Prosím o preventivku...

[pepe3dx]

Dobrý den,

prosím o preventivní kontrolu logu. V poslední době mi často padají interenetové prohlížeče a PC se chová podezřele. (např. nyní nemohu zavřít RSIT) Děkuji.



Logfile of random's system information tool 1.09 (written by random/random)
Run by Methanol at 2013-11-25 15:22:42
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 30 GB (25%) free of 122 GB
Total RAM: 8146 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:22:43, on 25.11.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16736)
Boot mode: Normal

Running processes:
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Users\Methanol\AppData\Roaming\ICQM\icq.exe
A:\WTFast\WTFast.exe
C:\Users\Methanol\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Program Files\trend micro\Methanol.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_m ... 1373054295
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchgol.com/?babsrc=HP_ss& ... 5&tsp=5019
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_m ... 1373054295
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_m ... 1373054295
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qvo6.com/web/?utm_source= ... IKAWK&ts=0
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.qvo6.com/web/?utm_source= ... IKAWK&ts=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - (no file)
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [ControlCenterCount] C:\Program Files (x86)\MSI\ControlCenter\ControlCenterCount.exe
O4 - HKLM\..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [NCUpdateHelper] C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Methanol\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Methanol\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Methanol\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [icq] C:\Users\Methanol\AppData\Roaming\ICQM\icq.exe -CU
O4 - HKCU\..\Run: [WTFast Tray] "A:\WTFast\WTFast.exe" trayonly
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\Methanol\AppData\Roaming\ICQM\icq.exe (HKCU)
O9 - Extra 'Tools' menuitem: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\Methanol\AppData\Roaming\ICQM\icq.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wtfastdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wtfastdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wtfastdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wtfastdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wtfastdrv.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MSI_SuperCharger - MSI - C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13237 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
atieclxx
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"taskhost.exe"
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Windows\PixArt\Pac207\Monitor.exe"
"C:\Program Files\Microsoft IntelliType Pro\itype.exe"
"C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming
"C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"C:\Users\Methanol\AppData\Roaming\ICQM\icq.exe" -CU
"C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe"
"A:\WTFast\WTFast.exe" trayonly
"C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe"
szndesktop.exe default start
"C:\Users\Methanol\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
\??\C:\Windows\system32\conhost.exe "-665041438-11516216465872541309582859429370054-13471017297633650671999123913
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
KHALMNPR.EXE /API
"C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
"C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe"
"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"
{9938519D-D1C3-4DBF-9CAA-49F6C37B83F5}
{67CECCC6-1B73-4311-9EFD-3BFB56E9F0A3}
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Nero\Update\NASvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.qvo6.com/?utm_source=b&utm_m ... 1373054295
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=8152.8047d00.323362521 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 8152 "\\.\pipe\gecko-crash-server-pipe.8152" plugin
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe" --proxy-stub-channel=Flash4248.643BDC68.172 --host-broker-channel=Flash4248.643BDC68.24787 --host-pid=4248 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll"
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe" --channel=3036.0015F204.668366326 --proxy-stub-channel=Flash4248.643BDC68.172 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll" --host-npapi-version=27 --type=renderer
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe29_ Global\UsGthrCtrlFltPipeMssGthrPipe29 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"C:\Users\Methanol\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2973342720-1030308514-1458377291-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2973342720-1030308514-1458377291-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Methanol\AppData\Roaming\Mozilla\Firefox\Profiles\i56gtefl.default-1353535022997

prefs.js - "browser.search.useDBForOrder" - true

"{336D0C35-8A85-403a-B9D2-65C292C39087}"=C:\Program Files\IB Updater\Firefox


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.117 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@mcafee.com/McAfeeMssPlugin]
"Description"=McAfee Mss Plugin
"Path"=C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Nero.com/KM]
"Description"=
"Path"=C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.117 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
{5ddeb737-082c-48fb-8c06-aa4b38d61e5f}
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2012-08-16 6670496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09 6270336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}]
Logitech SetPoint - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31 433944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll [2013-09-06 95648]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09 4502400]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}]
Logitech SetPoint - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31 364824]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"THXCfg64"=C:\Windows\system32\THXCfg64.dll [2010-09-14 25600]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2012-06-12 6548112]
"Monitor"=C:\Windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2011-08-10 1873256]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2013-07-31 3091224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2013-11-08 6604568]
"Google Update"=C:\Users\Methanol\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-10 116648]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-10-02 20472992]
"PC Suite Tray"=C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2011-06-16 1500160]
"cz.seznam.software.autoupdate"=C:\Users\Methanol\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Methanol\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2013-04-12 92664]
"icq"=C:\Users\Methanol\AppData\Roaming\ICQM\icq.exe [2013-06-22 27598184]
"WTFast Tray"=A:\WTFast\WTFast.exe [2013-10-24 2533336]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TC UP]
C:\Program Files (x86)\TC UP\TC UP.exe [2011-11-21 616448]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-03-27 291608]
"THX Audio Control Panel"=C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [2011-08-29 1517056]
"UpdReg"=C:\Windows\UpdReg.EXE [2000-05-11 90112]
"ControlCenterCount"=C:\Program Files (x86)\MSI\ControlCenter\ControlCenterCount.exe [2012-03-26 872448]
"Super-Charger"=C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [2012-07-27 495616]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-03-21 1061960]
"NCUpdateHelper"=C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [2013-07-30 528360]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2013-10-08 766208]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2013-06-13 66328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2013-04-04 247296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2012-08-16 6670496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoInstrumentation"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2013-11-25 15:22:42 ----D---- C:\rsit
2013-11-24 22:41:39 ----A---- C:\Windows\SYSWOW64\gcapi_dll.dll
2013-11-24 22:41:37 ----D---- C:\Users\Methanol\AppData\Roaming\Foxit Software
2013-11-24 22:41:36 ----D---- C:\Program Files (x86)\Foxit Software
2013-11-24 14:01:34 ----D---- C:\ProgramData\ATI
2013-11-24 14:01:04 ----D---- C:\Program Files (x86)\AMD AVT
2013-11-24 13:59:14 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2013-11-24 13:58:51 ----SHD---- C:\Config.Msi
2013-11-24 13:38:28 ----D---- C:\ProgramData\Package Cache
2013-11-16 00:19:51 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-11-13 18:33:30 ----D---- C:\Users\Methanol\AppData\Roaming\OpenCandy
2013-11-13 18:33:30 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2013-11-13 12:16:49 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-11-13 12:16:49 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-11-13 12:16:49 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2013-11-13 12:16:49 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2013-11-13 12:16:49 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-11-13 12:16:49 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2013-11-13 12:16:49 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 12:16:49 ----A---- C:\Windows\system32\ieui.dll
2013-11-13 12:16:49 ----A---- C:\Windows\system32\iesysprep.dll
2013-11-13 12:16:49 ----A---- C:\Windows\system32\iesetup.dll
2013-11-13 12:16:49 ----A---- C:\Windows\system32\iertutil.dll
2013-11-13 12:16:49 ----A---- C:\Windows\system32\iernonce.dll
2013-11-13 12:16:49 ----A---- C:\Windows\system32\ie4uinit.exe
2013-11-13 12:16:48 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-11-13 12:16:48 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-11-13 12:16:48 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-11-13 12:16:48 ----A---- C:\Windows\system32\msfeeds.dll
2013-11-13 12:16:48 ----A---- C:\Windows\system32\jscript9.dll
2013-11-13 12:16:48 ----A---- C:\Windows\system32\jscript.dll
2013-11-13 12:16:47 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-11-13 12:16:47 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-11-13 12:16:47 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-11-13 12:16:47 ----A---- C:\Windows\system32\wininet.dll
2013-11-13 12:16:47 ----A---- C:\Windows\system32\urlmon.dll
2013-11-13 12:16:47 ----A---- C:\Windows\system32\jsproxy.dll
2013-11-13 12:16:46 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-11-13 12:16:46 ----A---- C:\Windows\system32\ieframe.dll
2013-11-13 12:16:45 ----A---- C:\Windows\system32\mshtml.dll
2013-11-13 12:16:44 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-11-13 09:34:10 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2013-11-13 09:34:10 ----A---- C:\Windows\system32\crypt32.dll
2013-11-13 09:34:09 ----A---- C:\Windows\SYSWOW64\SmartcardCredentialProvider.dll
2013-11-13 09:34:09 ----A---- C:\Windows\SYSWOW64\credui.dll
2013-11-13 09:34:09 ----A---- C:\Windows\SYSWOW64\authui.dll
2013-11-13 09:34:09 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 09:34:09 ----A---- C:\Windows\system32\drivers\afd.sys
2013-11-13 09:34:09 ----A---- C:\Windows\system32\credui.dll
2013-11-13 09:34:09 ----A---- C:\Windows\system32\authui.dll
2013-11-13 09:34:08 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2013-11-13 09:34:08 ----A---- C:\Windows\SYSWOW64\schannel.dll
2013-11-13 09:34:08 ----A---- C:\Windows\SYSWOW64\secur32.dll
2013-11-13 09:34:08 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2013-11-13 09:34:08 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2013-11-13 09:34:08 ----A---- C:\Windows\system32\sspisrv.dll
2013-11-13 09:34:08 ----A---- C:\Windows\system32\sspicli.dll
2013-11-13 09:34:08 ----A---- C:\Windows\system32\schannel.dll
2013-11-13 09:34:08 ----A---- C:\Windows\system32\secur32.dll
2013-11-13 09:34:08 ----A---- C:\Windows\system32\ncrypt.dll
2013-11-13 09:34:08 ----A---- C:\Windows\system32\lsass.exe
2013-11-13 09:34:08 ----A---- C:\Windows\system32\lsasrv.dll
2013-11-13 09:34:08 ----A---- C:\Windows\system32\gdi32.dll
2013-11-13 09:34:08 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2013-11-13 09:34:08 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2013-11-13 09:34:08 ----A---- C:\Windows\system32\drivers\cng.sys
2013-11-13 09:34:07 ----A---- C:\Windows\SYSWOW64\nshwfp.dll
2013-11-13 09:34:07 ----A---- C:\Windows\SYSWOW64\FWPUCLNT.DLL
2013-11-13 09:34:07 ----A---- C:\Windows\system32\nshwfp.dll
2013-11-13 09:34:07 ----A---- C:\Windows\system32\IKEEXT.DLL
2013-11-13 09:34:07 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 09:34:07 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2013-11-13 09:34:07 ----A---- C:\Windows\system32\drivers\usbport.sys
2013-11-13 09:34:07 ----A---- C:\Windows\system32\drivers\usbohci.sys
2013-11-13 09:34:07 ----A---- C:\Windows\system32\drivers\usbhub.sys
2013-11-13 09:34:07 ----A---- C:\Windows\system32\drivers\usbehci.sys
2013-11-13 09:34:07 ----A---- C:\Windows\system32\drivers\usbd.sys
2013-11-13 09:34:07 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2013-11-10 12:21:50 ----D---- C:\Users\Methanol\AppData\Roaming\Awesomium

