Otevírání nechtěných reklamních stránek Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Zamčeno
yanek71
Level 1
Level 1
Příspěvky: 50
Registrován: březen 06
Pohlaví: Muž
Stav:
Offline

Re: Otevírání nechtěných reklamních stránek

Příspěvekod yanek71 » 31 srp 2013 22:47

Já to spouštěl z plochy, ale stahoval sem to dvakrát a vždy se mi stahnul nějakej soubor s názvem setup.exe.Když sem to spustil tak to spustilo nějakej instaler přes kterej se spustil combo fix.Teď sem to stáhl znova a porvé se mi stahnul soubor s názvem combofix.exe.Tak ho spustim a log sem hodim.Snad to bude dobře.
Nahoru
Reklama
Top
yanek71
Level 1
Level 1
Příspěvky: 50
Registrován: březen 06
Pohlaví: Muž
Stav:
Offline

Re: Otevírání nechtěných reklamních stránek

Příspěvekod yanek71 » 01 zář 2013 01:48

ComboFix 13-08-31.01 - hellhound71 01.09.2013 1:34.4.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8190.6049 [GMT 2:00]
Spuštěný z: c:\users\hellhound71\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\_ctypes.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\_elementtree.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\_hashlib.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\_multiprocessing.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\_socket.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\_ssl.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\msvcp100.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\msvcr100.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\pyexpat.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\pysqlite2._sqlite.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\python27.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\pythoncom27.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\PyWinTypes27.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\select.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\unicodedata.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\win32api.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\win32com.shell.shell.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\win32crypt.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\win32event.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\win32file.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\win32inet.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\win32pdh.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\win32process.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\win32profile.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\win32security.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\win32ts.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\windows._cacheinvalidation.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\wx._controls_.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\wx._core_.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\wx._gdi_.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\wx._html2.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\wx._misc_.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\wx._windows_.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\wx._wizard.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\wxbase294u_net_vc90.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\wxbase294u_vc90.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\wxmsw294u_adv_vc90.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\wxmsw294u_core_vc90.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\wxmsw294u_html_vc90.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI36762\wxmsw294u_webview_vc90.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\_ctypes.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\_elementtree.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\_hashlib.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\_multiprocessing.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\_socket.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\_ssl.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\msvcp100.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\msvcr100.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\pyexpat.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\pysqlite2._sqlite.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\python27.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\pythoncom27.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\PyWinTypes27.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\select.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\unicodedata.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\win32api.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\win32com.shell.shell.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\win32crypt.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\win32event.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\win32file.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\win32inet.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\win32pdh.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\win32process.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\win32profile.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\win32security.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\win32ts.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\windows._cacheinvalidation.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\wx._controls_.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\wx._core_.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\wx._gdi_.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\wx._html2.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\wx._misc_.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\wx._windows_.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\wx._wizard.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\wxbase294u_net_vc90.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\wxbase294u_vc90.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\wxmsw294u_adv_vc90.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\wxmsw294u_core_vc90.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\wxmsw294u_html_vc90.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI36762\wxmsw294u_webview_vc90.dll
c:\windows\TEMP\sqlite-3.7.2-sqlitejdbc.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-07-28 do 2013-08-31 )))))))))))))))))))))))))))))))
.
.
2013-08-31 23:40 . 2013-08-31 23:40 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{65E2C4AF-DB9F-4C73-B929-40BF18DCD322}\offreg.dll
2013-08-31 23:39 . 2013-08-31 23:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-31 18:52 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{65E2C4AF-DB9F-4C73-B929-40BF18DCD322}\mpengine.dll
2013-08-31 01:34 . 2013-08-31 09:11 -------- d-----w- c:\users\hellhound71\AppData\Roaming\Tepfel
2013-08-31 01:34 . 2013-08-31 09:11 -------- d-----w- c:\program files (x86)\Tepfel
2013-08-31 01:34 . 2013-08-31 01:34 -------- d-----w- c:\programdata\Tarma Installer
2013-08-29 18:56 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-29 08:52 . 2013-08-29 08:52 -------- d-----w- c:\windows\ERUNT
2013-08-29 08:42 . 2013-08-29 08:42 -------- d-----w- c:\programdata\SummerSoft
2013-08-28 16:50 . 2013-08-28 16:54 -------- d-----w- C:\AdwCleaner
2013-08-28 14:50 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-28 10:04 . 2013-08-28 10:04 388096 ----a-r- c:\users\hellhound71\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-08-28 10:04 . 2013-08-28 10:04 -------- d-----w- c:\program files (x86)\Trend Micro
2013-08-28 01:01 . 2013-08-28 01:01 -------- d-----w- c:\users\hellhound71\AppData\Roaming\Malwarebytes
2013-08-28 01:01 . 2013-08-28 01:01 -------- d-----w- c:\programdata\Malwarebytes
2013-08-28 01:01 . 2013-08-28 14:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-24 08:43 . 2013-08-24 08:43 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6008331-ACC8-4E19-B639-CB610427AFF8}\gapaengine.dll
2013-08-19 12:10 . 2013-08-19 12:11 -------- d-----w- c:\windows\WindowsMobile
2013-08-14 17:07 . 2013-08-14 17:07 -------- d-----w- c:\users\Default\AppData\Local\Google
2013-08-14 07:15 . 2013-07-26 05:12 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-08-14 07:05 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 07:04 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-14 07:03 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-13 15:22 . 2013-08-13 15:22 -------- d-----w- c:\users\hellhound71\AppData\Roaming\SUPERAntiSpyware.com
2013-08-13 15:22 . 2013-08-15 11:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-08-13 15:22 . 2013-08-13 15:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-20 19:54 . 2012-11-27 23:16 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-20 19:54 . 2012-11-27 23:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-14 07:07 . 2012-11-27 22:25 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-22 17:06 . 2013-07-22 17:06 918016 ----a-w- c:\windows\system32\boost_regex-vc90-mt-1_47.dll
2013-07-22 17:03 . 2013-07-22 17:03 158720 ----a-w- c:\windows\system32\boost_filesystem-vc90-mt-1_47.dll
2013-07-22 17:02 . 2013-07-22 17:02 49152 ----a-w- c:\windows\system32\boost_date_time-vc90-mt-1_47.dll
2013-07-22 17:02 . 2013-07-22 17:02 299520 ----a-w- c:\windows\system32\boost_serialization-vc90-mt-1_47.dll
2013-07-22 17:02 . 2013-07-22 17:02 58880 ----a-w- c:\windows\system32\boost_thread-vc90-mt-1_47.dll
2013-07-22 17:02 . 2013-07-22 17:02 16896 ----a-w- c:\windows\system32\boost_system-vc90-mt-1_47.dll
2013-07-22 15:16 . 2013-07-22 15:16 704000 ----a-w- c:\windows\SysWow64\ContentDirectoryPresenter.dll
2013-07-17 10:40 . 2012-11-29 21:05 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-07-09 04:45 . 2013-08-14 07:05 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-06-27 11:37 . 2013-06-27 11:37 25600 ----a-w- c:\windows\SysWow64\MediaDB.dll
2013-06-27 11:37 . 2013-06-27 11:37 905216 ----a-w- c:\windows\system32\ContentDirectoryPresenter64.dll
2013-06-27 11:37 . 2013-06-27 11:37 30720 ----a-w- c:\windows\system32\MediaDB64.dll
2013-06-27 09:57 . 2013-07-26 12:55 172920 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2013-06-26 12:16 . 2013-06-26 12:16 46592 ----a-w- c:\windows\SysWow64\boost_thread-vc90-mt-1_47.dll
2013-06-26 12:16 . 2013-06-26 12:16 38912 ----a-w- c:\windows\SysWow64\boost_date_time-vc90-mt-1_47.dll
2013-06-26 12:16 . 2013-06-26 12:16 704000 ----a-w- c:\windows\SysWow64\boost_regex-vc90-mt-1_47.dll
2013-06-26 12:16 . 2013-06-26 12:16 227840 ----a-w- c:\windows\SysWow64\boost_serialization-vc90-mt-1_47.dll
2013-06-26 12:16 . 2013-06-26 12:16 12800 ----a-w- c:\windows\SysWow64\boost_system-vc90-mt-1_47.dll
2013-06-26 12:16 . 2013-06-26 12:16 130048 ----a-w- c:\windows\SysWow64\boost_filesystem-vc90-mt-1_47.dll
2013-06-24 14:06 . 2013-06-24 14:06 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-24 14:06 . 2013-02-18 17:46 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-24 14:06 . 2013-02-18 17:46 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-18 19:50 . 2013-06-18 19:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-18 19:50 . 2012-08-30 21:03 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-05 03:34 . 2013-07-14 10:33 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-14 10:33 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-14 10:33 509440 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}]
2013-08-10 01:25 202008 ----a-w- c:\program files (x86)\Tepfel\WebCakeIEClient.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-14 16:44 222832 ----a-w- c:\users\hellhound71\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-14 16:44 222832 ----a-w- c:\users\hellhound71\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-14 16:44 222832 ----a-w- c:\users\hellhound71\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{58AD5F88-1EF1-4C3B-B628-D1FDC05B4927}"
[HKEY_CLASSES_ROOT\CLSID\{58AD5F88-1EF1-4C3B-B628-D1FDC05B4927}]
2013-02-11 12:48 158056 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\hellhound71\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\hellhound71\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\hellhound71\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\hellhound71\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2013-02-11 12:48 158056 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Unified Remote v2"="c:\program files (x86)\Unified Remote\RemoteServer.exe" [2013-06-19 276568]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-04-23 1561968]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2013-03-20 578560]
"SkyDrive"="c:\users\hellhound71\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-08-14 257136]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"Viber"="c:\users\hellhound71\AppData\Local\Viber\Viber.exe" [2013-05-05 906240]
"Copy"="c:\users\hellhound71\AppData\Roaming\Copy\CopyAgent.exe" [2013-08-23 15639696]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2013-07-27 3624528]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-15 6581488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2011-09-27 465536]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-04-23 311152]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\hellhound71\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\hellhound71\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 MSICDSetup;MSICDSetup;e:\cdriver64.sys;e:\CDriver64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys;c:\windows\SYSNATIVE\drivers\cbfs3.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AllShare Framework DMS;AllShare Framework DMS;c:\program files\Samsung\AllShare Framework DMS\1.3.15\AllShareFrameworkManagerDMS.exe;c:\program files\Samsung\AllShare Framework DMS\1.3.15\AllShareFrameworkManagerDMS.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 Samsung Link Service;Samsung Link Service;c:\program files\Samsung\Samsung Link\Samsung Link.exe;c:\program files\Samsung\Samsung Link\Samsung Link.exe [x]
S3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys;SysWow64\drivers\AiCharger.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-27 19:54]
.
2013-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-03 19:54]
.
2013-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-03 19:54]
.
2013-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2368076055-1656258924-2752405660-1000Core.job
- c:\users\hellhound71\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-29 20:40]
.
2013-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2368076055-1656258924-2752405660-1000UA.job
- c:\users\hellhound71\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-29 20:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-14 16:44 261744 ----a-w- c:\users\hellhound71\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-14 16:44 261744 ----a-w- c:\users\hellhound71\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-14 16:44 261744 ----a-w- c:\users\hellhound71\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1aCopyShExtError]
@="{83BEA36E-7680-4598-A4DF-994426F6E78D}"
[HKEY_CLASSES_ROOT\CLSID\{83BEA36E-7680-4598-A4DF-994426F6E78D}]
2013-07-03 19:25 3926016 ----a-w- c:\users\hellhound71\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{58AD5F88-1EF1-4C3B-B628-D1FDC05B4927}"
[HKEY_CLASSES_ROOT\CLSID\{58AD5F88-1EF1-4C3B-B628-D1FDC05B4927}]
2013-02-11 12:48 190312 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2aCopyShExtSynced]
@="{845B7388-6F85-4F32-9FD5-F02DC7882B89}"
[HKEY_CLASSES_ROOT\CLSID\{845B7388-6F85-4F32-9FD5-F02DC7882B89}]
2013-07-03 19:25 3926016 ----a-w- c:\users\hellhound71\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3aCopyShExtSyncing]
@="{F6378A7A-F753-449B-AE1B-997A96132E61}"
[HKEY_CLASSES_ROOT\CLSID\{F6378A7A-F753-449B-AE1B-997A96132E61}]
2013-07-03 19:25 3926016 ----a-w- c:\users\hellhound71\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4aCopyShExtSyncingProg1]
@="{3A511828-777D-46F8-82F4-5B530C1B3D9E}"
[HKEY_CLASSES_ROOT\CLSID\{3A511828-777D-46F8-82F4-5B530C1B3D9E}]
2013-07-03 19:25 3926016 ----a-w- c:\users\hellhound71\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5aCopyShExtSyncingProg2]
@="{C8C88204-5B14-40EC-BA72-8AEBC762047E}"
[HKEY_CLASSES_ROOT\CLSID\{C8C88204-5B14-40EC-BA72-8AEBC762047E}]
2013-07-03 19:25 3926016 ----a-w- c:\users\hellhound71\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6aCopyShExtSyncingProg3]
@="{ACFF45C3-3EEB-4351-86C2-6696BA264239}"
[HKEY_CLASSES_ROOT\CLSID\{ACFF45C3-3EEB-4351-86C2-6696BA264239}]
2013-07-03 19:25 3926016 ----a-w- c:\users\hellhound71\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7aCopyShExtSyncingProg4]
@="{29AF997F-488B-46F0-AE78-7146F1B89CC3}"
[HKEY_CLASSES_ROOT\CLSID\{29AF997F-488B-46F0-AE78-7146F1B89CC3}]
2013-07-03 19:25 3926016 ----a-w- c:\users\hellhound71\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8aCopyShExtSyncingProg5]
@="{03F9AD29-1C78-4B66-8890-B177B5430C53}"
[HKEY_CLASSES_ROOT\CLSID\{03F9AD29-1C78-4B66-8890-B177B5430C53}]
2013-07-03 19:25 3926016 ----a-w- c:\users\hellhound71\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BitcasaIconOverlay]
@="{A6975448-A999-49BB-B3E4-7730CF6A82C0}"
[HKEY_CLASSES_ROOT\CLSID\{A6975448-A999-49BB-B3E4-7730CF6A82C0}]
2013-04-23 12:14 151040 ----a-w- c:\program files\Bitcasa\ExplorerMenu.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BitcasaProgressOverlay]
@="{6FB8D52A-0064-45B2-B687-F596FEAD09C2}"
[HKEY_CLASSES_ROOT\CLSID\{6FB8D52A-0064-45B2-B687-F596FEAD09C2}]
2013-04-23 12:14 151040 ----a-w- c:\program files\Bitcasa\ExplorerMenu.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\hellhound71\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\hellhound71\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\hellhound71\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\hellhound71\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2013-02-11 12:48 190312 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]
"Bitcasa"="c:\program files\Bitcasa\Bitcasa.exe" [2013-04-23 3930112]
"Samsung Link"="c:\program files\Samsung\Samsung Link\Samsung Link Tray Agent.exe" [2013-07-24 597576]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Stáhnout s IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 10.0.0.138 192.168.0.1
FF - ProfilePath - c:\users\hellhound71\AppData\Roaming\Mozilla\Firefox\Profiles\sr2pnxv0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.basicserve.com/?prt=bscsrvli ... &keywords=
FF - ExtSQL: 2013-07-22 23:17; coafy3@pieu.edu; c:\users\hellhound71\AppData\Roaming\Mozilla\Firefox\Profiles\sr2pnxv0.default\extensions\coafy3@pieu.edu
FF - ExtSQL: 2013-08-31 03:34; toolbarbutton@browseradditions.com; c:\users\hellhound71\AppData\Roaming\Mozilla\Firefox\Profiles\sr2pnxv0.default\extensions\toolbarbutton@browseradditions.com
FF - ExtSQL: 2013-08-31 03:34; plugin@getwebcake.com; c:\users\hellhound71\AppData\Roaming\Mozilla\Firefox\Profiles\sr2pnxv0.default\extensions\plugin@getwebcake.com
FF - ExtSQL: 2013-08-31 03:38; {740B3FD5-4483-469D-BE7F-8555B153BD04}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}
user_pref(extensions.poweraddon.cid,647);
FF - user.js: extentions.webcake.installId - c3b49d90-de4a-4366-a5e4-2466bb4f9af3
FF - user.js: extentions.webcake.defaultEnableAppsList - layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-BasicServe - c:\program files (x86)\BasicServe\uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2368076055-1656258924-2752405660-1000_Classes\Wow6432Node\CLSID\{17ad6989-3903-4e85-bc8d-91df007d70cb}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000072
"Therad"=dword:0000001b
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2368076055-1656258924-2752405660-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):ed,fa,57,01,e1,0c,f5,6a,38,1d,10,f7,9b,52,ad,36,a2,d4,12,ac,e5,
3f,9a,90,c0,01,df,05,10,32,6e,49,14,93,38,41,f2,40,30,47,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Samsung\AllShare Framework DMS\1.3.15\AllShareFrameworkDMS.exe
c:\users\hellhound71\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files (x86)\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Celkový čas: 2013-09-01 01:44:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-08-31 23:44
ComboFix2.txt 2013-08-31 18:47
ComboFix3.txt 2013-08-29 18:55
.
Před spuštěním: Volných bajtů: 11 354 288 128
Po spuštění: Volných bajtů: 11 103 784 960
.
- - End Of File - - 1E1BD398C6F0B1721548D3E1F8D39F93
8F558EB6672622401DA993E1E865C861
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43287
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Otevírání nechtěných reklamních stránek

