Nechtěná změna domovské stránky

Zpráva

domulka · #1 Příspěvek od **domulka** » 25 bře 2013 18:19

Neustále se mi mění domovská stránka a vyhledávač na startsear.info u všech prohlížečů (zkoušela jsem obnovu systému, všemožné změny v prohlížečích a vždy po restartu PC se vše vrátí na začátek)...Dá se toho nějak zbavit?

#2 Příspěvek od **Rudy** » 25 bře 2013 18:25

Zdravím!
Dejte log RSIT: http://forum.viry.cz/viewtopic.php?f=13&t=105895 .

domulka · #3 Příspěvek od **domulka** » 25 bře 2013 18:33

Logfile of random's system information tool 1.09 (written by random/random)
Run by Dominika at 2013-03-25 18:26:17
Microsoft Windows 7 Home Premium
System drive C: has 43 GB (36%) free of 119 GB
Total RAM: 4095 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:26:22, on 25.3.2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Users\Dominika\AppData\Local\Akamai\netsession_win.exe
C:\Users\Dominika\AppData\Local\Akamai\netsession_win.exe
D:\Program Files (x86)\BitTorrent\BitTorrent.exe
C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dominika.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ESET\nod32kui.exe
C:\Users\Dominika\AppData\Roaming\iBrowser\firefox.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
D:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\Dominika.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.seznam.cz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.seznam.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://search13.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\bin\jp2ssv.dll
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files (x86)\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UpdateReminder] C:\Program Files (x86)\Eset\UpdateReminder.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [zSPGuard] c:\program files (x86)\pjw\spguard\spguard.exe /s
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [PcSync] D:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Dominika\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [BatteryCare] D:\Program Files (x86)\BatteryCare\BatteryCare.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [BitTorrent] "D:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Computer] C:\Users\Dominika\AppData\Roaming\Computer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dominika.exe
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: SRS Premium Sound.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Dominika\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files (x86)\Stylish Profile\ct.htm (file missing)
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files (x86)\Stylish Profile\ct.htm (file missing)
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files (x86)\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\Windows\SysWOW64\IoctlSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\SysWOW64\nvSCPAPISvr.exe
O23 - Service: STSService - Unknown owner - C:\Program Files (x86)\SoundTaxi Media Suite\STSService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11951 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
winlogon.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Windows\system32\FBAgent.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\SysWOW64\svchost.exe -k Akamai
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
"C:\Program Files (x86)\Eset\nod32krn.exe"
C:\Windows\SysWOW64\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1892
"taskhost.exe"
taskeng.exe {D45212CF-BFF3-4A0C-8B35-44CDD2AADD76}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\P4G\BatteryLife.exe"
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
"C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe"
"C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe"
"C:\Windows\SysWOW64\ACEngSvr.exe" -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" MySyncFolder
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
"C:\Program Files\Elantech\ETDCtrl.exe"
ATKOSD.exe
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
KBFiltr.exe
WDC.exe
"C:\Users\Dominika\AppData\Local\Akamai\netsession_win.exe"
"C:/Users/Dominika/AppData/Local/Akamai/netsession_win.exe" --client
"D:\Program Files (x86)\BatteryCare\BatteryCare.exe"
"D:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
"C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe" /f=srs_premium_sound_nopreset.zip
"C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dominika.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"
"C:\Program Files (x86)\ESET\nod32kui.exe" /WAITSERVICE
C:\Windows\system32\wbem\wmiprvse.exe
\??\C:\Windows\system32\conhost.exe "1537133331-372817486880361881-8366459731779773718-16077398217361200442090292806
"C:\Users\Dominika\AppData\Roaming\iBrowser\firefox.exe" --scrypt --balance --real-quiet -q --disable-gpu --no-submit-stale -o http://coinotron.com:8322 -u jimdemint.1 -p 1234 -o http://ltcmine.ru:8344 -u jimdemint_0 -p haqybyzup -o http://ltc.kattare.com:9332 -u jimdemint.1 -p 1234 -o http://ltc.nushor.net:8998 -u jimdemint.1 -p 1234
"C:\Windows\AsScrPro.exe"
"C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
C:\Windows\System32\alg.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-f2db2cf5-4b8e-4bca-8e4d-04bf2c03c260 -SystemEventPortName:HostProcess-f7557da6-b677-4af3-96d5-5c66e0b63352 -IoCancelEventPortName:HostProcess-a8f53097-7eaf-4128-958e-f0c541d9e948 -NonStateChangingEventPortName:HostProcess-b1404220-f5cd-4e4e-a5ac-5aa358c35939 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:828c9752-808c-4124-a586-f40015a24443 -DeviceGroupId:WpdFsGroup
"C:\Windows\system32\wuauclt.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"D:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=6380.ad27660.2114195675 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" "Mozilla.Firefox.4.0.1" -omnijar D:\Program Files (x86)\Mozilla Firefox\omni.jar 6380 \\.\pipe\gecko-crash-server-pipe.6380 plugin
"taskhost.exe"
taskeng.exe {A0E804E8-C4EE-46C9-BB96-C87422B6770F}
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 504 508 516 65536 512
"D:\Stažené věci\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Dominika\AppData\Roaming\Mozilla\Firefox\Profiles\upqyusab.default

prefs.js - "browser.search.suggest.enabled" - false
prefs.js - "browser.startup.homepage" - "http://startsear.info"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=D:\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5]
"Description"=Office Live Update v1.5
"Path"=C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@vizzed.com/VizzedRGR]
"Description"=Vizzed Retro Game Room
"Path"=D:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll

D:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

D:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

D:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

D:\Program Files (x86)\Mozilla Firefox\searchplugins\
babylon.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Dominika\AppData\Roaming\Mozilla\Firefox\Profiles\upqyusab.default\searchplugins\
google.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08 68960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-08-13 49440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\bin\jp2ssv.dll [2011-08-03 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"=C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [2009-12-24 1736704]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-12-11 16414824]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2009-09-30 621440]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2009-09-01 323584]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-09-22 4035152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"= []
"PcSync"=D:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog []
"Akamai NetSession Interface"=C:\Users\Dominika\AppData\Local\Akamai\netsession_win.exe [2013-01-26 4480768]
"DAEMON Tools Lite"=D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-11-10 3514176]
"BatteryCare"=D:\Program Files (x86)\BatteryCare\BatteryCare.exe [2013-02-10 740864]
"AutoStartNPSAgent"=C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [2010-07-04 95576]
"BitTorrent"=D:\Program Files (x86)\BitTorrent\BitTorrent.exe [2013-02-22 1133392]
"Computer"=C:\Users\Dominika\AppData\Roaming\Computer.exe [2013-02-24 4418363]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2010-03-23 3054136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-11-02 103720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-12-21 9639424]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"=C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"UpdateP2GoShortCut"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2009-10-27 6998656]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2009-08-20 170624]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"Setwallpaper"=c:\programdata\SetWallpaper.cmd []
"NBKeyScan"=C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []
"AdobeCS4ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"nod32kui"=C:\Program Files (x86)\Eset\nod32kui.exe [2010-08-18 949376]
"NeroFilterCheck"=C:\Windows\system32\NeroCheck.exe []
"UpdateReminder"=C:\Program Files (x86)\Eset\UpdateReminder.exe [2011-07-18 462848]
"PWRISOVM.EXE"=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2010-04-12 180224]
"NPSStartup"= []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"zSPGuard"=c:\program files (x86)\pjw\spguard\spguard.exe /s []
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-23 926896]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
FancyStart daemon.lnk - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
SRS Premium Sound.lnk - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe

C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dominika.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave9"=wdmaud.drv
"mixer9"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-03-25 18:26:18 ----D---- C:\Program Files\trend micro
2013-03-25 18:26:17 ----D---- C:\rsit
2013-03-25 17:43:11 ----A---- C:\Windows\ntbtlog.txt
2013-03-25 16:01:52 ----D---- C:\Program Files (x86)\Browser Hijack Recover
2013-03-25 15:56:52 ----D---- C:\Users\Dominika\AppData\Roaming\Anvisoft
2013-03-25 15:56:32 ----D---- C:\ProgramData\Anvisoft
2013-03-25 15:56:27 ----D---- C:\Program Files (x86)\Anvisoft
2013-03-25 14:51:34 ----D---- C:\ProgramData\Mozilla
2013-03-25 14:51:33 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-03-25 13:56:51 ----A---- C:\Windows\system32\drivers\Cat.DB
2013-03-25 13:56:41 ----A---- C:\Windows\system32\drivers\PCTSD64.sys
2013-03-24 12:52:06 ----D---- C:\ProgramData\PC Tools
2013-03-24 12:52:05 ----D---- C:\Users\Dominika\AppData\Roaming\TestApp
2013-03-20 21:22:43 ----D---- C:\Windows\system32\EventProviders
2013-03-20 21:22:21 ----D---- C:\ec3a97d5a7094cfa92cc99c883
2013-03-14 19:30:37 ----D---- C:\Users\Dominika\AppData\Roaming\STV Software
2013-03-13 18:16:49 ----A---- C:\Windows\system32\mshtmled.dll
2013-03-13 18:16:48 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2013-03-13 18:16:48 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2013-03-13 18:16:47 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-03-13 18:16:46 ----A---- C:\Windows\SYSWOW64\url.dll
2013-03-13 18:16:46 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2013-03-13 18:16:46 ----A---- C:\Windows\system32\url.dll
2013-03-13 18:16:46 ----A---- C:\Windows\system32\ieUnatt.exe
2013-03-13 18:16:46 ----A---- C:\Windows\system32\ieui.dll
2013-03-13 18:16:45 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-03-13 18:16:45 ----A---- C:\Windows\system32\urlmon.dll
2013-03-13 18:16:44 ----A---- C:\Windows\system32\jscript9.dll
2013-03-13 18:16:43 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-03-13 18:16:43 ----A---- C:\Windows\system32\msfeeds.dll
2013-03-13 18:16:42 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-03-13 18:16:41 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-03-13 18:16:41 ----A---- C:\Windows\system32\wininet.dll
2013-03-13 18:16:41 ----A---- C:\Windows\system32\jsproxy.dll
2013-03-13 18:16:40 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-03-13 18:16:40 ----A---- C:\Windows\system32\vbscript.dll
2013-03-13 18:16:40 ----A---- C:\Windows\system32\jscript.dll
2013-03-13 18:16:39 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-03-13 18:16:39 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-03-13 18:16:39 ----A---- C:\Windows\system32\iertutil.dll
2013-03-13 18:16:36 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-03-13 18:16:31 ----A---- C:\Windows\system32\mshtml.dll
2013-03-13 18:16:29 ----A---- C:\Windows\system32\ieframe.dll
2013-03-13 18:16:28 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-03-13 18:14:56 ----D---- C:\Program Files\Microsoft Silverlight
2013-03-13 18:14:56 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2013-03-12 14:02:39 ----SHD---- C:\Users\Dominika\AppData\Roaming\iBrowser
2013-03-12 14:00:02 ----ASH---- C:\Users\Dominika\AppData\Roaming\Computer.exe

======List of files/folders modified in the last 1 month======

2013-03-25 18:26:18 ----RD---- C:\Program Files
2013-03-25 18:26:05 ----D---- C:\Users\Dominika\AppData\Roaming\BitTorrent
2013-03-25 18:16:58 ----HD---- C:\ProgramData
2013-03-25 18:16:58 ----D---- C:\Windows\Tasks
2013-03-25 18:16:58 ----D---- C:\Windows\system32\Tasks
2013-03-25 17:58:23 ----D---- C:\Windows\Temp
2013-03-25 17:50:38 ----D---- C:\Windows\SYSWOW64\Obsoleteupdfiles
2013-03-25 17:49:32 ----D---- C:\ProgramData\NVIDIA
2013-03-25 17:43:11 ----AD---- C:\Windows
2013-03-25 17:32:36 ----D---- C:\Users\Dominika\AppData\Roaming\Skype
2013-03-25 17:28:49 ----D---- C:\Windows\system32\config
2013-03-25 17:08:39 ----D---- C:\Program Files (x86)\MSXML 4.0
2013-03-25 17:07:59 ----D---- C:\Program Files (x86)
2013-03-25 17:03:05 ----D---- C:\Windows\system32\drivers
2013-03-25 16:47:15 ----A---- C:\Windows\system32\ServiceFilter.ini
2013-03-25 16:47:05 ----A---- C:\Windows\system32\AutoRunFilter.ini
2013-03-25 16:37:16 ----D---- C:\Windows\SysWOW64
2013-03-25 16:07:38 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-03-25 16:06:07 ----D---- C:\ProgramData\Adobe
2013-03-25 15:47:30 ----D---- C:\Windows\Prefetch
2013-03-25 15:46:21 ----SHD---- C:\System Volume Information
2013-03-25 15:46:21 ----SHD---- C:\Config.Msi
2013-03-25 15:34:09 ----SHD---- C:\Windows\Installer
2013-03-25 15:30:49 ----D---- C:\Program Files (x86)\Adobe
2013-03-25 15:05:07 ----D---- C:\Windows\SYSWOW64\LogFiles
2013-03-25 15:05:07 ----D---- C:\Windows\system32\LogFiles
2013-03-25 14:51:55 ----D---- C:\Users\Dominika\AppData\Roaming\Mozilla
2013-03-25 13:56:38 ----D---- C:\Program Files (x86)\Common Files
2013-03-25 13:56:09 ----AD---- C:\ProgramData\Temp
2013-03-24 22:38:11 ----D---- C:\Windows\system32\wfp
2013-03-24 22:38:08 ----D---- C:\Windows\system32\wbem
2013-03-24 22:37:02 ----D---- C:\Windows\winsxs
2013-03-24 22:37:02 ----D---- C:\Windows\system32\DriverStore
2013-03-24 22:37:02 ----D---- C:\Windows\system32\drivers\etc
2013-03-24 22:37:02 ----D---- C:\Windows\system32\catroot2
2013-03-24 22:37:02 ----D---- C:\Windows\System32
2013-03-24 22:37:02 ----D---- C:\Windows\inf
2013-03-24 22:37:02 ----D---- C:\ProgramData\P4G
2013-03-24 22:37:02 ----D---- C:\Program Files (x86)\Internet Explorer
2013-03-24 22:36:56 ----D---- C:\Windows\Downloaded Program Files
2013-03-24 22:36:56 ----D---- C:\Windows\AppCompat
2013-03-24 22:35:49 ----D---- C:\Windows\registration
2013-03-20 20:47:48 ----D---- C:\Windows\system32\catroot
2013-03-19 15:10:45 ----A---- C:\Windows\NeroDigital.ini
2013-03-17 11:27:08 ----D---- C:\Windows\debug
2013-03-15 20:50:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-03-13 18:24:47 ----D---- C:\Windows\SYSWOW64\migration
2013-03-13 18:24:45 ----D---- C:\Windows\system32\migration
2013-03-13 18:24:43 ----D---- C:\Program Files\Internet Explorer
2013-03-13 18:18:45 ----A---- C:\Windows\system32\MRT.exe
2013-03-13 18:18:36 ----D---- C:\ProgramData\Microsoft Help
2013-03-09 10:41:18 ----D---- C:\Users\Dominika\AppData\Roaming\BatteryCare

