 17:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\EA Core
[2014.01.04 01:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Electronic Arts
[2010.02.25 18:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\EPSON
[2011.10.11 20:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2013.04.04 16:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2012.11.18 14:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IsolatedStorage
[2012.05.02 21:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\NokiaInstallerCache
[2013.12.14 23:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Orbit
[2014.06.04 14:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Origin
[2012.05.02 15:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2015.04.04 18:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\RogueKiller
[2014.03.22 09:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Samsung
[2012.08.25 12:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Seagate
[2014.08.13 16:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Spidla Data Processing, s.r.o
[2013.09.18 20:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2012.11.12 18:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Test Drive Unlimited
[2015.02.16 21:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\tmp
[2010.02.16 20:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
[2010.10.30 16:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Ubisoft
[2011.08.03 21:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\UDL
[2014.06.16 13:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\[Manufacturer]
[2014.09.11 21:58:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Data aplikací\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014.08.26 22:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Špidla Data Processing, s.r.o
[2014.08.24 22:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\.minecraft
[2010.10.04 21:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\.Torrent Swapper
[2012.11.01 14:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\4GF.CZ
[2014.08.27 22:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Absolutist
[2014.09.11 21:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\AnvSoft
[2013.10.31 15:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Autodesk
[2014.09.11 21:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\AVG
[2010.10.04 19:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\BitSpirit
[2015.03.04 11:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2014.01.04 18:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Command and Conquer 4
[2010.02.19 22:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\DAEMON Tools
[2014.01.22 14:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\DDMSettings
[2014.08.13 16:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\DominiGames
[2010.10.31 20:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Electronic Arts
[2010.07.18 18:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\EPSON
[2011.10.11 20:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\ESET
[2015.03.10 13:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Far Cry 3
[2014.08.16 19:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Fenomen Games
[2014.03.16 16:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\GameMaker-Studio
[2011.05.17 19:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\GHISLER
[2012.08.24 22:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\HD Tune Pro
[2015.04.01 12:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\HLSW
[2014.08.28 12:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\iMaxGen
[2012.11.18 14:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\IsolatedStorage
[2014.10.04 22:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\KoshyJohn.com
[2012.10.18 21:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Maxthon3
[2010.05.09 13:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\MOBILedit
[2013.04.05 20:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Nokia
[2012.02.08 20:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Opera
[2014.06.04 14:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Origin
[2013.04.05 20:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\PC Suite
[2011.12.24 20:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\PunkBuster
[2012.11.27 21:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Red Alert 3
[2014.06.11 14:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Red Alert 3 Uprising
[2011.09.21 15:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Rovio
[2014.03.22 10:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Samsung
[2014.08.31 10:46:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Seznam.cz
[2014.08.28 12:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\SMIGames
[2014.07.08 18:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\spidla
[2014.08.13 16:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Spidla Data Processing, s.r.o
[2014.08.14 18:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\TMInc
[2010.02.16 20:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\TuneUp Software
[2010.10.30 16:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Ubisoft
[2013.02.18 22:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\uTorrent
[2014.08.14 18:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\V-Games
[2010.03.25 18:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\VitySoft
[2013.05.17 16:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\wargaming.net
[2011.09.17 13:44:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\XRay Engine
[2011.01.23 20:48:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Zoner
[2014.08.26 22:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Špidla Data Processing, s.r.o

========== Purity Check ==========



< End of report >
Nahoru
Odpovědět

Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 100 hostů