======List of files/folders modified in the last 1 month======

2013-11-25 15:22:43 ----D---- C:\Windows\temp
2013-11-25 15:22:43 ----D---- C:\Program Files\trend micro
2013-11-25 15:08:26 ----D---- C:\Users\Methanol\AppData\Roaming\uTorrent
2013-11-25 15:08:20 ----D---- C:\Windows\Panther
2013-11-25 15:08:20 ----D---- C:\Windows\Minidump
2013-11-25 15:08:20 ----D---- C:\Windows\Logs
2013-11-25 15:08:20 ----D---- C:\Windows\inf
2013-11-25 15:08:20 ----D---- C:\Windows\debug
2013-11-25 15:08:20 ----D---- C:\Windows
2013-11-25 14:54:24 ----D---- C:\Users\Methanol\AppData\Roaming\Skype
2013-11-25 09:07:26 ----D---- C:\Windows\system32\config
2013-11-25 09:00:06 ----D---- C:\Windows\System32
2013-11-25 09:00:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-11-25 08:59:21 ----D---- C:\Users\Methanol\AppData\Roaming\Seznam.cz
2013-11-25 08:56:13 ----A---- C:\Windows\SYSWOW64\log.txt
2013-11-25 08:54:29 ----D---- C:\Windows\system32\Tasks
2013-11-24 23:42:29 ----D---- C:\Users\Methanol\AppData\Roaming\TS3Client
2013-11-24 22:41:39 ----D---- C:\Windows\SysWOW64
2013-11-24 22:41:36 ----RD---- C:\Program Files (x86)
2013-11-24 17:08:19 ----D---- C:\Windows\Microsoft.NET
2013-11-24 14:01:34 ----D---- C:\ProgramData
2013-11-24 14:01:04 ----SHD---- C:\Windows\Installer
2013-11-24 14:01:04 ----D---- C:\ProgramData\AMD
2013-11-24 14:00:57 ----D---- C:\Program Files\ATI Technologies
2013-11-24 14:00:42 ----D---- C:\Windows\system32\catroot
2013-11-24 14:00:40 ----D---- C:\Windows\system32\DriverStore
2013-11-24 14:00:40 ----D---- C:\Windows\system32\drivers
2013-11-24 14:00:39 ----D---- C:\Windows\system32\catroot2
2013-11-24 14:00:15 ----SHD---- C:\System Volume Information
2013-11-24 13:59:48 ----RSD---- C:\Windows\assembly
2013-11-24 13:58:52 ----D---- C:\Windows\SYSWOW64\en-US
2013-11-24 13:58:52 ----D---- C:\Windows\system32\en-US
2013-11-22 22:52:53 ----D---- C:\Users\Methanol\AppData\Roaming\XBMC
2013-11-17 11:06:06 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-14 16:46:22 ----D---- C:\Program Files\McAfee Security Scan
2013-11-14 11:00:44 ----D---- C:\Windows\rescache
2013-11-13 18:20:45 ----D---- C:\Users\Methanol\AppData\Roaming\DAEMON Tools Lite
2013-11-13 18:17:34 ----D---- C:\Windows\winsxs
2013-11-13 18:16:38 ----D---- C:\Windows\SYSWOW64\cs-CZ
2013-11-13 18:16:38 ----D---- C:\Windows\system32\cs-CZ
2013-11-13 18:16:38 ----D---- C:\Program Files\Internet Explorer
2013-11-13 18:16:38 ----D---- C:\Program Files (x86)\Internet Explorer
2013-11-13 12:17:09 ----D---- C:\ProgramData\Microsoft Help
2013-11-13 12:16:25 ----D---- C:\Windows\system32\MRT
2013-11-13 12:15:37 ----A---- C:\Windows\system32\MRT.exe
2013-11-11 05:50:16 ----N---- C:\Windows\system32\MpSigStub.exe
2013-11-08 11:48:50 ----D---- C:\Program Files\SUPERAntiSpyware
2013-10-30 09:08:00 ----D---- C:\ProgramData\Skype
2013-10-30 09:07:59 ----RD---- C:\Program Files (x86)\Skype
2013-10-29 18:34:07 ----SD---- C:\Users\Methanol\AppData\Roaming\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-03-27 19224]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-11-13 381440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 VD_FileDisk;VD_FileDisk; C:\Windows\system32\drivers\VD_FileDisk.sys [2011-01-26 30312]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-10-08 12534784]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-10-08 619008]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2013-07-05 96256]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-06-12 4060560]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-03-27 356632]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-03-27 789272]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2013-05-23 76568]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2013-05-23 59160]
R3 MBfilt;MBfilt; C:\Windows\system32\drivers\MBfilt64.sys [2009-11-18 32344]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3; \??\C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2010-01-18 14136]
R3 PAC207;SoC PC-Camera; C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-02-16 676968]
R3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2011-07-01 31232]
S3 7ByteIo;7ByteIo; \??\C:\Program Files (x86)\Hot CPU Tester Pro 4 LE\SysInfoX64.sys []
S3 ALSysIO;ALSysIO; \??\C:\Users\Methanol\AppData\Local\Temp\ALSysIO64.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-10-08 12534784]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 cpuz130;cpuz130; \??\C:\Users\Methanol\AppData\Local\Temp\cpuz130\cpuz_x64.sys []
S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [2010-05-10 33592]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-05-18 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-05-18 27136]
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\syswow64\npptNT2.sys [2005-01-02 4682]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-22 14136]
S3 NTIOLib_1_0_6;NTIOLib_1_0_6; \??\C:\Program Files (x86)\Setup Files\Ms7752v260\NTIOLib_X64.sys [2011-01-06 11888]
S3 NTIOLib_1_0_C;NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 tap0801;TAP-Win32 Adapter V8; C:\Windows\system32\DRIVERS\tap0801.sys [2005-04-13 30720]
S3 tapoas;TAP-Win32 Adapter OAS; C:\Windows\system32\DRIVERS\tapoas.sys [2011-08-18 30720]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-05-18 9216]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 33280]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-05-18 9216]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
S4 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-10-08 239616]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-03-07 629984]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-03-29 165144]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-03-29 277784]
R2 MSI_SuperCharger;MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [2012-06-29 136704]
R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-07-13 769432]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2013-03-13 76888]
R2 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-03-29 363800]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-09-05 171680]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09 257416]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2013-06-13 357144]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-09-06 288776]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2012-09-20 30785672]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-11-16 119408]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\syswow64\GameMon.des [2011-03-28 4323256]
S3 OpenVPNService;OpenVPN Service; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [2011-07-01 14848]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-02-15 543144]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-06-30 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]

-----------------EOF-----------------

[Roli]

Zdravím, tohle fixni v HJT :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_m ... 1373054295
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchgol.com/?babsrc=HP_ss& ... 5&tsp=5019
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_m ... 1373054295
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_m ... 1373054295
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qvo6.com/web/?utm_source= ... IKAWK&ts=0
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.qvo6.com/web/?utm_source= ... IKAWK&ts=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage
R3 - URLSearchHook: (no name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - (no file)
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [NCUpdateHelper] C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Methanol\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Methanol\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Methanol\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q

HJT najdeš zde :

C:\Program Files\trend micro\Methanol.exe

Fix znamená že spustíš HJT jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Stáhni a ulož na plochu AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem spusť,

objeví se okno kde vlevo nahoře klikni na Scan.

