ComboFix 13-11-11.01 - rhs 12.11.2013 13:39:15.3.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3001.1786 [GMT 1:00]
Spuštěný z: c:\users\rhs.EXPERT\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\rhs.EXPERT\Desktop\CFScript.txt
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1869136784-2511684587-3108499956-1010Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1869136784-2511684587-3108499956-1010UA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-12 do 2013-11-12 )))))))))))))))))))))))))))))))
.
.
2013-11-12 13:14 . 2013-11-12 13:14 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-11-12 13:14 . 2013-11-12 13:14 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-11-12 13:14 . 2013-11-12 13:14 -------- d-----w- c:\users\fbwuser\AppData\Local\temp
2013-11-12 13:14 . 2013-11-12 13:14 -------- d-----w- c:\users\expert\AppData\Local\temp
2013-11-12 13:14 . 2013-11-12 13:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-12 13:14 . 2013-11-12 13:14 -------- d-----w- c:\users\Andrea\AppData\Local\temp
2013-11-11 23:01 . 2013-11-11 23:01 -------- d-----w- c:\program files\Apache Software Foundation
2013-11-11 22:53 . 2013-11-11 23:01 -------- d-----w- c:\program files\glassfish-4.0
2013-11-11 22:30 . 2013-11-11 23:07 -------- d-----w- c:\program files\NetBeans 7.4
2013-11-11 21:56 . 2013-11-11 21:56 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-11-11 14:15 . 2013-11-11 14:15 -------- d-----w- c:\programdata\Uniblue
2013-11-10 19:21 . 2013-11-10 19:21 -------- d-----w- c:\windows\ERUNT
2013-11-09 17:00 . 2013-11-09 17:00 -------- d-----w- c:\programdata\Caphyon
2013-11-09 16:59 . 2013-11-09 16:59 -------- d-----w- c:\program files\TV Online
2013-11-09 16:59 . 2013-11-09 17:15 -------- d-----w- c:\programdata\regid.1995-09.com.example
2013-11-07 22:07 . 2013-11-07 22:07 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-11-07 22:06 . 2013-11-08 19:35 -------- d-----w- c:\programdata\ProductData
2013-11-07 21:56 . 2013-11-07 21:56 -------- d-----w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-11-07 21:41 . 2013-11-07 21:41 -------- d-----w- c:\users\expert\AppData\Local\Temp(9218)
2013-11-06 15:04 . 2013-11-10 19:48 -------- dc----w- C:\AdwCleaner
2013-11-06 14:22 . 2013-11-06 14:22 -------- d-----w- c:\programdata\Malwarebytes
2013-11-06 14:22 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-06 14:22 . 2013-11-06 14:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-05 23:07 . 2013-11-09 03:08 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-11-05 21:38 . 2013-11-05 21:38 -------- d-----w- c:\program files\SHOUTcast
2013-11-04 23:17 . 2013-11-04 23:22 -------- d---a-w- C:\cce_linux
2013-11-03 21:59 . 2013-11-09 03:09 -------- d-----w- c:\programdata\SystemExplorer
2013-11-03 21:58 . 2013-11-03 21:58 -------- d-----w- c:\program files\System Explorer
2013-11-03 21:52 . 2013-11-03 21:52 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2013-11-03 21:50 . 2013-11-03 21:51 -------- d-----w- c:\program files\Notebook Hardware Control
2013-11-03 21:42 . 2013-11-03 21:44 -------- d-----w- c:\program files\SpeedFan
2013-11-03 21:34 . 2013-11-09 03:09 -------- d-----w- c:\program files\Switcher
2013-11-03 21:33 . 2013-11-03 21:33 -------- d-----w- c:\program files\Smart PC Solutions
2013-11-03 21:24 . 2013-11-09 03:08 -------- d-----w- c:\program files\Brandon Paddock
2013-10-30 16:19 . 2013-11-09 03:11 -------- d-----w- c:\users\Admin
2013-10-28 17:46 . 2013-10-28 17:46 -------- d-----w- c:\program files\GameforgeLive
2013-10-27 18:57 . 2013-10-27 19:23 -------- d-----w- c:\program files\osu!
2013-10-22 14:02 . 2013-10-22 14:02 -------- d-----w- c:\programdata\GlarySoft
2013-10-21 18:47 . 2013-10-21 18:47 -------- dc----r- C:\MSOCache
2013-10-20 16:04 . 2013-11-11 21:58 -------- d-----w- c:\programdata\Oracle
2013-10-20 10:54 . 2013-10-20 10:54 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-10-20 10:53 . 2013-10-20 10:54 -------- d-----w- c:\program files\DAEMON Tools Lite
2013-10-20 10:34 . 2013-10-09 01:46 101664 ----a-w- c:\windows\system32\BootDefrag.exe
2013-10-20 10:34 . 2013-09-29 06:50 14080 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys
2013-10-20 10:32 . 2013-10-22 13:15 -------- d-----w- c:\program files\Glary Utilities 3
2013-10-19 08:53 . 2013-10-19 08:53 -------- d-----w- c:\users\rhs
2013-10-18 15:54 . 2013-05-22 16:49 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2013-10-18 15:54 . 2013-05-22 16:49 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-10-13 20:48 . 2013-10-13 20:56 -------- d-----w- c:\program files\VPNium
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2024-03-21 10:44 . 2010-11-15 09:27 246272 ----a-w- c:\windows\UNINST16.EXE
2013-11-09 10:03 . 2012-04-23 16:19 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-09 10:03 . 2011-05-17 07:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-19 22:15 . 2010-08-27 14:30 324096 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-09-22 10:22 . 2013-10-09 12:38 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-09-22 10:14 . 2013-10-09 12:38 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-09-22 10:13 . 2013-10-09 12:38 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-09-22 10:08 . 2013-10-09 12:38 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-09-22 10:06 . 2013-10-09 12:38 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-09-22 10:03 . 2013-10-09 12:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-12 16:11 . 2009-08-06 07:06 319456 ----a-w- c:\windows\DIFxAPI.dll
2013-09-09 23:34 . 2013-09-09 23:34 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-04 23:43 . 2013-09-04 23:43 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-09-03 19:14 . 2013-09-03 19:14 231760 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2013-08-31 15:57 . 2013-09-08 19:53 25464 ----a-w- c:\windows\system32\drivers\odminifilter.sys
2013-08-29 07:36 . 2013-10-09 12:06 2050048 ----a-w- c:\windows\system32\win32k.sys
2013-08-27 02:47 . 2013-10-09 12:07 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-08-27 02:47 . 2013-10-09 12:07 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-08-27 02:47 . 2013-10-09 12:07 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-08-27 02:47 . 2013-10-09 12:07 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-08-27 01:52 . 2013-10-09 12:07 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-08-27 01:50 . 2013-10-09 12:07 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-08-27 01:32 . 2013-10-09 12:07 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-08-27 01:28 . 2013-10-09 12:07 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-08-27 01:28 . 2013-10-09 12:07 798208 ----a-w- c:\windows\system32\FntCache.dll
2012-08-08 13:34 . 2012-08-08 13:34 10974280 ----a-w- c:\program files\Common Files\lpuninstall.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2013-11-08 19:32 752448 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{2036470F-F17A-4171-BE34-4D1BCE1700E2}]
2013-03-27 09:37 1751040 ----a-w- c:\program files\Corton\CortonPlugin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2010-11-03 22:10 2447360 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{60C07B56-542E-4054-A503-4E9E08DF2F84}]
2012-07-17 09:03 1816336 ----a-w- c:\program files\Pagealicious\Pagealicious.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-30 17:00 222712 ----a-w- c:\users\rhs.EXPERT\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_2\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-30 17:00 222712 ----a-w- c:\users\rhs.EXPERT\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_2\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-30 17:00 222712 ----a-w- c:\users\rhs.EXPERT\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_2\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\rhs.EXPERT\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\rhs.EXPERT\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\rhs.EXPERT\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 10:05 40496 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\bin\postak.exe" [2012-01-10 491040]
"Switcher"="c:\program files\Switcher\Switcher.exe" [2007-10-28 425984]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 7\Suo10_SmartRAM.exe" [2013-10-22 549184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-09-22 4411952]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2013-01-30 30192]
"Fences"="c:\program files\Stardock\Fences\Fences.exe" [2012-10-29 4017368]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-10 1833504]
"SystemExplorerAutoStart"="c:\program files\System Explorer\SystemExplorer.exe" [2013-05-16 2851784]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\rhs.EXPERT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock Plus\ObjectDock.exe [2011-11-12 4152536]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-8-6 565248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 14 (0xe)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2012-10-29 478936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
[BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoRun USB- Executive Edition.lnk]
backup=c:\windows\pss\AutoRun USB- Executive Edition.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hamachi.lnk]
backup=c:\windows\pss\Hamachi.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
backup=c:\windows\pss\Monitor Apache Servers.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OpenDNSCrypt.lnk]
backup=c:\windows\pss\OpenDNSCrypt.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoundFrost.lnk]
backup=c:\windows\pss\SoundFrost.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^rhs.EXPERT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
backup=c:\windows\pss\Facebook Messenger.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^rhs.EXPERT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Fences.lnk]
backup=c:\windows\pss\Fences.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^rhs.EXPERT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk]
backup=c:\windows\pss\IMVU.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^rhs.EXPERT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^User new.EXPERT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopVideoPlayer.lnk]
backup=c:\windows\pss\DesktopVideoPlayer.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^User new.EXPERT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk]
backup=c:\windows\pss\IMVU.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 04:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2012-03-09 14:26 1073312 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon]
c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 19:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AshSnap]
2013-07-04 07:57 3737424 ----a-w- c:\program files\Ashampoo\Ashampoo Snap 6\ashsnap.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clownfish]
2013-10-01 08:52 1278712 ----a-w- c:\program files\Clownfish\Clownfish.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-08-01 13:13 3673696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2013-03-28 17:40 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-02-13 02:37 1263952 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Driver Detective]
2013-08-28 11:26 3982232 ----a-w- c:\program files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM tray]
2012-11-29 09:32 2086984 ----a-w- c:\program files\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecLiveUpdate]
2008-10-27 13:09 199464 ----a-w- c:\program files\EgisTec Egis Software Update\EgisUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\File Bulldog Anti-phishing Domain Advisor]
2013-02-11 16:07 223808 ----a-w- c:\programdata\File Bulldog Anti-phishing Domain Advisor\filebulldog_antiphishing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com]
2010-08-09 12:47 248832 ----a-w- c:\program files\FileHippo.com\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-09-14 10:00 116648 ----atw- c:\users\rhs.EXPERT\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
2013-09-25 16:37 20133824 ----a-w- c:\program files\Google\Drive\googledrivesync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-10-28 10:18 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2013-01-09 17:14 127040 ----a-w- c:\program files\ICQ7M\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 16:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keepvid]
2013-06-10 15:59 1120256 ----a-w- c:\program files\SoundFrost\keepvid.com.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2013-06-28 12:02 2255184 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Minecraft Tweaker Updater]
2013-09-17 21:44 554496 ----a-w- c:\users\rhs.EXPERT\AppData\Roaming\.minecraft\MinecraftTweakerUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMServerListAutoUpdater]
2012-12-10 11:36 302843 ----a-w- c:\program files\VUGames\SWAT 4\Content\System\MMServerListAutoUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyPrintScreen]
2013-05-02 10:12 232448 ----a-w- c:\program files\SoundFrost\MyPrintScreen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NotebookHardwareControl]
2007-05-04 16:16 2629632 ----a-w- c:\program files\Notebook Hardware Control\nhc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Maker Pilot (demo) printing agent]
2006-01-27 13:54 65536 ----a-w- c:\program files\PDF Maker Pilot Demo\pmpagenttsd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Powersuite Monitor]
2012-09-13 15:34 323936 ----a-w- c:\program files\Uniblue\Powersuite\powersuite_monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSwitch]
2012-03-02 20:00 5319224 ----a-w- c:\program files\Proxy Switcher Standard\ProxySwitcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 01:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RockMelt Update]
2013-04-14 08:44 136336 ----atw- c:\users\rhs.EXPERT\AppData\Local\RockMelt\Update\RockMeltUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2013-03-29 08:57 11930696 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyDrive]
2012-12-30 17:00 255992 ----a-w- c:\users\rhs.EXPERT\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-10-21 14:27 20549280 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundFrost]
2013-06-14 15:17 2106368 ----a-w- c:\program files\SoundFrost\SoundFrost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundFrost Service]
2013-06-14 15:17 338944 ----a-w- c:\program files\SoundFrost\SoundFrostService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start++]
2008-04-26 13:36 570880 ----a-w- c:\program files\Brandon Paddock\Start++\Start++.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartMenuX]
2013-04-25 09:40 4555584 ----a-w- c:\program files\Start Menu X\StartMenuX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 07:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreadManager.exe]
2013-07-25 19:16 10915608 ----a-w- c:\program files\Thread Manager\ThreadManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-08-27 10:53 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
2007-03-03 12:12 341488 ----a-w- c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]
2013-03-25 10:29 1298432 ----a-w- c:\program files\ViStart\ViStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViUpdater]
2013-01-11 15:16 122880 ----a-w- c:\program files\ViUpdater\ViUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinThemePack Logon]
2012-12-27 20:10 9920027 ----a-w- c:\program files\WinThemePack\The Avengers Logon Screen\tweak.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe" /LaunchType=Auto /LaunchApps=Common
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"IAAnotif"=c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"LManager"=c:\program files\Launch Manager\LManager.exe
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
.
R3 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\IObit\Advanced SystemCare 7\ASCService.exe [2013-10-25 878368]
R4 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [2013-04-18 574272]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-07-30 277736]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-09 11:11 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 10:03]
.
2013-10-19 c:\windows\Tasks\Driver Booster Startup.job
- c:\program files\IObit\Driver Booster\DriverBooster.exe [2013-07-21 09:39]
.
2013-10-19 c:\windows\Tasks\Driver Booster Update.job
- c:\program files\IObit\Driver Booster\AutoUpdate.exe [2013-07-21 09:12]
.
2013-10-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1869136784-2511684587-3108499956-1010Core.job
- c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-15 11:27]
.
2013-10-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1869136784-2511684587-3108499956-1010UA.job
- c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-15 11:27]
.
2013-11-12 c:\windows\Tasks\GlaryInitialize 3.job
- c:\program files\Glary Utilities 3\Initialize.exe [2013-10-09 01:42]
.
2013-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-12 20:26]
.
2013-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-12 20:26]
.
2013-09-13 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2013-09-13 19:17]
.
2013-02-05 c:\windows\Tasks\User_Feed_Synchronization-{8B373119-3C07-42D8-A6AF-3C5E274FDE1E}.job
- c:\windows\system32\msfeedssync.exe [2011-12-27 20:42]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = 37.59.81.65:3128
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Microsoft Excel'e &Ver
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Poslat jako MMS
IE: Poslat jako SMS
IE: Poslat MMS na
IE: Poslat SMS na
IE: WikiKomentáře Google...
