Při každém spuštění windowsů mi vyskočí okénko wssetup.exe Vyřešeno

[KamilaS]

ten poslední log měl víc jak 60000 řádků tak jsem ho musela rozdělit jestli to nevadí, děkuju

[Reklama]

[jaro3]

Nevadí.

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.

Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "

- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje "Smazání skončeno "
- Klikni na "Zprávy " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[KamilaS]

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : P. a K. Szabovy [Práva správce]
Mód : Kontrola -- Datum : 06/12/2013 10:22:37
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 2 ¤¤¤
[SUSP PATH] WxDFast.exe -- C:\ProgramData\Premium\WxDFast\WxDFast.exe [-] -> SMAZÁNO [TermProc]
[BLPATH] OptimizerPro.exe -- C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe [-] -> SMAZÁNO [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 9 ¤¤¤
[RUN][Rans.Gendarm] HKLM\[...]\Run : Realtek Camera Manager (C:\Windows\system32\RunLegacyCPLElevated.exe shell32.dll,Control_RunDLL "C:\Windows\system32\Realtek Camera Manager.cpl") [7] -> NALEZENO
[TASK][SUSP PATH] WxDFastUpdaterTask{51C80B91-553D-4CFB-A511-C86DD8370897}.job : C:\ProgramData\Premium\WxDFast\WxDFast.exe /schedule /profilepath "C:\ProgramData\Premium\WxDFast\profile.ini" [-] -> NALEZENO
[TASK][BLPATH] schedule!3036567561.job : C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe /schedule /profile "c:\programdata\bettersoft\optimizerpro\3036567561.ini" [-] -> NALEZENO
[TASK][SUSP PATH] Hoolapp For Android : C:\Users\PAK~1.SZA\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE /Check [x] -> NALEZENO
[TASK][SUSP PATH] Hoolapp Init : C:\Users\P. a K. Szabovy\AppData\Roaming\HoolappForAndroid\Hoolapp.exe /Minimized [x] -> NALEZENO
[TASK][SUSP PATH] RunAsStdUser Task : "C:\Users\P. a K. Szabovy\AppData\Local\RavenBleuSA\bin\1.0.13.0\RavenBleuSA.exe" [x] -> NALEZENO
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
SSDT[84] : NtCreateSection @ 0x8306413D -> HOOKED (Unknown @ 0x9305321E)
SSDT[299] : NtRequestWaitReplyPort @ 0x8307EB22 -> HOOKED (Unknown @ 0x93053228)
SSDT[316] : NtSetContextThread @ 0x8311E851 -> HOOKED (Unknown @ 0x93053223)
SSDT[347] : NtSetSecurityObject @ 0x830427F7 -> HOOKED (Unknown @ 0x9305322D)
SSDT[368] : NtSystemDebugControl @ 0x830C67D2 -> HOOKED (Unknown @ 0x93053232)
SSDT[370] : NtTerminateProcess @ 0x8309BD86 -> HOOKED (Unknown @ 0x930531BF)
S_SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x93053246)
S_SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x9305324B)

¤¤¤ Nákaza : Rogue.ProgFiles|Rans.Gendarm ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EALX-009BA0 +++++
--- User ---
[MBR] 608aac626f2a56a52f454c9de60ba0c8
[BSP] da6ca8bfc332d8b697f854e6bb8b6f7c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 945863 Mo
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1937129472 | Size: 8000 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1]_S_06122013_02d1022.txt >>
RKreport[1]_S_06122013_02d1022.txt

[KamilaS]