Po té proběhne sken a po jeho skončení klikni na Report a to co na Tebe vypadne mi sem zkopíruj.


Pak použij Mbam z mého podpisu a také mi sem z něj dej log, předem nic nemazat !

[pepe3dx]

Vše jsem udělal jak jste chtěl...tady je log z "adwcleaner"....ještě jdu na ten MBAM..za chvilku ho sem postnu taky..


# AdwCleaner v3.013 - Report created 25/11/2013 at 18:46:46
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Methanol - METHANOL-PC
# Running from : C:\Users\Methanol\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Methanol\AppData\Roaming\Mozilla\Firefox\Profiles\i56gtefl.default-1353535022997\user.js
File Found : C:\Users\Methanol\AppData\Roaming\speedanalysis.ico
File Found : C:\Users\Methanol\Desktop\SpeedAnalysis.lnk
File Found : C:\Windows\System32\roboot64.exe
File Found : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
File Found : C:\Windows\System32\Tasks\Express FilesUpdate
File Found : C:\Windows\System32\Tasks\GoforFilesUpdate
File Found : C:\Windows\System32\Tasks\Omiga Plus RunAsStdUser
Folder Found : C:\Users\Methanol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Folder Found : C:\Users\Methanol\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Folder Found C:\Program Files (x86)\Desk 365
Folder Found C:\Program Files (x86)\ExpressFiles
Folder Found C:\Program Files (x86)\FTDownloader.com
Folder Found C:\Program Files (x86)\Gophoto.it
Folder Found C:\Program Files (x86)\Omiga Plus
Folder Found C:\Program Files (x86)\optimizer pro
Folder Found C:\Program Files (x86)\Perion
Folder Found C:\Program Files (x86)\SweetIM
Folder Found C:\Program Files (x86)\WinZipper
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\DSearchLink
Folder Found C:\ProgramData\eSafe
Folder Found C:\ProgramData\IBUpdaterService
Folder Found C:\ProgramData\Splashtop
Folder Found C:\ProgramData\Tarma Installer
Folder Found C:\Users\Lucinka\AppData\Roaming\Splashtop
Folder Found C:\Users\Methanol\AppData\Local\cool_mirage
Folder Found C:\Users\Methanol\AppData\Local\PutLockerDownloader
Folder Found C:\Users\Methanol\AppData\Roaming\337
Folder Found C:\Users\Methanol\AppData\Roaming\Babylon
Folder Found C:\Users\Methanol\AppData\Roaming\Desk 365
Folder Found C:\Users\Methanol\AppData\Roaming\eIntaller
Folder Found C:\Users\Methanol\AppData\Roaming\ExpressFiles
Folder Found C:\Users\Methanol\AppData\Roaming\goforfiles
Folder Found C:\Users\Methanol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
Folder Found C:\Users\Methanol\AppData\Roaming\Omiga Plus
Folder Found C:\Users\Methanol\AppData\Roaming\OpenCandy
Folder Found C:\Users\Methanol\AppData\Roaming\PerformerSoft
Folder Found C:\Users\Methanol\AppData\Roaming\registry mechanic
Folder Found C:\Users\Methanol\AppData\Roaming\Splashtop
Folder Found C:\Users\Methanol\AppData\Roaming\Systweak
Folder Found C:\Users\Methanol\AppData\Roaming\WinZipper

***** [ Shortcuts ] *****

Shortcut Found : C:\Users\Public\Desktop\Mozilla Firefox.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=a ... 1373054295 )
Shortcut Found : C:\Users\Methanol\Desktop\Google Chrome.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=a ... 1373054295 )
Shortcut Found : C:\Users\Methanol\Desktop\Search.lnk ( -url hxxp://www.searchgol.com/?babsrc=DT_ss&mntrId= ... 5&tsp=5019 -wbr 2 )
Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=a ... 1373054295 )
Shortcut Found : C:\Users\Methanol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=a ... 1373054295 )
Shortcut Found : C:\Users\Methanol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=a ... 1373054295 )
Shortcut Found : C:\Users\Methanol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=a ... 1373054295 )
Shortcut Found : C:\Users\Methanol\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=a ... 1373054295 )

***** [ Registry ] *****

Data Found : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=a ... 1373054295
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\BI
Key Found : HKCU\Software\Classes\pokki
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\ExpressFiles
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C}
Key Found : HKCU\Software\Splashtop Inc.
Key Found : [x64] HKCU\Software\1ClickDownload
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\BI
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\ExpressFiles
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : [x64] HKCU\Software\Splashtop Inc.
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{82A5CE4D-AF0C-45B6-8AF8-75625BE6A08D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B2B7E0CD-E169-43B3-A233-E129610EE314}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\FTDownloader
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A1A533A8-E106-422B-AE29-D0025269AF83}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B1759D04-0EF9-472A-B5C3-C774997B5321}
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Desksvc
Key Found : HKLM\Software\ExpressFiles
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lgnbhdnimikkoodkogjlcllngimhlapp
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Key Found : HKLM\Software\hdcode
Key Found : HKLM\Software\IB Updater
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80ED3EBC-CC05-4336-ABCC-295798855718}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1(1)_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1(1)_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Found : HKLM\Software\omigaplusSvc
Key Found : HKLM\Software\PerformerSoft
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\qvo6Software
Key Found : HKLM\Software\Splashtop Inc.
Key Found : HKLM\Software\systweak
Key Found : HKLM\Software\winzipersvc
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : [x64] HKLM\SOFTWARE\IB Updater
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Value Found : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.Old.Start Page] - about:splashtopconnect
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.qvo6.com/?utm_source=b&utm_medium=a ... 1373054295
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.qvo6.com/?utm_source=b&utm_medium=a ... 1373054295

-\\ Mozilla Firefox v25.0.1 (cs)

[ File : C:\Users\Methanol\AppData\Roaming\Mozilla\Firefox\Profiles\i56gtefl.default-1353535022997\prefs.js ]

Line Found : user_pref("extensions.incredibar.admin", false);
Line Found : user_pref("extensions.incredibar.aflt", "orgnl");
Line Found : user_pref("extensions.incredibar.cntry", "CZ");
Line Found : user_pref("extensions.incredibar.dfltLng", "");
Line Found : user_pref("extensions.incredibar.dfltSrch", false);
Line Found : user_pref("extensions.incredibar.did", "10643");
Line Found : user_pref("extensions.incredibar.envrmnt", "production");
Line Found : user_pref("extensions.incredibar.excTlbr", false);
Line Found : user_pref("extensions.incredibar.hdrMd5", "21F7A194C30D96EEF214EDE9A69A3F12");
Line Found : user_pref("extensions.incredibar.hmpg", false);
Line Found : user_pref("extensions.incredibar.id", "4eb9f41900000000000000ffd2ab9e0a");
Line Found : user_pref("extensions.incredibar.installerproductid", "26");
Line Found : user_pref("extensions.incredibar.instlDay", "15729");
Line Found : user_pref("extensions.incredibar.instlRef", "");
Line Found : user_pref("extensions.incredibar.isDcmntCmplt", true);
Line Found : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1411:33:44");
Line Found : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Line Found : user_pref("extensions.incredibar.newTab", false);
Line Found : user_pref("extensions.incredibar.noFFXTlbr", false);
Line Found : user_pref("extensions.incredibar.ppd", "1");
Line Found : user_pref("extensions.incredibar.prdct", "incredibar");
Line Found : user_pref("extensions.incredibar.productid", "26");
Line Found : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Line Found : user_pref("extensions.incredibar.sg", "none");
Line Found : user_pref("extensions.incredibar.smplGrp", "none");
Line Found : user_pref("extensions.incredibar.tlbrId", "base");
Line Found : user_pref("extensions.incredibar.upn2", "6Oz1f10bQo");
Line Found : user_pref("extensions.incredibar.upn2n", "92262851625093324");
Line Found : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Line Found : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1411:33:44");
Line Found : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Line Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
Line Found : user_pref("extensions.incredibar_i.dfltLng", "");
Line Found : user_pref("extensions.incredibar_i.did", "10643");
Line Found : user_pref("extensions.incredibar_i.excTlbr", false);
Line Found : user_pref("extensions.incredibar_i.id", "4eb9f41900000000000000ffd2ab9e0a");
Line Found : user_pref("extensions.incredibar_i.installerproductid", "26");
Line Found : user_pref("extensions.incredibar_i.instlDay", "15729");
Line Found : user_pref("extensions.incredibar_i.instlRef", "");
Line Found : user_pref("extensions.incredibar_i.ms_url_id", "");
Line Found : user_pref("extensions.incredibar_i.newTab", false);
Line Found : user_pref("extensions.incredibar_i.ppd", "1");
Line Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
Line Found : user_pref("extensions.incredibar_i.productid", "26");
Line Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Line Found : user_pref("extensions.incredibar_i.smplGrp", "none");
Line Found : user_pref("extensions.incredibar_i.tlbrId", "base");
Line Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6Oz1f10bQo&loc=IB_TB&i=26&search=");
Line Found : user_pref("extensions.incredibar_i.upn2", "6Oz1f10bQo");
Line Found : user_pref("extensions.incredibar_i.upn2n", "92262851625093324");
Line Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Line Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1411:33:44");
Line Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Line Found : user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");
Line Found : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Found : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=CDF5F45E-3074-4B3A-877F-319E686D9010&n=77fcded4&ind=2013060820&p2=^Y6^xdm007^YY^cz&si=[...]
Line Found : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
Line Found : user_pref("extensions.toolbar.mindspark._65Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=CDF5F45E-3074-4B3A-877F-319E686D9010&n=77fcded4&p2=^Y6^xdm007^YY^cz&si=CNXLhNON1bcCFc2R3godu[...]
Line Found : user_pref("extensions.toolbar.mindspark._65Members_.hp.enabled", true);
Line Found : user_pref("extensions.toolbar.mindspark._65Members_.initialized", true);
Line Found : user_pref("extensions.toolbar.mindspark._65Members_.installation.contextKey", "");
Line Found : user_pref("extensions.toolbar.mindspark._65Members_.installation.installDate", "2013060820");
Line Found : user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerId", "^Y6^xdm007^YY^cz");
Line Found : user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerSubId", "CNXLhNON1bcCFc2R3goduwgAcg");
Line Found : user_pref("extensions.toolbar.mindspark._65Members_.installation.success", true);
Line Found : user_pref("extensions.toolbar.mindspark._65Members_.installation.toolbarId", "CDF5F45E-3074-4B3A-877F-319E686D9010");
Line Found : user_pref("extensions.toolbar.mindspark._65Members_.lastActivePing", "1370766729748");
Line Found : user_pref("extensions.toolbar.mindspark._65Members_.options.defaultSearch", true);
Line Found : user_pref("extensions.toolbar.mindspark._65Members_.options.homePageEnabled", true);
Line Found : user_pref("extensions.toolbar.mindspark._65Members_.options.tabEnabled", true);
Line Found : user_pref("extensions.toolbar.mindspark._65Members_.weather.location", "10001");
Line Found : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
Line Found : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "fromdoctopdf@mindspark.com");
Line Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "fromdoctopdf@mindspark.com");