Příspěvekod jaro3 » 01 zář 2013 10:56

Odinstaluj:
Tepfel

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2368076055-1656258924-2752405660-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2368076055-1656258924-2752405660-1000UA.job

Folder::
c:\users\hellhound71\AppData\Roaming\Tepfel
c:\program files (x86)\Tepfel
c:\program files (x86)\Google\Update
c:\users\hellhound71\AppData\Local\Google\Update

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}]

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
yanek71
Level 1
Level 1
Příspěvky: 50
Registrován: březen 06
Pohlaví: Muž
Stav:
Offline

Re: Otevírání nechtěných reklamních stránek

Příspěvekod yanek71 » 01 zář 2013 13:47

ComboFix 13-08-31.01 - hellhound71 01.09.2013 13:24:51.5.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8190.6126 [GMT 2:00]
Spuštěný z: c:\users\hellhound71\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\hellhound71\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2368076055-1656258924-2752405660-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2368076055-1656258924-2752405660-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.21.153\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.21.153\goopdate.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.21.153\psmachine.dll
c:\program files (x86)\Google\Update\1.3.21.153\psuser.dll
c:\program files (x86)\Google\Update\Download\{3C122445-AECE-4309-90B7-85A6AEF42AC0}\0.0.0.0\gsync.msi
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.153\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Tepfel
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\_ctypes.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\_elementtree.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\_hashlib.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\_multiprocessing.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\_socket.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\_ssl.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\msvcp100.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\msvcr100.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\pyexpat.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\pysqlite2._sqlite.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\python27.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\pythoncom27.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\PyWinTypes27.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\select.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\unicodedata.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\win32api.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\win32com.shell.shell.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\win32crypt.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\win32event.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\win32file.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\win32inet.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\win32pdh.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\win32process.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\win32profile.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\win32security.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\win32ts.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\windows._cacheinvalidation.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\wx._controls_.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\wx._core_.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\wx._gdi_.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\wx._html2.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\wx._misc_.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\wx._windows_.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\wx._wizard.pyd
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\wxbase294u_net_vc90.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\wxbase294u_vc90.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\wxmsw294u_adv_vc90.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\wxmsw294u_core_vc90.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\wxmsw294u_html_vc90.dll
c:\users\HELLHO~1\AppData\Local\Temp\_MEI43082\wxmsw294u_webview_vc90.dll
c:\users\hellhound71\AppData\Local\Google\Update
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\GoogleUpdate.exe
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\GoogleUpdateBroker.exe
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\GoogleUpdateHelper.msi
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\GoogleUpdateOnDemand.exe
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\GoogleUpdateSetup.exe
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdate.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_am.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_ar.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_bg.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_bn.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_ca.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_cs.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_da.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_de.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_el.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_en-GB.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_en.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_es-419.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_es.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_et.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_fa.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_fi.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_fil.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_fr.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_gu.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_hi.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_hr.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_hu.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_id.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_is.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_it.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_iw.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_ja.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_kn.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_ko.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_lt.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_lv.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_ml.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_mr.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_ms.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_nl.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_no.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_pl.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_pt-BR.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_pt-PT.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_ro.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_ru.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_sk.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_sl.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_sr.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_sv.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_sw.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_ta.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_te.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_th.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_tr.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_uk.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_ur.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_vi.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_zh-CN.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\goopdateres_zh-TW.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\psmachine.dll
c:\users\hellhound71\AppData\Local\Google\Update\1.3.21.153\psuser.dll
c:\users\hellhound71\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.153\GoogleUpdateSetup.exe
c:\users\hellhound71\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\29.0.1547.62\29.0.1547.62_29.0.1547.57_chrome_updater.exe
c:\users\hellhound71\AppData\Local\Google\Update\GoogleUpdate.exe
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\_ctypes.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\_elementtree.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\_hashlib.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\_multiprocessing.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\_socket.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\_ssl.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\msvcp100.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\msvcr100.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\pyexpat.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\pysqlite2._sqlite.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\python27.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\pythoncom27.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\PyWinTypes27.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\select.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\unicodedata.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\win32api.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\win32com.shell.shell.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\win32crypt.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\win32event.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\win32file.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\win32inet.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\win32pdh.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\win32process.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\win32profile.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\win32security.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\win32ts.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\windows._cacheinvalidation.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\wx._controls_.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\wx._core_.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\wx._gdi_.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\wx._html2.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\wx._misc_.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\wx._windows_.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\wx._wizard.pyd
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\wxbase294u_net_vc90.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\wxbase294u_vc90.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\wxmsw294u_adv_vc90.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\wxmsw294u_core_vc90.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\wxmsw294u_html_vc90.dll
c:\users\hellhound71\AppData\Local\Temp\_MEI43082\wxmsw294u_webview_vc90.dll
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2368076055-1656258924-2752405660-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2368076055-1656258924-2752405660-1000UA.job
c:\windows\TEMP\sqlite-3.7.2-sqlitejdbc.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-01 do 2013-09-01 )))))))))))))))))))))))))))))))
.
.
2013-09-01 11:30 . 2013-09-01 11:30 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7BEF6BE9-80E1-4639-A1D4-2017144D388F}\offreg.dll
2013-09-01 11:29 . 2013-09-01 11:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-01 10:59 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7BEF6BE9-80E1-4639-A1D4-2017144D388F}\mpengine.dll
2013-08-31 23:57 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-31 01:34 . 2013-09-01 11:30 -------- d-----w- c:\programdata\Tarma Installer
2013-08-29 08:52 . 2013-08-29 08:52 -------- d-----w- c:\windows\ERUNT
2013-08-29 08:42 . 2013-08-29 08:42 -------- d-----w- c:\programdata\SummerSoft
2013-08-28 16:50 . 2013-08-28 16:54 -------- d-----w- C:\AdwCleaner
2013-08-28 14:50 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-28 10:04 . 2013-08-28 10:04 388096 ----a-r- c:\users\hellhound71\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-08-28 10:04 . 2013-08-28 10:04 -------- d-----w- c:\program files (x86)\Trend Micro