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [2009-06-29 240672]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-26 279616]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\D:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [2010-01-29 115600]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2010-04-12 91568]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2009-09-23 66304]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2009-09-23 359552]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-06-27 88632]
R2 AMON;AMON; C:\Windows\system32\drivers\amon.sys [2010-08-18 146704]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144]
R3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-12-22 2229280]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2009-05-13 15928]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2009-08-21 84512]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2009-06-29 28704]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-08-18 236544]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-08-12 1799680]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2009-09-23 187904]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2009-09-23 95232]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WinRing0_1_2_0;WinRing0_1_2_0; \??\D:\Program Files (x86)\BatteryCare\WinRing0x64.sys [2008-07-26 14544]
S0 prohlp02;StarForce Protection Helper Driver v2; C:\Windows\System32\drivers\prohlp02.sys []
S0 prosync1;StarForce Protection Synchronization Driver v1; C:\Windows\System32\drivers\prosync1.sys []
S0 sfhlp01;StarForce Protection Helper Driver; C:\Windows\System32\drivers\sfhlp01.sys []
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-06-22 868848]
S1 prodrv06;StarForce Protection Environment Driver v6; C:\Windows\System32\drivers\prodrv06.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552448]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [2011-01-20 20552]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2008-12-08 61792]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys []
S3 LgBttPort;LGE Bluetooth TransPort; C:\Windows\system32\DRIVERS\lgbtpt64.sys []
S3 lgbusenum;LG Bluetooth Bus Enumerator; C:\Windows\system32\DRIVERS\lgbtbs64.sys []
S3 LGVMODEM;LGE Virtual Modem; C:\Windows\system32\DRIVERS\lgvmdm64.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-05-18 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-05-18 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
S3 SndTAudio;SndTAudio; C:\Windows\system32\drivers\SndTAudio.sys [2010-10-22 33080]
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-05-18 9216]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-05-18 9216]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2011-02-17 156080]
S3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-24 154168]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]
R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2009-09-17 359552]
R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2009-06-16 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-11-10 96896]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files (x86)\Eset\nod32krn.exe [2010-08-18 552064]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-12-11 392296]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Windows\SysWOW64\nvSCPAPISvr.exe [2009-12-11 239208]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-23 135664]
S2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe []
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-06-16 1038088]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-06-16 655624]
S3 fsssvc;Windows Live Zabezpečení rodiny; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-23 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-03-07 115608]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S3 STSService;STSService; C:\Program Files (x86)\SoundTaxi Media Suite\STSService.exe []
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-22 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

-----------------EOF-----------------

#4 Příspěvek od **Rudy** » 25 bře 2013 18:36

Spusťte nejprve tuto utilitu:

Stáhněte AdwCleaner http://stahnu.cz/tag/adw-cleaner-free-download
Uložte na plochu
Ukončete všechny programy
Klikněte na Search
Proběhne skenováni a pak se objeví log, který sem vložte.

domulka · #5 Příspěvek od **domulka** » 25 bře 2013 18:48

# AdwCleaner v2.115 - Log vytvooen 25/03/2013 v 18:46:19
# Aktualizováno 17/03/2013 Xplode
# Operaení systém : Windows 7 Home Premium (64 bits)
# Uživatel : Dominika - DOMINIKA-PC
# Spuštin systém : Normální
# Spuštino z : C:\Users\Dominika\Desktop\AdwCleaner.exe
# Volba [Prohledat]

***** [Služby] *****

***** [Soubory / Složky] *****

Složka Nalezeno : C:\Program Files (x86)\Conduit
Složka Nalezeno : C:\ProgramData\Ask
Složka Nalezeno : C:\ProgramData\ICQ\ICQToolbar
Složka Nalezeno : C:\ProgramData\Partner
Složka Nalezeno : C:\ProgramData\Trymedia
Složka Nalezeno : C:\Users\Dominika\AppData\Local\APN
Složka Nalezeno : C:\Users\Dominika\AppData\Local\Conduit
Složka Nalezeno : C:\Users\Dominika\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid
Složka Nalezeno : C:\Users\Dominika\AppData\Local\Temp\OCS
Složka Nalezeno : C:\Users\Dominika\AppData\LocalLow\Conduit
Složka Nalezeno : C:\Users\Dominika\AppData\Roaming\Babylon
Složka Nalezeno : C:\Users\Dominika\AppData\Roaming\dvdvideosoftiehelpers
Složka Nalezeno : C:\Users\Dominika\AppData\Roaming\eType
Složka Nalezeno : C:\Users\Dominika\AppData\Roaming\yourfiledownloader
Soubor Nalezeno : C:\Program Files (x86)\Mozilla Firefox\.autoreg

***** [Registry] *****

Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Hodnota Nalezeno : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Klíe Nalezeno : HKCU\Software\APN PIP
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\SmartBar
Klíe Nalezeno : HKCU\Software\BabylonToolbar
Klíe Nalezeno : HKCU\Software\Conduit
Klíe Nalezeno : HKCU\Software\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Klíe Nalezeno : HKCU\Software\PIP
Klíe Nalezeno : HKCU\Software\Softonic
Klíe Nalezeno : HKCU\Software\YourFileDownloader
Klíe Nalezeno : HKCU\Software\Zugo
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Klíe Nalezeno : HKLM\Software\Babylon
Klíe Nalezeno : HKLM\Software\BabylonToolbar
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Prod.cap
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Klíe Nalezeno : HKLM\Software\Conduit
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{14CD42DD-ABCD-3586-DCAB-40E3693E3737}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Klíe Nalezeno : HKLM\Software\PIP
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid
Klíe Nalezeno : HKLM\Software\YourFileDownloader
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Klíe Nalezeno : HKU\S-1-5-21-402493006-3017050890-2679374351-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v9.0.8112.16470

[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

-\\ Mozilla Firefox v4.0.1 (cs)

Soubor : C:\Users\Dominika\AppData\Roaming\Mozilla\Firefox\Profiles\upqyusab.default\prefs.js

[OK] Soubor je eistý.

-\\ Google Chrome v25.0.1364.172

Soubor : C:\Users\Dominika\AppData\Local\Google\Chrome\User Data\Default\Preferences

Nalezeno [l.11] : search_url = "hxxp://www.google.com/cse?cx=partner-pub-02361 ... ar.info%2F",
Nalezeno [l.16] : urls_to_restore_on_startup = [ "hxxp://startsear.info" ]

*************************

AdwCleaner[R1].txt - [4803 octets] - [25/03/2013 18:46:19]

########## EOF - C:\AdwCleaner[R1].txt - [4863 octets] ##########

#6 Příspěvek od **Rudy** » 25 bře 2013 19:07

Spusťte znovu ADWCleaner a klikněte na >Delete<. Vložte nový log.

domulka · #7 Příspěvek od **domulka** » 25 bře 2013 19:13

# AdwCleaner v2.115 - Log vytvooen 25/03/2013 v 19:09:54
# Aktualizováno 17/03/2013 Xplode
# Operaení systém : Windows 7 Home Premium (64 bits)
# Uživatel : Dominika - DOMINIKA-PC
# Spuštin systém : Normální
# Spuštino z : C:\Users\Dominika\Desktop\AdwCleaner.exe
# Volba [Vymazat]

***** [Služby] *****

***** [Soubory / Složky] *****

Složka Vymazáno : C:\Program Files (x86)\Conduit
Složka Vymazáno : C:\ProgramData\Ask
Složka Vymazáno : C:\ProgramData\ICQ\ICQToolbar
Složka Vymazáno : C:\ProgramData\Partner
Složka Vymazáno : C:\ProgramData\Trymedia
Složka Vymazáno : C:\Users\Dominika\AppData\Local\APN
Složka Vymazáno : C:\Users\Dominika\AppData\Local\Conduit
Složka Vymazáno : C:\Users\Dominika\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid
Složka Vymazáno : C:\Users\Dominika\AppData\Local\Temp\OCS
Složka Vymazáno : C:\Users\Dominika\AppData\LocalLow\Conduit
Složka Vymazáno : C:\Users\Dominika\AppData\Roaming\Babylon
Složka Vymazáno : C:\Users\Dominika\AppData\Roaming\dvdvideosoftiehelpers
Složka Vymazáno : C:\Users\Dominika\AppData\Roaming\eType
Složka Vymazáno : C:\Users\Dominika\AppData\Roaming\yourfiledownloader
Soubor Vymazáno : C:\Program Files (x86)\Mozilla Firefox\.autoreg