[ File : C:\Users\Lucinka\AppData\Roaming\Mozilla\Firefox\Profiles\6fazuvly.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Methanol\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : icon_url
Found : search_url
Found : keyword
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [18100 octets] - [25/11/2013 18:46:46]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [18161 octets] ##########

[pepe3dx]

A tady je log z MBAM..ještě jsem tam nic nemazal..počkám co vy na to..


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2013.11.25.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Methanol :: METHANOL-PC [administrátor]

25.11.2013 18:53:30
MBAM-log-2013-11-25 (18-55-04).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 239456
Uplynulý čas: 1 minut, 17 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 10
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Nebyla provedena žádná instrukce.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Nebyla provedena žádná instrukce.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\qvo6Software (PUP.Optional.qvo6.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk (PUP.Optional.Gophoto.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\PerformerSoft\PC Performer (PUP.Optional.PCPerformer.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 4
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0R1K1F2V1S1N0W1JtG1RtF1I -> Nebyla provedena žádná instrukce.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {BEBC5163-E5AA-11E2-9B40-8C89A5C1DFB4} -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Mozilla\Firefox\extensions|{336D0C35-8A85-403a-B9D2-65C292C39087} (PUP.Optional.Incredibar) -> Data: C:\Program Files\IB Updater\Firefox -> Nebyla provedena žádná instrukce.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {BEBC5163-E5AA-11E2-9B40-8C89A5C1DFB4} -> Nebyla provedena žádná instrukce.

Nalezené datové položky v registru: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Špatný: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Dobrý: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Nebyla provedena žádná instrukce.

Nalezené složky: 24
C:\ProgramData\IBUPDATERSERVICE (Adware.InstallBrain) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Nebyla provedena žádná instrukce.
C:\ProgramData\eSafe (PUP.Optional.Esafe.A) -> Nebyla provedena žádná instrukce.
C:\ProgramData\eSafe\log (PUP.Optional.Esafe.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365 (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\app (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\app\config (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\app\config\1 (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\app\config\3 (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\app\config\35 (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\app\config\36 (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\app\config\39 (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\app\config\4 (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\app\config\41 (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\app\config\42 (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\desk_bkg (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\icons (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\promote (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\sysicons (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\wp (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\Desk 365 (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\Gophoto.it (PUP.Optional.Gophoto.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\OPENCANDY (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\OPENCANDY\F66F5067E07844429BDD1F8CE335D2F0 (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.

Nalezené soubory: 109
C:\ProgramData\DSearchLink\DSearchLink.exe (PUP.Optional.Delta.A) -> Nebyla provedena žádná instrukce.
C:\ProgramData\eSafe\eGdpSvc.exe (PUP.Optional.Wsys.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\eIntaller\40813846EEF2409d84EEE2D15D336232\Desk365.exe (PUP.Optional.E7) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\eIntaller\40813846EEF2409d84EEE2D15D336232\eGdpSvc.exe (PUP.Optional.Wsys.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Omiga Plus\wallpaper_components.exe (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\Downloads\django-trzr.avi.exe (PUP.Optional.Installrex) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\Downloads\FreeCodecPackSetup.exe (Adware.InstallBrain) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\Downloads\Rise_Of_The_Footsoldier_KLAXXON.exe (PUP.Optional.OneClickDownloader.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\Downloads\the ghost writer.exe (PUP.Optional.Installrex) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\Downloads\The.Ghost.Writer.2010.720p.BluRay.X264-AMIABLE.mkv_downloader_cz_98828.exe (PUP.Optional.GoForFiles.A) -> Nebyla provedena žádná instrukce.
C:\ProgramData\IBUPDATERSERVICE\REPOSITORY.XML (Adware.InstallBrain) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Nebyla provedena žádná instrukce.
C:\ProgramData\eSafe\EDELAYINFO.EDB (PUP.Optional.Esafe.A) -> Nebyla provedena žádná instrukce.
C:\ProgramData\eSafe\log\eGdpSvc.LOG (PUP.Optional.Esafe.A) -> Nebyla provedena žádná instrukce.
C:\ProgramData\eSafe\log\eSafeSvc.LOG (PUP.Optional.Esafe.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\promote.xml (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\accelerate (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\desk_bkg_list.xml (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\desk_list.xml (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\desk_settings.ini (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\firstrun (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\process_mgr.xml (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\app\config\1\angrybirds.db (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\app\config\1\angrybirds.ico (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\app\config\3\BigFarm.db (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\app\config\3\BigFarm.ico (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\app\config\35\Gmail.db (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\app\config\35\Gmail.ico (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\app\config\36\Outlook.db (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\app\config\36\Outlook.ico (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\app\config\39\ESPN.db (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\app\config\39\ESPN.ico (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\app\config\4\Empire.db (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\app\config\4\Empire.ico (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\app\config\41\gcalendar.db (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\app\config\41\gcalendar.ico (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\app\config\42\pulse.db (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\app\config\42\pulse.ico (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_1.png (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_2.png (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_3.png (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_4.png (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_5.png (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_default.png (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\icons\337_7c9140b13c049fd26989f7fa25b77cb1_48_48.png (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\icons\angrybirds_00ff92c12703baaf0130d6aec427d047_48_48.png (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\icons\Barbie_00a67ff4ef657679a6c88553135d62ad_48_48.png (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\icons\BigFarm_de933b0e5218a4db24bebe3d55ed3558_48_48.png (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\icons\Button-time_d30de71bc5bbe73f78752664b2bfb8c8_48_48.png (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\icons\chrome_0ba9cd4c509dce4883fe6bb0ed36955e.ico (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\icons\chrome_0ba9cd4c509dce4883fe6bb0ed36955e_48_48.png (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\icons\Empire_22b42f57d1c467841280810e218d5510_48_48.png (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\icons\ESPN_a7b078f5f5f5b87efcef66ab5783cf9d_48_48.png (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\icons\ExpressFiles_a13acac2b34b07f491a1f44d417f0d71.ico (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\icons\ExpressFiles_a13acac2b34b07f491a1f44d417f0d71_48_48.png (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\icons\Facebook_aab07bc79cf599b25c0110f32d46a3ef_48_48.png (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\icons\firefox_e0f89828e254c4cbac56d7db735b7dd6.ico (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\icons\firefox_e0f89828e254c4cbac56d7db735b7dd6_48_48.png (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\icons\gcalendar_50b3e3c5fc202f0cfcae8032b2465c1b_48_48.png (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\icons\Gmail_731b6d011bd9f67463a916a496775935_48_48.png (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\icons\Google_60d75cb277f0c452fa60dba8350caf65_48_48.png (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\icons\iexplore_d961e92e13d8a8cf69b4ca0a867c77bd.ico (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\icons\iexplore_d961e92e13d8a8cf69b4ca0a867c77bd_48_48.png (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\icons\Mario_52934d81761dc31187a93a3a0be7fecc_48_48.png (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\icons\Outlook_6f817b67fa6af1a9c8abfa3813a8595c_48_48.png (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\icons\pulse_b5a242da04cc06eacd02b1ca41e3583c_48_48.png (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\icons\sys_computer_48_48.png (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\icons\sys_control_panel_48_48.png (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\icons\Twitter_ebddd85ec04b7b94a2b2e97b73a90a4a_48_48.png (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\icons\WTFast_0697a677dddda9ad1f4e98ee9e758ef5.ico (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\icons\WTFast_0697a677dddda9ad1f4e98ee9e758ef5_48_48.png (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\icons\Youtube_bf18fdfc4aefd6417a8bacae4be5b415_48_48.png (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\promote\337.ico (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\promote\337_7c9140b13c049fd26989f7fa25b77cb1.ico (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\promote\barbie.ico (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\promote\Barbie_00a67ff4ef657679a6c88553135d62ad.ico (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\promote\facebook.ico (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\promote\Facebook_aab07bc79cf599b25c0110f32d46a3ef.ico (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\promote\GameCenter.ico (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\promote\google.ico (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\promote\Google_60d75cb277f0c452fa60dba8350caf65.ico (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\promote\mario.ico (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\promote\Mario_52934d81761dc31187a93a3a0be7fecc.ico (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\promote\twitter.ico (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\promote\Twitter_ebddd85ec04b7b94a2b2e97b73a90a4a.ico (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\promote\v9.ico (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\promote\youtube.ico (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\promote\Youtube_bf18fdfc4aefd6417a8bacae4be5b415.ico (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\sysicons\imageres.dll_104.ico (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\sysicons\shell32.dll_21.ico (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\wp\r0.jpg (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\wp\r1.jpg (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\wp\r2.jpg (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\wp\r3.jpg (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\wp\r4.jpg (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\wp\r5.jpg (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\wp\r6.jpg (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\wp\r7.jpg (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\wp\r8.jpg (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\Desk 365\wp\r9.jpg (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\Desk 365\promote.xml (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\Desk 365\desk_bkg_list.xml (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\Desk 365\desk_list.xml (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\Desk 365\desk_settings.ini (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\Desk 365\process_mgr.xml (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\Desk 365\recent.xml (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\SPEEDANALYSIS.ICO (PUP.Optional.SpeedAnalysis2.A) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\Gophoto.it\gophotoit14.crx (PUP.Optional.Gophoto.A) -> Nebyla provedena žádná instrukce.
C:\Users\Methanol\AppData\Roaming\OPENCANDY\F66F5067E07844429BDD1F8CE335D2F0\version512e990dafdb7.exe (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.