2013-08-28 01:01 . 2013-08-28 01:01 -------- d-----w- c:\users\hellhound71\AppData\Roaming\Malwarebytes
2013-08-28 01:01 . 2013-08-28 01:01 -------- d-----w- c:\programdata\Malwarebytes
2013-08-28 01:01 . 2013-08-28 14:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-24 08:43 . 2013-08-24 08:43 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6008331-ACC8-4E19-B639-CB610427AFF8}\gapaengine.dll
2013-08-19 12:10 . 2013-08-19 12:11 -------- d-----w- c:\windows\WindowsMobile
2013-08-14 17:07 . 2013-08-14 17:07 -------- d-----w- c:\users\Default\AppData\Local\Google
2013-08-14 07:15 . 2013-07-26 05:12 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-08-14 07:05 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 07:04 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-14 07:03 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-13 15:22 . 2013-08-13 15:22 -------- d-----w- c:\users\hellhound71\AppData\Roaming\SUPERAntiSpyware.com
2013-08-13 15:22 . 2013-08-15 11:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-08-13 15:22 . 2013-08-13 15:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-20 19:54 . 2012-11-27 23:16 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-20 19:54 . 2012-11-27 23:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-14 07:07 . 2012-11-27 22:25 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-22 17:06 . 2013-07-22 17:06 918016 ----a-w- c:\windows\system32\boost_regex-vc90-mt-1_47.dll
2013-07-22 17:03 . 2013-07-22 17:03 158720 ----a-w- c:\windows\system32\boost_filesystem-vc90-mt-1_47.dll
2013-07-22 17:02 . 2013-07-22 17:02 49152 ----a-w- c:\windows\system32\boost_date_time-vc90-mt-1_47.dll
2013-07-22 17:02 . 2013-07-22 17:02 299520 ----a-w- c:\windows\system32\boost_serialization-vc90-mt-1_47.dll
2013-07-22 17:02 . 2013-07-22 17:02 58880 ----a-w- c:\windows\system32\boost_thread-vc90-mt-1_47.dll
2013-07-22 17:02 . 2013-07-22 17:02 16896 ----a-w- c:\windows\system32\boost_system-vc90-mt-1_47.dll
2013-07-22 15:16 . 2013-07-22 15:16 704000 ----a-w- c:\windows\SysWow64\ContentDirectoryPresenter.dll
2013-07-17 10:40 . 2012-11-29 21:05 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-07-09 04:45 . 2013-08-14 07:05 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-06-27 11:37 . 2013-06-27 11:37 25600 ----a-w- c:\windows\SysWow64\MediaDB.dll
2013-06-27 11:37 . 2013-06-27 11:37 905216 ----a-w- c:\windows\system32\ContentDirectoryPresenter64.dll
2013-06-27 11:37 . 2013-06-27 11:37 30720 ----a-w- c:\windows\system32\MediaDB64.dll
2013-06-27 09:57 . 2013-07-26 12:55 172920 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2013-06-26 12:16 . 2013-06-26 12:16 46592 ----a-w- c:\windows\SysWow64\boost_thread-vc90-mt-1_47.dll
2013-06-26 12:16 . 2013-06-26 12:16 38912 ----a-w- c:\windows\SysWow64\boost_date_time-vc90-mt-1_47.dll
2013-06-26 12:16 . 2013-06-26 12:16 704000 ----a-w- c:\windows\SysWow64\boost_regex-vc90-mt-1_47.dll
2013-06-26 12:16 . 2013-06-26 12:16 227840 ----a-w- c:\windows\SysWow64\boost_serialization-vc90-mt-1_47.dll
2013-06-26 12:16 . 2013-06-26 12:16 12800 ----a-w- c:\windows\SysWow64\boost_system-vc90-mt-1_47.dll
2013-06-26 12:16 . 2013-06-26 12:16 130048 ----a-w- c:\windows\SysWow64\boost_filesystem-vc90-mt-1_47.dll
2013-06-24 14:06 . 2013-06-24 14:06 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-24 14:06 . 2013-02-18 17:46 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-24 14:06 . 2013-02-18 17:46 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-18 19:50 . 2013-06-18 19:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-18 19:50 . 2012-08-30 21:03 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-05 03:34 . 2013-07-14 10:33 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-14 10:33 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-14 10:33 509440 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-14 16:44 222832 ----a-w- c:\users\hellhound71\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-14 16:44 222832 ----a-w- c:\users\hellhound71\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-14 16:44 222832 ----a-w- c:\users\hellhound71\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{58AD5F88-1EF1-4C3B-B628-D1FDC05B4927}"
[HKEY_CLASSES_ROOT\CLSID\{58AD5F88-1EF1-4C3B-B628-D1FDC05B4927}]
2013-02-11 12:48 158056 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\hellhound71\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\hellhound71\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\hellhound71\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\hellhound71\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2013-02-11 12:48 158056 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Unified Remote v2"="c:\program files (x86)\Unified Remote\RemoteServer.exe" [2013-06-19 276568]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-04-23 1561968]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2013-03-20 578560]
"SkyDrive"="c:\users\hellhound71\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-08-14 257136]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"Viber"="c:\users\hellhound71\AppData\Local\Viber\Viber.exe" [2013-05-05 906240]
"Copy"="c:\users\hellhound71\AppData\Roaming\Copy\CopyAgent.exe" [2013-08-23 15639696]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2013-07-27 3624528]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-15 6581488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2011-09-27 465536]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-04-23 311152]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\hellhound71\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\hellhound71\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 MSICDSetup;MSICDSetup;e:\cdriver64.sys;e:\CDriver64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys;c:\windows\SYSNATIVE\drivers\cbfs3.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AllShare Framework DMS;AllShare Framework DMS;c:\program files\Samsung\AllShare Framework DMS\1.3.15\AllShareFrameworkManagerDMS.exe;c:\program files\Samsung\AllShare Framework DMS\1.3.15\AllShareFrameworkManagerDMS.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 Samsung Link Service;Samsung Link Service;c:\program files\Samsung\Samsung Link\Samsung Link.exe;c:\program files\Samsung\Samsung Link\Samsung Link.exe [x]
S3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys;SysWow64\drivers\AiCharger.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-27 19:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-14 16:44 261744 ----a-w- c:\users\hellhound71\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-14 16:44 261744 ----a-w- c:\users\hellhound71\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-14 16:44 261744 ----a-w- c:\users\hellhound71\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1aCopyShExtError]
@="{83BEA36E-7680-4598-A4DF-994426F6E78D}"
[HKEY_CLASSES_ROOT\CLSID\{83BEA36E-7680-4598-A4DF-994426F6E78D}]
2013-07-03 19:25 3926016 ----a-w- c:\users\hellhound71\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{58AD5F88-1EF1-4C3B-B628-D1FDC05B4927}"
[HKEY_CLASSES_ROOT\CLSID\{58AD5F88-1EF1-4C3B-B628-D1FDC05B4927}]
2013-02-11 12:48 190312 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2aCopyShExtSynced]
@="{845B7388-6F85-4F32-9FD5-F02DC7882B89}"
[HKEY_CLASSES_ROOT\CLSID\{845B7388-6F85-4F32-9FD5-F02DC7882B89}]
2013-07-03 19:25 3926016 ----a-w- c:\users\hellhound71\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3aCopyShExtSyncing]
@="{F6378A7A-F753-449B-AE1B-997A96132E61}"
[HKEY_CLASSES_ROOT\CLSID\{F6378A7A-F753-449B-AE1B-997A96132E61}]
2013-07-03 19:25 3926016 ----a-w- c:\users\hellhound71\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4aCopyShExtSyncingProg1]
@="{3A511828-777D-46F8-82F4-5B530C1B3D9E}"
[HKEY_CLASSES_ROOT\CLSID\{3A511828-777D-46F8-82F4-5B530C1B3D9E}]
2013-07-03 19:25 3926016 ----a-w- c:\users\hellhound71\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5aCopyShExtSyncingProg2]
@="{C8C88204-5B14-40EC-BA72-8AEBC762047E}"
[HKEY_CLASSES_ROOT\CLSID\{C8C88204-5B14-40EC-BA72-8AEBC762047E}]
2013-07-03 19:25 3926016 ----a-w- c:\users\hellhound71\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6aCopyShExtSyncingProg3]
@="{ACFF45C3-3EEB-4351-86C2-6696BA264239}"
[HKEY_CLASSES_ROOT\CLSID\{ACFF45C3-3EEB-4351-86C2-6696BA264239}]
2013-07-03 19:25 3926016 ----a-w- c:\users\hellhound71\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7aCopyShExtSyncingProg4]
@="{29AF997F-488B-46F0-AE78-7146F1B89CC3}"
[HKEY_CLASSES_ROOT\CLSID\{29AF997F-488B-46F0-AE78-7146F1B89CC3}]
2013-07-03 19:25 3926016 ----a-w- c:\users\hellhound71\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8aCopyShExtSyncingProg5]
@="{03F9AD29-1C78-4B66-8890-B177B5430C53}"
[HKEY_CLASSES_ROOT\CLSID\{03F9AD29-1C78-4B66-8890-B177B5430C53}]
2013-07-03 19:25 3926016 ----a-w- c:\users\hellhound71\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BitcasaIconOverlay]
@="{A6975448-A999-49BB-B3E4-7730CF6A82C0}"
[HKEY_CLASSES_ROOT\CLSID\{A6975448-A999-49BB-B3E4-7730CF6A82C0}]
2013-04-23 12:14 151040 ----a-w- c:\program files\Bitcasa\ExplorerMenu.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BitcasaProgressOverlay]
@="{6FB8D52A-0064-45B2-B687-F596FEAD09C2}"
[HKEY_CLASSES_ROOT\CLSID\{6FB8D52A-0064-45B2-B687-F596FEAD09C2}]
2013-04-23 12:14 151040 ----a-w- c:\program files\Bitcasa\ExplorerMenu.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\hellhound71\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\hellhound71\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\hellhound71\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\hellhound71\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2013-02-11 12:48 190312 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]
"Bitcasa"="c:\program files\Bitcasa\Bitcasa.exe" [2013-04-23 3930112]
"Samsung Link"="c:\program files\Samsung\Samsung Link\Samsung Link Tray Agent.exe" [2013-07-24 597576]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Stáhnout s IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 10.0.0.138 192.168.0.1
FF - ProfilePath - c:\users\hellhound71\AppData\Roaming\Mozilla\Firefox\Profiles\sr2pnxv0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.basicserve.com/?prt=bscsrvli ... &keywords=
FF - ExtSQL: 2013-07-22 23:17; coafy3@pieu.edu; c:\users\hellhound71\AppData\Roaming\Mozilla\Firefox\Profiles\sr2pnxv0.default\extensions\coafy3@pieu.edu
FF - ExtSQL: 2013-08-31 03:34; toolbarbutton@browseradditions.com; c:\users\hellhound71\AppData\Roaming\Mozilla\Firefox\Profiles\sr2pnxv0.default\extensions\toolbarbutton@browseradditions.com
FF - ExtSQL: 2013-08-31 03:38; {740B3FD5-4483-469D-BE7F-8555B153BD04}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}
user_pref(extensions.poweraddon.cid,647);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-BasicServe - c:\program files (x86)\BasicServe\uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2368076055-1656258924-2752405660-1000_Classes\Wow6432Node\CLSID\{17ad6989-3903-4e85-bc8d-91df007d70cb}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000072
"Therad"=dword:0000001b
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2368076055-1656258924-2752405660-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):ed,fa,57,01,e1,0c,f5,6a,38,1d,10,f7,9b,52,ad,36,a2,d4,12,ac,e5,
3f,9a,90,c0,01,df,05,10,32,6e,49,14,93,38,41,f2,40,30,47,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Samsung\AllShare Framework DMS\1.3.15\AllShareFrameworkDMS.exe
c:\program files (x86)\Internet Download Manager\IEMonitor.exe
c:\users\hellhound71\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
.
**************************************************************************
.
Celkový čas: 2013-09-01 13:34:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-09-01 11:34
ComboFix2.txt 2013-08-31 23:44
ComboFix3.txt 2013-08-31 18:47
ComboFix4.txt 2013-08-29 18:55
.
Před spuštěním: Volných bajtů: 11 489 415 168
Po spuštění: Volných bajtů: 11 129 782 272
.
- - End Of File - - 851A9641AE0CE7B57C4B67F785E12DF4
8F558EB6672622401DA993E1E865C861