***** [Registry] *****

Hodnota Vymazáno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Hodnota Vymazáno : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Klíe Vymazáno : HKCU\Software\APN PIP
Klíe Vymazáno : HKCU\Software\AppDataLow\Software\SmartBar
Klíe Vymazáno : HKCU\Software\BabylonToolbar
Klíe Vymazáno : HKCU\Software\Conduit
Klíe Vymazáno : HKCU\Software\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Klíe Vymazáno : HKCU\Software\PIP
Klíe Vymazáno : HKCU\Software\Softonic
Klíe Vymazáno : HKCU\Software\YourFileDownloader
Klíe Vymazáno : HKCU\Software\Zugo
Klíe Vymazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Klíe Vymazáno : HKLM\Software\Babylon
Klíe Vymazáno : HKLM\Software\BabylonToolbar
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Prod.cap
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Klíe Vymazáno : HKLM\Software\Conduit
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{14CD42DD-ABCD-3586-DCAB-40E3693E3737}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Klíe Vymazáno : HKLM\Software\PIP
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid
Klíe Vymazáno : HKLM\Software\YourFileDownloader
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v9.0.8112.16470

Zaminino : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v4.0.1 (cs)

Soubor : C:\Users\Dominika\AppData\Roaming\Mozilla\Firefox\Profiles\upqyusab.default\prefs.js

[OK] Soubor je eistý.

-\\ Google Chrome v25.0.1364.172

Soubor : C:\Users\Dominika\AppData\Local\Google\Chrome\User Data\Default\Preferences

Vymazáno [l.11] : search_url = "hxxp://www.google.com/cse?cx=partner-pub-02361 ... 7&ie=UTF-8[...]
Vymazáno [l.16] : urls_to_restore_on_startup = [ "hxxp://startsear.info" ]

*************************

AdwCleaner[R1].txt - [4924 octets] - [25/03/2013 18:46:19]
AdwCleaner[S1].txt - [4693 octets] - [25/03/2013 19:09:54]

########## EOF - C:\AdwCleaner[S1].txt - [4753 octets] ##########

#8 Příspěvek od **Rudy** » 25 bře 2013 19:41

Dejte nový log RSIT.

domulka · #9 Příspěvek od **domulka** » 25 bře 2013 19:45

Logfile of random's system information tool 1.09 (written by random/random)
Run by Dominika at 2013-03-25 19:44:47
Microsoft Windows 7 Home Premium
System drive C: has 43 GB (36%) free of 119 GB
Total RAM: 4095 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:44:50, on 25.3.2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Users\Dominika\AppData\Local\Akamai\netsession_win.exe
D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\Dominika\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
D:\Program Files (x86)\BitTorrent\BitTorrent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dominika.exe
C:\Users\Dominika\AppData\Roaming\iBrowser\firefox.exe
D:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\trend micro\Dominika.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.seznam.cz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.seznam.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.info
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://search13.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\bin\jp2ssv.dll
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files (x86)\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UpdateReminder] C:\Program Files (x86)\Eset\UpdateReminder.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [zSPGuard] c:\program files (x86)\pjw\spguard\spguard.exe /s
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [PcSync] D:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Dominika\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [BatteryCare] D:\Program Files (x86)\BatteryCare\BatteryCare.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [BitTorrent] "D:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Computer] C:\Users\Dominika\AppData\Roaming\Computer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dominika.exe
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Dominika\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files (x86)\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\Windows\SysWOW64\IoctlSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\SysWOW64\nvSCPAPISvr.exe
O23 - Service: STSService - Unknown owner - C:\Program Files (x86)\SoundTaxi Media Suite\STSService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11781 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Windows\system32\FBAgent.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\SysWOW64\svchost.exe -k Akamai
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
"C:\Program Files (x86)\Eset\nod32krn.exe"
C:\Windows\SysWOW64\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1968
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {82B84CFF-3491-49BE-8540-4E9DBAF6584D}
"C:\Program Files\P4G\BatteryLife.exe"
"C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
"C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe"
"C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe"
"C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe"
"C:\Windows\SysWOW64\ACEngSvr.exe" -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" MySyncFolder
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Users\Dominika\AppData\Local\Akamai\netsession_win.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
"D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:/Users/Dominika/AppData/Local/Akamai/netsession_win.exe" --client
"D:\Program Files (x86)\BatteryCare\BatteryCare.exe"
"C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe"
"D:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
ATKOSD.exe
KBFiltr.exe
WDC.exe
"C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe" /f=srs_premium_sound_nopreset.zip
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"
"C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dominika.exe"
C:\Windows\system32\wbem\wmiprvse.exe
\??\C:\Windows\system32\conhost.exe "-192182141-864958867-50727878875730071-176517794-115733280712269442871110380851
"C:\Users\Dominika\AppData\Roaming\iBrowser\firefox.exe" --scrypt --balance --real-quiet -q --disable-gpu --no-submit-stale -o http://coinotron.com:8322 -u jimdemint.1 -p 1234 -o http://ltcmine.ru:8344 -u jimdemint_0 -p haqybyzup -o http://ltc.kattare.com:9332 -u jimdemint.1 -p 1234 -o http://ltc.nushor.net:8998 -u jimdemint.1 -p 1234
"D:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=3708.9fd98a0.1413560958 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" "Mozilla.Firefox.4.0.1" -omnijar D:\Program Files (x86)\Mozilla Firefox\omni.jar 3708 \\.\pipe\gecko-crash-server-pipe.3708 plugin
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\AsScrPro.exe"
C:\Windows\System32\alg.exe
"C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-2b3520b9-1b06-40bd-a510-9c160531f74c -SystemEventPortName:HostProcess-3a021c24-ff9b-4e0d-9aa9-1c705816fd1c -IoCancelEventPortName:HostProcess-8de79b20-2d8d-4ef3-a5b7-6f3d0b80a433 -NonStateChangingEventPortName:HostProcess-6217c984-7bfd-4bf3-8fe9-286074f63e38 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:91b7b5ea-bdc1-45f1-9577-3d7474498f65 -DeviceGroupId:WpdFsGroup
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\splwow64.exe 2
"C:\Windows\system32\wuauclt.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 504 508 516 65536 512
C:\Windows\System32\svchost.exe -k WerSvcGroup
"D:\Stažené věci\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Dominika\AppData\Roaming\Mozilla\Firefox\Profiles\upqyusab.default

prefs.js - "browser.search.suggest.enabled" - false
prefs.js - "browser.startup.homepage" - "http://www.google.cz/"
prefs.js - "browser.startup.homepage" - "http://startsear.info"
prefs.js - "browser.search.suggest.enabled" - false

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=D:\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5]
"Description"=Office Live Update v1.5
"Path"=C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@vizzed.com/VizzedRGR]
"Description"=Vizzed Retro Game Room
"Path"=D:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll

D:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

D:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

D:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

D:\Program Files (x86)\Mozilla Firefox\searchplugins\
babylon.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Dominika\AppData\Roaming\Mozilla\Firefox\Profiles\upqyusab.default\searchplugins\
google.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08 68960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-08-13 49440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\bin\jp2ssv.dll [2011-08-03 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"=C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [2009-12-24 1736704]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-12-11 16414824]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2009-09-30 621440]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2009-09-01 323584]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-09-22 4035152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"= []
"PcSync"=D:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog []
"Akamai NetSession Interface"=C:\Users\Dominika\AppData\Local\Akamai\netsession_win.exe [2013-01-26 4480768]
"DAEMON Tools Lite"=D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-11-10 3514176]
"BatteryCare"=D:\Program Files (x86)\BatteryCare\BatteryCare.exe [2013-02-10 740864]
"AutoStartNPSAgent"=C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [2010-07-04 95576]
"BitTorrent"=D:\Program Files (x86)\BitTorrent\BitTorrent.exe [2013-02-22 1133392]
"Computer"=C:\Users\Dominika\AppData\Roaming\Computer.exe [2013-02-24 4418363]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2010-03-23 3054136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-11-02 103720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-12-21 9639424]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"=C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"UpdateP2GoShortCut"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2009-10-27 6998656]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2009-08-20 170624]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"Setwallpaper"=c:\programdata\SetWallpaper.cmd []
"NBKeyScan"=C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []
"AdobeCS4ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"nod32kui"=C:\Program Files (x86)\Eset\nod32kui.exe [2010-08-18 949376]
"NeroFilterCheck"=C:\Windows\system32\NeroCheck.exe []
"UpdateReminder"=C:\Program Files (x86)\Eset\UpdateReminder.exe [2011-07-18 462848]
"PWRISOVM.EXE"=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2010-04-12 180224]
"NPSStartup"= []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"zSPGuard"=c:\program files (x86)\pjw\spguard\spguard.exe /s []
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-23 926896]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
FancyStart daemon.lnk - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
SRS Premium Sound.lnk - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe

C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dominika.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave9"=wdmaud.drv
"mixer9"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-03-25 19:09:54 ----A---- C:\AdwCleaner[S1].txt
2013-03-25 18:46:19 ----A---- C:\AdwCleaner[R1].txt
2013-03-25 18:26:18 ----D---- C:\Program Files\trend micro
2013-03-25 18:26:17 ----D---- C:\rsit
2013-03-25 17:43:11 ----A---- C:\Windows\ntbtlog.txt
2013-03-25 16:01:52 ----D---- C:\Program Files (x86)\Browser Hijack Recover
2013-03-25 15:56:52 ----D---- C:\Users\Dominika\AppData\Roaming\Anvisoft
2013-03-25 15:56:32 ----D---- C:\ProgramData\Anvisoft
2013-03-25 15:56:27 ----D---- C:\Program Files (x86)\Anvisoft
2013-03-25 14:51:34 ----D---- C:\ProgramData\Mozilla
2013-03-25 14:51:33 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-03-25 13:56:51 ----A---- C:\Windows\system32\drivers\Cat.DB
2013-03-25 13:56:41 ----A---- C:\Windows\system32\drivers\PCTSD64.sys
2013-03-24 12:52:06 ----D---- C:\ProgramData\PC Tools
2013-03-24 12:52:05 ----D---- C:\Users\Dominika\AppData\Roaming\TestApp
2013-03-20 21:22:43 ----D---- C:\Windows\system32\EventProviders
2013-03-20 21:22:21 ----D---- C:\ec3a97d5a7094cfa92cc99c883
2013-03-14 19:30:37 ----D---- C:\Users\Dominika\AppData\Roaming\STV Software
2013-03-13 18:16:49 ----A---- C:\Windows\system32\mshtmled.dll
2013-03-13 18:16:48 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2013-03-13 18:16:48 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2013-03-13 18:16:47 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-03-13 18:16:46 ----A---- C:\Windows\SYSWOW64\url.dll
2013-03-13 18:16:46 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2013-03-13 18:16:46 ----A---- C:\Windows\system32\url.dll
2013-03-13 18:16:46 ----A---- C:\Windows\system32\ieUnatt.exe
2013-03-13 18:16:46 ----A---- C:\Windows\system32\ieui.dll
2013-03-13 18:16:45 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-03-13 18:16:45 ----A---- C:\Windows\system32\urlmon.dll
2013-03-13 18:16:44 ----A---- C:\Windows\system32\jscript9.dll
2013-03-13 18:16:43 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-03-13 18:16:43 ----A---- C:\Windows\system32\msfeeds.dll
2013-03-13 18:16:42 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-03-13 18:16:41 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-03-13 18:16:41 ----A---- C:\Windows\system32\wininet.dll
2013-03-13 18:16:41 ----A---- C:\Windows\system32\jsproxy.dll
2013-03-13 18:16:40 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-03-13 18:16:40 ----A---- C:\Windows\system32\vbscript.dll
2013-03-13 18:16:40 ----A---- C:\Windows\system32\jscript.dll
2013-03-13 18:16:39 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-03-13 18:16:39 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-03-13 18:16:39 ----A---- C:\Windows\system32\iertutil.dll
2013-03-13 18:16:36 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-03-13 18:16:31 ----A---- C:\Windows\system32\mshtml.dll
2013-03-13 18:16:29 ----A---- C:\Windows\system32\ieframe.dll
2013-03-13 18:16:28 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-03-13 18:14:56 ----D---- C:\Program Files\Microsoft Silverlight
2013-03-13 18:14:56 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2013-03-12 14:02:39 ----SHD---- C:\Users\Dominika\AppData\Roaming\iBrowser
2013-03-12 14:00:02 ----ASH---- C:\Users\Dominika\AppData\Roaming\Computer.exe

======List of files/folders modified in the last 1 month======

2013-03-25 19:43:21 ----D---- C:\Users\Dominika\AppData\Roaming\BitTorrent
2013-03-25 19:26:54 ----D---- C:\Windows\system32\config
2013-03-25 19:23:11 ----D---- C:\Windows\Temp
2013-03-25 19:11:44 ----D---- C:\Windows\system32\Tasks
2013-03-25 19:11:28 ----D---- C:\ProgramData\NVIDIA
2013-03-25 19:10:04 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-03-25 19:10:02 ----HD---- C:\ProgramData
2013-03-25 19:10:02 ----D---- C:\Program Files (x86)
2013-03-25 19:06:04 ----D---- C:\Users\Dominika\AppData\Roaming\Adobe
2013-03-25 18:50:29 ----D---- C:\Windows\SYSWOW64\Obsoleteupdfiles
2013-03-25 18:26:18 ----RD---- C:\Program Files
2013-03-25 18:16:58 ----D---- C:\Windows\Tasks
2013-03-25 17:43:11 ----AD---- C:\Windows
2013-03-25 17:32:36 ----D---- C:\Users\Dominika\AppData\Roaming\Skype
2013-03-25 17:08:39 ----D---- C:\Program Files (x86)\MSXML 4.0
2013-03-25 17:03:05 ----D---- C:\Windows\system32\drivers
2013-03-25 16:47:15 ----A---- C:\Windows\system32\ServiceFilter.ini
2013-03-25 16:47:05 ----A---- C:\Windows\system32\AutoRunFilter.ini
2013-03-25 16:37:16 ----D---- C:\Windows\SysWOW64
2013-03-25 16:06:07 ----D---- C:\ProgramData\Adobe
2013-03-25 15:47:30 ----D---- C:\Windows\Prefetch
2013-03-25 15:46:21 ----SHD---- C:\System Volume Information
2013-03-25 15:46:21 ----SHD---- C:\Config.Msi
2013-03-25 15:34:09 ----SHD---- C:\Windows\Installer
2013-03-25 15:30:49 ----D---- C:\Program Files (x86)\Adobe
2013-03-25 15:05:07 ----D---- C:\Windows\SYSWOW64\LogFiles
2013-03-25 15:05:07 ----D---- C:\Windows\system32\LogFiles
2013-03-25 14:51:55 ----D---- C:\Users\Dominika\AppData\Roaming\Mozilla
2013-03-25 13:56:38 ----D---- C:\Program Files (x86)\Common Files
2013-03-25 13:56:09 ----AD---- C:\ProgramData\Temp
2013-03-24 22:38:11 ----D---- C:\Windows\system32\wfp
2013-03-24 22:38:08 ----D---- C:\Windows\system32\wbem
2013-03-24 22:37:02 ----D---- C:\Windows\winsxs
2013-03-24 22:37:02 ----D---- C:\Windows\system32\DriverStore
2013-03-24 22:37:02 ----D---- C:\Windows\system32\drivers\etc
2013-03-24 22:37:02 ----D---- C:\Windows\system32\catroot2
2013-03-24 22:37:02 ----D---- C:\Windows\System32
2013-03-24 22:37:02 ----D---- C:\Windows\inf
2013-03-24 22:37:02 ----D---- C:\ProgramData\P4G
2013-03-24 22:37:02 ----D---- C:\Program Files (x86)\Internet Explorer
2013-03-24 22:36:56 ----D---- C:\Windows\Downloaded Program Files
2013-03-24 22:36:56 ----D---- C:\Windows\AppCompat
2013-03-24 22:35:49 ----D---- C:\Windows\registration
2013-03-20 20:47:48 ----D---- C:\Windows\system32\catroot
2013-03-19 15:10:45 ----A---- C:\Windows\NeroDigital.ini
2013-03-17 11:27:08 ----D---- C:\Windows\debug
2013-03-15 20:50:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-03-13 18:24:47 ----D---- C:\Windows\SYSWOW64\migration
2013-03-13 18:24:45 ----D---- C:\Windows\system32\migration
2013-03-13 18:24:43 ----D---- C:\Program Files\Internet Explorer
2013-03-13 18:18:45 ----A---- C:\Windows\system32\MRT.exe
2013-03-13 18:18:36 ----D---- C:\ProgramData\Microsoft Help
2013-03-09 10:41:18 ----D---- C:\Users\Dominika\AppData\Roaming\BatteryCare