ComboFix 13-06-08.02 - P. a K. Szabovy 12.06.2013 10:26:39.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3319.1989 [GMT 2:00]
Spuštěný z: c:\users\P. a K. Szabovy\Desktop\PROTIVIROVŢ PROGRAMY Z PC HELP\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\coonttinnuetosaVee
c:\programdata\Microsoft\Windows\Start Menu\Programs\wxDownload Fast
c:\programdata\Microsoft\Windows\Start Menu\Programs\wxDownload Fast\Uninstall wxDownload Fast.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\wxDownload Fast\wxDownload Fast on the Web.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\wxDownload Fast\wxDownload Fast.lnk
c:\programdata\Search-NewTAib
c:\programdata\wxDownload
c:\programdata\wxDownload\5075a07389063.html
c:\programdata\wxDownload\5075a07389085.js
c:\programdata\wxDownload\data\5075a07389085.js
c:\programdata\wxDownload\data\jsondb.js
c:\programdata\wxDownload\ghlnbikegnbhobeheejikjpibphafjlh.crx
c:\programdata\wxDownload\settings.ini
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI33522\_ctypes.pyd
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI33522\_elementtree.pyd
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI33522\_hashlib.pyd
c:\users\P. a K. Szabovy\AppData\Local\Temp\_MEI33522\_multiprocessing.pyd
c:\users\P. a K. Szabovy\AppData\Local\Temp\_MEI33522\_socket.pyd
c:\users\P. a K. Szabovy\AppData\Local\Temp\_MEI33522\_ssl.pyd
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI33522\pyexpat.pyd
c:\users\P. a K. Szabovy\AppData\Local\Temp\_MEI33522\pysqlite2._sqlite.pyd
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI33522\python27.dll
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI33522\pythoncom27.dll
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI33522\PyWinTypes27.dll
c:\users\P. a K. Szabovy\AppData\Local\Temp\_MEI33522\select.pyd
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI33522\unicodedata.pyd
c:\users\P. a K. Szabovy\AppData\Local\Temp\_MEI33522\win32api.pyd
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI33522\win32com.shell.shell.pyd
c:\users\P. a K. Szabovy\AppData\Local\Temp\_MEI33522\win32crypt.pyd
c:\users\P. a K. Szabovy\AppData\Local\Temp\_MEI33522\win32event.pyd
c:\users\P. a K. Szabovy\AppData\Local\Temp\_MEI33522\win32file.pyd
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI33522\win32inet.pyd
c:\users\P. a K. Szabovy\AppData\Local\Temp\_MEI33522\win32pdh.pyd
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI33522\win32process.pyd
c:\users\P. a K. Szabovy\AppData\Local\Temp\_MEI33522\win32profile.pyd
c:\users\P. a K. Szabovy\AppData\Local\Temp\_MEI33522\win32security.pyd
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI33522\win32ts.pyd
c:\users\P. a K. Szabovy\AppData\Local\Temp\_MEI33522\windows._cacheinvalidation.pyd
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI33522\wx._controls_.pyd
c:\users\P. a K. Szabovy\AppData\Local\Temp\_MEI33522\wx._core_.pyd
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI33522\wx._gdi_.pyd
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI33522\wx._html2.pyd
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI33522\wx._misc_.pyd
c:\users\P. a K. Szabovy\AppData\Local\Temp\_MEI33522\wx._windows_.pyd
c:\users\P. a K. Szabovy\AppData\Local\Temp\_MEI33522\wx._wizard.pyd
c:\users\P. a K. Szabovy\AppData\Local\Temp\_MEI33522\wxbase294u_net_vc90.dll
c:\users\P. a K. Szabovy\AppData\Local\Temp\_MEI33522\wxbase294u_vc90.dll
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI33522\wxmsw294u_adv_vc90.dll
c:\users\P. a K. Szabovy\AppData\Local\Temp\_MEI33522\wxmsw294u_core_vc90.dll
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI33522\wxmsw294u_html_vc90.dll
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI33522\wxmsw294u_webview_vc90.dll
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\_ctypes.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\_elementtree.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\_hashlib.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\_multiprocessing.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\_socket.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\_ssl.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\pyexpat.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\pysqlite2._sqlite.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\python27.dll
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\pythoncom27.dll
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\PyWinTypes27.dll
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\select.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\unicodedata.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\win32api.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\win32com.shell.shell.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\win32crypt.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\win32event.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\win32file.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\win32inet.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\win32pdh.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\win32process.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\win32profile.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\win32security.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\win32ts.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\windows._cacheinvalidation.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\wx._controls_.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\wx._core_.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\wx._gdi_.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\wx._html2.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\wx._misc_.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\wx._windows_.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\wx._wizard.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\wxbase294u_net_vc90.dll
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\wxbase294u_vc90.dll
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\wxmsw294u_adv_vc90.dll
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\wxmsw294u_core_vc90.dll
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\wxmsw294u_html_vc90.dll
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI33522\wxmsw294u_webview_vc90.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-05-12 do 2013-06-12 )))))))))))))))))))))))))))))))
