Napadeny pocitac

[mav3r!ck]

Zdravim,
kamarad me poprosil o kontrolu pocitace. Jelikoz mel podezreni na nakazu, koupil si plnou verzi McAffe, kdyz mu to nabidl jejich security scan plus, nainstalovany spolecne s Flashem. McAffe dal do karanteny nejake dva soubory s trojskym konem (byly tusim v tempu), tak jsem je nechal smazat.

V IE nebylo mozne stahnout jakykoliv soubor, tak jsem to v nastaveni rucne povolil a nainstaloval Chrome. Domovska stranka v IE se sama vzdy prenastavi, jak bude videt v logu z RSIT.

Nejprve jsem odinstaloval podezrele programy:
Desk 365
Webexp enhaced
Software updater (nejak tak se to jmenovalo, ale podle tvurce softwaru to pravdepodobne nemelo nic spolecneho s zadnym jiz naistalovanym softwarem)

V trayi je jeste videt ikonka programu Handy updater, ktery pusobi take podezrele, ale v seznamu programu pro odinstalaci neni.

Pote jsem pocitac prohledl AVP Toolem, ktery nasel a odstranil toto:
adware not-a-virus:AdWare.Win32.D365.a
v nasledujicich souborech:
C:\Windows\SysWOW64\msvcr100.dll
C:\Windows\SysWOW64\msvcp100.dll

Pravdepodobne tedy soucast toho Desk 365.

Pri dalsi kontrole AVP Toolem a MWAVem vse v poradku.

Prikladam log z RSIT a prosim o kontrolu, dekuji.

Logfile of random's system information tool 1.09 (written by random/random)
Run by domino at 2014-01-02 07:34:05
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 513 GB (86%) free of 595 GB
Total RAM: 3948 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:34:16, on 2.1.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\domino\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\domino\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\domino\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\domino\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\domino.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_m ... 1378142340
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_m ... 1378142340
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_m ... 1378142340
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Handy Updater] "C:\Program Files (x86)\HandyUpdater\HandyUpdater.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3935750997-1277155037-1336786701-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-21-3935750997-1277155037-1336786701-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: 1% (MOBKbackup) - McAfee, Inc. - C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15001 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Windows\system32\Dwm.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
C:\Windows\system32\CxAudMsg64.exe
"C:\Program Files (x86)\Launch Manager\dsiwmis.exe"
"C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Acer\Registration\GREGsvc.exe"
"C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe"
"C:\Program Files\Acer\Acer Updater\UpdaterService.exe"
"C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe"
"C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe"
"C:\Windows\system32\mfevtps.exe"
"C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe"
"C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe"
"C:\Program Files (x86)\Launch Manager\LMworker.exe"
"C:\Program Files (x86)\Launch Manager\LMutilps32.exe" --system-level-mutex="Local\{B904A927-FE6B-48fd-8C83-6B807BED1F9C}" --enable-wmi-window
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
"C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\McAfee\MSC\McAPExe.exe"
"C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe"
"C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
"C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe"
taskeng.exe {D9DA24A0-FB9C-4833-9987-7907753D577F}
"C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
"C:\Windows\system32\rundll32.exe" "c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll", saHooker_Initialize_and_Wait
"C:\Windows\system32\rundll32.exe" "c:\PROGRA~2\mcafee\SITEAD~1\x64\saHook.dll", saHooker_Initialize_and_Wait
"C:\Windows\system32\rundll32.exe" "c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll", saHooker_Initialize_and_Wait
"C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe"
"C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files (x86)\HandyUpdater\HandyUpdater.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" -quickstart
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files (x86)\\OpenOffice.org 3\\program"
"C:\DOLBY PCEE4\pcee4.exe" -autostart
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe"
"C:\Program Files\McAfee\MAT\McPvTray.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe"
"C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe" /wts 2236 508 512
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.qvo6.com/?utm_source=b&utm_m ... 1378142340
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7016 CREDAT:275457 /prefetch:2
"C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc
"C:\Windows\Explorer.EXE"
"C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe" /platui /shRequest
"taskhost.exe"
"C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" ra_rc 4259909 1 1 893359492100 1024 768 0 413427446 126 15 32 0 0 3016 5 0 0 0 0
"C:\Users\domino\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\domino\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="6956.0.1001155084\653683224" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,9,18,24,26 --gpu-vendor-id=0x8086 --gpu-device-id=0x0116 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2559 --ignored=" --type=renderer " /prefetch:822062411
"C:\Users\domino\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/GZippedProtobufs/GzippedProtobufsEnabled/InstantExtended/Group15 pct:1h stable:r3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_55/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --instant-process --enable-threaded-compositing --disable-html-notifications --channel="6956.1.680362135\2066951921" /prefetch:673131151
"C:\Users\domino\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/GZippedProtobufs/GzippedProtobufsEnabled/InfiniteCache/No/InstantExtended/Group15 pct:1h stable:r3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_55/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="6956.4.1816253078\1412653786" /prefetch:673131151
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe26_ Global\UsGthrCtrlFltPipeMssGthrPipe26 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"c:\program files\windows defender\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey 3CF814C7-110E-1129-1B29-C5900F5A67F8 -Reinvoke
"C:\Users\domino\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09 6270336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [2013-10-02 299336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-25 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-08-02 51872]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09 4502400]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2013-10-02 250896]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-25 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [2013-10-02 299336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2013-10-02 250896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelTBRunOnce"=wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs []
"AtherosBtStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2011-08-02 961184]
"AthBtTray"=C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2011-08-02 798880]
"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2011-04-05 2589992]
"Power Management"=C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [2011-03-28 499304]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-10-21 167704]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-10-21 392472]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-10-21 416024]
"LogMeIn GUI"=C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [2013-11-05 57928]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14 20584608]
"Handy Updater"=C:\Program Files (x86)\HandyUpdater\HandyUpdater.exe [2013-07-05 370176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeMovieService]
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [2011-05-10 177448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray]
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [2011-04-24 297280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\Program Files (x86)\Launch Manager\LManager.exe [2011-07-01 1103440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OOTag]
C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe [2010-02-23 13856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuiteTray]
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
C:\PROGRA~2\Acer\ACERVC~1\AcerVCM.exe [2011-05-12 723560]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-11-17 113288]
"Dolby Home Theater v4"=C:\Dolby PCEE4\pcee4.exe [2011-02-03 506712]
"mcpltui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2013-09-24 537512]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"=grpconv -o []