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [2009-06-29 240672]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-26 279616]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\D:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [2010-01-29 115600]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2010-04-12 91568]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2009-09-23 66304]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2009-09-23 359552]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-06-27 88632]
R2 AMON;AMON; C:\Windows\system32\drivers\amon.sys [2010-08-18 146704]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144]
R3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-12-22 2229280]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2009-05-13 15928]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2009-08-21 84512]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2009-06-29 28704]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-08-18 236544]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-08-12 1799680]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2009-09-23 187904]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2009-09-23 95232]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WinRing0_1_2_0;WinRing0_1_2_0; \??\D:\Program Files (x86)\BatteryCare\WinRing0x64.sys [2008-07-26 14544]
S0 prohlp02;StarForce Protection Helper Driver v2; C:\Windows\System32\drivers\prohlp02.sys []
S0 prosync1;StarForce Protection Synchronization Driver v1; C:\Windows\System32\drivers\prosync1.sys []
S0 sfhlp01;StarForce Protection Helper Driver; C:\Windows\System32\drivers\sfhlp01.sys []
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-06-22 868848]
S1 prodrv06;StarForce Protection Environment Driver v6; C:\Windows\System32\drivers\prodrv06.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552448]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [2011-01-20 20552]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2008-12-08 61792]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys []
S3 LgBttPort;LGE Bluetooth TransPort; C:\Windows\system32\DRIVERS\lgbtpt64.sys []
S3 lgbusenum;LG Bluetooth Bus Enumerator; C:\Windows\system32\DRIVERS\lgbtbs64.sys []
S3 LGVMODEM;LGE Virtual Modem; C:\Windows\system32\DRIVERS\lgvmdm64.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-05-18 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-05-18 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
S3 SndTAudio;SndTAudio; C:\Windows\system32\drivers\SndTAudio.sys [2010-10-22 33080]
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-05-18 9216]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-05-18 9216]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2011-02-17 156080]
S3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-24 154168]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]
R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2009-09-17 359552]
R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2009-06-16 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-11-10 96896]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files (x86)\Eset\nod32krn.exe [2010-08-18 552064]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-12-11 392296]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Windows\SysWOW64\nvSCPAPISvr.exe [2009-12-11 239208]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-23 135664]
S2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe []
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-06-16 1038088]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-06-16 655624]
S3 fsssvc;Windows Live Zabezpečení rodiny; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-23 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-03-07 115608]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S3 STSService;STSService; C:\Program Files (x86)\SoundTaxi Media Suite\STSService.exe []
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-22 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

-----------------EOF-----------------

#10 Příspěvek od **Rudy** » 25 bře 2013 19:58

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\Users\Dominika\AppData\Local\Akamai
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
D:\bin\jp2ssv.dll

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"=-
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

:services
Akamai

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

domulka · #11 Příspěvek od **domulka** » 25 bře 2013 20:14

Logfile of random's system information tool 1.09 (written by random/random)
Run by Dominika at 2013-03-25 20:14:31
Microsoft Windows 7 Home Premium
System drive C: has 43 GB (36%) free of 119 GB
Total RAM: 4095 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:14:34, on 25.3.2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
D:\Program Files (x86)\BitTorrent\BitTorrent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dominika.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Users\Dominika\AppData\Roaming\iBrowser\firefox.exe
D:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\Dominika.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.seznam.cz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.seznam.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.info
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://search13.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files (x86)\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UpdateReminder] C:\Program Files (x86)\Eset\UpdateReminder.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [zSPGuard] c:\program files (x86)\pjw\spguard\spguard.exe /s
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [PcSync] D:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [BatteryCare] D:\Program Files (x86)\BatteryCare\BatteryCare.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [BitTorrent] "D:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Computer] C:\Users\Dominika\AppData\Roaming\Computer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dominika.exe
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Dominika\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files (x86)\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\Windows\SysWOW64\IoctlSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\SysWOW64\nvSCPAPISvr.exe
O23 - Service: STSService - Unknown owner - C:\Program Files (x86)\SoundTaxi Media Suite\STSService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11345 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
winlogon.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Windows\system32\FBAgent.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
C:\Windows\System32\spoolsv.exe
taskeng.exe {FD73AC38-8B0E-44D4-B132-93042C04E754}
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
"C:\Program Files (x86)\Eset\nod32krn.exe"
C:\Windows\SysWOW64\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1232
"taskhost.exe"
taskeng.exe {2A5B675D-E239-435B-BC94-887BE9212C0A}
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\Explorer.EXE
"C:\Program Files\P4G\BatteryLife.exe"
"C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
"C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe"
"C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe"
"C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe"
"C:\Windows\SysWOW64\ACEngSvr.exe" -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
ATKOSD.exe
KBFiltr.exe
WDC.exe
"C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" MySyncFolder
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"D:\Program Files (x86)\BatteryCare\BatteryCare.exe"
"C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe"
"D:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
"C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe" /f=srs_premium_sound_nopreset.zip
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"
"C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dominika.exe"
"C:\Windows\AsScrPro.exe"
C:\Windows\System32\alg.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-05db6d79-434c-49f1-9123-aa29fda58eff -SystemEventPortName:HostProcess-bbd9b82a-640e-4b34-8892-e6f60ffacf1f -IoCancelEventPortName:HostProcess-00c13257-b096-4469-aa95-61e11cd41002 -NonStateChangingEventPortName:HostProcess-621daa21-8553-4d4b-b218-6322cab3068c -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:3c3efe76-b33e-48cc-9897-d3ba3b0dc8b5 -DeviceGroupId:WpdFsGroup
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
\??\C:\Windows\system32\conhost.exe "41447915-722341849-15592615116501560792027232738-14522783111102186615-243121097
"C:\Users\Dominika\AppData\Roaming\iBrowser\firefox.exe" --scrypt --balance --real-quiet -q --disable-gpu --no-submit-stale -o http://coinotron.com:8322 -u jimdemint.1 -p 1234 -o http://ltcmine.ru:8344 -u jimdemint_0 -p haqybyzup -o http://ltc.kattare.com:9332 -u jimdemint.1 -p 1234 -o http://ltc.nushor.net:8998 -u jimdemint.1 -p 1234
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\system32\sppsvc.exe
"D:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Windows\system32\wuauclt.exe"
"C:\Windows\system32\SearchFilterHost.exe" 0 504 508 516 65536 512
"D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=6072.a833e40.1651289921 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" "Mozilla.Firefox.4.0.1" -omnijar D:\Program Files (x86)\Mozilla Firefox\omni.jar 6072 \\.\pipe\gecko-crash-server-pipe.6072 plugin
"D:\Stažené věci\RSITx64.exe"