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ7M\ICQ.exe
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\users\rhs.EXPERT\AppData\Roaming\Seznam.cz\bin\listicka.dll
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\windows\system32\LOILSP.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\rhs.EXPERT\AppData\Roaming\Mozilla\Firefox\Profiles\0sc2i8hz.default\
FF - ExtSQL: 2013-09-12 22:14; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - ExtSQL: 2013-11-09 12:20; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\rhs.EXPERT\AppData\Roaming\Mozilla\Firefox\Profiles\0sc2i8hz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-11-09 12:21; {F53C93F1-07D5-430c-86D4-C9531B27DFAF}; c:\users\rhs.EXPERT\AppData\Roaming\Mozilla\Firefox\Profiles\0sc2i8hz.default\extensions\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}
FF - ExtSQL: 2013-11-09 12:21; support@lastpass.com; c:\users\rhs.EXPERT\AppData\Roaming\Mozilla\Firefox\Profiles\0sc2i8hz.default\extensions\support@lastpass.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-12 14:37
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
"ImagePath"="%SystemRoot%\System32\snmptrap.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Solarwinds: Job Broker]
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Solarwinds: Job Engine]
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Solarwinds: Job Scheduler]
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1869136784-2511684587-3108499956-1010\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A1C2E7F4-72A6-03B4-9036-EB6EE1DBA7AA}*]
"hahgnmdbcfgakken"=hex:69,61,62,65,67,6c,65,6b,6c,6e,69,6a,65,62,67,70,69,6b,
00,00
"ianfdmnoimjaajlpol"=hex:63,61,61,65,64,65,00,7f
"iabdhcmmcighmpcdba"=hex:6b,61,6e,64,69,6b,63,6b,69,6b,62,6e,62,61,6f,6b,67,65,
61,66,69,6f,00,00
"dbodialbpdgkfblkoekaccmfnfikkccoifjladle"=hex:68,61,65,61,6b,6b,63,69,62,63,
66,61,65,6d,70,6d,00,00
"jbodialbpdgkfblkoekafbpdhanfbchamdbgnbiflmnbiehcenhd"=hex:68,61,65,61,6b,6b,
63,69,62,63,66,61,65,6d,70,6d,00,00
"dbodialbpdgkfblkoekalbphjalnehpggleabedj"=hex:62,62,68,65,67,6a,62,6c,67,6d,
63,65,65,67,6a,69,61,61,64,6e,68,67,65,70,6b,65,6f,6d,67,70,6d,65,65,67,70,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3884)
c:\users\rhs.EXPERT\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlUI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\GDIExtendCtrl.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlOP.dll
c:\program files\EgisTec\MyWinLocker 3\x86\CryptoAPI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\ShowErrMsg.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG2013\avgrsx.exe
c:\program files\AVG\AVG2013\avgcsrvx.exe
c:\windows\system32\WLANExt.exe
c:\program files\AVG\AVG2013\avgfws.exe
c:\program files\AVG\AVG2013\avgidsagent.exe
c:\program files\AVG\AVG2013\avgwdsvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
c:\program files\AVG\AVG2013\avgnsx.exe
c:\program files\AVG\AVG2013\avgemcx.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\secpro.exe
c:\windows\System32\tcpsvcs.exe
c:\program files\AVG\AVG2013\avgcsrvx.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Celkový čas: 2013-11-12 14:51:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-11-12 13:49
ComboFix2.txt 2013-11-11 20:16
ComboFix3.txt 2013-11-09 14:49
ComboFix4.txt 2013-11-07 21:41
.
Před spuštěním: Volných bajtů: 216 757 047 296
Po spuštění: Volných bajtů: 215 720 140 800
.
- - End Of File - - E5AF3A7CD35EF54A94B7121409C56092
5C616939100B85E558DA92B899A0FC36
asi vir - kontrola logu Vyřešeno
Re: asi vir - kontrola logu
„Zeptáš-li se, budeš 5 minut vypadat jako blbec. Nezeptáš-li se, budeš blbcem po celý život.“
„Mnozí z těch, co žijí, by zasluhovali smrt. A mnozí z těch, co zemřeli, by si zasloužili žít.“ - John Ronald Reuel Tolkien
„Je lepší být nenáviděn pro to, jaký jsi, než být milován pro to, co nejsi.“ - Kurt Cobain
https://rhscz.eu
https://github.com/rhsCZ
Re: asi vir - kontrola logu
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:57:16, on 12.11.2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16514)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Program Files\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 37.59.81.65:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CortonExt - {2036470F-F17A-4171-BE34-4D1BCE1700E2} - C:\Program Files\Corton\CortonPlugin.dll
O2 - BHO: SMSender.E.ToolbarsHelper - {24BCDA96-8FCB-4D3B-0500-000000000004} - mscoree.dll (file missing)
O2 - BHO: SBCONVERT - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Pagealicious - {60C07B56-542E-4054-A503-4E9E08DF2F84} - C:\Program Files\Pagealicious\Pagealicious.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPlugin_Protection.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\MidpX\JadInvoker\MidpInvoker.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: Nástroje Lištičky - {1EA00BE1-6E54-4E2A-8099-680300BF23E1} - C:\Users\rhs.EXPERT\AppData\Roaming\Seznam.cz\bin\toolbar\toolbar.dll
O3 - Toolbar: O2 SMSender - {24BCDA96-8FCB-4D3B-0500-000000000003} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Fences] "C:\Program Files\Stardock\Fences\Fences.exe" /startup
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [SystemExplorerAutoStart] "C:\Program Files\System Explorer\SystemExplorer.exe" /TRAY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\bin\postak.exe" -s
O4 - HKCU\..\Run: [Switcher] "C:\Program Files\Switcher\Switcher.exe" /quiet
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 7\Suo10_SmartRAM.exe" /m
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock Plus\ObjectDock.exe
O4 - Global Startup: Acer VCM.lnk = ?
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Users\rhs.EXPERT\AppData\Roaming\Seznam.cz\bin\listicka.dll
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Users\rhs.EXPERT\AppData\Roaming\Seznam.cz\bin\listicka.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\ilannsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\loilsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files\Comodo\Dragon\dragon_updater.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - C:\Program Files\Hotspot Shield\bin\cmw_srv.exe (file missing)
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PSPR Control Service (PSPRSERV) - ElcomSoft Co. Ltd. - C:\Program Files\Elcomsoft Password Recovery\Proactive System Password Recovery\psprserv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Secure Storage (SecStore) - Unknown owner - C:\Windows\system32\secpro.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: System Explorer Service (SystemExplorerHelpService) - Mister Group - C:\Program Files\System Explorer\service\SystemExplorerService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
O23 - Service: Wise Boot Assistant (WiseBootAssistant) - WiseCleaner.com - C:\Program Files\Wise\Wise Care 365\BootTime.exe
--
End of file - 14760 bytes
Scan saved at 14:57:16, on 12.11.2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16514)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Program Files\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 37.59.81.65:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CortonExt - {2036470F-F17A-4171-BE34-4D1BCE1700E2} - C:\Program Files\Corton\CortonPlugin.dll
O2 - BHO: SMSender.E.ToolbarsHelper - {24BCDA96-8FCB-4D3B-0500-000000000004} - mscoree.dll (file missing)
O2 - BHO: SBCONVERT - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Pagealicious - {60C07B56-542E-4054-A503-4E9E08DF2F84} - C:\Program Files\Pagealicious\Pagealicious.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPlugin_Protection.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\MidpX\JadInvoker\MidpInvoker.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: Nástroje Lištičky - {1EA00BE1-6E54-4E2A-8099-680300BF23E1} - C:\Users\rhs.EXPERT\AppData\Roaming\Seznam.cz\bin\toolbar\toolbar.dll
O3 - Toolbar: O2 SMSender - {24BCDA96-8FCB-4D3B-0500-000000000003} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Fences] "C:\Program Files\Stardock\Fences\Fences.exe" /startup
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [SystemExplorerAutoStart] "C:\Program Files\System Explorer\SystemExplorer.exe" /TRAY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\bin\postak.exe" -s
O4 - HKCU\..\Run: [Switcher] "C:\Program Files\Switcher\Switcher.exe" /quiet
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 7\Suo10_SmartRAM.exe" /m
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock Plus\ObjectDock.exe
O4 - Global Startup: Acer VCM.lnk = ?
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Users\rhs.EXPERT\AppData\Roaming\Seznam.cz\bin\listicka.dll
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Users\rhs.EXPERT\AppData\Roaming\Seznam.cz\bin\listicka.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\ilannsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\loilsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files\Comodo\Dragon\dragon_updater.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - C:\Program Files\Hotspot Shield\bin\cmw_srv.exe (file missing)
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PSPR Control Service (PSPRSERV) - ElcomSoft Co. Ltd. - C:\Program Files\Elcomsoft Password Recovery\Proactive System Password Recovery\psprserv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Secure Storage (SecStore) - Unknown owner - C:\Windows\system32\secpro.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: System Explorer Service (SystemExplorerHelpService) - Mister Group - C:\Program Files\System Explorer\service\SystemExplorerService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
O23 - Service: Wise Boot Assistant (WiseBootAssistant) - WiseCleaner.com - C:\Program Files\Wise\Wise Care 365\BootTime.exe
--
End of file - 14760 bytes
„Zeptáš-li se, budeš 5 minut vypadat jako blbec. Nezeptáš-li se, budeš blbcem po celý život.“
„Mnozí z těch, co žijí, by zasluhovali smrt. A mnozí z těch, co zemřeli, by si zasloužili žít.“ - John Ronald Reuel Tolkien
„Je lepší být nenáviděn pro to, jaký jsi, než být milován pro to, co nejsi.“ - Kurt Cobain
https://rhscz.eu
https://github.com/rhsCZ
Re: asi vir - kontrola logu
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-11-12 14:59:02
-----------------------------
14:59:02.617 OS Version: Windows 6.0.6002 Service Pack 2
14:59:02.618 Number of processors: 1 586 0x170A
14:59:02.622 ComputerName: RHS UserName: rhs
14:59:07.430 Initialize success
14:59:13.058 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:59:13.062 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
14:59:13.333 Disk 0 MBR read successfully
14:59:13.336 Disk 0 MBR scan
14:59:13.339 Disk 0 Windows VISTA default MBR code
14:59:13.343 Disk 0 Partition - 00 05 Extended 9993 MB offset 63
14:59:13.389 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 466938 MB offset 20482048
14:59:13.394 Disk 0 Partition 2 00 82 Linux swap 1184 MB offset 126
14:59:13.398 Disk 0 Partition - 00 05 Extended 8809 MB offset 2425815
14:59:13.439 Disk 0 scanning sectors +976771072
14:59:13.789 Disk 0 scanning C:\Windows\system32\drivers
14:59:29.168 Service scanning
15:00:18.669 Modules scanning
15:00:52.234 Disk 0 trace - called modules:
15:00:52.640 ntkrnlpa.exe hal.dll CLASSPNP.SYS disk.sys iaStor.sys sptd.sys
15:00:52.647 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89dfaa38]
15:00:52.658 3 CLASSPNP.SYS[863b38b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x88bc0028]
15:00:52.666 Scan finished successfully
15:00:59.755 Disk 0 MBR has been saved successfully to "C:\Users\rhs.EXPERT\Desktop\MBR.dat"
15:00:59.813 The log file has been saved successfully to "C:\Users\rhs.EXPERT\Desktop\aswMBR.txt"
Run date: 2013-11-12 14:59:02
-----------------------------
14:59:02.617 OS Version: Windows 6.0.6002 Service Pack 2
14:59:02.618 Number of processors: 1 586 0x170A
14:59:02.622 ComputerName: RHS UserName: rhs
14:59:07.430 Initialize success
14:59:13.058 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:59:13.062 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
14:59:13.333 Disk 0 MBR read successfully
14:59:13.336 Disk 0 MBR scan
14:59:13.339 Disk 0 Windows VISTA default MBR code
14:59:13.343 Disk 0 Partition - 00 05 Extended 9993 MB offset 63
14:59:13.389 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 466938 MB offset 20482048
14:59:13.394 Disk 0 Partition 2 00 82 Linux swap 1184 MB offset 126
14:59:13.398 Disk 0 Partition - 00 05 Extended 8809 MB offset 2425815
14:59:13.439 Disk 0 scanning sectors +976771072
14:59:13.789 Disk 0 scanning C:\Windows\system32\drivers
14:59:29.168 Service scanning
15:00:18.669 Modules scanning
15:00:52.234 Disk 0 trace - called modules:
15:00:52.640 ntkrnlpa.exe hal.dll CLASSPNP.SYS disk.sys iaStor.sys sptd.sys
15:00:52.647 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89dfaa38]
15:00:52.658 3 CLASSPNP.SYS[863b38b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x88bc0028]
15:00:52.666 Scan finished successfully
15:00:59.755 Disk 0 MBR has been saved successfully to "C:\Users\rhs.EXPERT\Desktop\MBR.dat"
15:00:59.813 The log file has been saved successfully to "C:\Users\rhs.EXPERT\Desktop\aswMBR.txt"
„Zeptáš-li se, budeš 5 minut vypadat jako blbec. Nezeptáš-li se, budeš blbcem po celý život.“
„Mnozí z těch, co žijí, by zasluhovali smrt. A mnozí z těch, co zemřeli, by si zasloužili žít.“ - John Ronald Reuel Tolkien
„Je lepší být nenáviděn pro to, jaký jsi, než být milován pro to, co nejsi.“ - Kurt Cobain
https://rhscz.eu
https://github.com/rhsCZ
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43339
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: asi vir - kontrola logu
Odinstaluj:
PDFCreator Toolbar Helper
Nástroje Lištičky
SPEEDB~1\Toolbar
Toolbar: SpeedBit Video Downloader
Toolbar: Kwyshell MidpX
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně: Zkopírovat celé!
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Stáhni si na svojí plochu StartupLite .exe by MalwareBytes
Tento program identifikuje a dává volbu k odstranění nepotřebných položek k vyprázdnění paměti.
Poklepej na ikonu StartupLite.exe (by MalwareBytes ) ke spuštění programu. Ve vistě a windows 7 spusť jako správce (pravým klik na ikonu a vyber-spustit jako správce).Vytvoří se list nepotřebných vstupů po spuštění. Nech všechny položky jako deaktivované a klikni na Continue . Restartuj PC.
PDFCreator Toolbar Helper
Nástroje Lištičky
SPEEDB~1\Toolbar
Toolbar: SpeedBit Video Downloader
Toolbar: Kwyshell MidpX
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Kód: Vybrat vše
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
O3 - Toolbar: Nástroje Lištičky - {1EA00BE1-6E54-4E2A-8099-680300BF23E1} - C:\Users\rhs.EXPERT\AppData\Roaming\Seznam.cz\bin\toolbar\toolbar.dll
O3 - Toolbar: O2 SMSender - {24BCDA96-8FCB-4D3B-0500-000000000003} - mscoree.dll (file missing)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\MidpX\JadInvoker\MidpInvoker.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel presentOtevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně: Zkopírovat celé!
Kód: Vybrat vše
KillAll::
File::
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1869136784-2511684587-3108499956-1010Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1869136784-2511684587-3108499956-1010UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
Folder::
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update
c:\program files\Google\Update
RegLock::
[HKEY_USERS\S-1-5-21-1869136784-2511684587-3108499956-1010\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A1C2E7F4-72A6-03B4-9036-EB6EE1DBA7AA}*]
"hahgnmdbcfgakken"=hex:69,61,62,65,67,6c,65,6b,6c,6e,69,6a,65,62,67,70,69,6b,
00,00
"ianfdmnoimjaajlpol"=hex:63,61,61,65,64,65,00,7f
"iabdhcmmcighmpcdba"=hex:6b,61,6e,64,69,6b,63,6b,69,6b,62,6e,62,61,6f,6b,67,65,
61,66,69,6f,00,00
"dbodialbpdgkfblkoekaccmfnfikkccoifjladle"=hex:68,61,65,61,6b,6b,63,69,62,63,
66,61,65,6d,70,6d,00,00
"jbodialbpdgkfblkoekafbpdhanfbchamdbgnbiflmnbiehcenhd"=hex:68,61,65,61,6b,6b,
63,69,62,63,66,61,65,6d,70,6d,00,00
"dbodialbpdgkfblkoekalbphjalnehpggleabedj"=hex:62,62,68,65,67,6a,62,6c,67,6d,
63,65,65,67,6a,69,61,61,64,6e,68,67,65,70,6b,65,6f,6d,67,70,6d,65,65,67,70,\Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Stáhni si na svojí plochu StartupLite .exe by MalwareBytes
Tento program identifikuje a dává volbu k odstranění nepotřebných položek k vyprázdnění paměti.
