Otevírání nechtěných reklamních stránek Vyřešeno

[yanek71]

Prosím o kontrolu logu:při každém druhém kliknuti v prohlížeči (Chrome+Firefox) se mi otevře buď v novém panelu nebo okně nějaká
reklamní stránka.Je to nějaký virus a jestli ano dá se toho nějak zbavit?
Předem děkuji za radu.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:05:01, on 28.8.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Unified Remote\RemoteServer.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Users\hellhound71\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Users\hellhound71\AppData\Local\Viber\Viber.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Users\hellhound71\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Users\hellhound71\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hellhound71\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hellhound71\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hellhound71\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hellhound71\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hellhound71\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hellhound71\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hellhound71\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hellhound71\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hellhound71\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\hellhound71\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [SkyDrive] "C:\Users\hellhound71\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Viber] "C:\Users\hellhound71\AppData\Local\Viber\Viber.exe" StartMinimized
O4 - HKCU\..\Run: [Copy] "C:\Users\hellhound71\AppData\Roaming\Copy\CopyAgent.exe"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = hellhound71\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AllShare Framework DMS - Samsung - C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\AllShareFrameworkManagerDMS.exe
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung Link Service - Copyright 2013 SAMSUNG - C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12348 bytes

[Reklama]

[memphisto]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranìní historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit doèasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po probìhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

[yanek71]

Tak zde jsou logy:

Malwarebytes Anti-Malware 1.75.0.1300
http://www.malwarebytes.org

Verze: v2013.08.28.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
hellhound71 :: HELLHOUND [administrátor]

28.8.2013 16:52:11
mbam-log-2013-08-28 (16-52-11).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 220045
Uplynulý čas: 5 minut, 20 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)
-------------------------------------------------------------------------------------------------------------------------------

# AdwCleaner v3.001 - Report created 28/08/2013 at 18:50:28
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : hellhound71 - HELLHOUND
# Running from : C:\Users\hellhound71\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\hellhound71\AppData\Roaming\Mozilla\Firefox\Profiles\sr2pnxv0.default\searchplugins\WebSearch.xml
Folder Found : C:\Users\hellhound71\AppData\Local\Google\Chrome\User Data\Default\Extensions\papdlngmecdfehchjiehkijaooheehno
Folder Found : C:\Users\hellhound71\AppData\Roaming\Mozilla\Firefox\Profiles\sr2pnxv0.default\Extensions\coafy3@pieu.edu
Folder Found C:\Program Files (x86)\SafeSaver
Folder Found C:\Program Files (x86)\WebSearch
Folder Found C:\ProgramData\InstallMate
Folder Found C:\ProgramData\saFe syave
Folder Found C:\Users\hellhound71\AppData\Roaming\iWin
Folder Found C:\Users\hellhound71\AppData\Roaming\Mozilla\Firefox\Profiles\sr2pnxv0.default\jetpack

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\SProtector
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\StartSearch
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\StartSearch
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Found : HKLM\Software\SProtector
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0 (cs)

[ File : C:\Users\hellhound71\AppData\Roaming\Mozilla\Firefox\Profiles\sr2pnxv0.default\prefs.js ]

Line Found : user_pref("aol_toolbar.default.homepage.check", false);
Line Found : user_pref("aol_toolbar.default.search.check", false);
Line Found : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Found : user_pref("browser.search.defaulturl", "hxxp://websearch.searchboxes.info/?pid=625&r=2013/07/22&hid=2389556687&lg=EN&cc=CZ&unqvl=28&l=1&q=");
Line Found : user_pref("browser.search.order.1", "WebSearch");
Line Found : user_pref("browser.search.order.1,S", "WebSearch");
Line Found : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Found : user_pref("extensions.51eda09facc18.scode", "new function(){var a=this;a.domain_storage=\"hxxp://xls.searchfun.in\";a.prefix=\"if72ru4ruh7fewui\";a.conf={\"1\":{\"0\":1,\"1\":21600,\"2\":0,\"3\":0,\"4[...]
Line Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Found : user_pref("keyword.URL", "hxxp://websearch.searchboxes.info/?pid=625&r=2013/07/22&hid=2389556687&lg=EN&cc=CZ&unqvl=28&l=1&q=");
Line Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Found : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v

[ File : C:\Users\hellhound71\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [4706 octets] - [28/08/2013 18:50:28]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4766 octets] ##########

[memphisto]

V adw nech vše smazat a dodej logy po smazání

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

Stáhni si Junkware Removal Tool

na svojí plochu.
Deaktivuj si svůj antivirový program.
Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

[yanek71]

Logy:

RogueKiller V8.6.7 _x64_ [Aug 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : hellhound71 [Práva správce]
Mód : Kontrola -- Datum : 08/29/2013 10:49:22
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 5 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- C:\Users\hellhound71\AppData\Roaming\Copy\overlay\CopyShExt.dll [x] -> ODEBRÁNO
[SUSP PATH][DLL] explorer.exe -- C:\Users\hellhound71\AppData\Roaming\Copy\overlay\Brt.dll [x] -> ODEBRÁNO
[SUSP PATH] Viber.exe -- C:\Users\hellhound71\AppData\Local\Viber\Viber.exe [-] -> SMAZÁNO [TermProc]
[SUSP PATH] CopyAgent.exe -- C:\Users\hellhound71\AppData\Roaming\Copy\CopyAgent.exe [7] -> SMAZÁNO [TermProc]
[SUSP PATH][DLL] explorer.exe -- C:\Users\hellhound71\AppData\Roaming\Copy\overlay\CopyShExt.dll [x] -> ODEBRÁNO
[SUSP PATH][DLL] explorer.exe -- C:\Users\hellhound71\AppData\Roaming\Copy\overlay\Brt.dll [x] -> ODEBRÁNO
[SUSP PATH][DLL] explorer.exe -- C:\Users\hellhound71\AppData\Roaming\Copy\overlay\CopyShExt.dll [x] -> ODEBRÁNO
[SUSP PATH][DLL] explorer.exe -- C:\Users\hellhound71\AppData\Roaming\Copy\overlay\Brt.dll [x] -> ODEBRÁNO