C:\Users\domino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.3.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-10-21 390144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcpltsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoRun"=0
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ehshell.exe]
"Debugger=""C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-01-02 07:34:05 ----D---- C:\rsit
2014-01-02 07:34:05 ----D---- C:\Program Files\trend micro
2014-01-01 23:01:53 ----AD---- C:\Windows\VDLL.DLL
2014-01-01 23:01:53 ----AD---- C:\Windows\SYSWOW64\runouce.exe
2014-01-01 23:01:53 ----AD---- C:\Windows\rundll16.exe
2014-01-01 23:01:53 ----AD---- C:\Windows\RUNDL132.EXE
2014-01-01 23:01:53 ----AD---- C:\Windows\logo1_.exe
2014-01-01 23:01:53 ----AD---- C:\Windows\logo_1.exe
2014-01-01 22:49:03 ----A---- C:\Windows\system32\drivers\trufos.sys
2014-01-01 22:48:57 ----A---- C:\Windows\SYSWOW64\msvcp90.dll
2014-01-01 22:48:56 ----A---- C:\Windows\SYSWOW64\msvcr90.dll
2014-01-01 22:30:26 ----D---- C:\Windows\Sun
2014-01-01 14:15:17 ----A---- C:\Windows\SYSWOW64\msvcp80.dll
2014-01-01 14:15:16 ----A---- C:\Windows\SYSWOW64\eEmpty.exe
2014-01-01 14:15:02 ----D---- C:\ProgramData\MicroWorld
2013-12-31 13:20:10 ----A---- C:\Windows\system32\LMIport.dll
2013-12-31 13:20:09 ----A---- C:\Windows\system32\LMIRfsClientNP.dll
2013-12-31 13:20:09 ----A---- C:\Windows\system32\drivers\LMIRfsDriver.sys
2013-12-31 13:20:06 ----A---- C:\Windows\system32\LMIinit.dll
2013-12-31 13:20:03 ----D---- C:\ProgramData\LogMeIn
2013-12-31 13:19:50 ----D---- C:\Program Files (x86)\LogMeIn
2013-12-31 13:07:39 ----D---- C:\ProgramData\Kaspersky Lab
2013-12-31 12:54:38 ----D---- C:\Program Files\CCleaner
2013-12-30 19:40:27 ----A---- C:\Program Files (x86)\utorrent.exe
2013-12-30 19:39:19 ----A---- C:\Program Files (x86)\vlc-2.1.2-win32.exe
2013-12-30 19:28:03 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2013-12-30 19:28:03 ----A---- C:\Windows\system32\drivers\usbport.sys
2013-12-30 19:28:03 ----A---- C:\Windows\system32\drivers\usbohci.sys
2013-12-30 19:28:03 ----A---- C:\Windows\system32\drivers\usbhub.sys
2013-12-30 19:28:03 ----A---- C:\Windows\system32\drivers\usbehci.sys
2013-12-30 19:28:03 ----A---- C:\Windows\system32\drivers\usbd.sys
2013-12-30 19:28:03 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2013-12-30 19:27:04 ----D---- C:\Program Files (x86)\Adobe
2013-12-25 16:05:49 ----D---- C:\ProgramData\APN
2013-12-25 16:04:10 ----D---- C:\ProgramData\Oracle
2013-12-25 16:03:23 ----A---- C:\Windows\SYSWOW64\javaws.exe
2013-12-25 16:03:18 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2013-12-25 16:03:18 ----A---- C:\Windows\SYSWOW64\javaw.exe
2013-12-25 16:03:18 ----A---- C:\Windows\SYSWOW64\java.exe
2013-12-25 16:03:11 ----D---- C:\Program Files (x86)\Java
2013-12-25 14:20:55 ----A---- C:\Windows\system32\drivers\HipShieldK.sys
2013-12-25 14:20:37 ----A---- C:\Windows\system32\drivers\McPvDrv.sys
2013-12-25 14:20:33 ----D---- C:\Program Files (x86)\McAfeeMOBK
2013-12-25 14:20:20 ----DC---- C:\Windows\system32\DRVSTORE
2013-12-25 14:20:20 ----A---- C:\Windows\system32\drivers\MOBK.sys
2013-12-25 14:20:18 ----D---- C:\Program Files (x86)\McAfee Online Backup
2013-12-25 14:19:46 ----D---- C:\Program Files (x86)\McAfee.com
2013-12-25 14:19:17 ----D---- C:\Program Files\McAfee.com
2013-12-25 14:19:17 ----D---- C:\Program Files\McAfee