Poklepej na ikonu StartupLite.exe (by MalwareBytes ) ke spuštění programu. Ve vistě a windows 7 spusť jako správce (pravým klik na ikonu a vyber-spustit jako správce).Vytvoří se list nepotřebných vstupů po spuštění. Nech všechny položky jako deaktivované a klikni na Continue . Restartuj PC.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: asi vir - kontrola logu
ComboFix 13-11-12.01 - rhs 12.11.2013 22:36:58.4.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3001.1904 [GMT 1:00]
Spuštěný z: c:\users\rhs.EXPERT\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\rhs.EXPERT\Desktop\CFScript.txt
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1869136784-2511684587-3108499956-1010Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1869136784-2511684587-3108499956-1010UA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-12 do 2013-11-12 )))))))))))))))))))))))))))))))
.
.
2013-11-12 22:10 . 2013-11-12 22:10 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-11-12 22:10 . 2013-11-12 22:10 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-11-12 22:10 . 2013-11-12 22:10 -------- d-----w- c:\users\fbwuser\AppData\Local\temp
2013-11-12 22:10 . 2013-11-12 22:10 -------- d-----w- c:\users\expert\AppData\Local\temp
2013-11-12 22:10 . 2013-11-12 22:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-12 22:10 . 2013-11-12 22:10 -------- d-----w- c:\users\Andrea\AppData\Local\temp
2013-11-12 21:12 . 2013-11-12 21:24 -------- d-----w- c:\program files\Toolbar Uninstaller
2013-11-11 23:01 . 2013-11-11 23:01 -------- d-----w- c:\program files\Apache Software Foundation
2013-11-11 22:53 . 2013-11-11 23:01 -------- d-----w- c:\program files\glassfish-4.0
2013-11-11 22:30 . 2013-11-11 23:07 -------- d-----w- c:\program files\NetBeans 7.4
2013-11-11 21:56 . 2013-11-11 21:56 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-11-11 14:15 . 2013-11-11 14:15 -------- d-----w- c:\programdata\Uniblue
2013-11-10 19:21 . 2013-11-10 19:21 -------- d-----w- c:\windows\ERUNT
2013-11-09 17:00 . 2013-11-09 17:00 -------- d-----w- c:\programdata\Caphyon
2013-11-09 16:59 . 2013-11-09 16:59 -------- d-----w- c:\program files\TV Online
2013-11-09 16:59 . 2013-11-09 17:15 -------- d-----w- c:\programdata\regid.1995-09.com.example
2013-11-07 22:07 . 2013-11-07 22:07 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-11-07 22:06 . 2013-11-08 19:35 -------- d-----w- c:\programdata\ProductData
2013-11-07 21:56 . 2013-11-07 21:56 -------- d-----w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-11-07 21:41 . 2013-11-07 21:41 -------- d-----w- c:\users\expert\AppData\Local\Temp(9218)
2013-11-06 15:04 . 2013-11-10 19:48 -------- dc----w- C:\AdwCleaner
2013-11-06 14:22 . 2013-11-06 14:22 -------- d-----w- c:\programdata\Malwarebytes
2013-11-06 14:22 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-06 14:22 . 2013-11-06 14:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-05 23:07 . 2013-11-09 03:08 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-11-05 21:38 . 2013-11-05 21:38 -------- d-----w- c:\program files\SHOUTcast
2013-11-04 23:17 . 2013-11-04 23:22 -------- d---a-w- C:\cce_linux
2013-11-03 21:59 . 2013-11-09 03:09 -------- d-----w- c:\programdata\SystemExplorer
2013-11-03 21:58 . 2013-11-03 21:58 -------- d-----w- c:\program files\System Explorer
2013-11-03 21:52 . 2013-11-03 21:52 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2013-11-03 21:50 . 2013-11-03 21:51 -------- d-----w- c:\program files\Notebook Hardware Control
2013-11-03 21:42 . 2013-11-03 21:44 -------- d-----w- c:\program files\SpeedFan
2013-11-03 21:34 . 2013-11-09 03:09 -------- d-----w- c:\program files\Switcher
2013-11-03 21:33 . 2013-11-03 21:33 -------- d-----w- c:\program files\Smart PC Solutions
2013-11-03 21:24 . 2013-11-09 03:08 -------- d-----w- c:\program files\Brandon Paddock
2013-10-30 16:19 . 2013-11-09 03:11 -------- d-----w- c:\users\Admin
2013-10-28 17:46 . 2013-10-28 17:46 -------- d-----w- c:\program files\GameforgeLive
2013-10-27 18:57 . 2013-10-27 19:23 -------- d-----w- c:\program files\osu!
2013-10-22 14:02 . 2013-10-22 14:02 -------- d-----w- c:\programdata\GlarySoft
2013-10-21 18:47 . 2013-10-21 18:47 -------- dc----r- C:\MSOCache
2013-10-20 16:04 . 2013-11-11 21:58 -------- d-----w- c:\programdata\Oracle
2013-10-20 10:54 . 2013-10-20 10:54 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-10-20 10:53 . 2013-10-20 10:54 -------- d-----w- c:\program files\DAEMON Tools Lite
2013-10-20 10:34 . 2013-10-09 01:46 101664 ----a-w- c:\windows\system32\BootDefrag.exe
2013-10-20 10:34 . 2013-09-29 06:50 14080 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys
2013-10-20 10:32 . 2013-10-22 13:15 -------- d-----w- c:\program files\Glary Utilities 3
2013-10-19 08:53 . 2013-10-19 08:53 -------- d-----w- c:\users\rhs
2013-10-18 15:54 . 2013-05-22 16:49 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2013-10-18 15:54 . 2013-05-22 16:49 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2024-03-21 10:44 . 2010-11-15 09:27 246272 ----a-w- c:\windows\UNINST16.EXE
2013-11-09 10:03 . 2012-04-23 16:19 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-09 10:03 . 2011-05-17 07:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-19 22:15 . 2010-08-27 14:30 324096 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-09-22 10:22 . 2013-10-09 12:38 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-09-22 10:14 . 2013-10-09 12:38 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-09-22 10:13 . 2013-10-09 12:38 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-09-22 10:08 . 2013-10-09 12:38 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-09-22 10:06 . 2013-10-09 12:38 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-09-22 10:03 . 2013-10-09 12:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-12 16:11 . 2009-08-06 07:06 319456 ----a-w- c:\windows\DIFxAPI.dll
2013-09-09 23:34 . 2013-09-09 23:34 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-04 23:43 . 2013-09-04 23:43 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-09-03 19:14 . 2013-09-03 19:14 231760 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2013-08-31 15:57 . 2013-09-08 19:53 25464 ----a-w- c:\windows\system32\drivers\odminifilter.sys
2013-08-29 07:36 . 2013-10-09 12:06 2050048 ----a-w- c:\windows\system32\win32k.sys
2013-08-27 02:47 . 2013-10-09 12:07 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-08-27 02:47 . 2013-10-09 12:07 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-08-27 02:47 . 2013-10-09 12:07 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-08-27 02:47 . 2013-10-09 12:07 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-08-27 01:52 . 2013-10-09 12:07 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-08-27 01:50 . 2013-10-09 12:07 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-08-27 01:32 . 2013-10-09 12:07 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-08-27 01:28 . 2013-10-09 12:07 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-08-27 01:28 . 2013-10-09 12:07 798208 ----a-w- c:\windows\system32\FntCache.dll
2012-08-08 13:34 . 2012-08-08 13:34 10974280 ----a-w- c:\program files\Common Files\lpuninstall.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2013-11-08 19:32 752448 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{2036470F-F17A-4171-BE34-4D1BCE1700E2}]
2013-03-27 09:37 1751040 ----a-w- c:\program files\Corton\CortonPlugin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2010-11-03 22:10 2447360 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{60C07B56-542E-4054-A503-4E9E08DF2F84}]
2012-07-17 09:03 1816336 ----a-w- c:\program files\Pagealicious\Pagealicious.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-30 17:00 222712 ----a-w- c:\users\rhs.EXPERT\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_2\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-30 17:00 222712 ----a-w- c:\users\rhs.EXPERT\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_2\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-30 17:00 222712 ----a-w- c:\users\rhs.EXPERT\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_2\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\rhs.EXPERT\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\rhs.EXPERT\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\rhs.EXPERT\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 10:05 40496 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\bin\postak.exe" [2012-01-10 491040]
"Switcher"="c:\program files\Switcher\Switcher.exe" [2007-10-28 425984]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 7\Suo10_SmartRAM.exe" [2013-10-22 549184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-09-22 4411952]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2013-01-30 30192]
"Fences"="c:\program files\Stardock\Fences\Fences.exe" [2012-10-29 4017368]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-10 1833504]
"SystemExplorerAutoStart"="c:\program files\System Explorer\SystemExplorer.exe" [2013-05-16 2851784]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\rhs.EXPERT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock Plus\ObjectDock.exe [2011-11-12 4152536]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-8-6 565248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 14 (0xe)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2012-10-29 478936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
[BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoRun USB- Executive Edition.lnk]
backup=c:\windows\pss\AutoRun USB- Executive Edition.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hamachi.lnk]
backup=c:\windows\pss\Hamachi.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
backup=c:\windows\pss\Monitor Apache Servers.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OpenDNSCrypt.lnk]
backup=c:\windows\pss\OpenDNSCrypt.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoundFrost.lnk]
backup=c:\windows\pss\SoundFrost.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^rhs.EXPERT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
backup=c:\windows\pss\Facebook Messenger.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^rhs.EXPERT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Fences.lnk]
backup=c:\windows\pss\Fences.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^rhs.EXPERT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk]
backup=c:\windows\pss\IMVU.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^rhs.EXPERT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^User new.EXPERT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopVideoPlayer.lnk]
backup=c:\windows\pss\DesktopVideoPlayer.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^User new.EXPERT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk]
backup=c:\windows\pss\IMVU.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 04:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2012-03-09 14:26 1073312 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon]
c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 19:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AshSnap]
2013-07-04 07:57 3737424 ----a-w- c:\program files\Ashampoo\Ashampoo Snap 6\ashsnap.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clownfish]
2013-10-01 08:52 1278712 ----a-w- c:\program files\Clownfish\Clownfish.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-08-01 13:13 3673696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2013-03-28 17:40 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-02-13 02:37 1263952 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Driver Detective]
2013-08-28 11:26 3982232 ----a-w- c:\program files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM tray]
2012-11-29 09:32 2086984 ----a-w- c:\program files\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecLiveUpdate]
2008-10-27 13:09 199464 ----a-w- c:\program files\EgisTec Egis Software Update\EgisUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\File Bulldog Anti-phishing Domain Advisor]
2013-02-11 16:07 223808 ----a-w- c:\programdata\File Bulldog Anti-phishing Domain Advisor\filebulldog_antiphishing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com]
2010-08-09 12:47 248832 ----a-w- c:\program files\FileHippo.com\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-09-14 10:00 116648 ----atw- c:\users\rhs.EXPERT\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
2013-09-25 16:37 20133824 ----a-w- c:\program files\Google\Drive\googledrivesync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-10-28 10:18 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2013-01-09 17:14 127040 ----a-w- c:\program files\ICQ7M\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 16:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keepvid]
2013-06-10 15:59 1120256 ----a-w- c:\program files\SoundFrost\keepvid.com.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2013-06-28 12:02 2255184 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Minecraft Tweaker Updater]
2013-09-17 21:44 554496 ----a-w- c:\users\rhs.EXPERT\AppData\Roaming\.minecraft\MinecraftTweakerUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMServerListAutoUpdater]
2012-12-10 11:36 302843 ----a-w- c:\program files\VUGames\SWAT 4\Content\System\MMServerListAutoUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyPrintScreen]
2013-05-02 10:12 232448 ----a-w- c:\program files\SoundFrost\MyPrintScreen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NotebookHardwareControl]
2007-05-04 16:16 2629632 ----a-w- c:\program files\Notebook Hardware Control\nhc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Maker Pilot (demo) printing agent]
2006-01-27 13:54 65536 ----a-w- c:\program files\PDF Maker Pilot Demo\pmpagenttsd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Powersuite Monitor]
2012-09-13 15:34 323936 ----a-w- c:\program files\Uniblue\Powersuite\powersuite_monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSwitch]
2012-03-02 20:00 5319224 ----a-w- c:\program files\Proxy Switcher Standard\ProxySwitcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 01:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RockMelt Update]
2013-04-14 08:44 136336 ----atw- c:\users\rhs.EXPERT\AppData\Local\RockMelt\Update\RockMeltUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2013-03-29 08:57 11930696 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyDrive]
2012-12-30 17:00 255992 ----a-w- c:\users\rhs.EXPERT\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-10-21 14:27 20549280 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundFrost]
2013-06-14 15:17 2106368 ----a-w- c:\program files\SoundFrost\SoundFrost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundFrost Service]
2013-06-14 15:17 338944 ----a-w- c:\program files\SoundFrost\SoundFrostService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start++]
2008-04-26 13:36 570880 ----a-w- c:\program files\Brandon Paddock\Start++\Start++.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartMenuX]
2013-04-25 09:40 4555584 ----a-w- c:\program files\Start Menu X\StartMenuX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 07:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreadManager.exe]
2013-07-25 19:16 10915608 ----a-w- c:\program files\Thread Manager\ThreadManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-08-27 10:53 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
2007-03-03 12:12 341488 ----a-w- c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]
2013-03-25 10:29 1298432 ----a-w- c:\program files\ViStart\ViStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViUpdater]
2013-01-11 15:16 122880 ----a-w- c:\program files\ViUpdater\ViUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinThemePack Logon]
2012-12-27 20:10 9920027 ----a-w- c:\program files\WinThemePack\The Avengers Logon Screen\tweak.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe" /LaunchType=Auto /LaunchApps=Common
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"IAAnotif"=c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"LManager"=c:\program files\Launch Manager\LManager.exe
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
.
R3 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\IObit\Advanced SystemCare 7\ASCService.exe [2013-10-25 878368]
R4 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [2013-04-18 574272]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-07-30 277736]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-09 11:11 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 10:03]
.
2013-10-19 c:\windows\Tasks\Driver Booster Startup.job
- c:\program files\IObit\Driver Booster\DriverBooster.exe [2013-07-21 09:39]
.
2013-10-19 c:\windows\Tasks\Driver Booster Update.job
- c:\program files\IObit\Driver Booster\AutoUpdate.exe [2013-07-21 09:12]
.
2013-10-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1869136784-2511684587-3108499956-1010Core.job
- c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-15 11:27]
.
2013-10-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1869136784-2511684587-3108499956-1010UA.job
- c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-15 11:27]
.
2013-11-12 c:\windows\Tasks\GlaryInitialize 3.job
- c:\program files\Glary Utilities 3\Initialize.exe [2013-10-09 01:42]
.
2013-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-12 20:26]
.
2013-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-12 20:26]
.
2013-09-13 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2013-09-13 19:17]
.
2013-02-05 c:\windows\Tasks\User_Feed_Synchronization-{8B373119-3C07-42D8-A6AF-3C5E274FDE1E}.job
- c:\windows\system32\msfeedssync.exe [2011-12-27 20:42]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = 37.59.81.65:3128
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Microsoft Excel'e &Ver
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Poslat jako MMS
IE: Poslat jako SMS
IE: Poslat MMS na
IE: Poslat SMS na
IE: WikiKomentáře Google...