________________________________________________________________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:38:15, on 1.9.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Unified Remote\RemoteServer.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Users\hellhound71\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Users\hellhound71\AppData\Local\Viber\Viber.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Users\hellhound71\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [SkyDrive] "C:\Users\hellhound71\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Viber] "C:\Users\hellhound71\AppData\Local\Viber\Viber.exe" StartMinimized
O4 - HKCU\..\Run: [Copy] "C:\Users\hellhound71\AppData\Roaming\Copy\CopyAgent.exe"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Dropbox.lnk = hellhound71\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AllShare Framework DMS - Samsung - C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\AllShareFrameworkManagerDMS.exe
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung Link Service - Copyright 2013 SAMSUNG - C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10188 bytes
_________________________________________________________________________________________________________________________

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-09-01 13:39:41
-----------------------------
13:39:41.118 OS Version: Windows x64 6.1.7601 Service Pack 1
13:39:41.118 Number of processors: 2 586 0x603
13:39:41.118 ComputerName: HELLHOUND UserName:
13:39:41.648 Initialize success
13:39:45.682 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:39:45.698 Disk 0 Vendor: WDC_WD10EZEX-00RKKA0 80.00A80 Size: 953869MB BusType: 3
13:39:45.698 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-2
13:39:45.698 Disk 1 Vendor: ST3120827AS 3.42 Size: 114473MB BusType: 3
13:39:45.698 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0-5
13:39:45.698 Disk 2 Vendor: ST3320620AS 3.AAE Size: 305245MB BusType: 3
13:39:45.714 Disk 0 MBR read successfully
13:39:45.714 Disk 0 MBR scan
13:39:45.729 Disk 0 Windows 7 default MBR code
13:39:45.745 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:39:45.745 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 100000 MB offset 206848
13:39:45.760 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 853767 MB offset 205006848
13:39:45.760 Disk 0 scanning C:\Windows\system32\drivers
13:39:49.551 Service scanning
13:39:54.465 Service MSICDSetup E:\CDriver64.sys **LOCKED** 21
13:39:59.036 Modules scanning
13:39:59.052 Disk 0 trace - called modules:
13:39:59.067 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80069df2c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:39:59.067 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80079cf060]
13:39:59.083 3 CLASSPNP.SYS[fffff88001af043f] -> nt!IofCallDriver -> [0xfffffa8007829520]
13:39:59.083 5 ACPI.sys[fffff88000f5a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800781d060]
13:39:59.083 \Driver\atapi[0xfffffa80077e67d0] -> IRP_MJ_CREATE -> 0xfffffa80069df2c0
13:39:59.098 Scan finished successfully
13:40:09.706 Disk 0 MBR has been saved successfully to "C:\Users\hellhound71\Desktop\MBR.dat"
13:40:09.722 The log file has been saved successfully to "C:\Users\hellhound71\Desktop\aswMBR.txt"
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43287
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Otevírání nechtěných reklamních stránek

Příspěvekod jaro3 » 02 zář 2013 11:14

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab


Co problémy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
yanek71
Level 1
Level 1
Příspěvky: 50
Registrován: březen 06
Pohlaví: Muž
Stav:
Offline

Re: Otevírání nechtěných reklamních stránek

Příspěvekod yanek71 » 02 zář 2013 17:25

Tak sem vše udělal (doufám) podle vašich návodu za které moc děkuji, ale problem přetrvává :-( :-( :-( i když teď už ty okna nevyskakují tak často.
Nejčastěji vyskakuje tato stránka:

Obrázek
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43287
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Otevírání nechtěných reklamních stránek

Příspěvekod jaro3 » 02 zář 2013 19:28

Ads Spy
http://www.bleepingcomputer.com/download/hosts-permbat/

Pokyny k použití:
Stáhněte si Ads Spy

a spusťte jej. Pokud byste chtěli jen skenovat adresář Windows, pak klikněte na tlačítko System Scan to bude testovat Váš Windows adresář Alternativní souborů datového toku. Ty pak mají možnost vybrat ty, které chcete odstranit, a stiskněte tlačítko „Remove“ (Odstranit). Pokud chcete skenovat celý pevný disk pro reklamy souborů, zrušte zaškrtnutí políčka „Quick Check“ (Rychlá kontrola).

Stáhni Kaspersky VRT
na svojí plochu.
Spusť program Kaspersky VRT, .Program se nainstaluje.
Potvrď licenci a klikni na „Start“ . Pokud program nabídne aktualizaci , klikni dole na na „Download Now“.
- Klikni na ozubené kolečko v pravém horním rohu. V okně vyber kromě již zatržených , svojí jednotku disku , pokud jich máš víc , můžeš zatrhnout všechny.
- zvol „Automatic Scan“ nahoře vlevo. a stiskni tlačítko „Start Scanning
- Program začne skenovat zatržené jednotky

Zaškrtnuté :
Hidden startup objects
System Memory
Disk boot sectors

Nezašrkrtnuté:
Dokumenty
My email
Počítač
Místní disk C
Místní disk D
Jednotka DVD-Rom (E)
Jednotka BD-ROM (G)
Disketová jednotka
A jiné , např. Flash disky , které máš připojeny.

- povol programu Virus Removal Tool odstranit všechny nalezené infekce
- jakmile sken skončí ,zvol záložku „Report“ , vpravo nahoře (vedle ozubeného kolečka)
- klikni na „Detected Threads“ a klikni na obrázek diskety („Save“)
- ulož do počítače zprávu a vložit ji sem do příspěvku
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
yanek71
Level 1
Level 1
Příspěvky: 50
Registrován: březen 06
Pohlaví: Muž
Stav:
Offline

Re: Otevírání nechtěných reklamních stránek

Příspěvekod yanek71 » 03 zář 2013 17:11

Spustil sem Kaspersky VRT a asi v polovině program přestal pracovat a vypl se.Po druhém spuštění který trval asi 2 hodiny v detected threads nic neni jako by to nic nenašlo.Jedinej report je asi z průběhu a ten se sem nevejde.
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43287
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Otevírání nechtěných reklamních stránek

Příspěvekod jaro3 » 03 zář 2013 20:49

to nevadí , chtěl jsem jen nákazy.

Stáhni si OTL by OldTimer
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
yanek71
Level 1
Level 1
Příspěvky: 50
Registrován: březen 06
Pohlaví: Muž
Stav:
Offline

Re: Otevírání nechtěných reklamních stránek

Příspěvekod yanek71 » 04 zář 2013 00:16

Log:OTL 1/2

OTL logfile created on: 3.9.2013 22:42:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\hellhound71\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

8,00 Gb Total Physical Memory | 5,56 Gb Available Physical Memory | 69,51% Memory free
15,99 Gb Paging File | 12,92 Gb Available in Paging File | 80,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 7,73 Gb Free Space | 7,92% Space Free | Partition Type: NTFS
Drive D: | 833,76 Gb Total Space | 155,54 Gb Free Space | 18,65% Space Free | Partition Type: NTFS
Drive F: | 111,78 Gb Total Space | 53,97 Gb Free Space | 48,28% Space Free | Partition Type: NTFS
Drive G: | 2,33 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 298,09 Gb Total Space | 95,05 Gb Free Space | 31,89% Space Free | Partition Type: NTFS
Drive I: | 8,589935E9 Gb Total Space | 8,589935E9 Gb Free Space | 100,00% Space Free | Partition Type: Bitcasa
Drive J: | 1863,01 Gb Total Space | 72,52 Gb Free Space | 3,89% Space Free | Partition Type: NTFS