2013-12-25 14:19:14 ----D---- C:\Program Files (x86)\McAfee
2013-12-25 14:05:09 ----A---- C:\Windows\system32\mfevtps.exe
2013-12-25 12:15:34 ----D---- C:\Program Files\stinger
2013-12-25 12:14:58 ----D---- C:\Program Files\Common Files\McAfee
2013-12-20 22:22:55 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-12-20 20:43:06 ----D---- C:\Program Files (x86)\WebexpEnhancedV1
2013-12-12 00:44:06 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2013-12-12 00:44:06 ----A---- C:\Windows\SYSWOW64\wmp.dll
2013-12-12 00:44:06 ----A---- C:\Windows\system32\wmploc.DLL
2013-12-12 00:44:04 ----A---- C:\Windows\system32\wmp.dll
2013-12-12 00:42:49 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 00:42:48 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-12-12 00:42:48 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-12-12 00:42:48 ----A---- C:\Windows\system32\jsproxy.dll
2013-12-12 00:42:48 ----A---- C:\Windows\system32\ieUnatt.exe
2013-12-12 00:42:48 ----A---- C:\Windows\system32\ieui.dll
2013-12-12 00:42:47 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2013-12-12 00:42:47 ----A---- C:\Windows\system32\mshtml.dll
2013-12-12 00:42:47 ----A---- C:\Windows\system32\iesetup.dll
2013-12-12 00:42:47 ----A---- C:\Windows\system32\iernonce.dll
2013-12-12 00:42:47 ----A---- C:\Windows\system32\ieetwproxystub.dll
2013-12-12 00:42:47 ----A---- C:\Windows\system32\ieetwcollector.exe
2013-12-12 00:42:47 ----A---- C:\Windows\system32\ie4uinit.exe
2013-12-12 00:42:46 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2013-12-12 00:42:46 ----A---- C:\Windows\system32\jscript9diag.dll
2013-12-12 00:42:46 ----A---- C:\Windows\system32\ieapfltr.dll
2013-12-12 00:42:45 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-12-12 00:42:45 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-12-12 00:42:45 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-12-12 00:42:45 ----A---- C:\Windows\system32\wininet.dll
2013-12-12 00:42:45 ----A---- C:\Windows\system32\urlmon.dll
2013-12-12 00:42:45 ----A---- C:\Windows\system32\iertutil.dll
2013-12-12 00:42:44 ----A---- C:\Windows\system32\ieframe.dll
2013-12-12 00:42:43 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-12-12 00:42:42 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-12-12 00:42:42 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-12-12 00:42:42 ----A---- C:\Windows\system32\jscript9.dll
2013-12-11 23:48:32 ----A---- C:\Windows\system32\msieftp.dll
2013-12-11 23:48:31 ----A---- C:\Windows\SYSWOW64\WMPhoto.dll
2013-12-11 23:48:31 ----A---- C:\Windows\SYSWOW64\msieftp.dll
2013-12-11 23:48:31 ----A---- C:\Windows\system32\WMPhoto.dll
2013-12-11 23:48:31 ----A---- C:\Windows\system32\win32k.sys
2013-12-11 23:48:30 ----A---- C:\Windows\SYSWOW64\imagehlp.dll
2013-12-11 23:48:30 ----A---- C:\Windows\system32\imagehlp.dll
2013-12-11 23:48:28 ----A---- C:\Windows\SYSWOW64\tzres.dll
2013-12-11 23:48:28 ----A---- C:\Windows\system32\tzres.dll
2013-12-11 23:48:25 ----A---- C:\Windows\system32\drivers\portcls.sys
2013-12-11 23:48:25 ----A---- C:\Windows\system32\drivers\drmk.sys
2013-12-11 23:48:24 ----A---- C:\Windows\SYSWOW64\wscript.exe
2013-12-11 23:48:24 ----A---- C:\Windows\SYSWOW64\scrrun.dll
2013-12-11 23:48:24 ----A---- C:\Windows\system32\wscript.exe
2013-12-11 23:48:24 ----A---- C:\Windows\system32\scrrun.dll
2013-12-11 23:48:24 ----A---- C:\Windows\system32\cscript.exe
2013-12-11 23:48:23 ----A---- C:\Windows\SYSWOW64\cscript.exe