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ7M\ICQ.exe
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\users\rhs.EXPERT\AppData\Roaming\Seznam.cz\bin\listicka.dll
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\windows\system32\LOILSP.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\rhs.EXPERT\AppData\Roaming\Mozilla\Firefox\Profiles\0sc2i8hz.default\
FF - ExtSQL: 2013-11-09 12:20; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\rhs.EXPERT\AppData\Roaming\Mozilla\Firefox\Profiles\0sc2i8hz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-11-09 12:21; {F53C93F1-07D5-430c-86D4-C9531B27DFAF}; c:\users\rhs.EXPERT\AppData\Roaming\Mozilla\Firefox\Profiles\0sc2i8hz.default\extensions\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}
FF - ExtSQL: 2013-11-09 12:21; support@lastpass.com; c:\users\rhs.EXPERT\AppData\Roaming\Mozilla\Firefox\Profiles\0sc2i8hz.default\extensions\support@lastpass.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-12 23:21
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
"ImagePath"="%SystemRoot%\System32\snmptrap.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Solarwinds: Job Broker]
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Solarwinds: Job Engine]
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Solarwinds: Job Scheduler]
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1869136784-2511684587-3108499956-1010\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A1C2E7F4-72A6-03B4-9036-EB6EE1DBA7AA}*]
"hahgnmdbcfgakken"=hex:69,61,62,65,67,6c,65,6b,6c,6e,69,6a,65,62,67,70,69,6b,
00,00
"ianfdmnoimjaajlpol"=hex:63,61,61,65,64,65,00,7f
"iabdhcmmcighmpcdba"=hex:6b,61,6e,64,69,6b,63,6b,69,6b,62,6e,62,61,6f,6b,67,65,
61,66,69,6f,00,00
"dbodialbpdgkfblkoekaccmfnfikkccoifjladle"=hex:68,61,65,61,6b,6b,63,69,62,63,
66,61,65,6d,70,6d,00,00
"jbodialbpdgkfblkoekafbpdhanfbchamdbgnbiflmnbiehcenhd"=hex:68,61,65,61,6b,6b,
63,69,62,63,66,61,65,6d,70,6d,00,00
"dbodialbpdgkfblkoekalbphjalnehpggleabedj"=hex:62,62,68,65,67,6a,62,6c,67,6d,
63,65,65,67,6a,69,61,61,64,6e,68,67,65,70,6b,65,6f,6d,67,70,6d,65,65,67,70,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3336)
c:\users\rhs.EXPERT\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlUI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\GDIExtendCtrl.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlOP.dll
c:\program files\EgisTec\MyWinLocker 3\x86\CryptoAPI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\ShowErrMsg.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG2013\avgrsx.exe
c:\program files\AVG\AVG2013\avgcsrvx.exe
c:\windows\system32\WLANExt.exe
c:\program files\AVG\AVG2013\avgfws.exe
c:\program files\AVG\AVG2013\avgidsagent.exe
c:\program files\AVG\AVG2013\avgwdsvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
c:\program files\AVG\AVG2013\avgnsx.exe
c:\program files\AVG\AVG2013\avgemcx.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\secpro.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\System32\tcpsvcs.exe
c:\program files\AVG\AVG2013\avgcsrvx.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2013-11-12 23:35:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-11-12 22:34
ComboFix2.txt 2013-11-12 13:51
ComboFix3.txt 2013-11-11 20:16
ComboFix4.txt 2013-11-09 14:49
ComboFix5.txt 2013-11-12 21:33
.
Před spuštěním: Volných bajtů: 215 397 896 192
Po spuštění: Volných bajtů: 214 888 845 312
.
- - End Of File - - 90D93E55F8F462AD299F344B79D62441
5C616939100B85E558DA92B899A0FC36
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3001.1904 [GMT 1:00]
Spuštěný z: c:\users\rhs.EXPERT\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\rhs.EXPERT\Desktop\CFScript.txt
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1869136784-2511684587-3108499956-1010Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1869136784-2511684587-3108499956-1010UA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-12 do 2013-11-12 )))))))))))))))))))))))))))))))
.
.
2013-11-12 22:10 . 2013-11-12 22:10 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-11-12 22:10 . 2013-11-12 22:10 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-11-12 22:10 . 2013-11-12 22:10 -------- d-----w- c:\users\fbwuser\AppData\Local\temp
2013-11-12 22:10 . 2013-11-12 22:10 -------- d-----w- c:\users\expert\AppData\Local\temp
2013-11-12 22:10 . 2013-11-12 22:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-12 22:10 . 2013-11-12 22:10 -------- d-----w- c:\users\Andrea\AppData\Local\temp
2013-11-12 21:12 . 2013-11-12 21:24 -------- d-----w- c:\program files\Toolbar Uninstaller
2013-11-11 23:01 . 2013-11-11 23:01 -------- d-----w- c:\program files\Apache Software Foundation
2013-11-11 22:53 . 2013-11-11 23:01 -------- d-----w- c:\program files\glassfish-4.0
2013-11-11 22:30 . 2013-11-11 23:07 -------- d-----w- c:\program files\NetBeans 7.4
2013-11-11 21:56 . 2013-11-11 21:56 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-11-11 14:15 . 2013-11-11 14:15 -------- d-----w- c:\programdata\Uniblue
2013-11-10 19:21 . 2013-11-10 19:21 -------- d-----w- c:\windows\ERUNT
2013-11-09 17:00 . 2013-11-09 17:00 -------- d-----w- c:\programdata\Caphyon
2013-11-09 16:59 . 2013-11-09 16:59 -------- d-----w- c:\program files\TV Online
2013-11-09 16:59 . 2013-11-09 17:15 -------- d-----w- c:\programdata\regid.1995-09.com.example
2013-11-07 22:07 . 2013-11-07 22:07 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-11-07 22:06 . 2013-11-08 19:35 -------- d-----w- c:\programdata\ProductData
2013-11-07 21:56 . 2013-11-07 21:56 -------- d-----w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-11-07 21:41 . 2013-11-07 21:41 -------- d-----w- c:\users\expert\AppData\Local\Temp(9218)
2013-11-06 15:04 . 2013-11-10 19:48 -------- dc----w- C:\AdwCleaner
2013-11-06 14:22 . 2013-11-06 14:22 -------- d-----w- c:\programdata\Malwarebytes
2013-11-06 14:22 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-06 14:22 . 2013-11-06 14:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-05 23:07 . 2013-11-09 03:08 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-11-05 21:38 . 2013-11-05 21:38 -------- d-----w- c:\program files\SHOUTcast
2013-11-04 23:17 . 2013-11-04 23:22 -------- d---a-w- C:\cce_linux
2013-11-03 21:59 . 2013-11-09 03:09 -------- d-----w- c:\programdata\SystemExplorer
2013-11-03 21:58 . 2013-11-03 21:58 -------- d-----w- c:\program files\System Explorer
2013-11-03 21:52 . 2013-11-03 21:52 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2013-11-03 21:50 . 2013-11-03 21:51 -------- d-----w- c:\program files\Notebook Hardware Control
2013-11-03 21:42 . 2013-11-03 21:44 -------- d-----w- c:\program files\SpeedFan
2013-11-03 21:34 . 2013-11-09 03:09 -------- d-----w- c:\program files\Switcher
2013-11-03 21:33 . 2013-11-03 21:33 -------- d-----w- c:\program files\Smart PC Solutions
2013-11-03 21:24 . 2013-11-09 03:08 -------- d-----w- c:\program files\Brandon Paddock
2013-10-30 16:19 . 2013-11-09 03:11 -------- d-----w- c:\users\Admin
2013-10-28 17:46 . 2013-10-28 17:46 -------- d-----w- c:\program files\GameforgeLive
2013-10-27 18:57 . 2013-10-27 19:23 -------- d-----w- c:\program files\osu!
2013-10-22 14:02 . 2013-10-22 14:02 -------- d-----w- c:\programdata\GlarySoft
2013-10-21 18:47 . 2013-10-21 18:47 -------- dc----r- C:\MSOCache
2013-10-20 16:04 . 2013-11-11 21:58 -------- d-----w- c:\programdata\Oracle
2013-10-20 10:54 . 2013-10-20 10:54 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-10-20 10:53 . 2013-10-20 10:54 -------- d-----w- c:\program files\DAEMON Tools Lite
2013-10-20 10:34 . 2013-10-09 01:46 101664 ----a-w- c:\windows\system32\BootDefrag.exe
2013-10-20 10:34 . 2013-09-29 06:50 14080 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys
2013-10-20 10:32 . 2013-10-22 13:15 -------- d-----w- c:\program files\Glary Utilities 3
2013-10-19 08:53 . 2013-10-19 08:53 -------- d-----w- c:\users\rhs
2013-10-18 15:54 . 2013-05-22 16:49 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2013-10-18 15:54 . 2013-05-22 16:49 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2024-03-21 10:44 . 2010-11-15 09:27 246272 ----a-w- c:\windows\UNINST16.EXE
2013-11-09 10:03 . 2012-04-23 16:19 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-09 10:03 . 2011-05-17 07:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-19 22:15 . 2010-08-27 14:30 324096 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-09-22 10:22 . 2013-10-09 12:38 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-09-22 10:14 . 2013-10-09 12:38 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-09-22 10:13 . 2013-10-09 12:38 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-09-22 10:08 . 2013-10-09 12:38 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-09-22 10:06 . 2013-10-09 12:38 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-09-22 10:03 . 2013-10-09 12:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-12 16:11 . 2009-08-06 07:06 319456 ----a-w- c:\windows\DIFxAPI.dll
2013-09-09 23:34 . 2013-09-09 23:34 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-04 23:43 . 2013-09-04 23:43 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-09-03 19:14 . 2013-09-03 19:14 231760 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2013-08-31 15:57 . 2013-09-08 19:53 25464 ----a-w- c:\windows\system32\drivers\odminifilter.sys
2013-08-29 07:36 . 2013-10-09 12:06 2050048 ----a-w- c:\windows\system32\win32k.sys
2013-08-27 02:47 . 2013-10-09 12:07 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-08-27 02:47 . 2013-10-09 12:07 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-08-27 02:47 . 2013-10-09 12:07 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-08-27 02:47 . 2013-10-09 12:07 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-08-27 01:52 . 2013-10-09 12:07 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-08-27 01:50 . 2013-10-09 12:07 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-08-27 01:32 . 2013-10-09 12:07 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-08-27 01:28 . 2013-10-09 12:07 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-08-27 01:28 . 2013-10-09 12:07 798208 ----a-w- c:\windows\system32\FntCache.dll
2012-08-08 13:34 . 2012-08-08 13:34 10974280 ----a-w- c:\program files\Common Files\lpuninstall.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2013-11-08 19:32 752448 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{2036470F-F17A-4171-BE34-4D1BCE1700E2}]
2013-03-27 09:37 1751040 ----a-w- c:\program files\Corton\CortonPlugin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2010-11-03 22:10 2447360 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{60C07B56-542E-4054-A503-4E9E08DF2F84}]
2012-07-17 09:03 1816336 ----a-w- c:\program files\Pagealicious\Pagealicious.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-30 17:00 222712 ----a-w- c:\users\rhs.EXPERT\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_2\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-30 17:00 222712 ----a-w- c:\users\rhs.EXPERT\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_2\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-30 17:00 222712 ----a-w- c:\users\rhs.EXPERT\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_2\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\rhs.EXPERT\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\rhs.EXPERT\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\rhs.EXPERT\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 10:05 40496 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\bin\postak.exe" [2012-01-10 491040]
"Switcher"="c:\program files\Switcher\Switcher.exe" [2007-10-28 425984]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 7\Suo10_SmartRAM.exe" [2013-10-22 549184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-09-22 4411952]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2013-01-30 30192]
"Fences"="c:\program files\Stardock\Fences\Fences.exe" [2012-10-29 4017368]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-10 1833504]
"SystemExplorerAutoStart"="c:\program files\System Explorer\SystemExplorer.exe" [2013-05-16 2851784]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\rhs.EXPERT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock Plus\ObjectDock.exe [2011-11-12 4152536]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-8-6 565248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 14 (0xe)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2012-10-29 478936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
[BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoRun USB- Executive Edition.lnk]
backup=c:\windows\pss\AutoRun USB- Executive Edition.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hamachi.lnk]
backup=c:\windows\pss\Hamachi.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
backup=c:\windows\pss\Monitor Apache Servers.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OpenDNSCrypt.lnk]
backup=c:\windows\pss\OpenDNSCrypt.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoundFrost.lnk]
backup=c:\windows\pss\SoundFrost.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^rhs.EXPERT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
backup=c:\windows\pss\Facebook Messenger.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^rhs.EXPERT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Fences.lnk]
backup=c:\windows\pss\Fences.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^rhs.EXPERT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk]
backup=c:\windows\pss\IMVU.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^rhs.EXPERT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^User new.EXPERT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopVideoPlayer.lnk]
backup=c:\windows\pss\DesktopVideoPlayer.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^User new.EXPERT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk]
backup=c:\windows\pss\IMVU.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 04:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2012-03-09 14:26 1073312 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon]
c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 19:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AshSnap]
2013-07-04 07:57 3737424 ----a-w- c:\program files\Ashampoo\Ashampoo Snap 6\ashsnap.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clownfish]
2013-10-01 08:52 1278712 ----a-w- c:\program files\Clownfish\Clownfish.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-08-01 13:13 3673696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2013-03-28 17:40 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-02-13 02:37 1263952 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Driver Detective]
2013-08-28 11:26 3982232 ----a-w- c:\program files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM tray]
2012-11-29 09:32 2086984 ----a-w- c:\program files\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecLiveUpdate]
2008-10-27 13:09 199464 ----a-w- c:\program files\EgisTec Egis Software Update\EgisUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\File Bulldog Anti-phishing Domain Advisor]
2013-02-11 16:07 223808 ----a-w- c:\programdata\File Bulldog Anti-phishing Domain Advisor\filebulldog_antiphishing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com]
2010-08-09 12:47 248832 ----a-w- c:\program files\FileHippo.com\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-09-14 10:00 116648 ----atw- c:\users\rhs.EXPERT\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
2013-09-25 16:37 20133824 ----a-w- c:\program files\Google\Drive\googledrivesync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-10-28 10:18 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2013-01-09 17:14 127040 ----a-w- c:\program files\ICQ7M\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 16:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keepvid]
2013-06-10 15:59 1120256 ----a-w- c:\program files\SoundFrost\keepvid.com.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2013-06-28 12:02 2255184 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Minecraft Tweaker Updater]
2013-09-17 21:44 554496 ----a-w- c:\users\rhs.EXPERT\AppData\Roaming\.minecraft\MinecraftTweakerUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMServerListAutoUpdater]
2012-12-10 11:36 302843 ----a-w- c:\program files\VUGames\SWAT 4\Content\System\MMServerListAutoUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyPrintScreen]
2013-05-02 10:12 232448 ----a-w- c:\program files\SoundFrost\MyPrintScreen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NotebookHardwareControl]
2007-05-04 16:16 2629632 ----a-w- c:\program files\Notebook Hardware Control\nhc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Maker Pilot (demo) printing agent]
2006-01-27 13:54 65536 ----a-w- c:\program files\PDF Maker Pilot Demo\pmpagenttsd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Powersuite Monitor]
2012-09-13 15:34 323936 ----a-w- c:\program files\Uniblue\Powersuite\powersuite_monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSwitch]
2012-03-02 20:00 5319224 ----a-w- c:\program files\Proxy Switcher Standard\ProxySwitcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 01:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RockMelt Update]
2013-04-14 08:44 136336 ----atw- c:\users\rhs.EXPERT\AppData\Local\RockMelt\Update\RockMeltUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2013-03-29 08:57 11930696 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyDrive]
2012-12-30 17:00 255992 ----a-w- c:\users\rhs.EXPERT\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-10-21 14:27 20549280 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundFrost]
2013-06-14 15:17 2106368 ----a-w- c:\program files\SoundFrost\SoundFrost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundFrost Service]
2013-06-14 15:17 338944 ----a-w- c:\program files\SoundFrost\SoundFrostService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start++]
2008-04-26 13:36 570880 ----a-w- c:\program files\Brandon Paddock\Start++\Start++.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartMenuX]
2013-04-25 09:40 4555584 ----a-w- c:\program files\Start Menu X\StartMenuX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 07:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreadManager.exe]
2013-07-25 19:16 10915608 ----a-w- c:\program files\Thread Manager\ThreadManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-08-27 10:53 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
2007-03-03 12:12 341488 ----a-w- c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]
2013-03-25 10:29 1298432 ----a-w- c:\program files\ViStart\ViStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViUpdater]
2013-01-11 15:16 122880 ----a-w- c:\program files\ViUpdater\ViUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinThemePack Logon]
2012-12-27 20:10 9920027 ----a-w- c:\program files\WinThemePack\The Avengers Logon Screen\tweak.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe" /LaunchType=Auto /LaunchApps=Common
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"IAAnotif"=c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"LManager"=c:\program files\Launch Manager\LManager.exe
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
.