¤¤¤ ¤¤¤ Záznamy Registrů: : 15 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\hellhound71\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> NALEZENO
[RUN][SUSP PATH] HKCU\[...]\Run : Viber ("C:\Users\hellhound71\AppData\Local\Viber\Viber.exe" StartMinimized [-][x]) -> NALEZENO
[RUN][SUSP PATH] HKCU\[...]\Run : Copy ("C:\Users\hellhound71\AppData\Roaming\Copy\CopyAgent.exe" [7]) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-2368076055-1656258924-2752405660-1000\[...]\Run : Google Update ("C:\Users\hellhound71\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-2368076055-1656258924-2752405660-1000\[...]\Run : Viber ("C:\Users\hellhound71\AppData\Local\Viber\Viber.exe" StartMinimized [-][x]) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-2368076055-1656258924-2752405660-1000\[...]\Run : Copy ("C:\Users\hellhound71\AppData\Roaming\Copy\CopyAgent.exe" [7]) -> NALEZENO
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> NALEZENO
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> NALEZENO
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> NALEZENO
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NALEZENO
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 4 ¤¤¤
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2368076055-1656258924-2752405660-1000UA.job : C:\Users\hellhound71\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> NALEZENO
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2368076055-1656258924-2752405660-1000Core.job : C:\Users\hellhound71\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> NALEZENO
[V2][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2368076055-1656258924-2752405660-1000Core : C:\Users\hellhound71\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> NALEZENO
[V2][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2368076055-1656258924-2752405660-1000UA : C:\Users\hellhound71\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> NALEZENO

¤¤¤ spuštění položky : 1 ¤¤¤
[hellhound71][SUSP UNIC] Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk : C:\Users\hellhound71\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk @C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [-][7] -> NALEZENO

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 license.superantispyware.com


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST3320620AS ATA Device +++++
--- User ---
[MBR] 0075de40faa90a43c9df93fc4c578a15
[BSP] a662660425bb3f90973cf5cb21c65502 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST3320620AS ATA Device +++++
--- User ---
[MBR] 5b32e5e70ae492c595bc1fbca5795813
[BSP] d72777a5ce263efbbb4d816f203af5d8 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 100000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 205006848 | Size: 853767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: ST3320620AS ATA Device +++++
--- User ---
[MBR] 82ac86f035d727c89d2cff281937bb85
[BSP] 28779553548638bcdc8d899c8e54f9e6 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114463 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: ST3320620AS ATA Device +++++
--- User ---
[MBR] fb1224c5ac66a0aacc735e913cbcaf2b
[BSP] 2b1f2d0f3287ff8da69ccb69c2a2c270 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1907726 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[0]_S_08292013_104922.txt >>


----------------------------------------------------------------------------------------------------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.5 (08.28.2013:1)
OS: Windows 7 Professional x64
Ran by hellhound71 on źt 29.08.2013 at 10:52:39,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\optimizer pro
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\startsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\sprotector
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_1_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_1_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sprotector
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\hellhound71\AppData\Roaming\iwin"
Successfully deleted: [Folder] "C:\Program Files (x86)\websearch"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] C:\Users\hellhound71\AppData\Roaming\mozilla\firefox\profiles\sr2pnxv0.default\searchplugins\websearch.xml
Successfully deleted the following from C:\Users\hellhound71\AppData\Roaming\mozilla\firefox\profiles\sr2pnxv0.default\prefs.js

user_pref("aol_toolbar.default.homepage.check", false);
user_pref("aol_toolbar.default.search.check", false);
user_pref("browser.search.defaultenginename,S", "WebSearch");
user_pref("browser.search.defaulturl", "hxxp://websearch.searchboxes.info/?pid=625&r=2013/07/22&hid=2389556687&lg=EN&cc=CZ&unqvl=28&l=1&q=");
user_pref("browser.search.order.1", "WebSearch");
user_pref("browser.search.order.1,S", "WebSearch");
user_pref("browser.search.selectedEngine,S", "WebSearch");
user_pref("extensions.51eda09facc18.scode", "new function(){var a=this;a.domain_storage=\"hxxp://xls.searchfun.in\";a.prefix=\"if72ru4ruh7fewui\";a.conf={\"1\":{\"0\":1,\"1\":
user_pref("extensions.BabylonToolbar.prtkDS", 0);
user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
user_pref("keyword.URL", "hxxp://websearch.searchboxes.info/?pid=625&r=2013/07/22&hid=2389556687&lg=EN&cc=CZ&unqvl=28&l=1&q=");
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
user_pref("sweetim.toolbar.previous.keyword.URL", "");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
user_pref("sweetim.toolbar.searchguard.enable", "");
Emptied folder: C:\Users\hellhound71\AppData\Roaming\mozilla\firefox\profiles\sr2pnxv0.default\minidumps [169 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 29.08.2013 at 10:57:41,03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[memphisto]

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je oznaèen pro odstranění, stačí restartovat počítač.

[yanek71]