======List of files/folders modified in the last 1 month======

2014-01-02 07:34:16 ----D---- C:\Windows\Prefetch
2014-01-02 07:34:07 ----D---- C:\Windows\Temp
2014-01-02 07:34:05 ----RD---- C:\Program Files
2014-01-02 07:32:54 ----D---- C:\Windows
2014-01-02 03:44:39 ----D---- C:\Windows\system32\config
2014-01-01 23:01:53 ----D---- C:\Windows\SysWOW64
2014-01-01 22:53:43 ----A---- C:\Windows\win.ini
2014-01-01 22:49:03 ----D---- C:\Windows\system32\drivers
2014-01-01 14:15:08 ----D---- C:\Program Files (x86)\Common Files
2014-01-01 14:15:02 ----HD---- C:\ProgramData
2014-01-01 14:07:44 ----D---- C:\Windows\System32
2014-01-01 14:07:44 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-01-01 14:07:43 ----D---- C:\Windows\inf
2014-01-01 14:04:14 ----A---- C:\Windows\SYSWOW64\log.txt
2014-01-01 14:03:03 ----D---- C:\ProgramData\clear.fi
2014-01-01 12:04:17 ----RD---- C:\Program Files (x86)
2013-12-31 13:41:03 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-12-31 13:22:59 ----RD---- C:\Users
2013-12-31 13:20:23 ----SHD---- C:\Windows\Installer
2013-12-31 13:19:42 ----SHD---- C:\System Volume Information
2013-12-31 13:17:23 ----SD---- C:\Users\domino\AppData\Roaming\Microsoft
2013-12-31 13:02:50 ----D---- C:\Users\domino\AppData\Roaming\uTorrent
2013-12-31 13:02:38 ----D---- C:\Windows\Panther
2013-12-31 13:02:35 ----D---- C:\Windows\Logs
2013-12-31 13:02:35 ----D---- C:\Windows\debug
2013-12-31 13:00:56 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-12-31 12:59:48 ----D---- C:\ProgramData\newsXpresso
2013-12-31 12:56:54 ----D---- C:\ProgramData\NTI Launcher
2013-12-31 12:54:52 ----D---- C:\Windows\Tasks
2013-12-31 12:54:52 ----D---- C:\Windows\system32\Tasks
2013-12-31 12:51:31 ----D---- C:\Users\domino\AppData\Roaming\Seznam.cz
2013-12-31 12:51:25 ----D---- C:\Program Files (x86)\Seznam.cz
2013-12-31 12:46:23 ----SD---- C:\ProgramData\Microsoft
2013-12-31 12:46:23 ----D---- C:\Program Files (x86)\Microsoft
2013-12-31 12:44:14 ----D---- C:\Users\domino\AppData\Roaming\Skype
2013-12-30 19:49:59 ----D---- C:\Windows\winsxs
2013-12-30 19:48:41 ----D---- C:\Program Files\WinRAR
2013-12-30 19:47:26 ----D---- C:\Windows\system32\DriverStore
2013-12-30 19:43:21 ----D---- C:\Program Files (x86)\HandyUpdater
2013-12-30 19:27:05 ----D---- C:\ProgramData\Adobe
2013-12-29 16:14:45 ----D---- C:\Users\domino\AppData\Roaming\SoftGrid Client
2013-12-29 14:18:48 ----D---- C:\Windows\system32\catroot2
2013-12-29 14:18:48 ----D---- C:\Windows\system32\catroot
2013-12-25 23:46:19 ----D---- C:\ProgramData\McAfee
2013-12-25 14:02:20 ----D---- C:\Windows\system32\NDF
2013-12-25 12:14:58 ----D---- C:\Program Files\Common Files
2013-12-15 01:15:54 ----D---- C:\ProgramData\Skype
2013-12-15 01:15:53 ----RD---- C:\Program Files (x86)\Skype
2013-12-14 03:03:07 ----D---- C:\Windows\system32\MRT
2013-12-14 03:00:38 ----A---- C:\Windows\system32\MRT.exe
2013-12-13 22:52:01 ----D---- C:\Windows\rescache
2013-12-12 12:07:03 ----D---- C:\Program Files\Windows Media Player
2013-12-12 12:07:03 ----D---- C:\Program Files (x86)\Windows Media Player
2013-12-12 12:07:02 ----D---- C:\Program Files\Internet Explorer
2013-12-12 12:07:02 ----D---- C:\Program Files (x86)\Internet Explorer
2013-12-12 12:07:00 ----D---- C:\Windows\SYSWOW64\cs-CZ
2013-12-12 12:07:00 ----D---- C:\Windows\system32\cs-CZ