Computer Name: HELLHOUND | User Name: hellhound71 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\hellhound71\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SAMSUNG\AllShare Framework DMS\1.3.17\AllShareFrameworkDMS.exe (Samsung)
PRC - C:\Users\hellhound71\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Program Files (x86)\Unified Remote\RemoteServer.exe (Unified Intents AB)
PRC - C:\Users\hellhound71\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\hellhound71\AppData\Local\Viber\Viber.exe ()
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Users\hellhound71\AppData\Local\Temp\_MEI50282\_elementtree.pyd ()
MOD - C:\Users\hellhound71\AppData\Local\Temp\_MEI50282\_socket.pyd ()
MOD - C:\Users\hellhound71\AppData\Local\Temp\_MEI50282\pysqlite2._sqlite.pyd ()
MOD - C:\Users\hellhound71\AppData\Local\Temp\_MEI50282\win32com.shell.shell.pyd ()
MOD - C:\Users\hellhound71\AppData\Local\Temp\_MEI50282\win32api.pyd ()
MOD - C:\Users\hellhound71\AppData\Local\Temp\_MEI50282\wx._html2.pyd ()
MOD - C:\Users\hellhound71\AppData\Local\Temp\_MEI50282\_multiprocessing.pyd ()
MOD - C:\Users\hellhound71\AppData\Local\Temp\_MEI50282\win32ts.pyd ()
MOD - C:\Users\hellhound71\AppData\Local\Temp\_MEI50282\wx._gdi_.pyd ()
MOD - C:\Users\hellhound71\AppData\Local\Temp\_MEI50282\windows._cacheinvalidation.pyd ()
MOD - C:\Users\hellhound71\AppData\Local\Temp\_MEI50282\_ctypes.pyd ()
MOD - C:\Users\hellhound71\AppData\Local\Temp\_MEI50282\win32profile.pyd ()
MOD - C:\Users\hellhound71\AppData\Local\Temp\_MEI50282\win32crypt.pyd ()
MOD - C:\Users\hellhound71\AppData\Local\Temp\_MEI50282\pythoncom27.dll ()
MOD - C:\Users\hellhound71\AppData\Local\Temp\_MEI50282\wx._core_.pyd ()
MOD - C:\Users\hellhound71\AppData\Local\Temp\_MEI50282\_ssl.pyd ()
MOD - C:\Users\hellhound71\AppData\Local\Temp\_MEI50282\wx._misc_.pyd ()
MOD - C:\Users\hellhound71\AppData\Local\Temp\_MEI50282\PyWinTypes27.dll ()
MOD - C:\Users\hellhound71\AppData\Local\Temp\_MEI50282\win32security.pyd ()
MOD - C:\Users\hellhound71\AppData\Local\Temp\_MEI50282\win32process.pyd ()
MOD - C:\Users\hellhound71\AppData\Local\Temp\_MEI50282\win32pdh.pyd ()
MOD - C:\Users\hellhound71\AppData\Local\Temp\_MEI50282\wx._windows_.pyd ()
MOD - C:\Users\hellhound71\AppData\Local\Temp\_MEI50282\_hashlib.pyd ()
MOD - C:\Users\hellhound71\AppData\Local\Temp\_MEI50282\wx._wizard.pyd ()
MOD - C:\Users\hellhound71\AppData\Local\Temp\_MEI50282\win32file.pyd ()
MOD - C:\Users\hellhound71\AppData\Local\Temp\_MEI50282\win32inet.pyd ()
MOD - C:\Users\hellhound71\AppData\Local\Temp\_MEI50282\wx._controls_.pyd ()
MOD - C:\Users\hellhound71\AppData\Local\Temp\_MEI50282\pyexpat.pyd ()
MOD - C:\Users\hellhound71\AppData\Local\Temp\_MEI50282\win32event.pyd ()
MOD - C:\Users\hellhound71\AppData\Local\Temp\_MEI50282\unicodedata.pyd ()
MOD - C:\Users\hellhound71\AppData\Local\Temp\_MEI50282\select.pyd ()
MOD - C:\Users\hellhound71\AppData\Local\Viber\3.1.1.60\sqldrivers\qsqlite.dll ()
MOD - C:\Users\hellhound71\AppData\Local\Viber\3.1.1.60\platforms\qwindows.dll ()
MOD - C:\Users\hellhound71\AppData\Local\Viber\3.1.1.60\libViber.dll ()
MOD - C:\Users\hellhound71\AppData\Local\Viber\3.1.1.60\libGLESv2.dll ()
MOD - C:\Users\hellhound71\AppData\Local\Viber\3.1.1.60\imageformats\qtiff.dll ()
MOD - C:\Users\hellhound71\AppData\Local\Viber\3.1.1.60\imageformats\qmng.dll ()
MOD - C:\Users\hellhound71\AppData\Local\Viber\3.1.1.60\imageformats\qjpeg.dll ()
MOD - C:\Users\hellhound71\AppData\Local\Viber\3.1.1.60\libEGL.dll ()
MOD - C:\Users\hellhound71\AppData\Local\Viber\3.1.1.60\imageformats\qico.dll ()
MOD - C:\Users\hellhound71\AppData\Local\Viber\3.1.1.60\imageformats\qgif.dll ()
MOD - C:\Users\hellhound71\AppData\Local\Viber\3.1.1.60\imageformats\qwbmp.dll ()
MOD - C:\Users\hellhound71\AppData\Local\Viber\3.1.1.60\imageformats\qtga.dll ()
MOD - C:\Users\hellhound71\AppData\Local\Viber\3.1.1.60\imageformats\qsvg.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d8f4106eee38420ac5eda7d630dc53fc\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\adca2805fd746a539b9e44824e640a47\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\5cb63148c47b9000a1149c17423d0df0\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\c8648331484537c338fe2b606a9db8b7\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8532e498c23b60bee2e5ffcf4411c86d\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\40841519650bcf0de403049960550c20\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\11467cefb818233a909bdd3426ccab69\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b7285e9f3d19a05d5cc2c049e451685d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d2382128944d16da8adf76c58fb8e6f1\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\cacd0d32f75db65027f745842172855a\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\5cc02b72a68b85674a570b126c39ad7d\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7b6f508b953eebe51c55ad40f468af2e\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2154273cb2d7a8b1a47d672b6d0808bf\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\08c630893416f3379c9455870908ad6c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a01e07e47ecdd94ae099e8c4bf650516\mscorlib.ni.dll ()
MOD - C:\Users\hellhound71\AppData\Local\Viber\Viber.exe ()
MOD - C:\Users\hellhound71\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Users\hellhound71\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (Samsung Link Service) -- C:\Program Files\SAMSUNG\Samsung Link\Samsung Link.exe (Copyright 2013 SAMSUNG)
SRV:64bit: - (AllShare Framework DMS) -- C:\Program Files\SAMSUNG\AllShare Framework DMS\1.3.17\AllShareFrameworkManagerDMS.exe (Samsung)
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (01420742) -- C:\Windows\SysNative\drivers\01420742.sys (Kaspersky Lab ZAO)
DRV:64bit: - (IDMWFP) -- C:\Windows\SysNative\drivers\idmwfp.sys (Tonec Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(http://www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(http://www.devguru.co.kr))
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (cbfs3) -- C:\Windows\SysNative\drivers\cbfs3.sys (EldoS Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (AODDriver4.2) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (FsUsbExDisk) -- C:\Windows\SysWOW64\FsUsbExDisk.Sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SYSTEM32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: %7B35106bca-6c78-48c7-ac28-56df30b51d2a%7D:1.3.8
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.2.1
FF - prefs.js..extensions.enabledAddons: mozilla_cc%40internetdownloadmanager.com:7.3.55
FF - prefs.js..extensions.enabledAddons: toolbarbutton%40browseradditions.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B740B3FD5-4483-469D-BE7F-8555B153BD04%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0
FF - prefs.js..keyword.URL: "http://www.basicserve.com/?prt=bscsrvlink5&sp=google&keywords="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\samsung.com/SamsungLinkPCPlugin: C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\hellhound71\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\hellhound71\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\samsung.com/SamsungLinkPCPlugin: C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\hellhound71\AppData\Roaming\IDM\idmmzcc5 [2013.07.30 10:11:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\hellhound71\AppData\Roaming\IDM\idmmzcc5 [2013.07.30 10:11:56 | 000,000,000 | ---D | M]

[2012.11.28 01:10:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hellhound71\AppData\Roaming\Mozilla\Extensions
[2013.09.01 13:05:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hellhound71\AppData\Roaming\Mozilla\Firefox\Profiles\sr2pnxv0.default\extensions
[2013.07.22 23:17:14 | 000,000,000 | ---D | M] (saFe syave) -- C:\Users\hellhound71\AppData\Roaming\Mozilla\Firefox\Profiles\sr2pnxv0.default\extensions\coafy3@pieu.edu
[2013.05.22 12:20:17 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\hellhound71\AppData\Roaming\Mozilla\Firefox\Profiles\sr2pnxv0.default\extensions\foxmarks@kei.com
[2013.08.31 03:34:03 | 000,000,000 | ---D | M] (BrowserAdditions) -- C:\Users\hellhound71\AppData\Roaming\Mozilla\Firefox\Profiles\sr2pnxv0.default\extensions\toolbarbutton@browseradditions.com
[2013.04.20 18:52:47 | 000,301,821 | ---- | M] () (No name found) -- C:\Users\hellhound71\AppData\Roaming\Mozilla\Firefox\Profiles\sr2pnxv0.default\extensions\compatibility@addons.mozilla.org.xpi
[2012.12.28 17:39:19 | 000,067,812 | ---- | M] () (No name found) -- C:\Users\hellhound71\AppData\Roaming\Mozilla\Firefox\Profiles\sr2pnxv0.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}.xpi
[2013.08.12 20:06:32 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\hellhound71\AppData\Roaming\Mozilla\Firefox\Profiles\sr2pnxv0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.05 20:17:47 | 000,002,479 | ---- | M] () -- C:\Users\hellhound71\AppData\Roaming\Mozilla\Firefox\Profiles\sr2pnxv0.default\searchplugins\serialzonecz.xml
[2013.08.31 03:38:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.08.31 03:38:19 | 000,000,000 | ---D | M] (BasicServe) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}
[2013.08.13 13:57:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.07.30 10:11:56 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\HELLHOUND71\APPDATA\ROAMING\IDM\IDMMZCC5
Nahoru
yanek71
Level 1
Level 1
Příspěvky: 50
Registrován: březen 06
Pohlaví: Muž
Stav:
Offline