Log combo fix:
ComboFix 13-08-29.02 - hellhound71 29.08.2013 20:31:14.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8190.6128 [GMT 2:00]
Spuštěný z: c:\users\HELLHO~1\AppData\Local\Temp\setup.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\saFe syave
c:\programdata\saFe syave\51eda09faccff.tlb
c:\programdata\saFe syave\settings.ini
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\_ctypes.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\_elementtree.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\_hashlib.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\_multiprocessing.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\_socket.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\_ssl.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\msvcp100.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\msvcr100.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\pyexpat.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\pysqlite2._sqlite.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\python27.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\pythoncom27.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\PyWinTypes27.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\select.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\unicodedata.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\win32api.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\win32com.shell.shell.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\win32crypt.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\win32event.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\win32file.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\win32inet.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\win32pdh.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\win32process.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\win32profile.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\win32security.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\win32ts.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\windows._cacheinvalidation.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\wx._controls_.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\wx._core_.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\wx._gdi_.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\wx._html2.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\wx._misc_.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\wx._windows_.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\wx._wizard.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\wxbase294u_net_vc90.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\wxbase294u_vc90.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\wxmsw294u_adv_vc90.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\wxmsw294u_core_vc90.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\wxmsw294u_html_vc90.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI44162\wxmsw294u_webview_vc90.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\_ctypes.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\_elementtree.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\_hashlib.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\_multiprocessing.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\_socket.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\_ssl.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\msvcp100.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\msvcr100.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\pyexpat.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\pysqlite2._sqlite.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\python27.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\pythoncom27.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\PyWinTypes27.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\select.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\unicodedata.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\win32api.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\win32com.shell.shell.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\win32crypt.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\win32event.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\win32file.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\win32inet.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\win32pdh.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\win32process.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\win32profile.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\win32security.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\win32ts.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\windows._cacheinvalidation.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\wx._controls_.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\wx._core_.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\wx._gdi_.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\wx._html2.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\wx._misc_.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\wx._windows_.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\wx._wizard.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\wxbase294u_net_vc90.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\wxbase294u_vc90.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\wxmsw294u_adv_vc90.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\wxmsw294u_core_vc90.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\wxmsw294u_html_vc90.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI44162\wxmsw294u_webview_vc90.dll
c:\users\hellhound71\Desktop\Setup.exe
c:\windows\TEMP\sqlite-3.7.2-sqlitejdbc.dll
H:\autorun.inf
H:\resycled
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-07-28 do 2013-08-29 )))))))))))))))))))))))))))))))
.
.
2013-08-29 18:35 . 2013-08-29 18:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-29 15:20 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C47D10B8-859C-4DDA-B886-4042EEAAA0A6}\mpengine.dll
2013-08-29 08:52 . 2013-08-29 08:52 -------- d-----w- c:\windows\ERUNT
2013-08-29 08:42 . 2013-08-29 08:42 -------- d-----w- c:\programdata\SummerSoft
2013-08-28 16:50 . 2013-08-28 16:54 -------- d-----w- C:\AdwCleaner
2013-08-28 14:50 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-28 10:04 . 2013-08-28 10:04 388096 ----a-r- c:\users\hellhound71\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-08-28 10:04 . 2013-08-28 10:04 -------- d-----w- c:\program files (x86)\Trend Micro
2013-08-28 08:12 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-28 01:01 . 2013-08-28 01:01 -------- d-----w- c:\users\hellhound71\AppData\Roaming\Malwarebytes
2013-08-28 01:01 . 2013-08-28 01:01 -------- d-----w- c:\programdata\Malwarebytes
2013-08-28 01:01 . 2013-08-28 14:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-24 08:43 . 2013-08-24 08:43 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6008331-ACC8-4E19-B639-CB610427AFF8}\gapaengine.dll
2013-08-19 12:10 . 2013-08-19 12:11 -------- d-----w- c:\windows\WindowsMobile
2013-08-14 17:07 . 2013-08-14 17:07 -------- d-----w- c:\users\Default\AppData\Local\Google
2013-08-14 07:15 . 2013-07-26 05:12 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-08-14 07:05 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 07:04 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-14 07:03 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-13 15:22 . 2013-08-13 15:22 -------- d-----w- c:\users\hellhound71\AppData\Roaming\SUPERAntiSpyware.com
2013-08-13 15:22 . 2013-08-15 11:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-08-13 15:22 . 2013-08-13 15:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-20 19:54 . 2012-11-27 23:16 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-20 19:54 . 2012-11-27 23:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-14 07:07 . 2012-11-27 22:25 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-26 03:13 . 2013-08-14 07:15 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-07-26 01:59 . 2013-08-14 07:16 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 08:57 . 2013-08-14 07:05 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-22 17:06 . 2013-07-22 17:06 918016 ----a-w- c:\windows\system32\boost_regex-vc90-mt-1_47.dll
2013-07-22 17:03 . 2013-07-22 17:03 158720 ----a-w- c:\windows\system32\boost_filesystem-vc90-mt-1_47.dll
2013-07-22 17:02 . 2013-07-22 17:02 49152 ----a-w- c:\windows\system32\boost_date_time-vc90-mt-1_47.dll
2013-07-22 17:02 . 2013-07-22 17:02 299520 ----a-w- c:\windows\system32\boost_serialization-vc90-mt-1_47.dll
2013-07-22 17:02 . 2013-07-22 17:02 58880 ----a-w- c:\windows\system32\boost_thread-vc90-mt-1_47.dll
2013-07-22 17:02 . 2013-07-22 17:02 16896 ----a-w- c:\windows\system32\boost_system-vc90-mt-1_47.dll
2013-07-22 15:16 . 2013-07-22 15:16 704000 ----a-w- c:\windows\SysWow64\ContentDirectoryPresenter.dll
2013-07-19 01:41 . 2013-08-14 07:05 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-17 10:40 . 2012-11-29 21:05 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-07-09 04:52 . 2013-08-14 07:05 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-07-09 04:52 . 2013-08-14 07:05 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-14 07:05 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-09 04:45 . 2013-08-14 07:05 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-09 02:49 . 2013-08-14 07:05 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-07-09 02:49 . 2013-08-14 07:05 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-06-27 11:37 . 2013-06-27 11:37 25600 ----a-w- c:\windows\SysWow64\MediaDB.dll