(konec)

[Roli]

Nooo hezký.


Znovu spusť AdwCleaner ale tentokrát klikni na Clean,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té mi sem zase zkopíruj Report.


To co Mbam našel nech vše smazat a pak mi sem z něj dej zase log.

[pepe3dx]

Tady je log z AdwCleaner po rst...


# AdwCleaner v3.013 - Report created 25/11/2013 at 21:01:26
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Methanol - METHANOL-PC
# Running from : C:\Users\Methanol\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\DSearchLink
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\ProgramData\Splashtop
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Desk 365
Folder Deleted : C:\Program Files (x86)\ExpressFiles
Folder Deleted : C:\Program Files (x86)\FTDownloader.com
Folder Deleted : C:\Program Files (x86)\Gophoto.it
Folder Deleted : C:\Program Files (x86)\Omiga Plus
Folder Deleted : C:\Program Files (x86)\optimizer pro
Folder Deleted : C:\Program Files (x86)\Perion
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Program Files (x86)\WinZipper
Folder Deleted : C:\Users\Methanol\AppData\Local\cool_mirage
Folder Deleted : C:\Users\Methanol\AppData\Local\PutLockerDownloader
Folder Deleted : C:\Users\Methanol\AppData\Roaming\337
Folder Deleted : C:\Users\Methanol\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Methanol\AppData\Roaming\Desk 365
Folder Deleted : C:\Users\Methanol\AppData\Roaming\eIntaller
Folder Deleted : C:\Users\Methanol\AppData\Roaming\ExpressFiles
Folder Deleted : C:\Users\Methanol\AppData\Roaming\goforfiles
Folder Deleted : C:\Users\Methanol\AppData\Roaming\Omiga Plus
Folder Deleted : C:\Users\Methanol\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Methanol\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Methanol\AppData\Roaming\registry mechanic
Folder Deleted : C:\Users\Methanol\AppData\Roaming\Splashtop
Folder Deleted : C:\Users\Methanol\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Methanol\AppData\Roaming\WinZipper
Folder Deleted : C:\Users\Methanol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
Folder Deleted : C:\Users\Lucinka\AppData\Roaming\Splashtop
Folder Deleted : C:\Users\Methanol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Folder Deleted : C:\Users\Methanol\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Methanol\AppData\Roaming\speedanalysis.ico
File Deleted : C:\Users\Methanol\Desktop\SpeedAnalysis.lnk
File Deleted : C:\Users\Methanol\AppData\Roaming\Mozilla\Firefox\Profiles\i56gtefl.default-1353535022997\user.js
File Deleted : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
File Deleted : C:\Windows\System32\Tasks\Express FilesUpdate
File Deleted : C:\Windows\System32\Tasks\GoforFilesUpdate
File Deleted : C:\Windows\System32\Tasks\Omiga Plus RunAsStdUser

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Methanol\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Methanol\Desktop\Search.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Methanol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Methanol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Methanol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Methanol\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lgnbhdnimikkoodkogjlcllngimhlapp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Key Deleted : HKCU\Software\Classes\pokki
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\FTDownloader
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1(1)_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1(1)_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{82A5CE4D-AF0C-45B6-8AF8-75625BE6A08D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B2B7E0CD-E169-43B3-A233-E129610EE314}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1A533A8-E106-422B-AE29-D0025269AF83}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B1759D04-0EF9-472A-B5C3-C774997B5321}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80ED3EBC-CC05-4336-ABCC-295798855718}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Splashtop Inc.
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Desksvc
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\hdcode
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\Software\omigaplusSvc
Key Deleted : HKLM\Software\PerformerSoft
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\qvo6Software
Key Deleted : HKLM\Software\Splashtop Inc.
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\winzipersvc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : [x64] HKLM\SOFTWARE\IB Updater
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.Old.Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v25.0.1 (cs)

[ File : C:\Users\Methanol\AppData\Roaming\Mozilla\Firefox\Profiles\i56gtefl.default-1353535022997\prefs.js ]

Line Deleted : user_pref("extensions.incredibar.admin", false);
Line Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Line Deleted : user_pref("extensions.incredibar.cntry", "CZ");
Line Deleted : user_pref("extensions.incredibar.dfltLng", "");
Line Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Line Deleted : user_pref("extensions.incredibar.did", "10643");
Line Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Line Deleted : user_pref("extensions.incredibar.excTlbr", false);
Line Deleted : user_pref("extensions.incredibar.hdrMd5", "21F7A194C30D96EEF214EDE9A69A3F12");
Line Deleted : user_pref("extensions.incredibar.hmpg", false);
Line Deleted : user_pref("extensions.incredibar.id", "4eb9f41900000000000000ffd2ab9e0a");
Line Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Line Deleted : user_pref("extensions.incredibar.instlDay", "15729");
Line Deleted : user_pref("extensions.incredibar.instlRef", "");
Line Deleted : user_pref("extensions.incredibar.isDcmntCmplt", true);
Line Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1411:33:44");
Line Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Line Deleted : user_pref("extensions.incredibar.newTab", false);
Line Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Line Deleted : user_pref("extensions.incredibar.ppd", "1");
Line Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Line Deleted : user_pref("extensions.incredibar.productid", "26");
Line Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Line Deleted : user_pref("extensions.incredibar.sg", "none");
Line Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Line Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Line Deleted : user_pref("extensions.incredibar.upn2", "6Oz1f10bQo");
Line Deleted : user_pref("extensions.incredibar.upn2n", "92262851625093324");
Line Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Line Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1411:33:44");
Line Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Line Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Line Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Line Deleted : user_pref("extensions.incredibar_i.did", "10643");
Line Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Line Deleted : user_pref("extensions.incredibar_i.id", "4eb9f41900000000000000ffd2ab9e0a");
Line Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Line Deleted : user_pref("extensions.incredibar_i.instlDay", "15729");
Line Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Line Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Line Deleted : user_pref("extensions.incredibar_i.newTab", false);
Line Deleted : user_pref("extensions.incredibar_i.ppd", "1");
Line Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Line Deleted : user_pref("extensions.incredibar_i.productid", "26");
Line Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Line Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6Oz1f10bQo&loc=IB_TB&i=26&search=");
Line Deleted : user_pref("extensions.incredibar_i.upn2", "6Oz1f10bQo");
Line Deleted : user_pref("extensions.incredibar_i.upn2n", "92262851625093324");
Line Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Line Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1411:33:44");
Line Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Line Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=CDF5F45E-3074-4B3A-877F-319E686D9010&n=77fcded4&ind=2013060820&p2=^Y6^xdm007^YY^cz&si=[...]
Line Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=CDF5F45E-3074-4B3A-877F-319E686D9010&n=77fcded4&p2=^Y6^xdm007^YY^cz&si=CNXLhNON1bcCFc2R3godu[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.installDate", "2013060820");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerId", "^Y6^xdm007^YY^cz");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerSubId", "CNXLhNON1bcCFc2R3goduwgAcg");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.toolbarId", "CDF5F45E-3074-4B3A-877F-319E686D9010");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.lastActivePing", "1370766729748");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.options.defaultSearch", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.options.homePageEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.options.tabEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.weather.location", "10001");
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "fromdoctopdf@mindspark.com");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "fromdoctopdf@mindspark.com");

[ File : C:\Users\Lucinka\AppData\Roaming\Mozilla\Firefox\Profiles\6fazuvly.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Methanol\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : icon_url
Deleted : search_url
Deleted : keyword
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [18326 octets] - [25/11/2013 18:46:46]
AdwCleaner[R1].txt - [18387 octets] - [25/11/2013 21:01:11]
AdwCleaner[S0].txt - [16766 octets] - [25/11/2013 21:01:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16827 octets] ##########

[pepe3dx]

Log z MBam dal jsem vše označit a odstranit...o5 proběhl restart..