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2011-02-18 439320]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2011-02-21 25960]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 MOBKFilter;MOBKFilter; C:\Windows\system32\DRIVERS\MOBK.sys [2010-04-13 66040]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [2013-11-05 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [2013-11-05 72216]
R2 McPvDrv;McPvDrv Driver; C:\Windows\system32\drivers\McPvDrv.sys [2013-09-09 74560]
R2 mfeapfk;McAfee Inc. mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [2013-11-04 179792]
R2 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2013-11-04 311120]
R2 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2013-11-04 782360]
R2 mfewfpk;McAfee Inc. mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys [2013-11-04 343696]
R2 TurboB;Turbo Boost UI Monitor driver; C:\Windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2010-05-11 2229608]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2011-08-02 30368]
R3 cfwids;McAfee Inc. cfwids; C:\Windows\system32\drivers\cfwids.sys [2013-11-04 70112]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2011-03-25 1583744]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2011-04-05 142632]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-10-21 12310112]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912]
R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys [2013-11-05 11552]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\drivers\HECIx64.sys [2010-10-20 56344]
R3 mfefirek;McAfee Inc. mfefirek; C:\Windows\system32\drivers\mfefirek.sys [2013-11-04 519576]
R3 mfencbdc;McAfee Inc. mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [2013-11-26 411944]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2011-03-10 18432]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\drivers\nusb3hub.sys [2011-02-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\drivers\nusb3xhc.sys [2011-02-10 181760]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys [2011-01-12 333928]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2009-12-02 721768]
R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2009-12-02 269672]
R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2009-12-02 25960]
R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2009-12-02 22376]
R3 trufos;trufos; C:\Windows\system32\drivers\trufos.sys [2014-01-01 350160]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2011-03-10 17408]
S3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2011-08-02 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2011-08-02 330912]
S3 btath_avdt;Atheros Bluetooth AVDT Service; C:\Windows\system32\drivers\btath_avdt.sys [2011-08-02 110240]
S3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2011-08-02 167584]
S3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2011-08-02 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2011-08-02 280992]
S3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2011-08-02 511136]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 HipShieldK;McAfee Inc. HipShieldK; C:\Windows\system32\drivers\HipShieldK.sys [2013-09-23 197704]
S3 mfencrk;McAfee Inc. mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [2013-11-26 96112]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2011-08-02 103584]
R2 CxAudMsg;@C:\Windows\system32\CxAudMsg64.exe,-100; C:\Windows\system32\CxAudMsg64.exe [2010-12-17 198784]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2011-03-28 799848]
R2 GREGService;GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
R2 HomeNetSvc;McAfee Home Network; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-07-30 328928]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-02-18 13336]
R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-27 1817088]
R2 Live Updater Service;Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2013-12-10 376144]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [2013-12-10 226640]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-02-01 326168]
R2 LogMeIn;LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [2013-11-05 407424]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-07-30 328928]
R2 McAPExe;McAfee AP Service; C:\Program Files\McAfee\MSC\McAPExe.exe [2013-11-28 178048]
R2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-07-30 328928]
R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-07-30 328928]
R2 mcpltsvc;McAfee Platform Services; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-07-30 328928]
R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-07-30 328928]
R2 mfecore;McAfee Anti-Malware Core; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-11-26 1025232]
R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-11-04 219272]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\Windows\system32\mfevtps.exe [2013-11-04 182752]
R2 MOBKbackup;1%; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-13 231224]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-07-30 328928]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
R2 NVSvc;NVIDIA Driver Helper Service; C:\Windows\system32\nvvsvc.exe [2011-02-18 993896]
R2 RS_Service;Raw Socket Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
R2 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-09-05 171680]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-31 257416]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-08-23 655624]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2013-11-26 111616]
S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2013-08-02 602944]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-11-19 4925184]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-12-22 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

-----------------EOF-----------------

[cernohous13]

Zdravím,

Stáhni Shortcut Cleaner http://www.bleepingcomputer.com/downloa ... t-cleaner/
Ulož nejlépe na plochu
Ukonči všechny programy a dvojklikem SC spusť
Proběhne skenování a pak se objevi log, případně bude uložen v místě spuštení jako sc-cleaner.txt, jeho obsah sem vlož

Stáhni Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
Ulož jej na plochu a spusť - zobrazí se licenční podminky -> start libovolnou klávesou.
Bude vytvořena záloha a proběhne skenování.
Vyskočí log (nebo je uložen zde c:\JRT jako JRT.txt) - zkopíruj jej sem

Stáhni AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Ulož nejlépe na plochu -> ukonči všechny programy -> spusť AdwCleaner -> klikni na Scan po dokončení na Clean
bude provedena oprava, restartuje se - (případně restartuj) a vypadne log C:\AdwCleaner\AdwCleaner[S?].txt , jeho obsah vložíš sem

Stáhni a nainstaluj MBAM zde http://www.malwarebytes.org/products/malwarebytes_free/
Spustit > na 3.záložce "Aktualizace" > Kontrola aktualizací
následně na 1.záložce "Kontrolor" -> Úplná kontrola -> Prohledat
po dokončení scanu vyskočí okno Notepad s výsledkem - obsah zkopíruj do své odpovědi
zatím nic nemazat - počkej na posouzení a program nech zatím spuštěný

[mav3r!ck]

Tak pekne po porade..

SC:
--------------------------------------------------------------------------------------------------

Shortcut Cleaner 1.2.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
http://www.bleepingcomputer.com/downloa ... t-cleaner/

Windows Version: Windows 7 Home Premium Service Pack 1
Program started at: 01/02/2014 10:35:50 AM.