2013-06-27 11:37 . 2013-06-27 11:37 905216 ----a-w- c:\windows\system32\ContentDirectoryPresenter64.dll
2013-06-27 11:37 . 2013-06-27 11:37 30720 ----a-w- c:\windows\system32\MediaDB64.dll
2013-06-27 09:57 . 2013-07-26 12:55 172920 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2013-06-26 12:16 . 2013-06-26 12:16 46592 ----a-w- c:\windows\SysWow64\boost_thread-vc90-mt-1_47.dll
2013-06-26 12:16 . 2013-06-26 12:16 38912 ----a-w- c:\windows\SysWow64\boost_date_time-vc90-mt-1_47.dll
2013-06-26 12:16 . 2013-06-26 12:16 704000 ----a-w- c:\windows\SysWow64\boost_regex-vc90-mt-1_47.dll
2013-06-26 12:16 . 2013-06-26 12:16 227840 ----a-w- c:\windows\SysWow64\boost_serialization-vc90-mt-1_47.dll
2013-06-26 12:16 . 2013-06-26 12:16 12800 ----a-w- c:\windows\SysWow64\boost_system-vc90-mt-1_47.dll
2013-06-26 12:16 . 2013-06-26 12:16 130048 ----a-w- c:\windows\SysWow64\boost_filesystem-vc90-mt-1_47.dll
2013-06-24 14:06 . 2013-06-24 14:06 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-24 14:06 . 2013-02-18 17:46 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-24 14:06 . 2013-02-18 17:46 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-18 19:50 . 2013-06-18 19:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-18 19:50 . 2012-08-30 21:03 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-05 03:34 . 2013-07-14 10:33 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-14 10:33 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-14 10:33 509440 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-14 16:44 222832 ----a-w- c:\users\hellhound71\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-14 16:44 222832 ----a-w- c:\users\hellhound71\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-14 16:44 222832 ----a-w- c:\users\hellhound71\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{58AD5F88-1EF1-4C3B-B628-D1FDC05B4927}"
[HKEY_CLASSES_ROOT\CLSID\{58AD5F88-1EF1-4C3B-B628-D1FDC05B4927}]
2013-02-11 12:48 158056 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\hellhound71\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\hellhound71\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\hellhound71\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\hellhound71\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2013-02-11 12:48 158056 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Unified Remote v2"="c:\program files (x86)\Unified Remote\RemoteServer.exe" [2013-06-19 276568]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-04-23 1561968]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2013-03-20 578560]
"SkyDrive"="c:\users\hellhound71\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-08-14 257136]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"Viber"="c:\users\hellhound71\AppData\Local\Viber\Viber.exe" [2013-05-05 906240]
"Copy"="c:\users\hellhound71\AppData\Roaming\Copy\CopyAgent.exe" [2013-08-23 15639696]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2013-07-27 3624528]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-15 6581488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2011-09-27 465536]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-04-23 311152]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\hellhound71\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\hellhound71\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 MSICDSetup;MSICDSetup;e:\cdriver64.sys;e:\CDriver64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys;c:\windows\SYSNATIVE\drivers\cbfs3.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AllShare Framework DMS;AllShare Framework DMS;c:\program files\Samsung\AllShare Framework DMS\1.3.15\AllShareFrameworkManagerDMS.exe;c:\program files\Samsung\AllShare Framework DMS\1.3.15\AllShareFrameworkManagerDMS.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 Samsung Link Service;Samsung Link Service;c:\program files\Samsung\Samsung Link\Samsung Link.exe;c:\program files\Samsung\Samsung Link\Samsung Link.exe [x]
S3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys;SysWow64\drivers\AiCharger.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2013-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-27 19:54]
.
2013-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-03 19:54]
.
2013-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-03 19:54]
.
2013-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2368076055-1656258924-2752405660-1000Core.job
- c:\users\hellhound71\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-29 20:40]
.
2013-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2368076055-1656258924-2752405660-1000UA.job
- c:\users\hellhound71\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-29 20:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-14 16:44 261744 ----a-w- c:\users\hellhound71\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-14 16:44 261744 ----a-w- c:\users\hellhound71\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-14 16:44 261744 ----a-w- c:\users\hellhound71\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1aCopyShExtError]
@="{83BEA36E-7680-4598-A4DF-994426F6E78D}"
[HKEY_CLASSES_ROOT\CLSID\{83BEA36E-7680-4598-A4DF-994426F6E78D}]
2013-07-03 19:25 3926016 ----a-w- c:\users\hellhound71\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{58AD5F88-1EF1-4C3B-B628-D1FDC05B4927}"
[HKEY_CLASSES_ROOT\CLSID\{58AD5F88-1EF1-4C3B-B628-D1FDC05B4927}]
2013-02-11 12:48 190312 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2aCopyShExtSynced]
@="{845B7388-6F85-4F32-9FD5-F02DC7882B89}"
[HKEY_CLASSES_ROOT\CLSID\{845B7388-6F85-4F32-9FD5-F02DC7882B89}]
2013-07-03 19:25 3926016 ----a-w- c:\users\hellhound71\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3aCopyShExtSyncing]
@="{F6378A7A-F753-449B-AE1B-997A96132E61}"
[HKEY_CLASSES_ROOT\CLSID\{F6378A7A-F753-449B-AE1B-997A96132E61}]
2013-07-03 19:25 3926016 ----a-w- c:\users\hellhound71\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4aCopyShExtSyncingProg1]
@="{3A511828-777D-46F8-82F4-5B530C1B3D9E}"
[HKEY_CLASSES_ROOT\CLSID\{3A511828-777D-46F8-82F4-5B530C1B3D9E}]
2013-07-03 19:25 3926016 ----a-w- c:\users\hellhound71\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5aCopyShExtSyncingProg2]
@="{C8C88204-5B14-40EC-BA72-8AEBC762047E}"
[HKEY_CLASSES_ROOT\CLSID\{C8C88204-5B14-40EC-BA72-8AEBC762047E}]
2013-07-03 19:25 3926016 ----a-w- c:\users\hellhound71\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6aCopyShExtSyncingProg3]
@="{ACFF45C3-3EEB-4351-86C2-6696BA264239}"
[HKEY_CLASSES_ROOT\CLSID\{ACFF45C3-3EEB-4351-86C2-6696BA264239}]
2013-07-03 19:25 3926016 ----a-w- c:\users\hellhound71\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7aCopyShExtSyncingProg4]
@="{29AF997F-488B-46F0-AE78-7146F1B89CC3}"
[HKEY_CLASSES_ROOT\CLSID\{29AF997F-488B-46F0-AE78-7146F1B89CC3}]
2013-07-03 19:25 3926016 ----a-w- c:\users\hellhound71\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8aCopyShExtSyncingProg5]
@="{03F9AD29-1C78-4B66-8890-B177B5430C53}"
[HKEY_CLASSES_ROOT\CLSID\{03F9AD29-1C78-4B66-8890-B177B5430C53}]
2013-07-03 19:25 3926016 ----a-w- c:\users\hellhound71\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BitcasaIconOverlay]
@="{A6975448-A999-49BB-B3E4-7730CF6A82C0}"
[HKEY_CLASSES_ROOT\CLSID\{A6975448-A999-49BB-B3E4-7730CF6A82C0}]
2013-04-23 12:14 151040 ----a-w- c:\program files\Bitcasa\ExplorerMenu.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BitcasaProgressOverlay]
@="{6FB8D52A-0064-45B2-B687-F596FEAD09C2}"
[HKEY_CLASSES_ROOT\CLSID\{6FB8D52A-0064-45B2-B687-F596FEAD09C2}]
2013-04-23 12:14 151040 ----a-w- c:\program files\Bitcasa\ExplorerMenu.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\hellhound71\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\hellhound71\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\hellhound71\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\hellhound71\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2013-02-11 12:48 190312 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]
"Bitcasa"="c:\program files\Bitcasa\Bitcasa.exe" [2013-04-23 3930112]
"Samsung Link"="c:\program files\Samsung\Samsung Link\Samsung Link Tray Agent.exe" [2013-07-24 597576]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Stáhnout s IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 10.0.0.138 192.168.0.1
FF - ProfilePath - c:\users\hellhound71\AppData\Roaming\Mozilla\Firefox\Profiles\sr2pnxv0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: 2013-07-22 23:17; coafy3@pieu.edu; c:\users\hellhound71\AppData\Roaming\Mozilla\Firefox\Profiles\sr2pnxv0.default\extensions\coafy3@pieu.edu
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2368076055-1656258924-2752405660-1000_Classes\Wow6432Node\CLSID\{17ad6989-3903-4e85-bc8d-91df007d70cb}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000072
"Therad"=dword:0000001b
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2368076055-1656258924-2752405660-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):ed,fa,57,01,e1,0c,f5,6a,38,1d,10,f7,9b,52,ad,36,a2,d4,12,ac,e5,
3f,9a,90,c0,01,df,05,10,32,6e,49,14,93,38,41,f2,40,30,47,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Samsung\AllShare Framework DMS\1.3.15\AllShareFrameworkDMS.exe
c:\users\hellhound71\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files (x86)\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Celkový čas: 2013-08-29 20:55:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-08-29 18:55
.
Před spuštěním: Volných bajtů: 10 444 259 328
Po spuštění: Volných bajtů: 10 958 729 216
.
- - End Of File - - B0C324222BF4446CDB41E20EB54CB9FD
8F558EB6672622401DA993E1E865C861