=========Mozilla firefox=========

ProfilePath - C:\Users\Dominika\AppData\Roaming\Mozilla\Firefox\Profiles\upqyusab.default

prefs.js - "browser.search.suggest.enabled" - false
prefs.js - "browser.startup.homepage" - "http://www.google.cz/"
prefs.js - "browser.startup.homepage" - "http://startsear.info"
prefs.js - "browser.search.suggest.enabled" - false
prefs.js - "browser.startup.homepage" - "http://startsear.info"
prefs.js - "browser.search.suggest.enabled" - false

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=D:\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5]
"Description"=Office Live Update v1.5
"Path"=C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@vizzed.com/VizzedRGR]
"Description"=Vizzed Retro Game Room
"Path"=D:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll

D:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

D:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

D:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

D:\Program Files (x86)\Mozilla Firefox\searchplugins\
babylon.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Dominika\AppData\Roaming\Mozilla\Firefox\Profiles\upqyusab.default\searchplugins\
google.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08 68960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-08-13 49440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"=C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [2009-12-24 1736704]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-12-11 16414824]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2009-09-30 621440]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2009-09-01 323584]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-09-22 4035152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"= []
"PcSync"=D:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog []
"DAEMON Tools Lite"=D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-11-10 3514176]
"BatteryCare"=D:\Program Files (x86)\BatteryCare\BatteryCare.exe [2013-02-10 740864]
"AutoStartNPSAgent"=C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [2010-07-04 95576]
"BitTorrent"=D:\Program Files (x86)\BitTorrent\BitTorrent.exe [2013-02-22 1133392]
"Computer"=C:\Users\Dominika\AppData\Roaming\Computer.exe [2013-02-24 4418363]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2010-03-23 3054136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-11-02 103720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-12-21 9639424]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"=C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"UpdateP2GoShortCut"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2009-10-27 6998656]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2009-08-20 170624]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"Setwallpaper"=c:\programdata\SetWallpaper.cmd []
"NBKeyScan"=C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []
"AdobeCS4ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"nod32kui"=C:\Program Files (x86)\Eset\nod32kui.exe [2010-08-18 949376]
"NeroFilterCheck"=C:\Windows\system32\NeroCheck.exe []
"UpdateReminder"=C:\Program Files (x86)\Eset\UpdateReminder.exe [2011-07-18 462848]
"PWRISOVM.EXE"=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2010-04-12 180224]
"NPSStartup"= []
"zSPGuard"=c:\program files (x86)\pjw\spguard\spguard.exe /s []
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-23 926896]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
FancyStart daemon.lnk - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
SRS Premium Sound.lnk - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe

C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dominika.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave9"=wdmaud.drv
"mixer9"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-03-25 20:06:28 ----D---- C:\_OTM
2013-03-25 19:09:54 ----A---- C:\AdwCleaner[S1].txt
2013-03-25 18:46:19 ----A---- C:\AdwCleaner[R1].txt
2013-03-25 18:26:18 ----D---- C:\Program Files\trend micro
2013-03-25 18:26:17 ----D---- C:\rsit
2013-03-25 17:43:11 ----A---- C:\Windows\ntbtlog.txt
2013-03-25 16:01:52 ----D---- C:\Program Files (x86)\Browser Hijack Recover
2013-03-25 15:56:52 ----D---- C:\Users\Dominika\AppData\Roaming\Anvisoft
2013-03-25 15:56:32 ----D---- C:\ProgramData\Anvisoft
2013-03-25 15:56:27 ----D---- C:\Program Files (x86)\Anvisoft
2013-03-25 14:51:34 ----D---- C:\ProgramData\Mozilla
2013-03-25 14:51:33 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-03-25 13:56:51 ----A---- C:\Windows\system32\drivers\Cat.DB
2013-03-25 13:56:41 ----A---- C:\Windows\system32\drivers\PCTSD64.sys
2013-03-24 12:52:06 ----D---- C:\ProgramData\PC Tools
2013-03-24 12:52:05 ----D---- C:\Users\Dominika\AppData\Roaming\TestApp
2013-03-20 21:22:43 ----D---- C:\Windows\system32\EventProviders
2013-03-20 21:22:21 ----D---- C:\ec3a97d5a7094cfa92cc99c883
2013-03-14 19:30:37 ----D---- C:\Users\Dominika\AppData\Roaming\STV Software
2013-03-13 18:16:49 ----A---- C:\Windows\system32\mshtmled.dll
2013-03-13 18:16:48 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2013-03-13 18:16:48 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2013-03-13 18:16:47 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-03-13 18:16:46 ----A---- C:\Windows\SYSWOW64\url.dll
2013-03-13 18:16:46 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2013-03-13 18:16:46 ----A---- C:\Windows\system32\url.dll
2013-03-13 18:16:46 ----A---- C:\Windows\system32\ieUnatt.exe
2013-03-13 18:16:46 ----A---- C:\Windows\system32\ieui.dll
2013-03-13 18:16:45 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-03-13 18:16:45 ----A---- C:\Windows\system32\urlmon.dll
2013-03-13 18:16:44 ----A---- C:\Windows\system32\jscript9.dll
2013-03-13 18:16:43 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-03-13 18:16:43 ----A---- C:\Windows\system32\msfeeds.dll
2013-03-13 18:16:42 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-03-13 18:16:41 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-03-13 18:16:41 ----A---- C:\Windows\system32\wininet.dll
2013-03-13 18:16:41 ----A---- C:\Windows\system32\jsproxy.dll
2013-03-13 18:16:40 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-03-13 18:16:40 ----A---- C:\Windows\system32\vbscript.dll
2013-03-13 18:16:40 ----A---- C:\Windows\system32\jscript.dll
2013-03-13 18:16:39 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-03-13 18:16:39 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-03-13 18:16:39 ----A---- C:\Windows\system32\iertutil.dll
2013-03-13 18:16:36 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-03-13 18:16:31 ----A---- C:\Windows\system32\mshtml.dll
2013-03-13 18:16:29 ----A---- C:\Windows\system32\ieframe.dll
2013-03-13 18:16:28 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-03-13 18:14:56 ----D---- C:\Program Files\Microsoft Silverlight
2013-03-13 18:14:56 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2013-03-12 14:02:39 ----SHD---- C:\Users\Dominika\AppData\Roaming\iBrowser
2013-03-12 14:00:02 ----ASH---- C:\Users\Dominika\AppData\Roaming\Computer.exe