R3 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\IObit\Advanced SystemCare 7\ASCService.exe [2013-10-25 878368]
R4 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [2013-04-18 574272]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-07-30 277736]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-09 11:11 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 10:03]
.
2013-10-19 c:\windows\Tasks\Driver Booster Startup.job
- c:\program files\IObit\Driver Booster\DriverBooster.exe [2013-07-21 09:39]
.
2013-10-19 c:\windows\Tasks\Driver Booster Update.job
- c:\program files\IObit\Driver Booster\AutoUpdate.exe [2013-07-21 09:12]
.
2013-10-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1869136784-2511684587-3108499956-1010Core.job
- c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-15 11:27]
.
2013-10-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1869136784-2511684587-3108499956-1010UA.job
- c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-15 11:27]
.
2013-11-12 c:\windows\Tasks\GlaryInitialize 3.job
- c:\program files\Glary Utilities 3\Initialize.exe [2013-10-09 01:42]
.
2013-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-12 20:26]
.
2013-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-12 20:26]
.
2013-09-13 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2013-09-13 19:17]
.
2013-02-05 c:\windows\Tasks\User_Feed_Synchronization-{8B373119-3C07-42D8-A6AF-3C5E274FDE1E}.job
- c:\windows\system32\msfeedssync.exe [2011-12-27 20:42]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = 37.59.81.65:3128
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Microsoft Excel'e &Ver
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Poslat jako MMS
IE: Poslat jako SMS
IE: Poslat MMS na
IE: Poslat SMS na
IE: WikiKomentáře Google...
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ7M\ICQ.exe
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\users\rhs.EXPERT\AppData\Roaming\Seznam.cz\bin\listicka.dll
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\windows\system32\LOILSP.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\rhs.EXPERT\AppData\Roaming\Mozilla\Firefox\Profiles\0sc2i8hz.default\
FF - ExtSQL: 2013-11-09 12:20; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\rhs.EXPERT\AppData\Roaming\Mozilla\Firefox\Profiles\0sc2i8hz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-11-09 12:21; {F53C93F1-07D5-430c-86D4-C9531B27DFAF}; c:\users\rhs.EXPERT\AppData\Roaming\Mozilla\Firefox\Profiles\0sc2i8hz.default\extensions\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}
FF - ExtSQL: 2013-11-09 12:21; support@lastpass.com; c:\users\rhs.EXPERT\AppData\Roaming\Mozilla\Firefox\Profiles\0sc2i8hz.default\extensions\support@lastpass.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-12 23:21
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
"ImagePath"="%SystemRoot%\System32\snmptrap.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Solarwinds: Job Broker]
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Solarwinds: Job Engine]
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Solarwinds: Job Scheduler]
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1869136784-2511684587-3108499956-1010\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A1C2E7F4-72A6-03B4-9036-EB6EE1DBA7AA}*]
"hahgnmdbcfgakken"=hex:69,61,62,65,67,6c,65,6b,6c,6e,69,6a,65,62,67,70,69,6b,
00,00
"ianfdmnoimjaajlpol"=hex:63,61,61,65,64,65,00,7f
"iabdhcmmcighmpcdba"=hex:6b,61,6e,64,69,6b,63,6b,69,6b,62,6e,62,61,6f,6b,67,65,
61,66,69,6f,00,00
"dbodialbpdgkfblkoekaccmfnfikkccoifjladle"=hex:68,61,65,61,6b,6b,63,69,62,63,
66,61,65,6d,70,6d,00,00
"jbodialbpdgkfblkoekafbpdhanfbchamdbgnbiflmnbiehcenhd"=hex:68,61,65,61,6b,6b,
63,69,62,63,66,61,65,6d,70,6d,00,00
"dbodialbpdgkfblkoekalbphjalnehpggleabedj"=hex:62,62,68,65,67,6a,62,6c,67,6d,
63,65,65,67,6a,69,61,61,64,6e,68,67,65,70,6b,65,6f,6d,67,70,6d,65,65,67,70,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3336)
c:\users\rhs.EXPERT\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlUI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\GDIExtendCtrl.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlOP.dll
c:\program files\EgisTec\MyWinLocker 3\x86\CryptoAPI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\ShowErrMsg.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG2013\avgrsx.exe
c:\program files\AVG\AVG2013\avgcsrvx.exe
c:\windows\system32\WLANExt.exe
c:\program files\AVG\AVG2013\avgfws.exe
c:\program files\AVG\AVG2013\avgidsagent.exe
c:\program files\AVG\AVG2013\avgwdsvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
c:\program files\AVG\AVG2013\avgnsx.exe
c:\program files\AVG\AVG2013\avgemcx.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\secpro.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\System32\tcpsvcs.exe
c:\program files\AVG\AVG2013\avgcsrvx.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2013-11-12 23:35:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-11-12 22:34
ComboFix2.txt 2013-11-12 13:51
ComboFix3.txt 2013-11-11 20:16
ComboFix4.txt 2013-11-09 14:49
ComboFix5.txt 2013-11-12 21:33
.
Před spuštěním: Volných bajtů: 215 397 896 192
Po spuštění: Volných bajtů: 214 888 845 312
.
- - End Of File - - 90D93E55F8F462AD299F344B79D62441
5C616939100B85E558DA92B899A0FC36
„Zeptáš-li se, budeš 5 minut vypadat jako blbec. Nezeptáš-li se, budeš blbcem po celý život.“
„Mnozí z těch, co žijí, by zasluhovali smrt. A mnozí z těch, co zemřeli, by si zasloužili žít.“ - John Ronald Reuel Tolkien
„Je lepší být nenáviděn pro to, jaký jsi, než být milován pro to, co nejsi.“ - Kurt Cobain
https://rhscz.eu
https://github.com/rhsCZ
Re: asi vir - kontrola logu
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:40:00, on 12.11.2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16514)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Program Files\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 37.59.81.65:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CortonExt - {2036470F-F17A-4171-BE34-4D1BCE1700E2} - C:\Program Files\Corton\CortonPlugin.dll
O2 - BHO: SMSender.E.ToolbarsHelper - {24BCDA96-8FCB-4D3B-0500-000000000004} - mscoree.dll (file missing)
O2 - BHO: SBCONVERT - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Pagealicious - {60C07B56-542E-4054-A503-4E9E08DF2F84} - C:\Program Files\Pagealicious\Pagealicious.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPlugin_Protection.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\MidpX\JadInvoker\MidpInvoker.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\MidpX\JadInvoker\MidpInvoker.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Fences] "C:\Program Files\Stardock\Fences\Fences.exe" /startup
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [SystemExplorerAutoStart] "C:\Program Files\System Explorer\SystemExplorer.exe" /TRAY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\bin\postak.exe" -s
O4 - HKCU\..\Run: [Switcher] "C:\Program Files\Switcher\Switcher.exe" /quiet
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 7\Suo10_SmartRAM.exe" /m
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock Plus\ObjectDock.exe
O4 - Global Startup: Acer VCM.lnk = ?
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Users\rhs.EXPERT\AppData\Roaming\Seznam.cz\bin\listicka.dll
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Users\rhs.EXPERT\AppData\Roaming\Seznam.cz\bin\listicka.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\ilannsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\loilsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files\Comodo\Dragon\dragon_updater.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - C:\Program Files\Hotspot Shield\bin\cmw_srv.exe (file missing)
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PSPR Control Service (PSPRSERV) - ElcomSoft Co. Ltd. - C:\Program Files\Elcomsoft Password Recovery\Proactive System Password Recovery\psprserv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Secure Storage (SecStore) - Unknown owner - C:\Windows\system32\secpro.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: System Explorer Service (SystemExplorerHelpService) - Mister Group - C:\Program Files\System Explorer\service\SystemExplorerService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
O23 - Service: Wise Boot Assistant (WiseBootAssistant) - WiseCleaner.com - C:\Program Files\Wise\Wise Care 365\BootTime.exe
--
End of file - 14161 bytes
P.S. problemy s odinstalací těch toolbarů nemohl jsem najít odinstalatory + nebyly ani mezi instalovanýma programama
stejně je v prohlížečích nemam tak se zeptám není to jedno?
Scan saved at 23:40:00, on 12.11.2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16514)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Program Files\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 37.59.81.65:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CortonExt - {2036470F-F17A-4171-BE34-4D1BCE1700E2} - C:\Program Files\Corton\CortonPlugin.dll
O2 - BHO: SMSender.E.ToolbarsHelper - {24BCDA96-8FCB-4D3B-0500-000000000004} - mscoree.dll (file missing)
O2 - BHO: SBCONVERT - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Pagealicious - {60C07B56-542E-4054-A503-4E9E08DF2F84} - C:\Program Files\Pagealicious\Pagealicious.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPlugin_Protection.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\MidpX\JadInvoker\MidpInvoker.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\MidpX\JadInvoker\MidpInvoker.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Fences] "C:\Program Files\Stardock\Fences\Fences.exe" /startup
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [SystemExplorerAutoStart] "C:\Program Files\System Explorer\SystemExplorer.exe" /TRAY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\bin\postak.exe" -s
O4 - HKCU\..\Run: [Switcher] "C:\Program Files\Switcher\Switcher.exe" /quiet
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 7\Suo10_SmartRAM.exe" /m
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock Plus\ObjectDock.exe
O4 - Global Startup: Acer VCM.lnk = ?
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Users\rhs.EXPERT\AppData\Roaming\Seznam.cz\bin\listicka.dll
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Users\rhs.EXPERT\AppData\Roaming\Seznam.cz\bin\listicka.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\ilannsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\loilsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files\Comodo\Dragon\dragon_updater.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - C:\Program Files\Hotspot Shield\bin\cmw_srv.exe (file missing)
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PSPR Control Service (PSPRSERV) - ElcomSoft Co. Ltd. - C:\Program Files\Elcomsoft Password Recovery\Proactive System Password Recovery\psprserv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Secure Storage (SecStore) - Unknown owner - C:\Windows\system32\secpro.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: System Explorer Service (SystemExplorerHelpService) - Mister Group - C:\Program Files\System Explorer\service\SystemExplorerService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
O23 - Service: Wise Boot Assistant (WiseBootAssistant) - WiseCleaner.com - C:\Program Files\Wise\Wise Care 365\BootTime.exe
--
End of file - 14161 bytes
P.S. problemy s odinstalací těch toolbarů nemohl jsem najít odinstalatory + nebyly ani mezi instalovanýma programama
stejně je v prohlížečích nemam tak se zeptám není to jedno?
„Zeptáš-li se, budeš 5 minut vypadat jako blbec. Nezeptáš-li se, budeš blbcem po celý život.“
„Mnozí z těch, co žijí, by zasluhovali smrt. A mnozí z těch, co zemřeli, by si zasloužili žít.“ - John Ronald Reuel Tolkien
„Je lepší být nenáviděn pro to, jaký jsi, než být milován pro to, co nejsi.“ - Kurt Cobain
https://rhscz.eu
https://github.com/rhsCZ
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43339
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: asi vir - kontrola logu
Asi jo.
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Script v Combofixu si zopakuj , v nouz. režimu.
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Kód: Vybrat vše
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SMSender.E.ToolbarsHelper - {24BCDA96-8FCB-4D3B-0500-000000000004} - mscoree.dll (file missing)
O2 - BHO: SBCONVERT - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
Script v Combofixu si zopakuj , v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: asi vir - kontrola logu
ComboFix 13-11-12.01 - rhs 13.11.2013 13:15:18.5.1 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3001.2225 [GMT 1:00]
Spuštěný z: c:\users\rhs.EXPERT\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\rhs.EXPERT\Desktop\CFScript.txt
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1869136784-2511684587-3108499956-1010Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1869136784-2511684587-3108499956-1010UA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Downloaded Installers
c:\program files\Downloaded Installers\{67cdd5a0-c572-4d2c-a354-6492b51f4138}\setup.msi
c:\program files\Google\Update
c:\program files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.21.165\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.165\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.21.165\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.21.165\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.21.165\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.21.165\goopdate.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_am.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_ar.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_bg.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_bn.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_ca.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_cs.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_da.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_de.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_el.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_en.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_es.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_et.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_fa.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_fi.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_fil.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_fr.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_gu.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_hi.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_hr.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_hu.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_id.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_is.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_it.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_iw.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_ja.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_kn.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_ko.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_lt.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_lv.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_ml.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_mr.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_ms.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_nl.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_no.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_pl.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_ro.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_ru.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_sk.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_sl.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_sr.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_sv.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_sw.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_ta.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_te.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_th.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_tr.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_uk.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_ur.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_vi.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.21.165\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.21.165\psmachine.dll
c:\program files\Google\Update\1.3.21.165\psuser.dll
c:\program files\Google\Update\Download\{0EB1C549-73F3-429A-9020-D445D2118530}\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{3C122445-AECE-4309-90B7-85A6AEF42AC0}\0.0.0.0\gsync.msi
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.165\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\30.0.1599.101\30.0.1599.101_30.0.1599.69_chrome_updater.exe
c:\program files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\30.0.1599.69\30.0.1599.69_30.0.1599.66_chrome_updater.exe
c:\program files\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\7.1.1.1888\GoogleEarth-Win-Bundle-7.1.1.1888.exe
c:\program files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\30.0.1599.101\30.0.1599.101_chrome_installer.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Google\Update\Install\{CB1D427A-7901-445E-A79D-4C9FAC4F248E}\30.0.1599.101_chrome_installer.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab
c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab\SearchNewTab.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab\Uninstall.lnk
c:\users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpilmeocdgkdlpcmjodfainboeiokij
c:\users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpilmeocdgkdlpcmjodfainboeiokij\1.0\4N0gTVzfs.js
c:\users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpilmeocdgkdlpcmjodfainboeiokij\1.0\background.html
c:\users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpilmeocdgkdlpcmjodfainboeiokij\1.0\content.js
c:\users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpilmeocdgkdlpcmjodfainboeiokij\1.0\lsdb.js
c:\users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpilmeocdgkdlpcmjodfainboeiokij\1.0\manifest.json
c:\users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpilmeocdgkdlpcmjodfainboeiokij\1.0\newtab.html
c:\users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpilmeocdgkdlpcmjodfainboeiokij\1.0\sqlite.js
c:\users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofehkkihifpbkdlepmhgflooanjcbcha
c:\users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofehkkihifpbkdlepmhgflooanjcbcha\5.10\background.html
c:\users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofehkkihifpbkdlepmhgflooanjcbcha\5.10\content.js
c:\users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofehkkihifpbkdlepmhgflooanjcbcha\5.10\lsdb.js
c:\users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofehkkihifpbkdlepmhgflooanjcbcha\5.10\manifest.json
c:\users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofehkkihifpbkdlepmhgflooanjcbcha\5.10\sqlite.js
c:\users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofehkkihifpbkdlepmhgflooanjcbcha\5.10\VM5ty.js
c:\users\expert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpilmeocdgkdlpcmjodfainboeiokij
c:\users\expert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpilmeocdgkdlpcmjodfainboeiokij\1.0\4N0gTVzfs.js
c:\users\expert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpilmeocdgkdlpcmjodfainboeiokij\1.0\background.html
c:\users\expert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpilmeocdgkdlpcmjodfainboeiokij\1.0\content.js
c:\users\expert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpilmeocdgkdlpcmjodfainboeiokij\1.0\lsdb.js
c:\users\expert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpilmeocdgkdlpcmjodfainboeiokij\1.0\manifest.json
c:\users\expert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpilmeocdgkdlpcmjodfainboeiokij\1.0\newtab.html
c:\users\expert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpilmeocdgkdlpcmjodfainboeiokij\1.0\sqlite.js
c:\users\expert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofehkkihifpbkdlepmhgflooanjcbcha
c:\users\expert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofehkkihifpbkdlepmhgflooanjcbcha\5.10\background.html
c:\users\expert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofehkkihifpbkdlepmhgflooanjcbcha\5.10\content.js
c:\users\expert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofehkkihifpbkdlepmhgflooanjcbcha\5.10\lsdb.js
c:\users\expert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofehkkihifpbkdlepmhgflooanjcbcha\5.10\manifest.json
c:\users\expert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofehkkihifpbkdlepmhgflooanjcbcha\5.10\sqlite.js
c:\users\expert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofehkkihifpbkdlepmhgflooanjcbcha\5.10\VM5ty.js
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdate.exe
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdateHelper.msi
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ar.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bg.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bn.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ca.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_cs.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_da.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_de.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_el.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en-GB.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es-419.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_et.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fa.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fi.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fil.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fr.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_gu.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hi.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hr.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hu.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_id.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_is.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_it.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_iw.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ja.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_kn.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ko.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lt.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lv.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ml.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_mr.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ms.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_nl.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_no.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_or.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pl.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-BR.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-PT.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ro.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ru.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sk.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sl.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sr.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sv.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ta.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_te.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_th.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_tr.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_uk.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ur.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_vi.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-CN.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-TW.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-13 do 2013-11-13 )))))))))))))))))))))))))))))))
.