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2368076055-1656258924-2752405660-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2368076055-1656258924-2752405660-1000UA.job


Folder::
c:\program files (x86)\Google\Update
c:\users\hellhound71\AppData\Local\Google\Update

RegLock::
[HKEY_USERS\S-1-5-21-2368076055-1656258924-2752405660-1000_Classes\Wow6432Node\CLSID\{17ad6989-3903-4e85-bc8d-91df007d70cb}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000072
"Therad"=dword:0000001b
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2368076055-1656258924-2752405660-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):ed,fa,57,01,e1,0c,f5,6a,38,1d,10,f7,9b,52,ad,36,a2,d4,12,ac,e5,
 3f,9a,90,c0,01,df,05,10,32,6e,49,14,93,38,41,f2,40,30,47,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[yanek71]

Po použití scriptu s combofixem proběhl scan pak mazání souborů a potom restart.Po restartu program psal že vytváří log, bohužel po hodině a půl nečinosti programu jsem ho musel vypnout, takže tento log nemám. Když jsem ráno zapl počítač antivir mi našel toto tak jsem to dal odstranit.



Log HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:23:13, on 31.8.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Unified Remote\RemoteServer.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Users\hellhound71\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Users\hellhound71\AppData\Local\Viber\Viber.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Users\hellhound71\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: WebCake Layers - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\Tepfel\WebCakeIEClient.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [SkyDrive] "C:\Users\hellhound71\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Viber] "C:\Users\hellhound71\AppData\Local\Viber\Viber.exe" StartMinimized
O4 - HKCU\..\Run: [Copy] "C:\Users\hellhound71\AppData\Roaming\Copy\CopyAgent.exe"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Dropbox.lnk = hellhound71\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AllShare Framework DMS - Samsung - C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\AllShareFrameworkManagerDMS.exe
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung Link Service - Copyright 2013 SAMSUNG - C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10564 bytes

Log aswMBR:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-08-31 11:19:17
-----------------------------
11:19:17.779 OS Version: Windows x64 6.1.7601 Service Pack 1
11:19:17.779 Number of processors: 2 586 0x603
11:19:17.779 ComputerName: HELLHOUND UserName:
11:19:18.278 Initialize success
11:19:26.113 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:19:26.113 Disk 0 Vendor: WDC_WD10EZEX-00RKKA0 80.00A80 Size: 953869MB BusType: 3
11:19:26.113 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-2
11:19:26.113 Disk 1 Vendor: ST3120827AS 3.42 Size: 114473MB BusType: 3
11:19:26.113 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0-5
11:19:26.129 Disk 2 Vendor: ST3320620AS 3.AAE Size: 305245MB BusType: 3
11:19:26.129 Disk 0 MBR read successfully
11:19:26.144 Disk 0 MBR scan
11:19:26.144 Disk 0 Windows 7 default MBR code
11:19:26.160 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:19:26.160 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 100000 MB offset 206848
11:19:26.191 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 853767 MB offset 205006848
11:19:26.222 Disk 0 scanning C:\Windows\system32\drivers
11:19:30.450 Service scanning
11:19:37.002 Service MSICDSetup E:\CDriver64.sys **LOCKED** 21
11:19:41.604 Modules scanning
11:19:41.619 Disk 0 trace - called modules:
11:19:41.651 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80069e12c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
11:19:41.651 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80079ce060]
11:19:41.666 3 CLASSPNP.SYS[fffff88001b3a43f] -> nt!IofCallDriver -> [0xfffffa800781ad20]
11:19:41.666 5 ACPI.sys[fffff880011ae7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007825060]
11:19:41.682 \Driver\atapi[0xfffffa80074ae500] -> IRP_MJ_CREATE -> 0xfffffa80069e12c0
11:19:41.682 Scan finished successfully
11:19:54.552 Disk 0 MBR has been saved successfully to "C:\Users\hellhound71\Desktop\MBR.dat"
11:19:54.599 The log file has been saved successfully to "C:\Users\hellhound71\Desktop\aswMBR.txt"

[memphisto]

Udělej Combofix znovu bez skriptu

[yanek71]