Scanning for registry hijacks:

* No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\domino\AppData\Roaming\Microsoft\Windows\Start Menu\

* Shortcut Cleaned: C:\Users\domino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_m ... 1378142340

* Shortcut Cleaned: C:\Users\domino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_m ... 1378142340

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\domino\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

* Shortcut Cleaned: C:\Users\domino\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_m ... 1378142340

* Shortcut Cleaned: C:\Users\domino\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_m ... 1378142340

Searching C:\Users\Public\Desktop\

Searching C:\Users\domino\Desktop


4 bad shortcuts found.

Program finished at: 01/02/2014 10:35:53 AM
Execution time: 0 hours(s), 0 minute(s), and 3 seconds(s)




JRT:
--------------------------------------------------------------------------------------------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Home Premium x64
Ran by domino on źt 02.01.2014 at 10:40:44,32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\powerpack
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\desksvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\esafeseccontrol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\qvo6software
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EBEF9F8F-52EE-48FC-82C8-3AD10F0B682F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Program Files (x86)\icq6toolbar"
Successfully deleted: [Empty Folder] C:\Users\domino\appdata\local\{095F67E9-46B8-4BE9-809D-71D80D748951}



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 02.01.2014 at 10:52:47,30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





AdwCleaner:
--------------------------------------------------------------------------------------------------
# AdwCleaner v3.016 - Report created 02/01/2014 at 10:56:57
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : domino - DOMINO-PC
# Running from : C:\Users\domino\Desktop\cisteni\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\Program Files (x86)\Common Files\337
Folder Deleted : C:\Users\domino\AppData\Roaming\Mozilla\Firefox\Profiles\ao8bmbyc.default\ICQToolbarData
Folder Deleted : C:\Users\domino\AppData\Roaming\Mozilla\Firefox\Profiles\ao8bmbyc.default\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\qvo6.xml
File Deleted : C:\Users\domino\AppData\Roaming\Mozilla\Firefox\Profiles\ao8bmbyc.default\searchplugins\ask-search.xml
File Deleted : C:\Users\domino\AppData\Roaming\Mozilla\Firefox\Profiles\ao8bmbyc.default\searchplugins\bingp.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\delta-homes.xml
File Deleted : C:\Users\domino\AppData\Roaming\Mozilla\Firefox\Profiles\ao8bmbyc.default\searchplugins\icqplugin.gif
File Deleted : C:\Users\domino\AppData\Roaming\Mozilla\Firefox\Profiles\ao8bmbyc.default\searchplugins\icqplugin.src
File Deleted : C:\Users\domino\AppData\Roaming\Mozilla\Firefox\Profiles\ao8bmbyc.default\searchplugins\icqplugin.xml