Re: Otevírání nechtěných reklamních stránek

Příspěvekod yanek71 » 04 zář 2013 00:18

Log:OTL 2/2

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.seznam.cz/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\hellhound71\AppData\Local\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\hellhound71\AppData\Local\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\hellhound71\AppData\Local\Google\Chrome\Application\29.0.1547.62\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Users\hellhound71\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - Extension: Disk Google = C:\Users\hellhound71\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\hellhound71\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\hellhound71\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Hodiny = C:\Users\hellhound71\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo\1.11_0\
CHR - Extension: Yah's Link Checker for Chrome = C:\Users\hellhound71\AppData\Local\Google\Chrome\User Data\Default\Extensions\hobijieodegdbpakkfiopclcljnomfnj\1.205_0\
CHR - Extension: IDM Integration Module = C:\Users\hellhound71\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn\6.17.6_0\
CHR - Extension: Grepolis = C:\Users\hellhound71\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkgkognjknhcgbgbeijjondlikfkgnog\2.11.14_0\
CHR - Extension: Hodiny = C:\Users\hellhound71\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg\1.16_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\hellhound71\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Marc Ecko = C:\Users\hellhound71\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjonmehjfmkejjifhhknofdnacklmjk\2_0\
CHR - Extension: saFe syave = C:\Users\hellhound71\AppData\Local\Google\Chrome\User Data\Default\Extensions\papdlngmecdfehchjiehkijaooheehno\1\
CHR - Extension: Gmail = C:\Users\hellhound71\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013.09.01 13:30:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Pomocná služba pro přihlášení k účtu Microsoft) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Bitcasa] C:\Program Files\Bitcasa\Bitcasa.exe ()
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Samsung Link] C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe (Copyright 2013 SAMSUNG)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKCU..\Run: [Copy] C:\Users\hellhound71\AppData\Roaming\Copy\CopyAgent.exe (Barracuda Networks, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SkyDrive] C:\Users\hellhound71\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - HKCU..\Run: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe (Unified Intents AB)
O4 - HKCU..\Run: [Viber] C:\Users\hellhound71\AppData\Local\Viber\Viber.exe ()
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\SysWow64\grpconv.exe (Microsoft Corporation)
O4 - Startup: C:\Users\hellhound71\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\hellhound71\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\hellhound71\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8:64bit: - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Stáhnout s IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB668CB1-1843-40E7-B351-F30F69B0E872}: DhcpNameServer = 10.0.0.138 192.168.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.09.03 21:25:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\hellhound71\Desktop\OTL.exe
[2013.09.03 19:23:42 | 000,000,000 | ---D | C] -- C:\Users\hellhound71\Samsung Link
[2013.09.03 19:23:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.09.03 13:23:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.09.03 13:22:39 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\01420742.sys
[2013.09.02 20:19:47 | 000,037,888 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Users\hellhound71\Desktop\ADSSpy.exe
[2013.09.02 13:27:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.08.31 03:34:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.08.29 20:29:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.08.29 10:52:38 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.08.29 10:51:32 | 001,023,533 | ---- | C] (Thisisu) -- C:\Users\hellhound71\Desktop\JRT.exe
[2013.08.29 10:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SummerSoft
[2013.08.28 18:50:21 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013.08.28 16:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.08.28 16:50:48 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.08.28 12:04:21 | 000,000,000 | ---D | C] -- C:\Users\hellhound71\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013.08.28 12:04:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013.08.28 03:01:23 | 000,000,000 | ---D | C] -- C:\Users\hellhound71\AppData\Roaming\Malwarebytes
[2013.08.28 03:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.08.28 03:01:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.08.21 13:18:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.08.19 14:45:15 | 000,000,000 | ---D | C] -- C:\Users\hellhound71\Documents\Poznámkové bloky aplikace OneNote
[2013.08.19 14:10:10 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile
[2013.08.14 15:11:21 | 000,000,000 | ---D | C] -- C:\Users\hellhound71\Desktop\msd 14,8,13
[2013.08.14 09:16:02 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.08.14 09:16:02 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.08.14 09:16:01 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.08.14 09:16:01 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.08.14 09:16:01 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.08.14 09:16:00 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.08.14 09:16:00 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.08.14 09:16:00 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.08.14 09:16:00 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.08.14 09:16:00 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.08.14 09:15:59 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.08.14 09:15:57 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.08.14 09:15:57 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.08.14 09:15:57 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.08.14 09:15:56 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.08.14 09:05:35 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.08.14 09:05:34 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.08.14 09:05:33 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.08.14 09:05:32 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013.08.14 09:05:31 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.08.14 09:05:30 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.08.14 09:05:30 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.08.14 09:05:29 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.08.14 09:05:29 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.08.14 09:05:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.08.14 09:05:20 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013.08.14 09:05:19 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013.08.14 09:05:15 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.08.14 09:05:15 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013.08.14 09:05:14 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.08.14 09:05:07 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2013.08.13 17:22:53 | 000,000,000 | ---D | C] -- C:\Users\hellhound71\AppData\Roaming\SUPERAntiSpyware.com
[2013.08.13 17:22:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013.08.13 17:22:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013.08.13 17:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013.08.13 13:57:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013.09.03 21:54:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.09.03 21:25:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\hellhound71\Desktop\OTL.exe
[2013.09.03 16:17:13 | 001,112,943 | ---- | M] () -- C:\Users\hellhound71\Desktop\housd.PNG
[2013.09.03 16:15:49 | 001,167,508 | ---- | M] () -- C:\Users\hellhound71\Desktop\hous.PNG
[2013.09.03 15:44:55 | 000,887,615 | ---- | M] () -- C:\Users\hellhound71\Desktop\a.PNG
[2013.09.03 11:10:01 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.09.03 11:10:01 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.09.03 11:02:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.09.03 11:02:40 | 2146,000,895 | -HS- | M] () -- C:\hiberfil.sys
[2013.09.02 20:35:12 | 174,969,888 | ---- | M] () -- C:\Users\hellhound71\Desktop\Kaspersky-Virus-Removal-Tool_11.0.0.1245_[07.07.2013].exe
[2013.09.02 20:18:51 | 000,037,888 | ---- | M] (Soeperman Enterprises Ltd.) -- C:\Users\hellhound71\Desktop\ADSSpy.exe
[2013.09.02 13:28:11 | 000,019,460 | ---- | M] () -- C:\Users\hellhound71\Documents\cc_20130902_132803.reg
[2013.09.02 13:21:57 | 000,053,344 | ---- | M] () -- C:\Users\hellhound71\Documents\cc_20130902_132143.reg
[2013.09.01 15:48:03 | 001,478,886 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.09.01 15:48:03 | 000,634,530 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2013.09.01 15:48:03 | 000,618,936 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.09.01 15:48:03 | 000,123,120 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2013.09.01 15:48:03 | 000,107,256 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.09.01 13:30:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.08.30 03:21:26 | 000,037,589 | ---- | M] () -- C:\Users\hellhound71\Desktop\hurvajs.jpg
[2013.08.29 10:51:25 | 001,023,533 | ---- | M] (Thisisu) -- C:\Users\hellhound71\Desktop\JRT.exe
[2013.08.29 10:46:11 | 003,771,904 | ---- | M] () -- C:\Users\hellhound71\Desktop\RogueKillerX64.exe
[2013.08.29 01:50:29 | 000,001,096 | ---- | M] () -- C:\Users\hellhound71\AppData\Local\SRDownloader.nast
[2013.08.28 17:02:44 | 000,994,642 | ---- | M] () -- C:\Users\hellhound71\Desktop\adwcleaner.exe
[2013.08.28 16:50:58 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.08.28 12:04:21 | 000,003,003 | ---- | M] () -- C:\Users\hellhound71\Desktop\HiJackThis.lnk
[2013.08.23 14:34:36 | 000,908,800 | ---- | M] () -- C:\Windows\SysNative\ContentDirectoryPresenter64.dll
[2013.08.23 14:34:32 | 000,706,560 | ---- | M] () -- C:\Windows\SysWow64\ContentDirectoryPresenter.dll
[2013.08.23 14:34:32 | 000,030,720 | ---- | M] () -- C:\Windows\SysNative\MediaDB64.dll
[2013.08.23 14:34:30 | 000,025,600 | ---- | M] () -- C:\Windows\SysWow64\MediaDB.dll
[2013.08.21 13:18:06 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.08.20 21:54:38 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.08.20 21:54:37 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.08.20 00:39:27 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2013.08.19 14:45:14 | 000,001,318 | ---- | M] () -- C:\Users\hellhound71\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
[2013.08.19 14:13:35 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2013.08.15 14:29:20 | 000,000,465 | ---- | M] () -- C:\Users\hellhound71\AppData\Roaming\Weather Meter_Settings.ini

========== Files Created - No Company Name ==========

[2013.09.03 16:17:13 | 001,112,943 | ---- | C] () -- C:\Users\hellhound71\Desktop\housd.PNG
[2013.09.03 16:15:49 | 001,167,508 | ---- | C] () -- C:\Users\hellhound71\Desktop\hous.PNG
[2013.09.03 15:44:55 | 000,887,615 | ---- | C] () -- C:\Users\hellhound71\Desktop\a.PNG
[2013.09.02 20:35:33 | 174,969,888 | ---- | C] () -- C:\Users\hellhound71\Desktop\Kaspersky-Virus-Removal-Tool_11.0.0.1245_[07.07.2013].exe
[2013.09.02 13:28:05 | 000,019,460 | ---- | C] () -- C:\Users\hellhound71\Documents\cc_20130902_132803.reg
[2013.09.02 13:21:49 | 000,053,344 | ---- | C] () -- C:\Users\hellhound71\Documents\cc_20130902_132143.reg
[2013.08.30 03:21:24 | 000,037,589 | ---- | C] () -- C:\Users\hellhound71\Desktop\hurvajs.jpg
[2013.08.29 10:46:47 | 003,771,904 | ---- | C] () -- C:\Users\hellhound71\Desktop\RogueKillerX64.exe
[2013.08.28 17:03:04 | 000,994,642 | ---- | C] () -- C:\Users\hellhound71\Desktop\adwcleaner.exe
[2013.08.28 16:50:58 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.08.28 12:04:21 | 000,003,003 | ---- | C] () -- C:\Users\hellhound71\Desktop\HiJackThis.lnk
[2013.08.23 14:34:36 | 000,908,800 | ---- | C] () -- C:\Windows\SysNative\ContentDirectoryPresenter64.dll
[2013.08.23 14:34:32 | 000,706,560 | ---- | C] () -- C:\Windows\SysWow64\ContentDirectoryPresenter.dll
[2013.08.23 14:34:32 | 000,030,720 | ---- | C] () -- C:\Windows\SysNative\MediaDB64.dll
[2013.08.23 14:34:30 | 000,025,600 | ---- | C] () -- C:\Windows\SysWow64\MediaDB.dll
[2013.08.21 13:18:06 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.08.19 14:45:14 | 000,001,318 | ---- | C] () -- C:\Users\hellhound71\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
[2013.08.19 14:13:35 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2013.08.19 14:10:34 | 000,002,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2013.08.13 21:33:39 | 005,305,324 | ---- | C] () -- C:\Users\hellhound71\Desktop\The-Pirates-Ft-Shola-Ama---You-Should-Really-Know-(Radio-Edit).mp3
[2013.08.13 17:22:25 | 000,001,977 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2013.07.23 19:18:54 | 000,046,592 | ---- | C] () -- C:\Windows\SysWow64\boost_thread-vc90-mt-1_47.dll
[2013.07.23 19:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\boost_date_time-vc90-mt-1_47.dll
[2013.07.23 19:18:42 | 000,704,000 | ---- | C] () -- C:\Windows\SysWow64\boost_regex-vc90-mt-1_47.dll
[2013.07.23 19:18:40 | 000,227,840 | ---- | C] () -- C:\Windows\SysWow64\boost_serialization-vc90-mt-1_47.dll
[2013.07.23 19:18:38 | 000,130,048 | ---- | C] () -- C:\Windows\SysWow64\boost_filesystem-vc90-mt-1_47.dll
[2013.07.23 19:18:38 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\boost_system-vc90-mt-1_47.dll
[2013.07.10 19:02:49 | 000,000,465 | ---- | C] () -- C:\Users\hellhound71\AppData\Roaming\Weather Meter_Settings.ini
[2013.03.25 20:54:32 | 000,000,017 | ---- | C] () -- C:\Users\hellhound71\AppData\Local\resmon.resmoncfg
[2013.03.16 00:54:18 | 001,495,094 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.02.23 13:19:39 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll
[2013.02.23 13:19:39 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys
[2013.02.02 20:14:23 | 000,000,292 | ---- | C] () -- C:\Users\hellhound71\AppData\Local\HamsterBookConverter.cfg
[2013.01.22 19:11:37 | 000,000,624 | ---- | C] () -- C:\Users\hellhound71\AppData\Roaming\All CPU MeterV3_Settings.ini
[2012.12.29 18:11:36 | 000,015,105 | ---- | C] () -- C:\Users\hellhound71\AppData\Local\SRDownloader.err
[2012.12.29 18:11:35 | 000,001,096 | ---- | C] () -- C:\Users\hellhound71\AppData\Local\SRDownloader.nast
[2012.12.18 11:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.12.18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.12.18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.12.18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.12.18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.12.10 11:36:12 | 000,000,288 | ---- | C] () -- C:\Windows\game.ini
[2012.11.27 23:35:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.11.27 23:30:02 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.11.27 23:30:02 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.11.27 23:30:02 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.11.27 23:25:54 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.11.27 23:25:54 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012.11.27 23:20:46 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.11.27 23:20:42 | 000,039,355 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.09.28 17:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:B797EE03