ComboFix 13-08-31.01 - hellhound71 31.08.2013 20:03:31.3.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8190.5996 [GMT 2:00]
Spuštěný z: c:\users\HELLHO~1\AppData\Local\Temp\nsk775B.tmp\setup.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BasicServe
c:\programdata\BasicServe
c:\programdata\BasicServe\basicserve112.exe
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\_ctypes.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\_elementtree.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\_hashlib.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\_multiprocessing.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\_socket.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\_ssl.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\msvcp100.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\msvcr100.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\pyexpat.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\pysqlite2._sqlite.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\python27.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\pythoncom27.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\PyWinTypes27.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\select.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\unicodedata.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\win32api.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\win32com.shell.shell.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\win32crypt.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\win32event.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\win32file.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\win32inet.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\win32pdh.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\win32process.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\win32profile.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\win32security.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\win32ts.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\windows._cacheinvalidation.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\wx._controls_.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\wx._core_.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\wx._gdi_.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\wx._html2.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\wx._misc_.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\wx._windows_.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\wx._wizard.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\wxbase294u_net_vc90.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\wxbase294u_vc90.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\wxmsw294u_adv_vc90.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\wxmsw294u_core_vc90.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\wxmsw294u_html_vc90.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI18482\wxmsw294u_webview_vc90.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\_ctypes.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\_elementtree.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\_hashlib.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\_multiprocessing.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\_socket.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\_ssl.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\msvcp100.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\msvcr100.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\pyexpat.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\pysqlite2._sqlite.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\python27.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\pythoncom27.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\PyWinTypes27.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\select.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\unicodedata.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\win32api.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\win32com.shell.shell.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\win32crypt.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\win32event.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\win32file.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\win32inet.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\win32pdh.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\win32process.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\win32profile.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\win32security.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\win32ts.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\windows._cacheinvalidation.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\wx._controls_.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\wx._core_.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\wx._gdi_.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\wx._html2.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\wx._misc_.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\wx._windows_.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\wx._wizard.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\wxbase294u_net_vc90.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\wxbase294u_vc90.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\wxmsw294u_adv_vc90.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\wxmsw294u_core_vc90.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\wxmsw294u_html_vc90.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI18482\wxmsw294u_webview_vc90.dll
c:\users\hellhound71\Desktop\Setup.exe
.
---- Předchozí spuštění -------
.
c:\program files (x86)\BasicServe\basicserve.dll
c:\program files (x86)\BasicServe\basicserve.exe
c:\program files (x86)\BasicServe\uninstall.exe
c:\programdata\202c3f38273d2c262d_c
c:\programdata\BasicServe\basicserve112.exe
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\_ctypes.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\_elementtree.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\_hashlib.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\_multiprocessing.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\_socket.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\_ssl.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\msvcp100.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\msvcr100.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\pyexpat.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\pysqlite2._sqlite.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\python27.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\pythoncom27.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\PyWinTypes27.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\select.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\unicodedata.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\win32api.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\win32com.shell.shell.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\win32crypt.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\win32event.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\win32file.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\win32inet.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\win32pdh.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\win32process.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\win32profile.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\win32security.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\win32ts.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\windows._cacheinvalidation.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\wx._controls_.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\wx._core_.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\wx._gdi_.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\wx._html2.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\wx._misc_.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\wx._windows_.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\wx._wizard.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\wxbase294u_net_vc90.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\wxbase294u_vc90.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\wxmsw294u_adv_vc90.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\wxmsw294u_core_vc90.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\wxmsw294u_html_vc90.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI35962\wxmsw294u_webview_vc90.