.
.
2013-06-12 08:32 . 2013-06-12 08:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-06-12 08:32 . 2013-06-12 08:32 -------- d-----w- c:\users\UpdatusUser.PaKSzabovy-PC\AppData\Local\temp
2013-06-12 08:32 . 2013-06-12 08:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-11 20:01 . 2013-06-11 20:02 237 ----a-w- c:\windows\DeleteOnReboot.bat
2013-06-11 19:08 . 2013-06-11 19:08 -------- d-----w- c:\users\P. a K. Szabovy\AppData\Roaming\Avira
2013-06-11 19:03 . 2013-06-11 19:03 66656 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-06-11 19:02 . 2013-06-11 19:00 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-06-11 19:02 . 2013-06-11 19:00 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-06-11 19:02 . 2013-06-11 19:00 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-06-11 19:02 . 2013-06-11 19:02 -------- d-----w- c:\programdata\Avira
2013-06-11 19:02 . 2013-06-11 19:02 -------- d-----w- c:\program files\Avira
2013-06-11 18:28 . 2013-06-11 18:28 -------- d-----w- c:\users\P. a K. Szabovy\AppData\Roaming\Malwarebytes
2013-06-11 18:27 . 2013-06-11 18:27 -------- d-----w- c:\programdata\Malwarebytes
2013-06-11 18:27 . 2013-06-11 18:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-11 18:27 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-11 18:05 . 2013-06-11 18:05 -------- d-----w- c:\users\P. a K. Szabovy\AppData\Local\Adobe
2013-06-10 15:20 . 2013-06-10 15:20 -------- d-----w- c:\program files\Trend Micro
2013-06-08 19:18 . 2013-06-08 19:19 -------- d-----w- c:\program files\Farmscapes Collector's Edition
2013-06-08 18:57 . 2013-06-08 18:57 -------- d-----w- c:\program files\Barn Yarn
2013-06-08 08:45 . 2013-06-08 08:45 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-06-08 08:45 . 2013-06-08 08:45 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-06-05 14:58 . 2013-06-08 08:48 -------- d-----w- c:\users\P. a K. Szabovy\PŘEMĚNĚNÉ SOUBORY
2013-06-05 13:45 . 2013-06-05 13:45 802136 ----a-w- c:\program files\uTorrent.exe
2013-06-05 13:43 . 2013-06-08 20:35 -------- d-----w- c:\users\P. a K. Szabovy\AppData\Roaming\uTorrent
2013-06-04 03:52 . 2013-06-04 03:52 -------- d-----w- c:\users\P. a K. Szabovy\AppData\Local\Programs
2013-06-03 16:28 . 2013-06-03 16:28 -------- d-----w- c:\program files\Imikimi
2013-06-03 14:51 . 2013-06-03 14:52 -------- d-----w- c:\program files\Gardenscapes 2 Collector's Edition
2013-06-02 13:12 . 2013-06-02 13:12 -------- d-----w- c:\windows\system32\jmdp
2013-06-02 13:12 . 2013-06-02 13:12 -------- d-----w- c:\windows\system32\ARFC
2013-06-02 13:12 . 2013-05-21 13:31 1167152 ----a-w- c:\windows\system32\dmwu.exe
2013-06-02 13:12 . 2013-05-21 13:28 27136 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-06-02 13:12 . 2013-02-05 07:25 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-06-02 13:12 . 2013-02-05 07:25 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-06-02 13:12 . 2013-02-05 07:25 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-06-01 17:19 . 2013-06-01 17:19 -------- d-----w- c:\users\P. a K. Szabovy\AppData\Roaming\Playrix Entertainment
2013-06-01 17:19 . 2013-06-01 17:19 -------- d-----w- c:\program files\Games
2013-05-29 14:25 . 2011-05-30 13:42 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2013-05-29 14:25 . 2011-05-23 09:52 153088 ----a-w- c:\windows\system32\xvid.ax
2013-05-29 14:25 . 2011-05-23 07:46 645632 ----a-w- c:\windows\system32\xvidcore.dll
2013-05-28 10:44 . 2013-05-28 11:15 -------- d-----w- c:\users\P. a K. Szabovy\AppData\Roaming\Systweak
2013-05-26 14:22 . 2013-05-26 14:22 -------- d-----w- c:\program files\Winter Olympics
2013-05-26 13:32 . 2013-05-26 13:32 -------- d-----w- c:\program files\CIGLER SOFTWARE
2013-05-26 13:32 . 2013-05-26 13:33 -------- d-----w- c:\programdata\CIGLER SOFTWARE
2013-05-26 13:32 . 2013-05-26 13:33 -------- d-----w- c:\program files\Common Files\CIGLER SOFTWARE
2013-05-21 12:18 . 2013-05-21 12:18 -------- d-----w- c:\users\P. a K. Szabovy\AppData\Roaming\Friday's games
2013-05-21 08:44 . 2013-05-21 08:44 -------- d-----w- c:\programdata\StarApp
2013-05-21 08:44 . 2013-05-21 08:44 -------- d-----w- c:\programdata\BetterSoft
2013-05-20 12:41 . 2013-05-20 12:41 -------- d-----w- c:\users\P. a K. Szabovy\AppData\Roaming\Python-Eggs
2013-05-20 12:40 . 2013-05-21 08:38 -------- d-----w- c:\users\P. a K. Szabovy\AppData\Roaming\BitLord
2013-05-20 12:36 . 2013-05-21 08:37 -------- d-----w- c:\program files\BitLord 2
2013-05-20 12:34 . 2013-05-21 07:58 -------- d-----w- c:\users\P. a K. Szabovy\AppData\Roaming\HoolappForAndroid
2013-05-18 11:21 . 2013-05-18 11:21 -------- d-----w- c:\users\P. a K. Szabovy\AppData\Roaming\iPumper
2013-05-17 12:01 . 2013-05-17 12:01 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-05-15 17:58 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 17:58 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 17:58 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 17:58 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 17:58 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 17:58 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-15 17:58 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-15 17:58 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-05-13 19:54 . 2013-05-13 19:54 -------- d-----w- c:\windows\system32\Extensions
2013-05-13 19:54 . 2013-05-13 19:54 -------- d-----w- c:\windows\system32\searchplugins
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 19:26 . 2012-04-21 05:42 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-15 19:26 . 2011-11-15 13:48 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-11 04:26 . 2010-06-24 10:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:28 . 2011-11-15 13:55 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-30 08:28 . 2013-04-30 08:28 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 08:28 . 2013-04-30 08:28 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-04-30 08:28 . 2013-04-30 08:28 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 08:28 . 2013-04-30 08:28 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-04-30 08:28 . 2013-04-30 08:28 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-04-30 08:28 . 2013-04-30 08:28 158720 ----a-w- c:\windows\system32\msls31.dll