< End of report >
Nahoru
yanek71
Level 1
Level 1
Příspěvky: 50
Registrován: březen 06
Pohlaví: Muž
Stav:
Offline

Re: Otevírání nechtěných reklamních stránek

Příspěvekod yanek71 » 04 zář 2013 00:21

Log OTL EXTRAS

OTL Extras logfile created on: 3.9.2013 22:42:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\hellhound71\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

8,00 Gb Total Physical Memory | 5,56 Gb Available Physical Memory | 69,51% Memory free
15,99 Gb Paging File | 12,92 Gb Available in Paging File | 80,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 7,73 Gb Free Space | 7,92% Space Free | Partition Type: NTFS
Drive D: | 833,76 Gb Total Space | 155,54 Gb Free Space | 18,65% Space Free | Partition Type: NTFS
Drive F: | 111,78 Gb Total Space | 53,97 Gb Free Space | 48,28% Space Free | Partition Type: NTFS
Drive G: | 2,33 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 298,09 Gb Total Space | 95,05 Gb Free Space | 31,89% Space Free | Partition Type: NTFS
Drive I: | 8,589935E9 Gb Total Space | 8,589935E9 Gb Free Space | 100,00% Space Free | Partition Type: Bitcasa
Drive J: | 1863,01 Gb Total Space | 72,52 Gb Free Space | 3,89% Space Free | Partition Type: NTFS

Computer Name: HELLHOUND | User Name: hellhound71 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{073B8C4B-FB6E-4500-9B8C-98A23C9570E9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{0BBE2C04-9CE9-4594-ABFB-6317D449BD2E}" = lport=7900 | protocol=6 | dir=in | name=allshareframework dms service udp port2 |
"{0F9099AD-BB4A-4197-911D-B76350B867ED}" = rport=10243 | protocol=6 | dir=out | app=system |
"{11B13D15-508E-4FF7-A12A-EE8B8A1F2007}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{17456C8C-C461-497E-963A-071285E7F0D5}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{293AEEF2-7C71-4B9E-9631-0355C13D13C8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2BB28369-2071-4405-B6A3-38DCE40F5204}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3175226D-F470-485A-B883-E8676AABC949}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{31B24832-75E7-4806-B068-4133795BE9D9}" = lport=7676 | protocol=6 | dir=in | name=allshareframeworkdms service tcp port1 |
"{37761866-B623-4775-8D70-23E19EACDD98}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{409EFB57-F32D-453D-A402-934084583C0F}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{43DAEF8F-1BEE-44D8-BA46-3AC313B78404}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{48D78AAD-C299-41F1-B22C-7BF1A1567251}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4F53EC65-B2A0-426D-9B6E-C42DCA3A8794}" = rport=138 | protocol=17 | dir=out | app=system |
"{5B5A4A5F-506D-4C0E-AAAB-41363C1BA4CA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5F6761CC-C59C-4119-842F-6FF4971199FB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6F452DBF-1304-493E-959D-ED837E4AC292}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{71FD9BEF-2F61-4D19-B7BF-FA73E0B0BF4C}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{74067026-4324-432B-97B1-53D2CD4E748F}" = lport=137 | protocol=17 | dir=in | app=system |
"{75200C32-DBAD-42A0-A632-CC9D14149E64}" = rport=139 | protocol=6 | dir=out | app=system |
"{7AE27173-F206-40AC-B408-58CB945E9C84}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{83E865DA-E87D-4BC3-B0E1-5F083DE4BD17}" = lport=138 | protocol=17 | dir=in | app=system |
"{880F22DD-C585-4048-8572-BB45BC0175D2}" = lport=1900 | protocol=6 | dir=in | name=upnp multicast port |
"{89282760-19DD-4377-AA08-B3FC8F24B717}" = lport=8743 | protocol=6 | dir=in | name=allshareframeworkdms action tcp port |
"{8CFA702E-D74F-44CC-A4C8-EF513C3D7403}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{914CC1D1-8B65-4315-85D2-7491B682F6F0}" = lport=24234 | protocol=6 | dir=in | name=allshareframework dms service udp port1 |
"{9683D094-F669-4696-A7AA-10E6FE73E020}" = lport=8643 | protocol=6 | dir=in | name=allshareframeworkdms event tcp port |
"{99928684-475B-4B25-9599-472E18EF567D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9EEA86F0-28CA-46B1-A558-19556DA1A0E6}" = lport=139 | protocol=6 | dir=in | app=system |
"{B6DA8F9B-B004-40CA-9F49-58423FC70AED}" = lport=7679 | protocol=6 | dir=in | name=allshareframeworkdms service tcp port2 |
"{BDAFD8D8-E0BB-469A-B974-F137B4EF89B2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BF183898-23BC-4A11-A505-BA24FA3668AC}" = rport=137 | protocol=17 | dir=out | app=system |
"{BF49A0FF-FCA9-4BB7-8DA7-114ED81FFDA5}" = lport=445 | protocol=6 | dir=in | app=system |
"{DF7FE604-657A-42ED-A154-A63B8CB9F59E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F43811C7-6A71-4F97-B51A-41AA3E2CBC78}" = rport=445 | protocol=6 | dir=out | app=system |
"{F531FE08-856E-4002-AB1C-DF50EF6772A0}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FA9CF967-C355-4FDF-B10A-8214CAF18ACE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D6F9CB-4DCF-453B-BA31-99806009C3C4}" = protocol=6 | dir=in | app=c:\program files\samsung\allshare framework dms\1.3.15\allshareframeworkdms.exe |
"{04BDA58A-8DE1-4EC4-A66C-F8BE6FBD6F1F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{08182411-CF1D-41F5-8115-3B6D1928B4A0}" = dir=out | app=c:\program files\samsung\samsung link\samsung link.exe |
"{099E3E3E-EC6C-4728-A4CB-6590D4F61467}" = dir=out | app=c:\program files\samsung\samsung link\samsung link tray agent.exe |
"{12BB4D47-10F0-4062-9464-DE2CCDCD1142}" = protocol=6 | dir=in | app=d:\instalace hry\ubisoft\might & magic heroes vi\might & magic heroes vi.exe |
"{15214440-C750-420E-A3FB-E5CCF0042503}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{179CEEF9-47BD-4A52-9F3D-B480628796CD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{1DAD086E-3731-4E15-8FFE-4A9D49D529D4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{20D23439-DA4F-4299-91C2-FF9435BB02D9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{25767518-C880-4C19-84D1-D5A1BB3622B8}" = dir=in | app=c:\program files\samsung\samsung link\samsung link tray agent.exe |
"{2BD8A07F-B80C-431A-9428-9A2AD7DF869D}" = dir=out | app=c:\program files\samsung\samsung link\samsung link.exe |
"{32F16651-C953-445F-A827-0895F9EE2BE3}" = dir=in | app=c:\users\hellhound71\appdata\local\microsoft\skydrive\skydrive.exe |
"{37AB6119-ABCF-43DA-8368-AA45CB576F07}" = protocol=17 | dir=in | app=d:\instalace hry\ubisoft\the settlers 7 - paths to a kingdom\data\base\_dbg\bin\release\settlers7r.exe |
"{37C7E584-73DF-41D7-B4C2-D5A6055BD65F}" = dir=in | app=c:\program files\samsung\samsung link\samsung link tray agent.exe |
"{388D895C-2512-47F9-ACDA-2696E4A792E8}" = dir=in | app=c:\users\hellhound71\appdata\roaming\copy\copyagent.exe |
"{39E7128A-2CE2-45F9-BADC-A1D703FE6C3B}" = protocol=6 | dir=in | app=c:\users\hellhound71\appdata\roaming\dropbox\bin\dropbox.exe |
"{3A5DE68E-349E-463D-9367-47B603ECA941}" = dir=out | app=c:\program files\samsung\samsung link\samsung link.exe |
"{3FA520ED-50AA-4345-90EF-A52797521AE0}" = dir=in | app=c:\program files\samsung\samsung link\samsung link.exe |
"{4139A529-F769-40E4-A5FE-984C939C3BF8}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{46FEA610-5F63-4D89-A61B-D7D6554CE09E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4BE56B2C-9D61-47C5-BDF1-F39019B6CD8B}" = protocol=17 | dir=in | app=c:\users\hellhound71\appdata\roaming\dropbox\bin\dropbox.exe |
"{4C04E84C-3304-411F-9A4C-C1691F2AAE31}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{51C7BFC2-B927-4084-8DFD-023033EC10DA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{559C8245-F551-4E71-9B72-7FFD54444EA7}" = protocol=6 | dir=out | app=system |
"{58DFF5D8-7792-4AA5-BA6F-860F1B8A3702}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5CDFD31B-37A6-4591-AAEF-9DA7D7285D27}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{67000C87-9FF0-47FD-9DD4-6936058B54C6}" = protocol=17 | dir=in | app=d:\instalace hry\ubisoft\might & magic heroes vi\might & magic heroes vi.exe |
"{6C1BCC3B-5DBB-48FC-B592-6244FDD25102}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6ED56CD4-5ECA-4268-92B0-670A643BC062}" = dir=in | app=c:\program files\samsung\samsung link\samsung link tray agent.exe |
"{815BB336-D8EF-4440-9067-E9B2114682D9}" = dir=in | app=c:\users\hellhound71\appdata\local\viber\viber.exe |
"{91EF5465-379E-46A0-94F6-01640F82EE2B}" = dir=in | app=c:\program files\samsung\samsung link\samsung link.exe |
"{93E93E4F-D2F5-4ADE-8CAC-C4F2F6A75E48}" = dir=in | app=c:\program files\samsung\samsung link\samsung link.exe |
"{97412D59-5389-4BAB-98CD-2820C0E5D4EA}" = protocol=17 | dir=in | app=c:\program files\samsung\allshare framework dms\1.3.17\allshareframeworkdms.exe |
"{9D214E57-29B4-4327-A56E-7A534BE7176C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A2956E14-CF39-4820-AAF8-F6E59C24E2A0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A42CD0B0-7E0A-4EF9-9EE8-E1B68E8BE1FA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A7F2CFE7-5925-4E0D-9390-6EF36FE77F9F}" = dir=out | app=c:\program files\samsung\samsung link\samsung link tray agent.exe |
"{AA93EFB7-90F8-4ED7-8E0A-5F0DBA4E3AD3}" = dir=out | app=c:\program files\samsung\samsung link\samsung link tray agent.exe |
"{AF486589-23AA-498B-A306-825B5B400FA8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C0C74F38-0F9B-435C-AE4D-91621D9CFAF5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C2F718D4-B6FE-45F4-852E-7126EC862B04}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CB065D15-DFC5-454D-BDB3-2398ECF48F95}" = protocol=6 | dir=in | app=c:\program files\samsung\allshare framework dms\1.3.17\allshareframeworkdms.exe |
"{CF3EB942-0A31-40DB-84E1-29D6558E9BF0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D99A9709-481B-4ED8-A7B0-D9372251BED3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D9D037F3-312D-4438-8834-173207883EDD}" = protocol=6 | dir=in | app=d:\instalace hry\ubisoft\the settlers 7 - paths to a kingdom\data\base\_dbg\bin\release\settlers7r.exe |
"{DE70FB8A-C221-4EFA-A6A3-5CC7CC2E63FF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E2689E72-6B70-412C-A100-C43936360AD3}" = dir=in | app=c:\program files\samsung\samsung link\samsung link.exe |
"{E72AB576-7EAE-48F8-811D-9A4FA15DAC43}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E94476EB-BFE0-46BD-ACAE-333947C2110C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F0750F34-7D17-439C-A1B1-90866CE88816}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F3D08D89-70E5-4FCE-A033-E5DCF605D2D6}" = dir=out | app=c:\program files\samsung\samsung link\samsung link.exe |
"{F5E43DB6-BA25-445A-B6C3-2B9EBCCC824F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F898EA8C-7CA8-4C20-90D4-461711E57996}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FA3FDDC9-6303-47A3-814F-B68D6B5716BB}" = protocol=17 | dir=in | app=c:\program files\samsung\allshare framework dms\1.3.15\allshareframeworkdms.exe |
"{FADDD236-DFCA-4DDD-9D51-77695893A64D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{FCD871EC-0C62-4D6A-A88C-FC2A5276FCC0}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FE30321A-B816-4392-A786-A9376B1F06A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FF552BF1-6AE9-4336-A68A-EE9D85E0FFF4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"TCP Query User{344F9395-FDD1-475E-9615-FB8D199D92C6}C:\users\hellhound71\appdata\roaming\copy\copyagent.exe" = protocol=6 | dir=in | app=c:\users\hellhound71\appdata\roaming\copy\copyagent.exe |
"TCP Query User{6A779155-D349-4FA1-AA0A-429EB5DA7AA1}D:\instalace hry\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=d:\instalace hry\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{B790A026-35D8-4D14-9393-D05959F5F3D6}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |
"TCP Query User{CF97E2C9-D279-451D-868D-E2B4346B02F4}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |
"TCP Query User{D3AD80AC-CE78-4602-9368-CDE26E48044C}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{F014AB7E-C975-4201-8423-C210A0B13880}C:\users\hellhound71\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\hellhound71\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{FE540B56-F691-43DF-8FD3-247D299C9B1A}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe |
"UDP Query User{1293474A-9691-4AB1-BA1B-A1DF86B28424}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe |
"UDP Query User{149A3839-4620-45C9-B736-823C56ECB374}C:\users\hellhound71\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\hellhound71\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{421AAF60-604E-4DF6-9E08-020E2B0EB8AD}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |
"UDP Query User{5113B201-0047-4A4B-8CCC-F4ACBC40EC6F}D:\instalace hry\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=d:\instalace hry\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{690A7C3C-6BFD-425C-AC26-897C7D032E8F}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{859948C2-8336-48CC-AF53-5B942680C831}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |
"UDP Query User{9B66B3D6-993E-4323-8F42-B3A574524D71}C:\users\hellhound71\appdata\roaming\copy\copyagent.exe" = protocol=17 | dir=in | app=c:\users\hellhound71\appdata\roaming\copy\copyagent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1C722E94-2EF6-48B1-A673-FA00F16FC403}" = Copy
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{27726449-83B8-428D-92DE-101346C1E15C}" = Microsoft Security Client
"{3145731D-C578-70ED-899F-7A670D2A6662}" = AMD Fuel
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Centrum zařízení Windows Mobile
"{790E02A1-145A-3843-8C13-A4F41C9B48B7}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{82EE86D9-60B9-1025-9960-97E9B7C7B4B4}" = AMD Drag and Drop Transcoding
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{C34E2E6F-6A24-40B8-8902-9960A4D42884}" = AllShare Framework DMS
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1" = Bitcasa version 1.1.0.0
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"8474-7877-9059-0204" = Samsung Link 1.7.0.1309031728
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{441AC599-200D-4E04-B274-C6B7B50C281D}_is1" = Hamster Free EbookConverter
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{65BE85A8-13BB-4B4A-B1AF-EC6054292C00}_is1" = The Walking Dead Epizody 1-5 verze 1.0
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{797DC296-ADC5-4A08-8CBC-AEB0D6F4B249}" = Windows Live Essentials
"{7FB64E72-9B0E-4460-A821-040C341E414A}" = ASUS Ai Charger
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0405-1000-0000000FF1CE}_ENTERPRISE_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = The Settlers 7 - Paths to a Kingdom
"{A035950F-15BA-41C0-9D8F-165FC0536012}" = Movie Maker
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A1FBD2B3-6768-472D-BA46-C00EACBCE16C}" = Fotogalerie
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Czech
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C1A27237-0CCD-4F47-BFEB-14BC40097E17}" = Unified Remote
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C2D4CD4A-AE20-40B3-8726-8ED1C03E8C15}" = Google Drive
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18F981B-401C-4D90-BC57-D8903564D558}" = Windows Live UX Platform Language Pack
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{EB91007A-0110-42A6-B869-2709955A9B2A}" = Photo Common
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.3.0
"Ashampoo Burning Studio 11_is1" = Ashampoo Burning Studio 11 v.11.0.2
"BSPlayerp" = BS.Player PRO
"DAEMON Tools Lite" = DAEMON Tools Lite
"DVDFab 9_is1" = DVDFab 9.0.2.8 (01/03/2013) Qt
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HxD Hex Editor_is1" = HxD Hex Editor verze 1.7.7.0
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Internet Download Manager" = Internet Download Manager
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.3.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.75.0.1300
"Mozilla Firefox 23.0 (x86 cs)" = Mozilla Firefox 23.0 (x86 cs)
"MPE" = MyPhoneExplorer
"VLC media player" = VLC media player 2.0.8
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"YU2010_is1" = Your Uninstaller! 7
"Zelene mesto - BETA v1.0" = Zelene mesto - BETA v1.0
"Zivlici v1.0" = Zivlici v1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Be-on-roadWizard" = Be-on-road Wizard (remove only)
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Viber" = Viber