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\_ctypes.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\_elementtree.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\_hashlib.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\_multiprocessing.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\_socket.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\_ssl.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\msvcp100.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\msvcr100.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\pyexpat.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\pysqlite2._sqlite.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\python27.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\pythoncom27.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\PyWinTypes27.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\select.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\unicodedata.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\win32api.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\win32com.shell.shell.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\win32crypt.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\win32event.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\win32file.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\win32inet.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\win32pdh.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\win32process.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\win32profile.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\win32security.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\win32ts.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\windows._cacheinvalidation.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\wx._controls_.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\wx._core_.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\wx._gdi_.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\wx._html2.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\wx._misc_.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\wx._windows_.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\wx._wizard.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\wxbase294u_net_vc90.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\wxbase294u_vc90.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\wxmsw294u_adv_vc90.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\wxmsw294u_core_vc90.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\wxmsw294u_html_vc90.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI35962\wxmsw294u_webview_vc90.dll
c:\users\hellhound71\Desktop\Setup.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BasicServe Service
-------\Service_BasicServe Service
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-07-28 do 2013-08-31 )))))))))))))))))))))))))))))))
.
.
2013-08-31 18:25 . 2013-08-31 18:25 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2BADDE1-E14C-46F8-A27C-1DC9FCB9CEDD}\offreg.dll
2013-08-31 18:22 . 2013-08-31 18:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-31 02:31 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2BADDE1-E14C-46F8-A27C-1DC9FCB9CEDD}\mpengine.dll
2013-08-31 01:34 . 2013-08-31 09:11 -------- d-----w- c:\users\hellhound71\AppData\Roaming\Tepfel
2013-08-31 01:34 . 2013-08-31 09:11 -------- d-----w- c:\program files (x86)\Tepfel
2013-08-31 01:34 . 2013-08-31 01:34 -------- d-----w- c:\programdata\Tarma Installer
2013-08-29 18:56 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-29 08:52 . 2013-08-29 08:52 -------- d-----w- c:\windows\ERUNT
2013-08-29 08:42 . 2013-08-29 08:42 -------- d-----w- c:\programdata\SummerSoft
2013-08-28 16:50 . 2013-08-28 16:54 -------- d-----w- C:\AdwCleaner
2013-08-28 14:50 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-28 10:04 . 2013-08-28 10:04 388096 ----a-r- c:\users\hellhound71\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-08-28 10:04 . 2013-08-28 10:04 -------- d-----w- c:\program files (x86)\Trend Micro
2013-08-28 01:01 . 2013-08-28 01:01 -------- d-----w- c:\users\hellhound71\AppData\Roaming\Malwarebytes
2013-08-28 01:01 . 2013-08-28 01:01 -------- d-----w- c:\programdata\Malwarebytes
2013-08-28 01:01 . 2013-08-28 14:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-24 08:43 . 2013-08-24 08:43 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6008331-ACC8-4E19-B639-CB610427AFF8}\gapaengine.dll
2013-08-19 12:10 . 2013-08-19 12:11 -------- d-----w- c:\windows\WindowsMobile
2013-08-14 17:07 . 2013-08-14 17:07 -------- d-----w- c:\users\Default\AppData\Local\Google
2013-08-14 07:15 . 2013-07-26 05:12 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-08-14 07:05 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 07:04 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-14 07:03 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-13 15:22 . 2013-08-13 15:22 -------- d-----w- c:\users\hellhound71\AppData\Roaming\SUPERAntiSpyware.com
2013-08-13 15:22 . 2013-08-15 11:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-08-13 15:22 . 2013-08-13 15:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-20 19:54 . 2012-11-27 23:16 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-20 19:54 . 2012-11-27 23:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-14 07:07 . 2012-11-27 22:25 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-22 17:06 . 2013-07-22 17:06 918016 ----a-w- c:\windows\system32\boost_regex-vc90-mt-1_47.dll
2013-07-22 17:03 . 2013-07-22 17:03 158720 ----a-w- c:\windows\system32\boost_filesystem-vc90-mt-1_47.dll
2013-07-22 17:02 . 2013-07-22 17:02 49152 ----a-w- c:\windows\system32\boost_date_time-vc90-mt-1_47.dll
2013-07-22 17:02 . 2013-07-22 17:02 299520 ----a-w- c:\windows\system32\boost_serialization-vc90-mt-1_47.dll
2013-07-22 17:02 . 2013-07-22 17:02 58880 ----a-w- c:\windows\system32\boost_thread-vc90-mt-1_47.dll
2013-07-22 17:02 . 2013-07-22 17:02 16896 ----a-w- c:\windows\system32\boost_system-vc90-mt-1_47.dll
2013-07-22 15:16 . 2013-07-22 15:16 704000 ----a-w- c:\windows\SysWow64\ContentDirectoryPresenter.dll
2013-07-17 10:40 . 2012-11-29 21:05 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-07-09 04:45 . 2013-08-14 07:05 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-06-27 11:37 . 2013-06-27 11:37 25600 ----a-w- c:\windows\SysWow64\MediaDB.dll
2013-06-27 11:37 . 2013-06-27 11:37 905216 ----a-w- c:\windows\system32\ContentDirectoryPresenter64.dll
2013-06-27 11:37 . 2013-06-27 11:37 30720 ----a-w- c:\windows\system32\MediaDB64.dll
2013-06-27 09:57 . 2013-07-26 12:55 172920 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2013-06-26 12:16 . 2013-06-26 12:16 46592 ----a-w- c:\windows\SysWow64\boost_thread-vc90-mt-1_47.dll
2013-06-26 12:16 . 2013-06-26 12:16 38912 ----a-w- c:\windows\SysWow64\boost_date_time-vc90-mt-1_47.dll
2013-06-26 12:16 . 2013-06-26 12:16 704000 ----a-w- c:\windows\SysWow64\boost_regex-vc90-mt-1_47.dll
2013-06-26 12:16 . 2013-06-26 12:16 227840 ----a-w- c:\windows\SysWow64\boost_serialization-vc90-mt-1_47.dll
2013-06-26 12:16 . 2013-06-26 12:16 12800 ----a-w- c:\windows\SysWow64\boost_system-vc90-mt-1_47.dll
2013-06-26 12:16 . 2013-06-26 12:16 130048 ----a-w- c:\windows\SysWow64\boost_filesystem-vc90-mt-1_47.dll
2013-06-24 14:06 . 2013-06-24 14:06 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-24 14:06 . 2013-02-18 17:46 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-24 14:06 . 2013-02-18 17:46 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-18 19:50 . 2013-06-18 19:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-18 19:50 . 2012-08-30 21:03 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-05 03:34 . 2013-07-14 10:33 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-14 10:33 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-14 10:33 509440 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}]
2013-08-10 01:25 202008 ----a-w- c:\program files (x86)\Tepfel\WebCakeIEClient.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-14 16:44 222832 ----a-w- c:\users\hellhound71\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-14 16:44 222832 ----a-w- c:\users\hellhound71\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-14 16:44 222832 ----a-w- c:\users\hellhound71\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{58AD5F88-1EF1-4C3B-B628-D1FDC05B4927}"
[HKEY_CLASSES_ROOT\CLSID\{58AD5F88-1EF1-4C3B-B628-D1FDC05B4927}]