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2013.11.25.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Methanol :: METHANOL-PC [administrátor]

25.11.2013 21:05:53
mbam-log-2013-11-25 (21-05-53).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 238820
Uplynulý čas: 1 minut, 14 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Přesun do karantény a smazání se zdařilo.

Nalezené hodnoty v registru: 1
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {BEBC5163-E5AA-11E2-9B40-8C89A5C1DFB4} -> Přesun do karantény a smazání se zdařilo.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 5
C:\Users\Methanol\Downloads\django-trzr.avi.exe (PUP.Optional.Installrex) -> Přesun do karantény a smazání se zdařilo.
C:\Users\Methanol\Downloads\FreeCodecPackSetup.exe (Adware.InstallBrain) -> Přesun do karantény a smazání se zdařilo.
C:\Users\Methanol\Downloads\Rise_Of_The_Footsoldier_KLAXXON.exe (PUP.Optional.OneClickDownloader.A) -> Přesun do karantény a smazání se zdařilo.
C:\Users\Methanol\Downloads\the ghost writer.exe (PUP.Optional.Installrex) -> Přesun do karantény a smazání se zdařilo.
C:\Users\Methanol\Downloads\The.Ghost.Writer.2010.720p.BluRay.X264-AMIABLE.mkv_downloader_cz_98828.exe (PUP.Optional.GoForFiles.A) -> Přesun do karantény a smazání se zdařilo.

(konec)

[Roli]

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

[pepe3dx]

Zde je log z ComFix..měl jsem ho na ploše od minule, lae zaktualizoval se udělal scan..potom vyhodil log..


ComboFix 13-11-23.02 - Methanol 26.11.2013 19:36:21.8.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.8146.6576 [GMT 1:00]
Spuštěný z: c:\users\Methanol\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Methanol\AppData\Local\assembly\tmp
c:\users\Methanol\Desktop\Search.lnk
c:\windows\SysWow64\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-26 do 2013-11-26 )))))))))))))))))))))))))))))))
.
.
2013-11-26 18:38 . 2013-11-26 18:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-11-26 18:38 . 2013-11-26 18:38 -------- d-----w- c:\users\Lucinka\AppData\Local\temp
2013-11-26 18:38 . 2013-11-26 18:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-26 10:11 . 2013-11-26 10:11 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EEB6CE96-C992-4690-8174-5A88A5FE32DE}\offreg.dll
2013-11-26 08:08 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EEB6CE96-C992-4690-8174-5A88A5FE32DE}\mpengine.dll
2013-11-25 23:49 . 2013-10-14 17:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-11-25 17:46 . 2013-11-25 20:01 -------- d-----w- C:\AdwCleaner
2013-11-25 14:22 . 2013-11-25 14:22 -------- d-----w- C:\rsit
2013-11-24 21:41 . 2013-06-09 20:59 216064 ----a-w- c:\windows\SysWow64\gcapi_dll.dll
2013-11-24 21:41 . 2013-11-24 21:41 -------- d-----w- c:\users\Methanol\AppData\Roaming\Foxit Software
2013-11-24 21:41 . 2013-11-24 21:41 -------- d-----w- c:\program files (x86)\Foxit Software
2013-11-24 13:01 . 2013-11-24 13:01 -------- d-----w- c:\programdata\ATI
2013-11-24 13:01 . 2013-11-24 13:01 -------- d-----w- c:\program files (x86)\AMD AVT
2013-11-24 12:38 . 2013-11-24 13:00 -------- d-----w- c:\programdata\Package Cache
2013-11-13 17:33 . 2013-11-13 17:33 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2013-11-10 11:21 . 2013-11-10 16:14 -------- d-----w- c:\users\Methanol\AppData\Roaming\Awesomium
2013-10-29 18:51 . 2013-10-29 18:51 -------- d-----w- c:\users\Methanol\AppData\Local\AAA_Internet_Publishing,_
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-13 17:33 . 2012-07-05 12:36 381440 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-11-13 11:15 . 2012-06-30 12:30 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-11 04:50 . 2012-06-30 09:17 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-10-12 22:47 . 2013-10-12 22:47 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2013-10-09 12:11 . 2012-06-30 09:31 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-08 14:01 . 2013-10-08 14:01 156712 ----a-w- c:\windows\system32\amdhcp64.dll
2013-10-08 14:01 . 2013-10-08 14:01 141256 ----a-w- c:\windows\SysWow64\amdhcp32.dll
2013-10-08 14:01 . 2013-10-08 14:01 78432 ----a-w- c:\windows\system32\atimpc64.dll
2013-10-08 14:01 . 2013-10-08 14:01 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2013-10-08 14:01 . 2013-10-08 14:01 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2013-10-08 14:01 . 2013-10-08 14:01 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2013-10-08 14:01 . 2012-04-06 01:09 142792 ----a-w- c:\windows\system32\atiuxp64.dll
2013-10-08 14:01 . 2012-04-06 01:09 125824 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2013-10-08 14:01 . 2012-12-19 19:31 114488 ----a-w- c:\windows\system32\atiu9p64.dll
2013-10-08 14:01 . 2012-04-06 01:09 97984 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2013-10-08 14:01 . 2012-04-06 02:20 1237200 ----a-w- c:\windows\system32\aticfx64.dll
2013-10-08 14:01 . 2012-04-06 02:21 1030128 ----a-w- c:\windows\SysWow64\aticfx32.dll
2013-10-08 14:00 . 2012-04-06 01:54 9464840 ----a-w- c:\windows\system32\atidxx64.dll
2013-10-08 14:00 . 2012-09-28 01:39 8215992 ----a-w- c:\windows\SysWow64\atidxx32.dll
2013-10-08 14:00 . 2012-09-28 01:22 6176008 ----a-w- c:\windows\SysWow64\atiumdva.dll
2013-10-08 14:00 . 2012-09-28 02:23 6189416 ----a-w- c:\windows\SysWow64\atiumdag.dll
2013-10-08 14:00 . 2012-12-19 19:59 6767240 ----a-w- c:\windows\system32\atiumd6a.dll
2013-10-08 14:00 . 2012-12-19 19:44 7256496 ----a-w- c:\windows\system32\atiumd64.dll
2013-10-08 13:58 . 2013-10-08 13:58 12534784 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-10-08 13:39 . 2013-10-08 13:39 229376 ----a-w- c:\windows\system32\clinfo.exe
2013-10-08 13:39 . 2013-10-08 13:39 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
2013-10-08 13:38 . 2013-10-08 13:38 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2013-10-08 13:38 . 2013-10-08 13:38 127488 ----a-w- c:\windows\system32\coinst_13.152.1.8.dll
2013-10-08 13:38 . 2013-10-08 13:38 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2013-10-08 13:38 . 2013-10-08 13:38 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
2013-10-08 13:38 . 2013-10-08 13:38 28192256 ----a-w- c:\windows\system32\amdocl64.dll
2013-10-08 13:36 . 2013-10-08 13:36 23761408 ----a-w- c:\windows\SysWow64\amdocl.dll
2013-10-08 13:34 . 2013-10-08 13:34 63488 ----a-w- c:\windows\system32\OpenCL.dll
2013-10-08 13:34 . 2013-10-08 13:34 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-10-08 13:17 . 2013-10-08 13:17 25385984 ----a-w- c:\windows\system32\atio6axx.dll
2013-10-08 13:13 . 2013-10-08 13:13 368640 ----a-w- c:\windows\system32\atiapfxx.exe
2013-10-08 13:13 . 2013-10-08 13:13 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2013-10-08 13:13 . 2013-10-08 13:13 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2013-10-08 13:13 . 2013-10-08 13:13 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2013-10-08 13:13 . 2013-10-08 13:13 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2013-10-08 13:13 . 2013-10-08 13:13 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2013-10-08 13:09 . 2013-10-08 13:09 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2013-10-08 13:00 . 2013-10-08 13:00 21400064 ----a-w- c:\windows\SysWow64\atioglxx.dll