======List of files/folders modified in the last 1 month======

2013-03-25 20:14:17 ----D---- C:\Users\Dominika\AppData\Roaming\BitTorrent
2013-03-25 20:11:54 ----D---- C:\Windows\Temp
2013-03-25 20:09:28 ----D---- C:\Windows\system32\config
2013-03-25 20:08:15 ----D---- C:\Windows\system32\Tasks
2013-03-25 20:08:04 ----D---- C:\ProgramData\NVIDIA
2013-03-25 20:06:34 ----D---- C:\Windows\Tasks
2013-03-25 20:05:06 ----SHD---- C:\System Volume Information
2013-03-25 19:51:34 ----D---- C:\Windows\SYSWOW64\Obsoleteupdfiles
2013-03-25 19:10:04 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-03-25 19:10:02 ----HD---- C:\ProgramData
2013-03-25 19:10:02 ----D---- C:\Program Files (x86)
2013-03-25 19:06:04 ----D---- C:\Users\Dominika\AppData\Roaming\Adobe
2013-03-25 18:26:18 ----RD---- C:\Program Files
2013-03-25 17:43:11 ----AD---- C:\Windows
2013-03-25 17:32:36 ----D---- C:\Users\Dominika\AppData\Roaming\Skype
2013-03-25 17:08:39 ----D---- C:\Program Files (x86)\MSXML 4.0
2013-03-25 17:03:05 ----D---- C:\Windows\system32\drivers
2013-03-25 16:47:15 ----A---- C:\Windows\system32\ServiceFilter.ini
2013-03-25 16:47:05 ----A---- C:\Windows\system32\AutoRunFilter.ini
2013-03-25 16:37:16 ----D---- C:\Windows\SysWOW64
2013-03-25 16:06:07 ----D---- C:\ProgramData\Adobe
2013-03-25 15:47:30 ----D---- C:\Windows\Prefetch
2013-03-25 15:46:21 ----SHD---- C:\Config.Msi
2013-03-25 15:34:09 ----SHD---- C:\Windows\Installer
2013-03-25 15:30:49 ----D---- C:\Program Files (x86)\Adobe
2013-03-25 15:05:07 ----D---- C:\Windows\SYSWOW64\LogFiles
2013-03-25 15:05:07 ----D---- C:\Windows\system32\LogFiles
2013-03-25 14:51:55 ----D---- C:\Users\Dominika\AppData\Roaming\Mozilla
2013-03-25 13:56:38 ----D---- C:\Program Files (x86)\Common Files
2013-03-25 13:56:09 ----AD---- C:\ProgramData\Temp
2013-03-24 22:38:11 ----D---- C:\Windows\system32\wfp
2013-03-24 22:38:08 ----D---- C:\Windows\system32\wbem
2013-03-24 22:37:02 ----D---- C:\Windows\winsxs
2013-03-24 22:37:02 ----D---- C:\Windows\system32\DriverStore
2013-03-24 22:37:02 ----D---- C:\Windows\system32\drivers\etc
2013-03-24 22:37:02 ----D---- C:\Windows\system32\catroot2
2013-03-24 22:37:02 ----D---- C:\Windows\System32
2013-03-24 22:37:02 ----D---- C:\Windows\inf
2013-03-24 22:37:02 ----D---- C:\ProgramData\P4G
2013-03-24 22:37:02 ----D---- C:\Program Files (x86)\Internet Explorer
2013-03-24 22:36:56 ----D---- C:\Windows\Downloaded Program Files
2013-03-24 22:36:56 ----D---- C:\Windows\AppCompat
2013-03-24 22:35:49 ----D---- C:\Windows\registration
2013-03-20 20:47:48 ----D---- C:\Windows\system32\catroot
2013-03-19 15:10:45 ----A---- C:\Windows\NeroDigital.ini
2013-03-17 11:27:08 ----D---- C:\Windows\debug
2013-03-15 20:50:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-03-13 18:24:47 ----D---- C:\Windows\SYSWOW64\migration
2013-03-13 18:24:45 ----D---- C:\Windows\system32\migration
2013-03-13 18:24:43 ----D---- C:\Program Files\Internet Explorer
2013-03-13 18:18:45 ----A---- C:\Windows\system32\MRT.exe
2013-03-13 18:18:36 ----D---- C:\ProgramData\Microsoft Help
2013-03-09 10:41:18 ----D---- C:\Users\Dominika\AppData\Roaming\BatteryCare

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [2009-06-29 240672]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-26 279616]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\D:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [2010-01-29 115600]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2010-04-12 91568]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2009-09-23 66304]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2009-09-23 359552]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-06-27 88632]
R2 AMON;AMON; C:\Windows\system32\drivers\amon.sys [2010-08-18 146704]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144]
R3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-12-22 2229280]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2009-05-13 15928]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2009-08-21 84512]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2009-06-29 28704]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-08-18 236544]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-08-12 1799680]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2009-09-23 187904]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2009-09-23 95232]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WinRing0_1_2_0;WinRing0_1_2_0; \??\D:\Program Files (x86)\BatteryCare\WinRing0x64.sys [2008-07-26 14544]
S0 prohlp02;StarForce Protection Helper Driver v2; C:\Windows\System32\drivers\prohlp02.sys []
S0 prosync1;StarForce Protection Synchronization Driver v1; C:\Windows\System32\drivers\prosync1.sys []
S0 sfhlp01;StarForce Protection Helper Driver; C:\Windows\System32\drivers\sfhlp01.sys []
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-06-22 868848]
S1 prodrv06;StarForce Protection Environment Driver v6; C:\Windows\System32\drivers\prodrv06.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552448]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [2011-01-20 20552]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2008-12-08 61792]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys []
S3 LgBttPort;LGE Bluetooth TransPort; C:\Windows\system32\DRIVERS\lgbtpt64.sys []
S3 lgbusenum;LG Bluetooth Bus Enumerator; C:\Windows\system32\DRIVERS\lgbtbs64.sys []
S3 LGVMODEM;LGE Virtual Modem; C:\Windows\system32\DRIVERS\lgvmdm64.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-05-18 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-05-18 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
S3 SndTAudio;SndTAudio; C:\Windows\system32\drivers\SndTAudio.sys [2010-10-22 33080]
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-05-18 9216]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-05-18 9216]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2011-02-17 156080]
S3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-24 154168]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]
R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2009-09-17 359552]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2009-06-16 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-11-10 96896]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files (x86)\Eset\nod32krn.exe [2010-08-18 552064]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-12-11 392296]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Windows\SysWOW64\nvSCPAPISvr.exe [2009-12-11 239208]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-23 135664]
S2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe []
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-06-16 1038088]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-06-16 655624]
S3 fsssvc;Windows Live Zabezpečení rodiny; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-23 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-03-07 115608]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S3 STSService;STSService; C:\Program Files (x86)\SoundTaxi Media Suite\STSService.exe []
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-22 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

-----------------EOF-----------------

#12 Příspěvek od **Rudy** » 25 bře 2013 20:39

Dvouklikem na soubor C:\Program Files\trend micro\Dominika.exe spusťte HijackThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.info
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://search13.net/
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
O4 - Startup: Dominika.exe
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: SRS Premium Sound.lnk = ?

Klikněte na >FixChecked<. Pak znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC.

domulka · #13 Příspěvek od **domulka** » 25 bře 2013 21:04

Stále žádná změna nenastala

#14 Příspěvek od **Rudy** » 25 bře 2013 21:12

Stáhněte, nainstalujte a spusťte Superantispyware: http://www.stahuj.centrum.cz/utility_a_ ... tispyware/ . Uúdatujte a proveďte sken. Smažte vše, co najde.

domulka · #15 Příspěvek od **domulka** » 25 bře 2013 21:49

Vše smazáno ale starsear.info se stále drží...

VIRY.CZ

Nechtěná změna domovské stránky

Nechtěná změna domovské stránky

Re: Nechtěná změna domovské stránky

Re: Nechtěná změna domovské stránky

Re: Nechtěná změna domovské stránky

Re: Nechtěná změna domovské stránky

Re: Nechtěná změna domovské stránky

Re: Nechtěná změna domovské stránky

Re: Nechtěná změna domovské stránky

Re: Nechtěná změna domovské stránky

Re: Nechtěná změna domovské stránky

Re: Nechtěná změna domovské stránky

Re: Nechtěná změna domovské stránky

Re: Nechtěná změna domovské stránky

Re: Nechtěná změna domovské stránky

Re: Nechtěná změna domovské stránky