2013-02-11 12:48 158056 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\hellhound71\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\hellhound71\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\hellhound71\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\hellhound71\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2013-02-11 12:48 158056 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Unified Remote v2"="c:\program files (x86)\Unified Remote\RemoteServer.exe" [2013-06-19 276568]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-04-23 1561968]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2013-03-20 578560]
"SkyDrive"="c:\users\hellhound71\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-08-14 257136]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"Viber"="c:\users\hellhound71\AppData\Local\Viber\Viber.exe" [2013-05-05 906240]
"Copy"="c:\users\hellhound71\AppData\Roaming\Copy\CopyAgent.exe" [2013-08-23 15639696]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2013-07-27 3624528]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-15 6581488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2011-09-27 465536]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-04-23 311152]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\hellhound71\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\hellhound71\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 MSICDSetup;MSICDSetup;e:\cdriver64.sys;e:\CDriver64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys;c:\windows\SYSNATIVE\drivers\cbfs3.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AllShare Framework DMS;AllShare Framework DMS;c:\program files\Samsung\AllShare Framework DMS\1.3.15\AllShareFrameworkManagerDMS.exe;c:\program files\Samsung\AllShare Framework DMS\1.3.15\AllShareFrameworkManagerDMS.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 Samsung Link Service;Samsung Link Service;c:\program files\Samsung\Samsung Link\Samsung Link.exe;c:\program files\Samsung\Samsung Link\Samsung Link.exe [x]
S3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys;SysWow64\drivers\AiCharger.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-27 19:54]
.
2013-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-03 19:54]
.
2013-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-03 19:54]
.
2013-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2368076055-1656258924-2752405660-1000Core.job
- c:\users\hellhound71\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-29 20:40]
.
2013-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2368076055-1656258924-2752405660-1000UA.job
- c:\users\hellhound71\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-29 20:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-14 16:44 261744 ----a-w- c:\users\hellhound71\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-14 16:44 261744 ----a-w- c:\users\hellhound71\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-14 16:44 261744 ----a-w- c:\users\hellhound71\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1aCopyShExtError]
@="{83BEA36E-7680-4598-A4DF-994426F6E78D}"
[HKEY_CLASSES_ROOT\CLSID\{83BEA36E-7680-4598-A4DF-994426F6E78D}]
2013-07-03 19:25 3926016 ----a-w- c:\users\hellhound71\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{58AD5F88-1EF1-4C3B-B628-D1FDC05B4927}"
[HKEY_CLASSES_ROOT\CLSID\{58AD5F88-1EF1-4C3B-B628-D1FDC05B4927}]
2013-02-11 12:48 190312 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2aCopyShExtSynced]
@="{845B7388-6F85-4F32-9FD5-F02DC7882B89}"
[HKEY_CLASSES_ROOT\CLSID\{845B7388-6F85-4F32-9FD5-F02DC7882B89}]
2013-07-03 19:25 3926016 ----a-w- c:\users\hellhound71\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3aCopyShExtSyncing]
@="{F6378A7A-F753-449B-AE1B-997A96132E61}"
[HKEY_CLASSES_ROOT\CLSID\{F6378A7A-F753-449B-AE1B-997A96132E61}]
2013-07-03 19:25 3926016 ----a-w- c:\users\hellhound71\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4aCopyShExtSyncingProg1]
@="{3A511828-777D-46F8-82F4-5B530C1B3D9E}"
[HKEY_CLASSES_ROOT\CLSID\{3A511828-777D-46F8-82F4-5B530C1B3D9E}]
2013-07-03 19:25 3926016 ----a-w- c:\users\hellhound71\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5aCopyShExtSyncingProg2]
@="{C8C88204-5B14-40EC-BA72-8AEBC762047E}"
[HKEY_CLASSES_ROOT\CLSID\{C8C88204-5B14-40EC-BA72-8AEBC762047E}]
2013-07-03 19:25 3926016 ----a-w- c:\users\hellhound71\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6aCopyShExtSyncingProg3]
@="{ACFF45C3-3EEB-4351-86C2-6696BA264239}"
[HKEY_CLASSES_ROOT\CLSID\{ACFF45C3-3EEB-4351-86C2-6696BA264239}]
2013-07-03 19:25 3926016 ----a-w- c:\users\hellhound71\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7aCopyShExtSyncingProg4]
@="{29AF997F-488B-46F0-AE78-7146F1B89CC3}"
[HKEY_CLASSES_ROOT\CLSID\{29AF997F-488B-46F0-AE78-7146F1B89CC3}]
2013-07-03 19:25 3926016 ----a-w- c:\users\hellhound71\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8aCopyShExtSyncingProg5]
@="{03F9AD29-1C78-4B66-8890-B177B5430C53}"
[HKEY_CLASSES_ROOT\CLSID\{03F9AD29-1C78-4B66-8890-B177B5430C53}]
2013-07-03 19:25 3926016 ----a-w- c:\users\hellhound71\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BitcasaIconOverlay]
@="{A6975448-A999-49BB-B3E4-7730CF6A82C0}"
[HKEY_CLASSES_ROOT\CLSID\{A6975448-A999-49BB-B3E4-7730CF6A82C0}]
2013-04-23 12:14 151040 ----a-w- c:\program files\Bitcasa\ExplorerMenu.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BitcasaProgressOverlay]
@="{6FB8D52A-0064-45B2-B687-F596FEAD09C2}"
[HKEY_CLASSES_ROOT\CLSID\{6FB8D52A-0064-45B2-B687-F596FEAD09C2}]
2013-04-23 12:14 151040 ----a-w- c:\program files\Bitcasa\ExplorerMenu.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\hellhound71\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\hellhound71\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\hellhound71\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\hellhound71\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2013-02-11 12:48 190312 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]
"Bitcasa"="c:\program files\Bitcasa\Bitcasa.exe" [2013-04-23 3930112]
"Samsung Link"="c:\program files\Samsung\Samsung Link\Samsung Link Tray Agent.exe" [2013-07-24 597576]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Stáhnout s IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 10.0.0.138 192.168.0.1
FF - ProfilePath - c:\users\hellhound71\AppData\Roaming\Mozilla\Firefox\Profiles\sr2pnxv0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.basicserve.com/?prt=bscsrvli ... &keywords=
FF - ExtSQL: 2013-07-22 23:17; coafy3@pieu.edu; c:\users\hellhound71\AppData\Roaming\Mozilla\Firefox\Profiles\sr2pnxv0.default\extensions\coafy3@pieu.edu
FF - ExtSQL: 2013-08-31 03:34; toolbarbutton@browseradditions.com; c:\users\hellhound71\AppData\Roaming\Mozilla\Firefox\Profiles\sr2pnxv0.default\extensions\toolbarbutton@browseradditions.com
FF - ExtSQL: 2013-08-31 03:34; plugin@getwebcake.com; c:\users\hellhound71\AppData\Roaming\Mozilla\Firefox\Profiles\sr2pnxv0.default\extensions\plugin@getwebcake.com
FF - ExtSQL: 2013-08-31 03:38; {740B3FD5-4483-469D-BE7F-8555B153BD04}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}
user_pref(extensions.poweraddon.cid,647);
FF - user.js: extentions.webcake.installId - c3b49d90-de4a-4366-a5e4-2466bb4f9af3
FF - user.js: extentions.webcake.defaultEnableAppsList - layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-BasicServe - c:\program files (x86)\BasicServe\uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2368076055-1656258924-2752405660-1000_Classes\Wow6432Node\CLSID\{17ad6989-3903-4e85-bc8d-91df007d70cb}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000072
"Therad"=dword:0000001b
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2368076055-1656258924-2752405660-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):ed,fa,57,01,e1,0c,f5,6a,38,1d,10,f7,9b,52,ad,36,a2,d4,12,ac,e5,
3f,9a,90,c0,01,df,05,10,32,6e,49,14,93,38,41,f2,40,30,47,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Samsung\AllShare Framework DMS\1.3.15\AllShareFrameworkDMS.exe
c:\users\hellhound71\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
.
**************************************************************************
.
Celkový čas: 2013-08-31 20:47:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-08-31 18:46
ComboFix2.txt 2013-08-29 18:55
.
Před spuštěním: Volných bajtů: 11 531 067 392
Po spuštění: Volných bajtů: 11 321 057 280
.
- - End Of File - - 0528A40F09B7BC7B9BB14E73761CBBC8
8F558EB6672622401DA993E1E865C861

[memphisto]

Odkud jej spouštíš? Mám jej stáhnout na plochu a spustit. Udělej to jak říkám. Takhle to nic mazat nebude, protože jej podruhé ani nenajdeš!

Spuštěný z: c:\users\HELLHO~1\AppData\Local\Temp\nsk775B.tmp\setup.exe