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3.9.2013 8:22:18 | Computer Name = hellhound | Source = Application Error | ID = 1000
Description = Název chybující aplikace: 4198943.exe, verze: 11.0.0.1245, časové
razítko: 0x4d936e61 Název chybujícího modulu: avs.ppl, verze: 11.0.0.1245, časové
razítko: 0x4d937058 Kód výjimky: 0xc0000005 Posun chyby: 0x00027969 ID chybujícího
procesu: 0x1c10 Čas spuštění chybující aplikace: 0x01cea897fca4afa5 Cesta k chybující
aplikaci: C:\Users\HELLHO~1\AppData\Local\Temp\4028006\4198943.exe Cesta k chybujícímu
modulu: C:\Users\HELLHO~1\AppData\Local\Temp\4028006\avs.ppl ID zprávy: 7934f957-1493-11e3-9efc-50465d09004b

[ System Events ]
Error - 3.9.2013 5:03:22 | Computer Name = hellhound | Source = PNRPSvc | ID = 102
Description =

Error - 3.9.2013 5:03:22 | Computer Name = hellhound | Source = Service Control Manager | ID = 7001
Description = Služba Seskupování v sítích peer-to-peer závisí na službě Protokol
PNRP (Peer Name Resolution Protocol), která neuspěla při spuštění v důsledku následující
chyby: %%-2140993535

Error - 3.9.2013 5:03:22 | Computer Name = hellhound | Source = Service Control Manager | ID = 7023
Description = Služba Protokol PNRP (Peer Name Resolution Protocol) byla ukončena
s následující chybou: %%-2140993535

Error - 3.9.2013 5:03:29 | Computer Name = hellhound | Source = PNRPSvc | ID = 102
Description =

Error - 3.9.2013 5:03:29 | Computer Name = hellhound | Source = PNRPSvc | ID = 102
Description =

Error - 3.9.2013 5:03:29 | Computer Name = hellhound | Source = Service Control Manager | ID = 7023
Description = Služba Protokol PNRP (Peer Name Resolution Protocol) byla ukončena
s následující chybou: %%-2140993535

Error - 3.9.2013 5:03:29 | Computer Name = hellhound | Source = Service Control Manager | ID = 7001
Description = Služba Seskupování v sítích peer-to-peer závisí na službě Protokol
PNRP (Peer Name Resolution Protocol), která neuspěla při spuštění v důsledku následující
chyby: %%-2140993535

Error - 3.9.2013 5:03:29 | Computer Name = hellhound | Source = Service Control Manager | ID = 7023
Description = Služba Protokol PNRP (Peer Name Resolution Protocol) byla ukončena
s následující chybou: %%-2140993535

Error - 3.9.2013 5:03:29 | Computer Name = hellhound | Source = Service Control Manager | ID = 7001
Description = Služba Seskupování v sítích peer-to-peer závisí na službě Protokol
PNRP (Peer Name Resolution Protocol), která neuspěla při spuštění v důsledku následující
chyby: %%-2140993535

Error - 3.9.2013 13:22:53 | Computer Name = hellhound | Source = Service Control Manager | ID = 7034
Description = Služba Samsung Link Service byla neočekávaně ukončena. Tento stav
nastal již 1krát.


< End of report >
Nahoru
Zamčeno

Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 79 hostů