.
2013-11-13 12:33 . 2013-11-13 12:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-11-13 12:33 . 2013-11-13 12:33 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-11-13 12:33 . 2013-11-13 12:33 -------- d-----w- c:\users\fbwuser\AppData\Local\temp
2013-11-13 12:33 . 2013-11-13 12:33 -------- d-----w- c:\users\expert\AppData\Local\temp
2013-11-13 12:33 . 2013-11-13 12:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-13 12:33 . 2013-11-13 12:33 -------- d-----w- c:\users\Andrea\AppData\Local\temp
2013-11-12 21:12 . 2013-11-12 21:24 -------- d-----w- c:\program files\Toolbar Uninstaller
2013-11-11 23:01 . 2013-11-11 23:01 -------- d-----w- c:\program files\Apache Software Foundation
2013-11-11 22:53 . 2013-11-11 23:01 -------- d-----w- c:\program files\glassfish-4.0
2013-11-11 22:30 . 2013-11-11 23:07 -------- d-----w- c:\program files\NetBeans 7.4
2013-11-11 21:56 . 2013-11-11 21:56 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-11-11 14:15 . 2013-11-11 14:15 -------- d-----w- c:\programdata\Uniblue
2013-11-10 19:21 . 2013-11-10 19:21 -------- d-----w- c:\windows\ERUNT
2013-11-09 17:00 . 2013-11-09 17:00 -------- d-----w- c:\programdata\Caphyon
2013-11-09 16:59 . 2013-11-09 16:59 -------- d-----w- c:\program files\TV Online
2013-11-09 16:59 . 2013-11-09 17:15 -------- d-----w- c:\programdata\regid.1995-09.com.example
2013-11-07 22:07 . 2013-11-07 22:07 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-11-07 22:06 . 2013-11-08 19:35 -------- d-----w- c:\programdata\ProductData
2013-11-07 21:56 . 2013-11-07 21:56 -------- d-----w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-11-07 21:41 . 2013-11-07 21:41 -------- d-----w- c:\users\expert\AppData\Local\Temp(9218)
2013-11-06 15:04 . 2013-11-10 19:48 -------- dc----w- C:\AdwCleaner
2013-11-06 14:22 . 2013-11-06 14:22 -------- d-----w- c:\programdata\Malwarebytes
2013-11-06 14:22 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-06 14:22 . 2013-11-06 14:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-05 23:07 . 2013-11-09 03:08 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-11-05 21:38 . 2013-11-05 21:38 -------- d-----w- c:\program files\SHOUTcast
2013-11-04 23:17 . 2013-11-04 23:22 -------- d---a-w- C:\cce_linux
2013-11-03 21:59 . 2013-11-09 03:09 -------- d-----w- c:\programdata\SystemExplorer
2013-11-03 21:58 . 2013-11-03 21:58 -------- d-----w- c:\program files\System Explorer
2013-11-03 21:52 . 2013-11-03 21:52 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2013-11-03 21:50 . 2013-11-03 21:51 -------- d-----w- c:\program files\Notebook Hardware Control
2013-11-03 21:42 . 2013-11-03 21:44 -------- d-----w- c:\program files\SpeedFan
2013-11-03 21:34 . 2013-11-09 03:09 -------- d-----w- c:\program files\Switcher
2013-11-03 21:33 . 2013-11-03 21:33 -------- d-----w- c:\program files\Smart PC Solutions
2013-11-03 21:24 . 2013-11-09 03:08 -------- d-----w- c:\program files\Brandon Paddock
2013-10-30 16:19 . 2013-11-09 03:11 -------- d-----w- c:\users\Admin
2013-10-28 17:46 . 2013-10-28 17:46 -------- d-----w- c:\program files\GameforgeLive
2013-10-27 18:57 . 2013-11-13 10:12 -------- d-----w- c:\program files\osu!
2013-10-22 14:02 . 2013-10-22 14:02 -------- d-----w- c:\programdata\GlarySoft
2013-10-21 18:47 . 2013-10-21 18:47 -------- dc----r- C:\MSOCache
2013-10-20 16:04 . 2013-11-11 21:58 -------- d-----w- c:\programdata\Oracle
2013-10-20 10:54 . 2013-10-20 10:54 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-10-20 10:53 . 2013-10-20 10:54 -------- d-----w- c:\program files\DAEMON Tools Lite
2013-10-20 10:34 . 2013-10-09 01:46 101664 ----a-w- c:\windows\system32\BootDefrag.exe
2013-10-20 10:34 . 2013-09-29 06:50 14080 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys
2013-10-20 10:32 . 2013-10-22 13:15 -------- d-----w- c:\program files\Glary Utilities 3
2013-10-19 08:53 . 2013-10-19 08:53 -------- d-----w- c:\users\rhs
2013-10-18 15:54 . 2013-05-22 16:49 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2013-10-18 15:54 . 2013-05-22 16:49 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2024-03-21 10:44 . 2010-11-15 09:27 246272 ----a-w- c:\windows\UNINST16.EXE
2013-11-09 10:03 . 2012-04-23 16:19 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-09 10:03 . 2011-05-17 07:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-19 22:15 . 2010-08-27 14:30 324096 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-09-22 10:22 . 2013-10-09 12:38 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-09-22 10:14 . 2013-10-09 12:38 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-09-22 10:13 . 2013-10-09 12:38 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-09-22 10:08 . 2013-10-09 12:38 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-09-22 10:06 . 2013-10-09 12:38 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-09-22 10:03 . 2013-10-09 12:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-12 16:11 . 2009-08-06 07:06 319456 ----a-w- c:\windows\DIFxAPI.dll
2013-09-09 23:34 . 2013-09-09 23:34 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-04 23:43 . 2013-09-04 23:43 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-09-03 19:14 . 2013-09-03 19:14 231760 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2013-08-31 15:57 . 2013-09-08 19:53 25464 ----a-w- c:\windows\system32\drivers\odminifilter.sys
2013-08-29 07:36 . 2013-10-09 12:06 2050048 ----a-w- c:\windows\system32\win32k.sys
2013-08-27 02:47 . 2013-10-09 12:07 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-08-27 02:47 . 2013-10-09 12:07 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-08-27 02:47 . 2013-10-09 12:07 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-08-27 02:47 . 2013-10-09 12:07 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-08-27 01:52 . 2013-10-09 12:07 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-08-27 01:50 . 2013-10-09 12:07 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-08-27 01:32 . 2013-10-09 12:07 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-08-27 01:28 . 2013-10-09 12:07 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-08-27 01:28 . 2013-10-09 12:07 798208 ----a-w- c:\windows\system32\FntCache.dll
2012-08-08 13:34 . 2012-08-08 13:34 10974280 ----a-w- c:\program files\Common Files\lpuninstall.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2013-11-08 19:32 752448 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{2036470F-F17A-4171-BE34-4D1BCE1700E2}]
2013-03-27 09:37 1751040 ----a-w- c:\program files\Corton\CortonPlugin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2010-11-03 22:10 2447360 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{60C07B56-542E-4054-A503-4E9E08DF2F84}]
2012-07-17 09:03 1816336 ----a-w- c:\program files\Pagealicious\Pagealicious.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-30 17:00 222712 ----a-w- c:\users\rhs.EXPERT\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_2\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-30 17:00 222712 ----a-w- c:\users\rhs.EXPERT\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_2\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-30 17:00 222712 ----a-w- c:\users\rhs.EXPERT\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_2\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\rhs.EXPERT\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\rhs.EXPERT\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\rhs.EXPERT\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 10:05 40496 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\bin\postak.exe" [2012-01-10 491040]
"Switcher"="c:\program files\Switcher\Switcher.exe" [2007-10-28 425984]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 7\Suo10_SmartRAM.exe" [2013-10-22 549184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-09-22 4411952]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2013-01-30 30192]
"Fences"="c:\program files\Stardock\Fences\Fences.exe" [2012-10-29 4017368]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-10 1833504]
"SystemExplorerAutoStart"="c:\program files\System Explorer\SystemExplorer.exe" [2013-05-16 2851784]
.
c:\users\rhs.EXPERT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock Plus\ObjectDock.exe [2011-11-12 4152536]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-8-6 565248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 14 (0xe)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2012-10-29 478936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
[BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoRun USB- Executive Edition.lnk]
backup=c:\windows\pss\AutoRun USB- Executive Edition.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hamachi.lnk]
backup=c:\windows\pss\Hamachi.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
backup=c:\windows\pss\Monitor Apache Servers.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OpenDNSCrypt.lnk]
backup=c:\windows\pss\OpenDNSCrypt.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoundFrost.lnk]
backup=c:\windows\pss\SoundFrost.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^rhs.EXPERT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
backup=c:\windows\pss\Facebook Messenger.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^rhs.EXPERT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Fences.lnk]
backup=c:\windows\pss\Fences.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^rhs.EXPERT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk]
backup=c:\windows\pss\IMVU.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^rhs.EXPERT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^User new.EXPERT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopVideoPlayer.lnk]
backup=c:\windows\pss\DesktopVideoPlayer.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^User new.EXPERT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk]
backup=c:\windows\pss\IMVU.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 04:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2012-03-09 14:26 1073312 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon]
c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 19:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AshSnap]
2013-07-04 07:57 3737424 ----a-w- c:\program files\Ashampoo\Ashampoo Snap 6\ashsnap.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clownfish]
2013-10-01 08:52 1278712 ----a-w- c:\program files\Clownfish\Clownfish.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-08-01 13:13 3673696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2013-03-28 17:40 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-02-13 02:37 1263952 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Driver Detective]
2013-08-28 11:26 3982232 ----a-w- c:\program files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM tray]
2012-11-29 09:32 2086984 ----a-w- c:\program files\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecLiveUpdate]
2008-10-27 13:09 199464 ----a-w- c:\program files\EgisTec Egis Software Update\EgisUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\File Bulldog Anti-phishing Domain Advisor]
2013-02-11 16:07 223808 ----a-w- c:\programdata\File Bulldog Anti-phishing Domain Advisor\filebulldog_antiphishing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com]
2010-08-09 12:47 248832 ----a-w- c:\program files\FileHippo.com\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-09-14 10:00 116648 ----atw- c:\users\rhs.EXPERT\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
2013-09-25 16:37 20133824 ----a-w- c:\program files\Google\Drive\googledrivesync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-10-28 10:18 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2013-01-09 17:14 127040 ----a-w- c:\program files\ICQ7M\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 16:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keepvid]
2013-06-10 15:59 1120256 ----a-w- c:\program files\SoundFrost\keepvid.com.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2013-06-28 12:02 2255184 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Minecraft Tweaker Updater]
2013-09-17 21:44 554496 ----a-w- c:\users\rhs.EXPERT\AppData\Roaming\.minecraft\MinecraftTweakerUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMServerListAutoUpdater]
2012-12-10 11:36 302843 ----a-w- c:\program files\VUGames\SWAT 4\Content\System\MMServerListAutoUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyPrintScreen]
2013-05-02 10:12 232448 ----a-w- c:\program files\SoundFrost\MyPrintScreen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NotebookHardwareControl]
2007-05-04 16:16 2629632 ----a-w- c:\program files\Notebook Hardware Control\nhc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Maker Pilot (demo) printing agent]
2006-01-27 13:54 65536 ----a-w- c:\program files\PDF Maker Pilot Demo\pmpagenttsd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Powersuite Monitor]
2012-09-13 15:34 323936 ----a-w- c:\program files\Uniblue\Powersuite\powersuite_monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSwitch]
2012-03-02 20:00 5319224 ----a-w- c:\program files\Proxy Switcher Standard\ProxySwitcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 01:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RockMelt Update]
2013-04-14 08:44 136336 ----atw- c:\users\rhs.EXPERT\AppData\Local\RockMelt\Update\RockMeltUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2013-03-29 08:57 11930696 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyDrive]
2012-12-30 17:00 255992 ----a-w- c:\users\rhs.EXPERT\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-10-21 14:27 20549280 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundFrost]
2013-06-14 15:17 2106368 ----a-w- c:\program files\SoundFrost\SoundFrost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundFrost Service]
2013-06-14 15:17 338944 ----a-w- c:\program files\SoundFrost\SoundFrostService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start++]
2008-04-26 13:36 570880 ----a-w- c:\program files\Brandon Paddock\Start++\Start++.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartMenuX]
2013-04-25 09:40 4555584 ----a-w- c:\program files\Start Menu X\StartMenuX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 07:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreadManager.exe]
2013-07-25 19:16 10915608 ----a-w- c:\program files\Thread Manager\ThreadManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-08-27 10:53 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
2007-03-03 12:12 341488 ----a-w- c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]
2013-03-25 10:29 1298432 ----a-w- c:\program files\ViStart\ViStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViUpdater]
2013-01-11 15:16 122880 ----a-w- c:\program files\ViUpdater\ViUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinThemePack Logon]
2012-12-27 20:10 9920027 ----a-w- c:\program files\WinThemePack\The Avengers Logon Screen\tweak.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe" /LaunchType=Auto /LaunchApps=Common
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"IAAnotif"=c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"LManager"=c:\program files\Launch Manager\LManager.exe
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
.
R3 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\IObit\Advanced SystemCare 7\ASCService.exe [2013-10-25 878368]
R4 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [2013-04-18 574272]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-07-30 277736]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-09 11:11 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 10:03]
.
2013-10-19 c:\windows\Tasks\Driver Booster Startup.job
- c:\program files\IObit\Driver Booster\DriverBooster.exe [2013-07-21 09:39]
.
2013-10-19 c:\windows\Tasks\Driver Booster Update.job
- c:\program files\IObit\Driver Booster\AutoUpdate.exe [2013-07-21 09:12]
.
2013-11-13 c:\windows\Tasks\GlaryInitialize 3.job
- c:\program files\Glary Utilities 3\Initialize.exe [2013-10-09 01:42]
.
2013-09-13 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2013-09-13 19:17]
.
2013-02-05 c:\windows\Tasks\User_Feed_Synchronization-{8B373119-3C07-42D8-A6AF-3C5E274FDE1E}.job
- c:\windows\system32\msfeedssync.exe [2011-12-27 20:42]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = 37.59.81.65:3128
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Microsoft Excel'e &Ver
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Poslat jako MMS
IE: Poslat jako SMS
IE: Poslat MMS na
IE: Poslat SMS na
IE: WikiKomentáře Google...