2013-04-30 08:28 . 2013-04-30 08:28 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-04-30 08:28 . 2013-04-30 08:28 138752 ----a-w- c:\windows\system32\wextract.exe
2013-04-30 08:28 . 2013-04-30 08:28 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-30 08:28 . 2013-04-30 08:28 12800 ----a-w- c:\windows\system32\mshta.exe
2013-04-30 08:28 . 2013-04-30 08:28 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-30 08:28 . 2013-04-30 08:28 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-30 08:28 . 2013-04-30 08:28 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-30 08:28 . 2013-04-30 08:28 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-04-30 08:28 . 2013-04-30 08:28 361984 ----a-w- c:\windows\system32\html.iec
2013-04-30 08:28 . 2013-04-30 08:28 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-30 08:28 . 2013-04-30 08:28 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-19 10:14 . 2013-04-19 10:15 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-19 10:14 . 2012-09-14 05:59 866720 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-04-19 10:14 . 2012-02-23 16:28 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-17 18:20 . 2012-12-15 09:50 23872 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2013-04-13 04:45 . 2013-05-15 17:58 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 17:58 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 06:46 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-23 01:09 . 2013-03-23 01:09 354656 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2013-03-19 05:04 . 2013-04-16 09:55 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-16 09:55 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-16 09:55 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-16 09:55 69632 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-18 491840]
"Facebook Update"="c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-01-04 138096]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2013-04-16 19662744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-07-07 10754664]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560]
"Realtek Camera Manager"="c:\windows\system32\RunLegacyCPLElevated.exe" [2009-07-14 57856]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-06-11 345312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R1 etzknwtk;etzknwtk;c:\windows\system32\drivers\etzknwtk.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x32.sys [x]
R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2012-07-27 49016]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2010-10-19 41088]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-12-15 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-12-15 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-12-15 27136]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-15 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-06-11 37352]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [2013-04-18 574272]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-06-11 86752]
S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-06-11 562744]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [2012-06-22 625816]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-05 19:08 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 19:26]
.
2013-06-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-515406080-459877351-3489255866-1001Core.job
- c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-04 14:52]
.
2013-06-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-515406080-459877351-3489255866-1001UA.job
- c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-04 14:52]
.
2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-04 07:17]
.
2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-04 07:17]
.
2013-06-12 c:\windows\Tasks\schedule!3036567561.job
- c:\programdata\BetterSoft\OptimizerPro\OptimizerPro.exe [2013-05-21 19:58]
.
2013-06-12 c:\windows\Tasks\WxDFastUpdaterTask{51C80B91-553D-4CFB-A511-C86DD8370897}.job
- c:\programdata\Premium\WxDFast\WxDFast.exe [2012-10-10 12:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: servis24.cz\www
TCP: DhcpNameServer = 176.107.120.35 176.107.120.42
FF - ProfilePath - c:\users\P. a K. Szabovy\AppData\Roaming\Mozilla\Firefox\Profiles\jdxx4i86.default\
FF - ExtSQL: 2013-05-01 11:07; ascsurfingprotection@iobit.com; c:\users\P. a K. Szabovy\AppData\Roaming\Mozilla\Firefox\Profiles\jdxx4i86.default\extensions\ascsurfingprotection@iobit.com
FF - ExtSQL: 2013-05-31 09:39; vvzlczx@hroam.net; c:\users\P. a K. Szabovy\AppData\Roaming\Mozilla\Firefox\Profiles\jdxx4i86.default\extensions\vvzlczx@hroam.net
FF - ExtSQL: 2013-05-31 09:39; uayi032s@uia.net; c:\users\P. a K. Szabovy\AppData\Roaming\Mozilla\Firefox\Profiles\jdxx4i86.default\extensions\uayi032s@uia.net
FF - ExtSQL: 2013-05-31 09:39; rsusksw@uoiyue.edu; c:\users\P. a K. Szabovy\AppData\Roaming\Mozilla\Firefox\Profiles\jdxx4i86.default\extensions\rsusksw@uoiyue.edu
FF - ExtSQL: 2013-05-31 09:39; oeeo-i@dxhf-.net; c:\users\P. a K. Szabovy\AppData\Roaming\Mozilla\Firefox\Profiles\jdxx4i86.default\extensions\oeeo-i@dxhf-.net
FF - ExtSQL: 2013-06-04 04:56; iobitapps@mybrowserbar.com; c:\program files\IObit Apps Toolbar\FF
FF - ExtSQL: !HIDDEN! 2011-11-23 13:07; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-SP_09b71135 - c:\program files\ContinueToSave\uninstall.exe
AddRemove-SP_b0285714 - c:\program files\WebSearch\uninstall.exe
AddRemove-WxDFast - c:\progra~2\INSTAL~1\WxDFast\Setup.exe
AddRemove-{8B1881C3-A40C-4DF3-BFD2-CCD2FEDD7D83} - c:\progra~2\INSTAL~1\{8B188~1\Setup.exe
AddRemove-{A537F3B1-7588-313F-2101-E7E8CB4B42ED} - c:\progra~2\INSTAL~1\{99A6A~1\Setup.exe
AddRemove-{AB38ECBD-0B5B-0377-4F20-CDF79414BF19} - c:\progra~2\INSTAL~1\{B731B~1\Setup.exe
AddRemove-{E63B21F9-C9BD-0292-47E5-B971F4479EE1} - c:\progra~2\INSTAL~1\{9CD2D~1\Setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e7,04,c2,68,eb,fa,cd,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\taskhost.exe
c:\program files\IObit\Advanced SystemCare 6\Monitor.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2013-06-12 10:36:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-06-12 08:36
ComboFix2.txt 2013-02-18 08:58
ComboFix3.txt 2012-10-01 10:03
.
Před spuštěním: Volných bajtů: 424 917 958 656
Po spuštění: Volných bajtů: 424 631 541 760
.
- - End Of File - - 9BB9B5CFD7BB074C58C55A42E59EA04B
A36C5E4F47E84449FF07ED3517B43A31