2013-10-08 12:54 . 2013-10-08 12:54 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-10-08 12:53 . 2013-10-08 12:53 26112 ----a-w- c:\windows\system32\atimuixx.dll
2013-10-08 12:53 . 2013-10-08 12:53 576512 ----a-w- c:\windows\system32\atieclxx.exe
2013-10-08 12:52 . 2013-10-08 12:52 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2013-10-08 12:51 . 2013-10-08 12:51 190976 ----a-w- c:\windows\system32\atitmm64.dll
2013-10-08 12:29 . 2013-10-08 12:29 96256 ----a-w- c:\windows\system32\amdave64.dll
2013-10-08 12:28 . 2013-10-08 12:28 90624 ----a-w- c:\windows\SysWow64\amdave32.dll
2013-10-08 12:28 . 2013-10-08 12:28 89088 ----a-w- c:\windows\system32\atisamu64.dll
2013-10-08 12:28 . 2013-10-08 12:28 784384 ----a-w- c:\windows\system32\atiadlxx.dll
2013-10-08 12:28 . 2013-10-08 12:28 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll
2013-10-08 12:28 . 2013-10-08 12:28 594944 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2013-10-08 12:28 . 2013-10-08 12:28 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2013-10-08 12:28 . 2013-10-08 12:28 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2013-10-08 12:28 . 2013-10-08 12:28 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2013-10-08 12:28 . 2013-10-08 12:28 100352 ----a-w- c:\windows\system32\atig6txx.dll
2013-10-08 12:27 . 2013-10-08 12:27 96768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2013-10-08 12:27 . 2013-10-08 12:27 619008 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2013-10-08 12:24 . 2013-10-08 12:24 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-10-08 08:50 . 2013-10-08 08:50 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2013-10-08 08:45 . 2013-10-08 08:45 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2013-10-05 08:18 . 2013-10-05 08:18 53248 ----a-r- c:\users\Methanol\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-10-05 08:18 . 2013-01-31 21:27 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-09-25 02:22 . 2013-11-13 08:34 340992 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 01:57 . 2013-11-13 08:34 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-09-17 13:56 . 2013-03-13 12:26 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-09-17 13:56 . 2013-03-13 12:26 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-09-17 13:45 . 2013-03-13 12:26 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-09-08 02:30 . 2013-10-10 08:16 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-10 08:16 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-10 08:16 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-08-29 02:17 . 2013-10-10 08:16 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-10 08:16 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-10 08:16 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-10 08:16 859648 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-10 08:16 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-10 08:16 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-10 08:16 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-10 08:16 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-10 08:16 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-10 08:16 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-10 08:16 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-10 08:16 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-29 01:29 . 2013-10-10 08:16 33280 ----a-w- c:\windows\system32\drivers\usbser.sys
2013-08-29 00:49 . 2013-10-10 08:16 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-10 08:16 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-10 08:16 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-10 08:16 2048 ----a-w- c:\windows\SysWow64\user.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-11-08 6604568]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-02 20472992]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-06-16 1500160]
"icq"="c:\users\Methanol\AppData\Roaming\ICQM\icq.exe" [2013-06-22 27598184]
"WTFast Tray"="a:\wtfast\WTFast.exe" [2013-10-24 2533336]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2011-08-29 1517056]
"ControlCenterCount"="c:\program files (x86)\MSI\ControlCenter\ControlCenterCount.exe" [2012-03-26 872448]
"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2012-07-27 495616]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-10-08 766208]
"NCUpdateHelper"="c:\program files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe" [2013-07-30 528360]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
.
c:\users\Lucinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Registrace produktu.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe /remind /language=CSY /_WFM="." [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 7ByteIo;7ByteIo;c:\program files (x86)\Hot CPU Tester Pro 4 LE\SysInfoX64.sys;c:\program files (x86)\Hot CPU Tester Pro 4 LE\SysInfoX64.sys [x]
R3 ALSysIO;ALSysIO;c:\users\Methanol\AppData\Local\Temp\ALSysIO64.sys;c:\users\Methanol\AppData\Local\Temp\ALSysIO64.sys [x]
R3 cpuz130;cpuz130;c:\users\Methanol\AppData\Local\Temp\cpuz130\cpuz_x64.sys;c:\users\Methanol\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_6;NTIOLib_1_0_6;c:\program files (x86)\Setup Files\Ms7752v260\NTIOLib_X64.sys;c:\program files (x86)\Setup Files\Ms7752v260\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;e:\ntiolib_x64.sys;e:\NTIOLib_X64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys;c:\windows\SYSNATIVE\DRIVERS\tap0801.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S1 VD_FileDisk;VD_FileDisk; [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
S3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS;c:\windows\SYSNATIVE\DRIVERS\PFC027.SYS [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-30 12:11]
.
2013-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2973342720-1030308514-1458377291-1000Core.job
- c:\users\Methanol\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-10 09:21]
.
2013-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2973342720-1030308514-1458377291-1000UA.job
- c:\users\Methanol\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-10 09:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 3091224]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Methanol\AppData\Roaming\Mozilla\Firefox\Profiles\i56gtefl.default-1353535022997\
FF - prefs.js: browser.search.defaulturl -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2013-11-26 19:39:32
ComboFix-quarantined-files.txt 2013-11-26 18:39
ComboFix2.txt 2012-12-26 18:38
ComboFix3.txt 2012-12-26 16:33
.
Před spuštěním: Volných bajtů: 28 722 708 480
Po spuštění: Volných bajtů: 28 532 633 600
.
- - End Of File - - 4863D648802F9754E2FFE4FDB576BFCB
A36C5E4F47E84449FF07ED3517B43A31