File Deleted : C:\Users\domino\AppData\Roaming\Mozilla\Firefox\Profiles\ao8bmbyc.default\searchplugins\icqplugin-1.xml
File Deleted : C:\Users\domino\AppData\Roaming\Mozilla\Firefox\Profiles\ao8bmbyc.default\searchplugins\icqplugin-10.xml
File Deleted : C:\Users\domino\AppData\Roaming\Mozilla\Firefox\Profiles\ao8bmbyc.default\searchplugins\icqplugin-11.xml
File Deleted : C:\Users\domino\AppData\Roaming\Mozilla\Firefox\Profiles\ao8bmbyc.default\searchplugins\icqplugin-12.xml
File Deleted : C:\Users\domino\AppData\Roaming\Mozilla\Firefox\Profiles\ao8bmbyc.default\searchplugins\icqplugin-13.xml
File Deleted : C:\Users\domino\AppData\Roaming\Mozilla\Firefox\Profiles\ao8bmbyc.default\searchplugins\icqplugin-14.xml
File Deleted : C:\Users\domino\AppData\Roaming\Mozilla\Firefox\Profiles\ao8bmbyc.default\searchplugins\icqplugin-15.xml
File Deleted : C:\Users\domino\AppData\Roaming\Mozilla\Firefox\Profiles\ao8bmbyc.default\searchplugins\icqplugin-16.xml
File Deleted : C:\Users\domino\AppData\Roaming\Mozilla\Firefox\Profiles\ao8bmbyc.default\searchplugins\icqplugin-17.xml
File Deleted : C:\Users\domino\AppData\Roaming\Mozilla\Firefox\Profiles\ao8bmbyc.default\searchplugins\icqplugin-18.xml
File Deleted : C:\Users\domino\AppData\Roaming\Mozilla\Firefox\Profiles\ao8bmbyc.default\searchplugins\icqplugin-19.xml
File Deleted : C:\Users\domino\AppData\Roaming\Mozilla\Firefox\Profiles\ao8bmbyc.default\searchplugins\icqplugin-2.xml
File Deleted : C:\Users\domino\AppData\Roaming\Mozilla\Firefox\Profiles\ao8bmbyc.default\searchplugins\icqplugin-20.xml
File Deleted : C:\Users\domino\AppData\Roaming\Mozilla\Firefox\Profiles\ao8bmbyc.default\searchplugins\icqplugin-21.xml
File Deleted : C:\Users\domino\AppData\Roaming\Mozilla\Firefox\Profiles\ao8bmbyc.default\searchplugins\icqplugin-22.xml
File Deleted : C:\Users\domino\AppData\Roaming\Mozilla\Firefox\Profiles\ao8bmbyc.default\searchplugins\icqplugin-3.xml
File Deleted : C:\Users\domino\AppData\Roaming\Mozilla\Firefox\Profiles\ao8bmbyc.default\searchplugins\icqplugin-4.xml
File Deleted : C:\Users\domino\AppData\Roaming\Mozilla\Firefox\Profiles\ao8bmbyc.default\searchplugins\icqplugin-5.xml
File Deleted : C:\Users\domino\AppData\Roaming\Mozilla\Firefox\Profiles\ao8bmbyc.default\searchplugins\icqplugin-6.xml
File Deleted : C:\Users\domino\AppData\Roaming\Mozilla\Firefox\Profiles\ao8bmbyc.default\searchplugins\icqplugin-7.xml
File Deleted : C:\Users\domino\AppData\Roaming\Mozilla\Firefox\Profiles\ao8bmbyc.default\searchplugins\icqplugin-8.xml
File Deleted : C:\Users\domino\AppData\Roaming\Mozilla\Firefox\Profiles\ao8bmbyc.default\searchplugins\icqplugin-9.xml
File Deleted : C:\Users\domino\AppData\Roaming\Mozilla\Firefox\Profiles\ao8bmbyc.default\user.js
File Deleted : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [12x3q@3244516.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [xz123@ya456.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Handy Updater]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\BetterSurf
Key Deleted : HKLM\Software\delta-homesSoftware
Key Deleted : HKLM\Software\hdcode
Key Deleted : HKLM\Software\ICQ\ICQToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v