[KamilaS]

děkuju a můžu se zeptat nač tolik logů a operací a programů a killer, to jsem jako měla zavirovanej celej počítač? můžete mi prosím osvětlit co s ním bylo nebo je? děkuju

[guest]

Zjednodušeně řečeno, každý program je na jiného vetřelce. Jako u doktora, jeden hledá vši, jiný zase tasemnici.
Krom toho i po čistících programech zůstanou jejich stopy v PC a i ty se musí odstranit.
Každé takové čištění musí být důkladné a proto je to tak náročné.

[jaro3]

Odinstaluj:
BetterSoft\OptimizerPro (Adware!)

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
Collect::
c:\windows\system32\drivers\etzknwtk.sys

File::
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-515406080-459877351-3489255866-1001Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-515406080-459877351-3489255866-1001UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update
c:\program files\Skype\Updater
c:\program files\Google\Update

Driver::
etzknwtk
SkypeUpdate

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"=-

Firefox::
FF - ProfilePath - c:\users\P. a K. Szabovy\AppData\Roaming\Mozilla\Firefox\Profiles\jdxx4i86.default\
FF - ExtSQL: 2013-05-01 11:07; ascsurfingprotection@iobit.com; c:\users\P. a K. Szabovy\AppData\Roaming\Mozilla\Firefox\Profiles\jdxx4i86.default\extensions\ascsurfingprotection@iobit.com
FF - ExtSQL: 2013-05-31 09:39; vvzlczx@hroam.net; c:\users\P. a K. Szabovy\AppData\Roaming\Mozilla\Firefox\Profiles\jdxx4i86.default\extensions\vvzlczx@hroam.net
FF - ExtSQL: 2013-05-31 09:39; uayi032s@uia.net; c:\users\P. a K. Szabovy\AppData\Roaming\Mozilla\Firefox\Profiles\jdxx4i86.default\extensions\uayi032s@uia.net
FF - ExtSQL: 2013-05-31 09:39; rsusksw@uoiyue.edu; c:\users\P. a K. Szabovy\AppData\Roaming\Mozilla\Firefox\Profiles\jdxx4i86.default\extensions\rsusksw@uoiyue.edu
FF - ExtSQL: 2013-05-31 09:39; oeeo-i@dxhf-.net; c:\users\P. a K. Szabovy\AppData\Roaming\Mozilla\Firefox\Profiles\jdxx4i86.default\extensions\oeeo-i@dxhf-.net
FF - ExtSQL: 2013-06-04 04:56; iobitapps@mybrowserbar.com; c:\program files\IObit Apps Toolbar\FF
FF - ExtSQL: !HIDDEN! 2011-11-23 13:07; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
 07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
 36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
 9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
 aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
 df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
 fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
 51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e7,04,c2,68,eb,fa,cd,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[KamilaS]

takže jsem se zasekla u odinstalování tohoto programu nebo souboru? ve složce, kterou jsem si udělala pro všechny programy a logy co jste po mě chtěli mám ve složce RK Quarantine soubor OptimizerPro.exe.vir ale to nejde odinstalovat jedině vymazat? mám takový dojem, že tenhle soubor má co do činění s programem Advance..care tak jsem ho pro jistotu odinstalovala. Ale ted nevim jak dál postupovat. bettersoft/optimizerPro jsem hledala všude ve stažených souborech, program files, C: použila jsem odinstalační programy: Revo Uninstaler a standartní windows. přidat odebrat programy ale nic. omlouvám se taková ptákovina odinstalovat jeden program......děkuju že se nebudete zlobit nebo se na mě nevykašlete

[jaro3]

Nevykašleme

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.

Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "

- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje "Smazání skončeno "
- Klikni na "Zprávy " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Postupuj bez té odinstalace bettersoft/optimizerPro , já ho pak odmažu.

Udělej nyní ten script v Combofixu.

[KamilaS]

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : P. a K. Szabovy [Práva správce]
Mód : Odebrat -- Datum : 06/13/2013 10:51:57
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 2 ¤¤¤
[BLPATH] OptimizerPro.exe -- C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe [-] -> SMAZÁNO [TermProc]
[SUSP PATH] WxDFast.exe -- C:\ProgramData\Premium\WxDFast\WxDFast.exe [-] -> SMAZÁNO [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 9 ¤¤¤
[RUN][Rans.Gendarm] HKLM\[...]\Run : Realtek Camera Manager (C:\Windows\system32\RunLegacyCPLElevated.exe shell32.dll,Control_RunDLL "C:\Windows\system32\Realtek Camera Manager.cpl") [7] -> VYMAZÁNO
[TASK][SUSP PATH] WxDFastUpdaterTask{51C80B91-553D-4CFB-A511-C86DD8370897}.job : C:\ProgramData\Premium\WxDFast\WxDFast.exe /schedule /profilepath "C:\ProgramData\Premium\WxDFast\profile.ini" [-] -> VYMAZÁNO
[TASK][BLPATH] schedule!3036567561.job : C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe /schedule /profile "c:\programdata\bettersoft\optimizerpro\3036567561.ini" [-] -> VYMAZÁNO
[TASK][SUSP PATH] Hoolapp For Android : C:\Users\PAK~1.SZA\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE /Check [x] -> VYMAZÁNO
[TASK][SUSP PATH] Hoolapp Init : C:\Users\P. a K. Szabovy\AppData\Roaming\HoolappForAndroid\Hoolapp.exe /Minimized [x] -> VYMAZÁNO
[TASK][SUSP PATH] RunAsStdUser Task : "C:\Users\P. a K. Szabovy\AppData\Local\RavenBleuSA\bin\1.0.13.0\RavenBleuSA.exe" [x] -> VYMAZÁNO
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
SSDT[84] : NtCreateSection @ 0x8306E13D -> HOOKED (Unknown @ 0x9A0534D6)
SSDT[299] : NtRequestWaitReplyPort @ 0x83088B22 -> HOOKED (Unknown @ 0x9A0534E0)
SSDT[316] : NtSetContextThread @ 0x8312884D -> HOOKED (Unknown @ 0x9A0534DB)
SSDT[347] : NtSetSecurityObject @ 0x8304C7F7 -> HOOKED (Unknown @ 0x9A0534E5)
SSDT[368] : NtSystemDebugControl @ 0x830D07D2 -> HOOKED (Unknown @ 0x9A0534EA)
SSDT[370] : NtTerminateProcess @ 0x830A5D86 -> HOOKED (Unknown @ 0x9A053477)
S_SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x9A0534FE)
S_SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x9A053503)

¤¤¤ Nákaza : Rogue.ProgFiles|Rans.Gendarm ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EALX-009BA0 +++++
--- User ---
[MBR] 608aac626f2a56a52f454c9de60ba0c8
[BSP] da6ca8bfc332d8b697f854e6bb8b6f7c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 945863 Mo
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1937129472 | Size: 8000 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[2]_D_06132013_02d1051.txt >>
RKreport[1]_S_06132013_02d1051.txt ; RKreport[2]_D_06132013_02d1051.txt

[KamilaS]