[Roli]

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

RegLock:: 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[pepe3dx]

Hotovo.. Poslední Log Report z ComboFix..


ComboFix 13-11-23.02 - Methanol 26.11.2013 21:10:56.9.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.8146.6421 [GMT 1:00]
Spuštěný z: c:\users\Methanol\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Methanol\Desktop\CFScript.txt.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-26 do 2013-11-26 )))))))))))))))))))))))))))))))
.
.
2013-11-26 20:12 . 2013-11-26 20:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-11-26 20:12 . 2013-11-26 20:12 -------- d-----w- c:\users\Lucinka\AppData\Local\temp
2013-11-26 20:12 . 2013-11-26 20:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-26 10:11 . 2013-11-26 10:11 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EEB6CE96-C992-4690-8174-5A88A5FE32DE}\offreg.dll
2013-11-26 08:08 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EEB6CE96-C992-4690-8174-5A88A5FE32DE}\mpengine.dll
2013-11-25 23:49 . 2013-10-14 17:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-11-25 17:46 . 2013-11-25 20:01 -------- d-----w- C:\AdwCleaner
2013-11-25 14:22 . 2013-11-25 14:22 -------- d-----w- C:\rsit
2013-11-24 21:41 . 2013-06-09 20:59 216064 ----a-w- c:\windows\SysWow64\gcapi_dll.dll
2013-11-24 21:41 . 2013-11-24 21:41 -------- d-----w- c:\users\Methanol\AppData\Roaming\Foxit Software
2013-11-24 21:41 . 2013-11-24 21:41 -------- d-----w- c:\program files (x86)\Foxit Software
2013-11-24 13:01 . 2013-11-24 13:01 -------- d-----w- c:\programdata\ATI
2013-11-24 13:01 . 2013-11-24 13:01 -------- d-----w- c:\program files (x86)\AMD AVT
2013-11-24 12:38 . 2013-11-24 13:00 -------- d-----w- c:\programdata\Package Cache
2013-11-13 17:33 . 2013-11-13 17:33 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2013-11-10 11:21 . 2013-11-10 16:14 -------- d-----w- c:\users\Methanol\AppData\Roaming\Awesomium
2013-10-29 18:51 . 2013-10-29 18:51 -------- d-----w- c:\users\Methanol\AppData\Local\AAA_Internet_Publishing,_
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-13 17:33 . 2012-07-05 12:36 381440 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-11-13 11:15 . 2012-06-30 12:30 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-11 04:50 . 2012-06-30 09:17 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-10-12 22:47 . 2013-10-12 22:47 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2013-10-09 12:11 . 2012-06-30 09:31 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-08 14:01 . 2013-10-08 14:01 156712 ----a-w- c:\windows\system32\amdhcp64.dll
2013-10-08 14:01 . 2013-10-08 14:01 141256 ----a-w- c:\windows\SysWow64\amdhcp32.dll
2013-10-08 14:01 . 2013-10-08 14:01 78432 ----a-w- c:\windows\system32\atimpc64.dll
2013-10-08 14:01 . 2013-10-08 14:01 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2013-10-08 14:01 . 2013-10-08 14:01 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2013-10-08 14:01 . 2013-10-08 14:01 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2013-10-08 14:01 . 2012-04-06 01:09 142792 ----a-w- c:\windows\system32\atiuxp64.dll
2013-10-08 14:01 . 2012-04-06 01:09 125824 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2013-10-08 14:01 . 2012-12-19 19:31 114488 ----a-w- c:\windows\system32\atiu9p64.dll
2013-10-08 14:01 . 2012-04-06 01:09 97984 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2013-10-08 14:01 . 2012-04-06 02:20 1237200 ----a-w- c:\windows\system32\aticfx64.dll
2013-10-08 14:01 . 2012-04-06 02:21 1030128 ----a-w- c:\windows\SysWow64\aticfx32.dll
2013-10-08 14:00 . 2012-04-06 01:54 9464840 ----a-w- c:\windows\system32\atidxx64.dll
2013-10-08 14:00 . 2012-09-28 01:39 8215992 ----a-w- c:\windows\SysWow64\atidxx32.dll
2013-10-08 14:00 . 2012-09-28 01:22 6176008 ----a-w- c:\windows\SysWow64\atiumdva.dll
2013-10-08 14:00 . 2012-09-28 02:23 6189416 ----a-w- c:\windows\SysWow64\atiumdag.dll
2013-10-08 14:00 . 2012-12-19 19:59 6767240 ----a-w- c:\windows\system32\atiumd6a.dll
2013-10-08 14:00 . 2012-12-19 19:44 7256496 ----a-w- c:\windows\system32\atiumd64.dll
2013-10-08 13:58 . 2013-10-08 13:58 12534784 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-10-08 13:39 . 2013-10-08 13:39 229376 ----a-w- c:\windows\system32\clinfo.exe
2013-10-08 13:39 . 2013-10-08 13:39 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
2013-10-08 13:38 . 2013-10-08 13:38 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2013-10-08 13:38 . 2013-10-08 13:38 127488 ----a-w- c:\windows\system32\coinst_13.152.1.8.dll
2013-10-08 13:38 . 2013-10-08 13:38 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2013-10-08 13:38 . 2013-10-08 13:38 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
2013-10-08 13:38 . 2013-10-08 13:38 28192256 ----a-w- c:\windows\system32\amdocl64.dll
2013-10-08 13:36 . 2013-10-08 13:36 23761408 ----a-w- c:\windows\SysWow64\amdocl.dll
2013-10-08 13:34 . 2013-10-08 13:34 63488 ----a-w- c:\windows\system32\OpenCL.dll
2013-10-08 13:34 . 2013-10-08 13:34 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-10-08 13:17 . 2013-10-08 13:17 25385984 ----a-w- c:\windows\system32\atio6axx.dll
2013-10-08 13:13 . 2013-10-08 13:13 368640 ----a-w- c:\windows\system32\atiapfxx.exe
2013-10-08 13:13 . 2013-10-08 13:13 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2013-10-08 13:13 . 2013-10-08 13:13 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2013-10-08 13:13 . 2013-10-08 13:13 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2013-10-08 13:13 . 2013-10-08 13:13 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2013-10-08 13:13 . 2013-10-08 13:13 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2013-10-08 13:09 . 2013-10-08 13:09 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2013-10-08 13:00 . 2013-10-08 13:00 21400064 ----a-w- c:\windows\SysWow64\atioglxx.dll
2013-10-08 12:54 . 2013-10-08 12:54 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-10-08 12:53 . 2013-10-08 12:53 26112 ----a-w- c:\windows\system32\atimuixx.dll
2013-10-08 12:53 . 2013-10-08 12:53 576512 ----a-w- c:\windows\system32\atieclxx.exe
2013-10-08 12:52 . 2013-10-08 12:52 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2013-10-08 12:51 . 2013-10-08 12:51 190976 ----a-w- c:\windows\system32\atitmm64.dll
2013-10-08 12:29 . 2013-10-08 12:29 96256 ----a-w- c:\windows\system32\amdave64.dll
2013-10-08 12:28 . 2013-10-08 12:28 90624 ----a-w- c:\windows\SysWow64\amdave32.dll
2013-10-08 12:28 . 2013-10-08 12:28 89088 ----a-w- c:\windows\system32\atisamu64.dll
2013-10-08 12:28 . 2013-10-08 12:28 784384 ----a-w- c:\windows\system32\atiadlxx.dll
2013-10-08 12:28 . 2013-10-08 12:28 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll
2013-10-08 12:28 . 2013-10-08 12:28 594944 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2013-10-08 12:28 . 2013-10-08 12:28 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2013-10-08 12:28 . 2013-10-08 12:28 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2013-10-08 12:28 . 2013-10-08 12:28 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2013-10-08 12:28 . 2013-10-08 12:28 100352 ----a-w- c:\windows\system32\atig6txx.dll
2013-10-08 12:27 . 2013-10-08 12:27 96768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2013-10-08 12:27 . 2013-10-08 12:27 619008 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2013-10-08 12:24 . 2013-10-08 12:24 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-10-08 08:50 . 2013-10-08 08:50 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2013-10-08 08:45 . 2013-10-08 08:45 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2013-10-05 08:18 . 2013-10-05 08:18 53248 ----a-r- c:\users\Methanol\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-10-05 08:18 . 2013-01-31 21:27 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-09-25 02:22 . 2013-11-13 08:34 340992 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 01:57 . 2013-11-13 08:34 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-09-17 13:56 . 2013-03-13 12:26 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-09-17 13:56 . 2013-03-13 12:26 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-09-17 13:45 . 2013-03-13 12:26 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-09-08 02:30 . 2013-10-10 08:16 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-10 08:16 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-10 08:16 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-08-29 02:17 . 2013-10-10 08:16 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-10 08:16 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-10 08:16 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-10 08:16 859648 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-10 08:16 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-10 08:16 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-10 08:16 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-10 08:16 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-10 08:16 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-10 08:16 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-10 08:16 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-10 08:16 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-29 01:29 . 2013-10-10 08:16 33280 ----a-w- c:\windows\system32\drivers\usbser.sys
2013-08-29 00:49 . 2013-10-10 08:16 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-10 08:16 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-10 08:16 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-10 08:16 2048 ----a-w- c:\windows\SysWow64\user.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-11-08 6604568]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-02 20472992]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-06-16 1500160]
"icq"="c:\users\Methanol\AppData\Roaming\ICQM\icq.exe" [2013-06-22 27598184]
"WTFast Tray"="a:\wtfast\WTFast.exe" [2013-10-24 2533336]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2011-08-29 1517056]
"ControlCenterCount"="c:\program files (x86)\MSI\ControlCenter\ControlCenterCount.exe" [2012-03-26 872448]
"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2012-07-27 495616]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-10-08 766208]
"NCUpdateHelper"="c:\program files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe" [2013-07-30 528360]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
.
c:\users\Lucinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Registrace produktu.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe /remind /language=CSY /_WFM="." [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 7ByteIo;7ByteIo;c:\program files (x86)\Hot CPU Tester Pro 4 LE\SysInfoX64.sys;c:\program files (x86)\Hot CPU Tester Pro 4 LE\SysInfoX64.sys [x]
R3 ALSysIO;ALSysIO;c:\users\Methanol\AppData\Local\Temp\ALSysIO64.sys;c:\users\Methanol\AppData\Local\Temp\ALSysIO64.sys [x]
R3 cpuz130;cpuz130;c:\users\Methanol\AppData\Local\Temp\cpuz130\cpuz_x64.sys;c:\users\Methanol\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_6;NTIOLib_1_0_6;c:\program files (x86)\Setup Files\Ms7752v260\NTIOLib_X64.sys;c:\program files (x86)\Setup Files\Ms7752v260\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;e:\ntiolib_x64.sys;e:\NTIOLib_X64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys;c:\windows\SYSNATIVE\DRIVERS\tap0801.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S1 VD_FileDisk;VD_FileDisk; [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
S3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS;c:\windows\SYSNATIVE\DRIVERS\PFC027.SYS [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-30 12:11]
.
2013-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2973342720-1030308514-1458377291-1000Core.job
- c:\users\Methanol\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-10 09:21]
.
2013-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2973342720-1030308514-1458377291-1000UA.job
- c:\users\Methanol\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-10 09:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 3091224]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Methanol\AppData\Roaming\Mozilla\Firefox\Profiles\i56gtefl.default-1353535022997\
FF - prefs.js: browser.search.defaulturl -
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
Celkový čas: 2013-11-26 21:13:41
ComboFix-quarantined-files.txt 2013-11-26 20:13
ComboFix2.txt 2013-11-26 18:39
ComboFix3.txt 2012-12-26 18:38
ComboFix4.txt 2012-12-26 16:33
.
Před spuštěním: Volných bajtů: 28 756 463 616
Po spuštění: Volných bajtů: 28 673 089 536
.
- - End Of File - - 8F7443C49762AAF6436AFB4EC2300E78
A36C5E4F47E84449FF07ED3517B43A31

[Roli]

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Pak dej vědět jaký je stav PC:

[pepe3dx]

Vše jsem udělal přesně jak jsi napsal..a vypadá to, že je vše OK.. PC chodí normálně a prohlížeč už nepadá. Taky se mi už přestal načítat QV6 prohlížeč čehož jsem se chtěl hlavně zbavit.

Takže to bude asi vše. Mockrát děkuji za pomoc a přeji hodně zdaru v boji z havětí..

[Roli]

Není zač a