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ7M\ICQ.exe
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\users\rhs.EXPERT\AppData\Roaming\Seznam.cz\bin\listicka.dll
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\windows\system32\LOILSP.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\rhs.EXPERT\AppData\Roaming\Mozilla\Firefox\Profiles\0sc2i8hz.default\
FF - ExtSQL: 2013-11-09 12:20; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\rhs.EXPERT\AppData\Roaming\Mozilla\Firefox\Profiles\0sc2i8hz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-11-09 12:21; {F53C93F1-07D5-430c-86D4-C9531B27DFAF}; c:\users\rhs.EXPERT\AppData\Roaming\Mozilla\Firefox\Profiles\0sc2i8hz.default\extensions\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}
FF - ExtSQL: 2013-11-09 12:21; support@lastpass.com; c:\users\rhs.EXPERT\AppData\Roaming\Mozilla\Firefox\Profiles\0sc2i8hz.default\extensions\support@lastpass.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-13 13:44
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
"ImagePath"="%SystemRoot%\System32\snmptrap.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\Solarwinds: Job Broker]
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\Solarwinds: Job Engine]
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\Solarwinds: Job Scheduler]
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1869136784-2511684587-3108499956-1010\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A1C2E7F4-72A6-03B4-9036-EB6EE1DBA7AA}*]
"hahgnmdbcfgakken"=hex:69,61,62,65,67,6c,65,6b,6c,6e,69,6a,65,62,67,70,69,6b,
00,00
"ianfdmnoimjaajlpol"=hex:63,61,61,65,64,65,00,7f
"iabdhcmmcighmpcdba"=hex:6b,61,6e,64,69,6b,63,6b,69,6b,62,6e,62,61,6f,6b,67,65,
61,66,69,6f,00,00
"dbodialbpdgkfblkoekaccmfnfikkccoifjladle"=hex:68,61,65,61,6b,6b,63,69,62,63,
66,61,65,6d,70,6d,00,00
"jbodialbpdgkfblkoekafbpdhanfbchamdbgnbiflmnbiehcenhd"=hex:68,61,65,61,6b,6b,
63,69,62,63,66,61,65,6d,70,6d,00,00
"dbodialbpdgkfblkoekalbphjalnehpggleabedj"=hex:62,62,68,65,67,6a,62,6c,67,6d,
63,65,65,67,6a,69,61,61,64,6e,68,67,65,70,6b,65,6f,6d,67,70,6d,65,65,67,70,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(4032)
c:\users\rhs.EXPERT\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlUI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\GDIExtendCtrl.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlOP.dll
c:\program files\EgisTec\MyWinLocker 3\x86\CryptoAPI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\ShowErrMsg.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
c:\program files\Bonjour\mdnsNSP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG2013\avgrsx.exe
c:\program files\AVG\AVG2013\avgcsrvx.exe
c:\windows\system32\WLANExt.exe
c:\program files\AVG\AVG2013\avgfws.exe
c:\program files\AVG\AVG2013\avgidsagent.exe
c:\program files\AVG\AVG2013\avgwdsvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\AVG\AVG2013\avgnsx.exe
c:\program files\AVG\AVG2013\avgemcx.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\secpro.exe
c:\windows\System32\tcpsvcs.exe
c:\program files\AVG\AVG2013\avgcsrvx.exe
.
**************************************************************************
.
Celkový čas: 2013-11-13 14:01:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-11-13 13:01
ComboFix2.txt 2013-11-12 22:35
ComboFix3.txt 2013-11-12 13:51
ComboFix4.txt 2013-11-11 20:16
ComboFix5.txt 2013-11-13 11:44
.
Před spuštěním: Volných bajtů: 210 563 235 840
Po spuštění: Volných bajtů: 210 404 286 464
.
- - End Of File - - 68CB87B84430249C1EAC404667C1D76A
5C616939100B85E558DA92B899A0FC36
P.S. pokud jsem dobře pochopil podle "Script v Combofixu si zopakuj , v nouz. režimu.", že mam CFScript spustit v combofixu v nouzovém režimu windows
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3001.2225 [GMT 1:00]
Spuštěný z: c:\users\rhs.EXPERT\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\rhs.EXPERT\Desktop\CFScript.txt
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1869136784-2511684587-3108499956-1010Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1869136784-2511684587-3108499956-1010UA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Downloaded Installers
c:\program files\Downloaded Installers\{67cdd5a0-c572-4d2c-a354-6492b51f4138}\setup.msi
c:\program files\Google\Update
c:\program files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.21.165\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.165\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.21.165\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.21.165\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.21.165\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.21.165\goopdate.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_am.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_ar.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_bg.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_bn.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_ca.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_cs.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_da.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_de.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_el.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_en.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_es.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_et.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_fa.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_fi.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_fil.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_fr.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_gu.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_hi.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_hr.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_hu.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_id.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_is.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_it.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_iw.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_ja.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_kn.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_ko.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_lt.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_lv.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_ml.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_mr.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_ms.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_nl.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_no.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_pl.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_ro.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_ru.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_sk.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_sl.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_sr.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_sv.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_sw.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_ta.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_te.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_th.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_tr.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_uk.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_ur.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_vi.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.21.165\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.21.165\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.21.165\psmachine.dll
c:\program files\Google\Update\1.3.21.165\psuser.dll
c:\program files\Google\Update\Download\{0EB1C549-73F3-429A-9020-D445D2118530}\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{3C122445-AECE-4309-90B7-85A6AEF42AC0}\0.0.0.0\gsync.msi
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.165\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\30.0.1599.101\30.0.1599.101_30.0.1599.69_chrome_updater.exe
c:\program files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\30.0.1599.69\30.0.1599.69_30.0.1599.66_chrome_updater.exe
c:\program files\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\7.1.1.1888\GoogleEarth-Win-Bundle-7.1.1.1888.exe
c:\program files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\30.0.1599.101\30.0.1599.101_chrome_installer.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Google\Update\Install\{CB1D427A-7901-445E-A79D-4C9FAC4F248E}\30.0.1599.101_chrome_installer.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab
c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab\SearchNewTab.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab\Uninstall.lnk
c:\users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpilmeocdgkdlpcmjodfainboeiokij
c:\users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpilmeocdgkdlpcmjodfainboeiokij\1.0\4N0gTVzfs.js
c:\users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpilmeocdgkdlpcmjodfainboeiokij\1.0\background.html
c:\users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpilmeocdgkdlpcmjodfainboeiokij\1.0\content.js
c:\users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpilmeocdgkdlpcmjodfainboeiokij\1.0\lsdb.js
c:\users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpilmeocdgkdlpcmjodfainboeiokij\1.0\manifest.json
c:\users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpilmeocdgkdlpcmjodfainboeiokij\1.0\newtab.html
c:\users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpilmeocdgkdlpcmjodfainboeiokij\1.0\sqlite.js
c:\users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofehkkihifpbkdlepmhgflooanjcbcha
c:\users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofehkkihifpbkdlepmhgflooanjcbcha\5.10\background.html
c:\users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofehkkihifpbkdlepmhgflooanjcbcha\5.10\content.js
c:\users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofehkkihifpbkdlepmhgflooanjcbcha\5.10\lsdb.js
c:\users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofehkkihifpbkdlepmhgflooanjcbcha\5.10\manifest.json
c:\users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofehkkihifpbkdlepmhgflooanjcbcha\5.10\sqlite.js
c:\users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofehkkihifpbkdlepmhgflooanjcbcha\5.10\VM5ty.js
c:\users\expert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpilmeocdgkdlpcmjodfainboeiokij
c:\users\expert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpilmeocdgkdlpcmjodfainboeiokij\1.0\4N0gTVzfs.js
c:\users\expert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpilmeocdgkdlpcmjodfainboeiokij\1.0\background.html
c:\users\expert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpilmeocdgkdlpcmjodfainboeiokij\1.0\content.js
c:\users\expert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpilmeocdgkdlpcmjodfainboeiokij\1.0\lsdb.js
c:\users\expert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpilmeocdgkdlpcmjodfainboeiokij\1.0\manifest.json
c:\users\expert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpilmeocdgkdlpcmjodfainboeiokij\1.0\newtab.html
c:\users\expert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpilmeocdgkdlpcmjodfainboeiokij\1.0\sqlite.js
c:\users\expert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofehkkihifpbkdlepmhgflooanjcbcha
c:\users\expert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofehkkihifpbkdlepmhgflooanjcbcha\5.10\background.html
c:\users\expert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofehkkihifpbkdlepmhgflooanjcbcha\5.10\content.js
c:\users\expert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofehkkihifpbkdlepmhgflooanjcbcha\5.10\lsdb.js
c:\users\expert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofehkkihifpbkdlepmhgflooanjcbcha\5.10\manifest.json
c:\users\expert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofehkkihifpbkdlepmhgflooanjcbcha\5.10\sqlite.js
c:\users\expert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofehkkihifpbkdlepmhgflooanjcbcha\5.10\VM5ty.js
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdate.exe
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdateHelper.msi
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ar.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bg.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bn.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ca.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_cs.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_da.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_de.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_el.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en-GB.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es-419.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_et.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fa.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fi.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fil.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fr.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_gu.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hi.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hr.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hu.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_id.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_is.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_it.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_iw.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ja.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_kn.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ko.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lt.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lv.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ml.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_mr.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ms.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_nl.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_no.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_or.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pl.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-BR.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-PT.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ro.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ru.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sk.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sl.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sr.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sv.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ta.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_te.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_th.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_tr.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_uk.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ur.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_vi.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-CN.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-TW.dll
c:\users\rhs.EXPERT\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-13 do 2013-11-13 )))))))))))))))))))))))))))))))
.
.
2013-11-13 12:33 . 2013-11-13 12:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-11-13 12:33 . 2013-11-13 12:33 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-11-13 12:33 . 2013-11-13 12:33 -------- d-----w- c:\users\fbwuser\AppData\Local\temp
2013-11-13 12:33 . 2013-11-13 12:33 -------- d-----w- c:\users\expert\AppData\Local\temp
2013-11-13 12:33 . 2013-11-13 12:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-13 12:33 . 2013-11-13 12:33 -------- d-----w- c:\users\Andrea\AppData\Local\temp
2013-11-12 21:12 . 2013-11-12 21:24 -------- d-----w- c:\program files\Toolbar Uninstaller
2013-11-11 23:01 . 2013-11-11 23:01 -------- d-----w- c:\program files\Apache Software Foundation
2013-11-11 22:53 . 2013-11-11 23:01 -------- d-----w- c:\program files\glassfish-4.0
2013-11-11 22:30 . 2013-11-11 23:07 -------- d-----w- c:\program files\NetBeans 7.4
2013-11-11 21:56 . 2013-11-11 21:56 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-11-11 14:15 . 2013-11-11 14:15 -------- d-----w- c:\programdata\Uniblue
2013-11-10 19:21 . 2013-11-10 19:21 -------- d-----w- c:\windows\ERUNT
2013-11-09 17:00 . 2013-11-09 17:00 -------- d-----w- c:\programdata\Caphyon
2013-11-09 16:59 . 2013-11-09 16:59 -------- d-----w- c:\program files\TV Online
2013-11-09 16:59 . 2013-11-09 17:15 -------- d-----w- c:\programdata\regid.1995-09.com.example
2013-11-07 22:07 . 2013-11-07 22:07 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-11-07 22:06 . 2013-11-08 19:35 -------- d-----w- c:\programdata\ProductData
2013-11-07 21:56 . 2013-11-07 21:56 -------- d-----w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-11-07 21:41 . 2013-11-07 21:41 -------- d-----w- c:\users\expert\AppData\Local\Temp(9218)
2013-11-06 15:04 . 2013-11-10 19:48 -------- dc----w- C:\AdwCleaner
2013-11-06 14:22 . 2013-11-06 14:22 -------- d-----w- c:\programdata\Malwarebytes
2013-11-06 14:22 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-06 14:22 . 2013-11-06 14:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-05 23:07 . 2013-11-09 03:08 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-11-05 21:38 . 2013-11-05 21:38 -------- d-----w- c:\program files\SHOUTcast
2013-11-04 23:17 . 2013-11-04 23:22 -------- d---a-w- C:\cce_linux
2013-11-03 21:59 . 2013-11-09 03:09 -------- d-----w- c:\programdata\SystemExplorer
2013-11-03 21:58 . 2013-11-03 21:58 -------- d-----w- c:\program files\System Explorer
2013-11-03 21:52 . 2013-11-03 21:52 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2013-11-03 21:50 . 2013-11-03 21:51 -------- d-----w- c:\program files\Notebook Hardware Control
2013-11-03 21:42 . 2013-11-03 21:44 -------- d-----w- c:\program files\SpeedFan
2013-11-03 21:34 . 2013-11-09 03:09 -------- d-----w- c:\program files\Switcher
2013-11-03 21:33 . 2013-11-03 21:33 -------- d-----w- c:\program files\Smart PC Solutions
2013-11-03 21:24 . 2013-11-09 03:08 -------- d-----w- c:\program files\Brandon Paddock
2013-10-30 16:19 . 2013-11-09 03:11 -------- d-----w- c:\users\Admin
2013-10-28 17:46 . 2013-10-28 17:46 -------- d-----w- c:\program files\GameforgeLive
2013-10-27 18:57 . 2013-11-13 10:12 -------- d-----w- c:\program files\osu!