ComboFix 13-06-12.02 - P. a K. Szabovy 13.06.2013 11:03:11.4.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3319.2178 [GMT 2:00]
Spuštěný z: c:\users\P. a K. Szabovy\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\P. a K. Szabovy\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-515406080-459877351-3489255866-1001Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-515406080-459877351-3489255866-1001UA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Update
c:\program files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.21.145\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.145\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.21.145\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.21.145\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.21.145\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.21.145\goopdate.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_am.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_ar.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_bg.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_bn.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_ca.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_cs.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_da.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_de.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_el.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_en.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_es.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_et.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_fa.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_fi.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_fil.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_fr.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_gu.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_hi.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_hr.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_hu.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_id.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_is.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_it.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_iw.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_ja.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_kn.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_ko.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_lt.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_lv.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_ml.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_mr.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_ms.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_nl.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_no.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_pl.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_ro.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_ru.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_sk.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_sl.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_sr.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_sv.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_sw.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_ta.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_te.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_th.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_tr.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_uk.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_ur.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_vi.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.21.145\psmachine.dll
c:\program files\Google\Update\1.3.21.145\psuser.dll
c:\program files\Google\Update\Download\{3C122445-AECE-4309-90B7-85A6AEF42AC0}\0.0.0.0\gsync.msi
c:\program files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\27.0.1453.110\27.0.1453.110_27.0.1453.94_chrome_updater.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdate.exe
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdateHelper.msi
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ar.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bg.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bn.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ca.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_cs.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_da.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_de.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_el.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en-GB.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es-419.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_et.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fa.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fi.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fil.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fr.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_gu.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hi.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hr.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hu.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_id.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_is.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_it.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_iw.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ja.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_kn.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ko.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lt.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lv.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ml.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_mr.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ms.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_nl.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_no.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_or.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pl.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-BR.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-PT.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ro.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ru.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sk.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sl.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sr.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sv.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ta.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_te.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_th.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_tr.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_uk.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ur.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_vi.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-CN.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-TW.dll
c:\users\P. a K. Szabovy\AppData\Local\Facebook\Update\FacebookUpdate.exe
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI26842\_ctypes.pyd
c:\users\P. a K. Szabovy\AppData\Local\Temp\_MEI26842\_elementtree.pyd
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI26842\_hashlib.pyd
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI26842\_multiprocessing.pyd
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI26842\_socket.pyd
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI26842\_ssl.pyd
c:\users\P. a K. Szabovy\AppData\Local\Temp\_MEI26842\pyexpat.pyd
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI26842\pysqlite2._sqlite.pyd
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI26842\python27.dll
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI26842\pythoncom27.dll
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI26842\PyWinTypes27.dll
c:\users\P. a K. Szabovy\AppData\Local\Temp\_MEI26842\select.pyd
c:\users\P. a K. Szabovy\AppData\Local\Temp\_MEI26842\unicodedata.pyd
c:\users\P. a K. Szabovy\AppData\Local\Temp\_MEI26842\win32api.pyd
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI26842\win32com.shell.shell.pyd
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI26842\win32crypt.pyd
c:\users\P. a K. Szabovy\AppData\Local\Temp\_MEI26842\win32event.pyd
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI26842\win32file.pyd
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI26842\win32inet.pyd
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI26842\win32pdh.pyd
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI26842\win32process.pyd
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI26842\win32profile.pyd
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI26842\win32security.pyd
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI26842\win32ts.pyd
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI26842\windows._cacheinvalidation.pyd
c:\users\P. a K. Szabovy\AppData\Local\Temp\_MEI26842\wx._controls_.pyd
c:\users\P. a K. Szabovy\AppData\Local\Temp\_MEI26842\wx._core_.pyd
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI26842\wx._gdi_.pyd
c:\users\P. a K. Szabovy\AppData\Local\Temp\_MEI26842\wx._html2.pyd
c:\users\P. a K. Szabovy\AppData\Local\Temp\_MEI26842\wx._misc_.pyd
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI26842\wx._windows_.pyd
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI26842\wx._wizard.pyd
c:\users\P. a K. Szabovy\AppData\Local\Temp\_MEI26842\wxbase294u_net_vc90.dll
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI26842\wxbase294u_vc90.dll
c:\users\P. a K. Szabovy\AppData\Local\Temp\_MEI26842\wxmsw294u_adv_vc90.dll
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI26842\wxmsw294u_core_vc90.dll
c:\users\P. a K. Szabovy\AppData\Local\Temp\_MEI26842\wxmsw294u_html_vc90.dll
c:\users\P. a K. Szabovy\AppData\Local\temp\_MEI26842\wxmsw294u_webview_vc90.dll
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\_ctypes.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\_elementtree.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\_hashlib.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\_multiprocessing.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\_socket.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\_ssl.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\pyexpat.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\pysqlite2._sqlite.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\python27.dll
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\pythoncom27.dll
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\PyWinTypes27.dll
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\select.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\unicodedata.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\win32api.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\win32com.shell.shell.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\win32crypt.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\win32event.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\win32file.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\win32inet.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\win32pdh.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\win32process.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\win32profile.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\win32security.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\win32ts.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\windows._cacheinvalidation.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\wx._controls_.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\wx._core_.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\wx._gdi_.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\wx._html2.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\wx._misc_.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\wx._windows_.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\wx._wizard.pyd
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\wxbase294u_net_vc90.dll
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\wxbase294u_vc90.dll
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\wxmsw294u_adv_vc90.dll
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\wxmsw294u_core_vc90.dll
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\wxmsw294u_html_vc90.dll
c:\users\PAK~1.SZA\AppData\Local\Temp\_MEI26842\wxmsw294u_webview_vc90.dll
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-515406080-459877351-3489255866-1001Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-515406080-459877351-3489255866-1001UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_etzknwtk
-------\Service_SkypeUpdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-05-13 do 2013-06-13 )))))))))))))))))))))))))))))))
.
.
2013-06-13 09:09 . 2013-06-13 09:11 -------- d-----w- c:\users\P. a K. Szabovy\AppData\Local\temp
2013-06-13 09:09 . 2013-06-13 09:09 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-06-13 09:09 . 2013-06-13 09:09 -------- d-----w- c:\users\UpdatusUser.PaKSzabovy-PC\AppData\Local\temp
2013-06-13 09:09 . 2013-06-13 09:09 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-06-13 09:09 . 2013-06-13 09:09 -------- d-----w- c:\users\PAK~1~SZA\AppData\Local\temp
2013-06-13 09:09 . 2013-06-13 09:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-12 20:33 . 2013-06-08 11:41 218112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-06-12 20:33 . 2013-06-08 11:13 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-12 15:26 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-06-12 15:25 . 2013-05-10 03:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 15:25 . 2013-05-13 04:45 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 15:25 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 15:25 . 2013-05-13 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 15:25 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 15:25 . 2013-05-13 03:08 43008 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 15:25 . 2013-04-26 04:55 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 15:25 . 2013-05-06 05:06 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 15:25 . 2013-05-06 05:06 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-12 15:25 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-12 15:25 . 2013-05-08 05:38 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-11 20:01 . 2013-06-11 20:02 237 ----a-w- c:\windows\DeleteOnReboot.bat
2013-06-11 19:08 . 2013-06-11 19:08 -------- d-----w- c:\users\P. a K. Szabovy\AppData\Roaming\Avira
2013-06-11 19:03 . 2013-06-11 19:03 66656 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-06-11 19:02 . 2013-06-11 19:00 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-06-11 19:02 . 2013-06-11 19:00 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-06-11 19:02 . 2013-06-11 19:00 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-06-11 19:02 . 2013-06-11 19:02 -------- d-----w- c:\programdata\Avira
2013-06-11 19:02 . 2013-06-11 19:02 -------- d-----w- c:\program files\Avira
2013-06-11 18:28 . 2013-06-11 18:28 -------- d-----w- c:\users\P. a K. Szabovy\AppData\Roaming\Malwarebytes
2013-06-11 18:27 . 2013-06-11 18:27 -------- d-----w- c:\programdata\Malwarebytes
2013-06-11 18:27 . 2013-06-11 18:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-11 18:27 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-11 18:05 . 2013-06-11 18:05 -------- d-----w- c:\users\P. a K. Szabovy\AppData\Local\Adobe
2013-06-10 15:20 . 2013-06-10 15:20 -------- d-----w- c:\program files\Trend Micro
2013-06-08 19:18 . 2013-06-08 19:19 -------- d-----w- c:\program files\Farmscapes Collector's Edition
2013-06-08 18:57 . 2013-06-08 18:57 -------- d-----w- c:\program files\Barn Yarn
2013-06-08 08:45 . 2013-06-08 08:45 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-06-08 08:45 . 2013-06-08 08:45 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-06-05 14:58 . 2013-06-08 08:48 -------- d-----w- c:\users\P. a K. Szabovy\PŘEMĚNĚNÉ SOUBORY
2013-06-05 13:45 . 2013-06-05 13:45 802136 ----a-w- c:\program files\uTorrent.exe
2013-06-05 13:43 . 2013-06-08 20:35 -------- d-----w- c:\users\P. a K. Szabovy\AppData\Roaming\uTorrent
2013-06-04 03:52 . 2013-06-04 03:52 -------- d-----w- c:\users\P. a K. Szabovy\AppData\Local\Programs