2013-10-22 14:02 . 2013-10-22 14:02 -------- d-----w- c:\programdata\GlarySoft
2013-10-21 18:47 . 2013-10-21 18:47 -------- dc----r- C:\MSOCache
2013-10-20 16:04 . 2013-11-11 21:58 -------- d-----w- c:\programdata\Oracle
2013-10-20 10:54 . 2013-10-20 10:54 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-10-20 10:53 . 2013-10-20 10:54 -------- d-----w- c:\program files\DAEMON Tools Lite
2013-10-20 10:34 . 2013-10-09 01:46 101664 ----a-w- c:\windows\system32\BootDefrag.exe
2013-10-20 10:34 . 2013-09-29 06:50 14080 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys
2013-10-20 10:32 . 2013-10-22 13:15 -------- d-----w- c:\program files\Glary Utilities 3
2013-10-19 08:53 . 2013-10-19 08:53 -------- d-----w- c:\users\rhs
2013-10-18 15:54 . 2013-05-22 16:49 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2013-10-18 15:54 . 2013-05-22 16:49 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2024-03-21 10:44 . 2010-11-15 09:27 246272 ----a-w- c:\windows\UNINST16.EXE
2013-11-09 10:03 . 2012-04-23 16:19 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-09 10:03 . 2011-05-17 07:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-19 22:15 . 2010-08-27 14:30 324096 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-09-22 10:22 . 2013-10-09 12:38 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-09-22 10:14 . 2013-10-09 12:38 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-09-22 10:13 . 2013-10-09 12:38 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-09-22 10:08 . 2013-10-09 12:38 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-09-22 10:06 . 2013-10-09 12:38 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-09-22 10:03 . 2013-10-09 12:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-12 16:11 . 2009-08-06 07:06 319456 ----a-w- c:\windows\DIFxAPI.dll
2013-09-09 23:34 . 2013-09-09 23:34 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-04 23:43 . 2013-09-04 23:43 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-09-03 19:14 . 2013-09-03 19:14 231760 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2013-08-31 15:57 . 2013-09-08 19:53 25464 ----a-w- c:\windows\system32\drivers\odminifilter.sys
2013-08-29 07:36 . 2013-10-09 12:06 2050048 ----a-w- c:\windows\system32\win32k.sys
2013-08-27 02:47 . 2013-10-09 12:07 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-08-27 02:47 . 2013-10-09 12:07 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-08-27 02:47 . 2013-10-09 12:07 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-08-27 02:47 . 2013-10-09 12:07 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-08-27 01:52 . 2013-10-09 12:07 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-08-27 01:50 . 2013-10-09 12:07 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-08-27 01:32 . 2013-10-09 12:07 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-08-27 01:28 . 2013-10-09 12:07 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-08-27 01:28 . 2013-10-09 12:07 798208 ----a-w- c:\windows\system32\FntCache.dll
2012-08-08 13:34 . 2012-08-08 13:34 10974280 ----a-w- c:\program files\Common Files\lpuninstall.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2013-11-08 19:32 752448 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{2036470F-F17A-4171-BE34-4D1BCE1700E2}]
2013-03-27 09:37 1751040 ----a-w- c:\program files\Corton\CortonPlugin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2010-11-03 22:10 2447360 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{60C07B56-542E-4054-A503-4E9E08DF2F84}]
2012-07-17 09:03 1816336 ----a-w- c:\program files\Pagealicious\Pagealicious.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-30 17:00 222712 ----a-w- c:\users\rhs.EXPERT\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_2\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-30 17:00 222712 ----a-w- c:\users\rhs.EXPERT\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_2\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-30 17:00 222712 ----a-w- c:\users\rhs.EXPERT\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_2\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\rhs.EXPERT\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\rhs.EXPERT\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\rhs.EXPERT\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 10:05 40496 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\bin\postak.exe" [2012-01-10 491040]
"Switcher"="c:\program files\Switcher\Switcher.exe" [2007-10-28 425984]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 7\Suo10_SmartRAM.exe" [2013-10-22 549184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-09-22 4411952]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2013-01-30 30192]
"Fences"="c:\program files\Stardock\Fences\Fences.exe" [2012-10-29 4017368]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-10 1833504]
"SystemExplorerAutoStart"="c:\program files\System Explorer\SystemExplorer.exe" [2013-05-16 2851784]
.
c:\users\rhs.EXPERT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock Plus\ObjectDock.exe [2011-11-12 4152536]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-8-6 565248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 14 (0xe)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2012-10-29 478936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
[BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoRun USB- Executive Edition.lnk]
backup=c:\windows\pss\AutoRun USB- Executive Edition.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hamachi.lnk]
backup=c:\windows\pss\Hamachi.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
backup=c:\windows\pss\Monitor Apache Servers.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OpenDNSCrypt.lnk]
backup=c:\windows\pss\OpenDNSCrypt.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoundFrost.lnk]
backup=c:\windows\pss\SoundFrost.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^rhs.EXPERT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
backup=c:\windows\pss\Facebook Messenger.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^rhs.EXPERT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Fences.lnk]
backup=c:\windows\pss\Fences.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^rhs.EXPERT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk]
backup=c:\windows\pss\IMVU.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^rhs.EXPERT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^User new.EXPERT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopVideoPlayer.lnk]
backup=c:\windows\pss\DesktopVideoPlayer.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^User new.EXPERT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk]
backup=c:\windows\pss\IMVU.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 04:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2012-03-09 14:26 1073312 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon]
c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 19:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AshSnap]
2013-07-04 07:57 3737424 ----a-w- c:\program files\Ashampoo\Ashampoo Snap 6\ashsnap.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clownfish]
2013-10-01 08:52 1278712 ----a-w- c:\program files\Clownfish\Clownfish.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-08-01 13:13 3673696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2013-03-28 17:40 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-02-13 02:37 1263952 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Driver Detective]
2013-08-28 11:26 3982232 ----a-w- c:\program files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM tray]
2012-11-29 09:32 2086984 ----a-w- c:\program files\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecLiveUpdate]
2008-10-27 13:09 199464 ----a-w- c:\program files\EgisTec Egis Software Update\EgisUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\File Bulldog Anti-phishing Domain Advisor]
2013-02-11 16:07 223808 ----a-w- c:\programdata\File Bulldog Anti-phishing Domain Advisor\filebulldog_antiphishing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com]
2010-08-09 12:47 248832 ----a-w- c:\program files\FileHippo.com\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-09-14 10:00 116648 ----atw- c:\users\rhs.EXPERT\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
2013-09-25 16:37 20133824 ----a-w- c:\program files\Google\Drive\googledrivesync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-10-28 10:18 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2013-01-09 17:14 127040 ----a-w- c:\program files\ICQ7M\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 16:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keepvid]
2013-06-10 15:59 1120256 ----a-w- c:\program files\SoundFrost\keepvid.com.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2013-06-28 12:02 2255184 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Minecraft Tweaker Updater]
2013-09-17 21:44 554496 ----a-w- c:\users\rhs.EXPERT\AppData\Roaming\.minecraft\MinecraftTweakerUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMServerListAutoUpdater]
2012-12-10 11:36 302843 ----a-w- c:\program files\VUGames\SWAT 4\Content\System\MMServerListAutoUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyPrintScreen]
2013-05-02 10:12 232448 ----a-w- c:\program files\SoundFrost\MyPrintScreen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NotebookHardwareControl]
2007-05-04 16:16 2629632 ----a-w- c:\program files\Notebook Hardware Control\nhc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Maker Pilot (demo) printing agent]
2006-01-27 13:54 65536 ----a-w- c:\program files\PDF Maker Pilot Demo\pmpagenttsd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Powersuite Monitor]
2012-09-13 15:34 323936 ----a-w- c:\program files\Uniblue\Powersuite\powersuite_monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSwitch]
2012-03-02 20:00 5319224 ----a-w- c:\program files\Proxy Switcher Standard\ProxySwitcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 01:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RockMelt Update]
2013-04-14 08:44 136336 ----atw- c:\users\rhs.EXPERT\AppData\Local\RockMelt\Update\RockMeltUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2013-03-29 08:57 11930696 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyDrive]
2012-12-30 17:00 255992 ----a-w- c:\users\rhs.EXPERT\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-10-21 14:27 20549280 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundFrost]
2013-06-14 15:17 2106368 ----a-w- c:\program files\SoundFrost\SoundFrost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundFrost Service]
2013-06-14 15:17 338944 ----a-w- c:\program files\SoundFrost\SoundFrostService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start++]
2008-04-26 13:36 570880 ----a-w- c:\program files\Brandon Paddock\Start++\Start++.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartMenuX]
2013-04-25 09:40 4555584 ----a-w- c:\program files\Start Menu X\StartMenuX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 07:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreadManager.exe]
2013-07-25 19:16 10915608 ----a-w- c:\program files\Thread Manager\ThreadManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-08-27 10:53 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
2007-03-03 12:12 341488 ----a-w- c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]
2013-03-25 10:29 1298432 ----a-w- c:\program files\ViStart\ViStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViUpdater]
2013-01-11 15:16 122880 ----a-w- c:\program files\ViUpdater\ViUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinThemePack Logon]
2012-12-27 20:10 9920027 ----a-w- c:\program files\WinThemePack\The Avengers Logon Screen\tweak.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe" /LaunchType=Auto /LaunchApps=Common
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"IAAnotif"=c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"LManager"=c:\program files\Launch Manager\LManager.exe
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
.
R3 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\IObit\Advanced SystemCare 7\ASCService.exe [2013-10-25 878368]
R4 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [2013-04-18 574272]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-07-30 277736]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-09 11:11 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 10:03]
.
2013-10-19 c:\windows\Tasks\Driver Booster Startup.job
- c:\program files\IObit\Driver Booster\DriverBooster.exe [2013-07-21 09:39]
.
2013-10-19 c:\windows\Tasks\Driver Booster Update.job
- c:\program files\IObit\Driver Booster\AutoUpdate.exe [2013-07-21 09:12]
.
2013-11-13 c:\windows\Tasks\GlaryInitialize 3.job
- c:\program files\Glary Utilities 3\Initialize.exe [2013-10-09 01:42]
.
2013-09-13 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2013-09-13 19:17]
.
2013-02-05 c:\windows\Tasks\User_Feed_Synchronization-{8B373119-3C07-42D8-A6AF-3C5E274FDE1E}.job
- c:\windows\system32\msfeedssync.exe [2011-12-27 20:42]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = 37.59.81.65:3128
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Microsoft Excel'e &Ver
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Poslat jako MMS
IE: Poslat jako SMS
IE: Poslat MMS na
IE: Poslat SMS na
IE: WikiKomentáře Google...
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ7M\ICQ.exe
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\users\rhs.EXPERT\AppData\Roaming\Seznam.cz\bin\listicka.dll
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\windows\system32\LOILSP.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\rhs.EXPERT\AppData\Roaming\Mozilla\Firefox\Profiles\0sc2i8hz.default\
FF - ExtSQL: 2013-11-09 12:20; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\rhs.EXPERT\AppData\Roaming\Mozilla\Firefox\Profiles\0sc2i8hz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-11-09 12:21; {F53C93F1-07D5-430c-86D4-C9531B27DFAF}; c:\users\rhs.EXPERT\AppData\Roaming\Mozilla\Firefox\Profiles\0sc2i8hz.default\extensions\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}
FF - ExtSQL: 2013-11-09 12:21; support@lastpass.com; c:\users\rhs.EXPERT\AppData\Roaming\Mozilla\Firefox\Profiles\0sc2i8hz.default\extensions\support@lastpass.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-13 13:44
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
"ImagePath"="%SystemRoot%\System32\snmptrap.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\Solarwinds: Job Broker]
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\Solarwinds: Job Engine]
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\Solarwinds: Job Scheduler]
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1869136784-2511684587-3108499956-1010\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A1C2E7F4-72A6-03B4-9036-EB6EE1DBA7AA}*]
"hahgnmdbcfgakken"=hex:69,61,62,65,67,6c,65,6b,6c,6e,69,6a,65,62,67,70,69,6b,
00,00
"ianfdmnoimjaajlpol"=hex:63,61,61,65,64,65,00,7f
"iabdhcmmcighmpcdba"=hex:6b,61,6e,64,69,6b,63,6b,69,6b,62,6e,62,61,6f,6b,67,65,
61,66,69,6f,00,00
"dbodialbpdgkfblkoekaccmfnfikkccoifjladle"=hex:68,61,65,61,6b,6b,63,69,62,63,
66,61,65,6d,70,6d,00,00
"jbodialbpdgkfblkoekafbpdhanfbchamdbgnbiflmnbiehcenhd"=hex:68,61,65,61,6b,6b,
63,69,62,63,66,61,65,6d,70,6d,00,00
"dbodialbpdgkfblkoekalbphjalnehpggleabedj"=hex:62,62,68,65,67,6a,62,6c,67,6d,
63,65,65,67,6a,69,61,61,64,6e,68,67,65,70,6b,65,6f,6d,67,70,6d,65,65,67,70,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(4032)
c:\users\rhs.EXPERT\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlUI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\GDIExtendCtrl.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlOP.dll
c:\program files\EgisTec\MyWinLocker 3\x86\CryptoAPI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\ShowErrMsg.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
c:\program files\Bonjour\mdnsNSP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG2013\avgrsx.exe
c:\program files\AVG\AVG2013\avgcsrvx.exe
c:\windows\system32\WLANExt.exe
c:\program files\AVG\AVG2013\avgfws.exe
c:\program files\AVG\AVG2013\avgidsagent.exe
c:\program files\AVG\AVG2013\avgwdsvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\AVG\AVG2013\avgnsx.exe
c:\program files\AVG\AVG2013\avgemcx.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\secpro.exe
c:\windows\System32\tcpsvcs.exe
c:\program files\AVG\AVG2013\avgcsrvx.exe
.
**************************************************************************
.
Celkový čas: 2013-11-13 14:01:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-11-13 13:01
ComboFix2.txt 2013-11-12 22:35
ComboFix3.txt 2013-11-12 13:51
ComboFix4.txt 2013-11-11 20:16
ComboFix5.txt 2013-11-13 11:44
.
Před spuštěním: Volných bajtů: 210 563 235 840
Po spuštění: Volných bajtů: 210 404 286 464
.
- - End Of File - - 68CB87B84430249C1EAC404667C1D76A
5C616939100B85E558DA92B899A0FC36
P.S. pokud jsem dobře pochopil podle "Script v Combofixu si zopakuj , v nouz. režimu.", že mam CFScript spustit v combofixu v nouzovém režimu windows
„Zeptáš-li se, budeš 5 minut vypadat jako blbec. Nezeptáš-li se, budeš blbcem po celý život.“
„Mnozí z těch, co žijí, by zasluhovali smrt. A mnozí z těch, co zemřeli, by si zasloužili žít.“ - John Ronald Reuel Tolkien
„Je lepší být nenáviděn pro to, jaký jsi, než být milován pro to, co nejsi.“ - Kurt Cobain
https://rhscz.eu
https://github.com/rhsCZ
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43339
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: asi vir - kontrola logu
tak , tak.
c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}--tuto složku smaž.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
Stáhni si OTC
na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.
Stáhni si na svojí plochu StartupLite .exe by MalwareBytes
Tento program identifikuje a dává volbu k odstranění nepotřebných položek k vyprázdnění paměti.
Poklepej na ikonu StartupLite.exe (by MalwareBytes ) ke spuštění programu. Ve vistě a windows 7 spusť jako správce (pravým klik na ikonu a vyber-spustit jako správce).Vytvoří se list nepotřebných vstupů po spuštění. Nech všechny položky jako deaktivované a klikni na Continue . Restartuj PC.
Co problémy?
c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}--tuto složku smaž.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
Stáhni si OTC
na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.
Stáhni si na svojí plochu StartupLite .exe by MalwareBytes
Tento program identifikuje a dává volbu k odstranění nepotřebných položek k vyprázdnění paměti.
Poklepej na ikonu StartupLite.exe (by MalwareBytes ) ke spuštění programu. Ve vistě a windows 7 spusť jako správce (pravým klik na ikonu a vyber-spustit jako správce).Vytvoří se list nepotřebných vstupů po spuštění. Nech všechny položky jako deaktivované a klikni na Continue . Restartuj PC.
Co problémy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: asi vir - kontrola logu
Rád bych se omluvil, že jsem takhle otravoval s tim že mam asi ten "vir", ale podle prvního příspěvku že se mi spouštěl zvuk tzv. "kachny", tak jsem čistou náhodou zjistil že to bylo jedno diskuzní fórum, které pravidělně navštěvuji, se systemem IPB a nějakým chatboxem a já jsem náhodou koukal do nastavení a neměl jsem vyple zvuky u toho chatu tak jsem to vyzkoušel zaple i vyplé zvuky chatu a je to tak byl to chatbox ten zvuk "kachny" měl znázorňovat nový příspěvek v chatu kdybych se tam nahodou nepodíval tak bych byl asi už fakt zoufalý 
, ale přesto děkuji za trpělivost a strávený čas nějaké sviňstvo o kterym jsem nevěděl tak to odstranilo takže bych řekl že muj notebook je asi o trochu rychlejší a ještě jednou děkuji
P.S. zatim nebudu označovat za vyřešené
, ale přesto děkuji za trpělivost a strávený čas nějaké sviňstvo o kterym jsem nevěděl tak to odstranilo takže bych řekl že muj notebook je asi o trochu rychlejší a ještě jednou děkujiP.S. zatim nebudu označovat za vyřešené
„Zeptáš-li se, budeš 5 minut vypadat jako blbec. Nezeptáš-li se, budeš blbcem po celý život.“
„Mnozí z těch, co žijí, by zasluhovali smrt. A mnozí z těch, co zemřeli, by si zasloužili žít.“ - John Ronald Reuel Tolkien
„Je lepší být nenáviděn pro to, jaký jsi, než být milován pro to, co nejsi.“ - Kurt Cobain
https://rhscz.eu
https://github.com/rhsCZ
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43339
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: asi vir - kontrola logu
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
Stáhni si OTC
na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.
Pokud nebudou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
Stáhni si OTC
na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.
Pokud nebudou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 28 hostů