2013-06-03 16:28 . 2013-06-03 16:28 -------- d-----w- c:\program files\Imikimi
2013-06-03 14:51 . 2013-06-03 14:52 -------- d-----w- c:\program files\Gardenscapes 2 Collector's Edition
2013-06-02 13:12 . 2013-06-02 13:12 -------- d-----w- c:\windows\system32\jmdp
2013-06-02 13:12 . 2013-06-02 13:12 -------- d-----w- c:\windows\system32\ARFC
2013-06-02 13:12 . 2013-05-21 13:31 1167152 ----a-w- c:\windows\system32\dmwu.exe
2013-06-02 13:12 . 2013-05-21 13:28 27136 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-06-02 13:12 . 2013-02-05 07:25 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-06-02 13:12 . 2013-02-05 07:25 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-06-02 13:12 . 2013-02-05 07:25 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-06-01 17:19 . 2013-06-01 17:19 -------- d-----w- c:\users\P. a K. Szabovy\AppData\Roaming\Playrix Entertainment
2013-06-01 17:19 . 2013-06-01 17:19 -------- d-----w- c:\program files\Games
2013-05-29 14:25 . 2011-05-30 13:42 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2013-05-29 14:25 . 2011-05-23 09:52 153088 ----a-w- c:\windows\system32\xvid.ax
2013-05-29 14:25 . 2011-05-23 07:46 645632 ----a-w- c:\windows\system32\xvidcore.dll
2013-05-28 10:44 . 2013-05-28 11:15 -------- d-----w- c:\users\P. a K. Szabovy\AppData\Roaming\Systweak
2013-05-26 14:22 . 2013-05-26 14:22 -------- d-----w- c:\program files\Winter Olympics
2013-05-26 13:32 . 2013-05-26 13:32 -------- d-----w- c:\program files\CIGLER SOFTWARE
2013-05-26 13:32 . 2013-05-26 13:33 -------- d-----w- c:\programdata\CIGLER SOFTWARE
2013-05-26 13:32 . 2013-05-26 13:33 -------- d-----w- c:\program files\Common Files\CIGLER SOFTWARE
2013-05-21 12:18 . 2013-05-21 12:18 -------- d-----w- c:\users\P. a K. Szabovy\AppData\Roaming\Friday's games
2013-05-21 08:44 . 2013-05-21 08:44 -------- d-----w- c:\programdata\StarApp
2013-05-21 08:44 . 2013-05-21 08:44 -------- d-----w- c:\programdata\BetterSoft
2013-05-20 12:41 . 2013-05-20 12:41 -------- d-----w- c:\users\P. a K. Szabovy\AppData\Roaming\Python-Eggs
2013-05-20 12:40 . 2013-05-21 08:38 -------- d-----w- c:\users\P. a K. Szabovy\AppData\Roaming\BitLord
2013-05-20 12:36 . 2013-05-21 08:37 -------- d-----w- c:\program files\BitLord 2
2013-05-20 12:34 . 2013-05-21 07:58 -------- d-----w- c:\users\P. a K. Szabovy\AppData\Roaming\HoolappForAndroid
2013-05-18 11:21 . 2013-05-18 11:21 -------- d-----w- c:\users\P. a K. Szabovy\AppData\Roaming\iPumper
2013-05-17 12:01 . 2013-05-17 12:01 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-05-15 17:58 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 17:58 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 17:58 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 17:58 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 17:58 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 17:58 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-15 17:58 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-15 17:58 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 19:26 . 2012-04-21 05:42 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 19:26 . 2011-11-15 13:48 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-11 04:26 . 2010-06-24 10:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:28 . 2011-11-15 13:55 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-30 08:28 . 2013-04-30 08:28 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 08:28 . 2013-04-30 08:28 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-04-30 08:28 . 2013-04-30 08:28 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 08:28 . 2013-04-30 08:28 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-04-30 08:28 . 2013-04-30 08:28 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-04-30 08:28 . 2013-04-30 08:28 158720 ----a-w- c:\windows\system32\msls31.dll
2013-04-30 08:28 . 2013-04-30 08:28 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-04-30 08:28 . 2013-04-30 08:28 138752 ----a-w- c:\windows\system32\wextract.exe
2013-04-30 08:28 . 2013-04-30 08:28 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-30 08:28 . 2013-04-30 08:28 12800 ----a-w- c:\windows\system32\mshta.exe
2013-04-30 08:28 . 2013-04-30 08:28 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-30 08:28 . 2013-04-30 08:28 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-30 08:28 . 2013-04-30 08:28 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-30 08:28 . 2013-04-30 08:28 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-04-30 08:28 . 2013-04-30 08:28 361984 ----a-w- c:\windows\system32\html.iec
2013-04-30 08:28 . 2013-04-30 08:28 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-30 08:28 . 2013-04-30 08:28 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-19 10:14 . 2013-04-19 10:15 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-19 10:14 . 2012-09-14 05:59 866720 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-04-19 10:14 . 2012-02-23 16:28 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-17 18:20 . 2012-12-15 09:50 23872 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2013-04-13 04:45 . 2013-05-15 17:58 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 17:58 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 06:46 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-23 01:09 . 2013-03-23 01:09 354656 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2013-03-19 04:48 . 2013-04-16 09:55 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-16 09:55 69632 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2013-04-16 19662744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-07-07 10754664]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-06-11 345312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x32.sys [x]
R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2012-07-27 49016]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2010-10-19 41088]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-12-15 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-12-15 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-12-15 27136]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-15 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-06-11 37352]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-06-11 86752]
S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-06-11 562744]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [2012-06-22 625816]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-05 19:08 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 19:26]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: servis24.cz\www
TCP: DhcpNameServer = 176.107.120.35 176.107.120.42
FF - ProfilePath - c:\users\P. a K. Szabovy\AppData\Roaming\Mozilla\Firefox\Profiles\jdxx4i86.default\
FF - ExtSQL: 2013-05-31 09:39; vvzlczx@hroam.net; c:\users\P. a K. Szabovy\AppData\Roaming\Mozilla\Firefox\Profiles\jdxx4i86.default\extensions\vvzlczx@hroam.net
FF - ExtSQL: 2013-05-31 09:39; uayi032s@uia.net; c:\users\P. a K. Szabovy\AppData\Roaming\Mozilla\Firefox\Profiles\jdxx4i86.default\extensions\uayi032s@uia.net
FF - ExtSQL: 2013-05-31 09:39; rsusksw@uoiyue.edu; c:\users\P. a K. Szabovy\AppData\Roaming\Mozilla\Firefox\Profiles\jdxx4i86.default\extensions\rsusksw@uoiyue.edu
FF - ExtSQL: 2013-05-31 09:39; oeeo-i@dxhf-.net; c:\users\P. a K. Szabovy\AppData\Roaming\Mozilla\Firefox\Profiles\jdxx4i86.default\extensions\oeeo-i@dxhf-.net
FF - ExtSQL: 2013-06-04 04:56; iobitapps@mybrowserbar.com; c:\program files\IObit Apps Toolbar\FF
FF - ExtSQL: !HIDDEN! 2011-11-23 13:07; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2013-06-13 11:13:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-06-13 09:13
ComboFix2.txt 2013-06-12 08:36
ComboFix3.txt 2013-02-18 08:58
ComboFix4.txt 2012-10-01 10:03
.
Před spuštěním: Volných bajtů: 423 172 886 528
Po spuštění: Volných bajtů: 422 832 443 392
.
- - End Of File - - E8D26D3D44F53ECF91AAD07786949FA0
A36C5E4F47E84449FF07ED3517B43A31

[KamilaS]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:24:44, on 13.6.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16611)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\P. a K. Szabovy\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7398 bytes