[ File : C:\Users\domino\AppData\Roaming\Mozilla\Firefox\Profiles\ao8bmbyc.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://www.qvo6.com/?utm_source=b&utm_medium=a ... 1378142340");
Line Deleted : user_pref("extensions.enabledAddons", "{800b5000-a755-47e1-992b-48a1c1357f07}:1.5.3,{ea614400-e918-4741-9a97-7a972ff7c30b}:2.5.16,ext@WebexpEnhancedV1alpha642.net:1.1,toolbar_ORJ-V7C@apn.ask.com:26.63[...]
Line Deleted : user_pref("icqtoolbar.allowSendURL", false);
Line Deleted : user_pref("icqtoolbar.engineVerified", false);
Line Deleted : user_pref("icqtoolbar.facebookSmilesAddonShowedPopup", true);
Line Deleted : user_pref("icqtoolbar.firstTbRun", false);
Line Deleted : user_pref("icqtoolbar.geolastmodified", 1388309319);
Line Deleted : user_pref("icqtoolbar.history", "obaly%20na%20notebook%2015.6%20dakine||obal%20na%20notebook%2015%206||bud%C5%BCet%20jastrz%C4%99bskiego%20w%C4%99gla||hxxp%3A%2F%2Frevue.idnes.cz%2Famericanka-chce-byt[...]
Line Deleted : user_pref("icqtoolbar.icqgeo", 42);
Line Deleted : user_pref("icqtoolbar.installTime", "1343814544");
Line Deleted : user_pref("icqtoolbar.newtab_most_visited_state", "1");
Line Deleted : user_pref("icqtoolbar.newtab_recently_closed_state", "1");
Line Deleted : user_pref("icqtoolbar.numberOfSearches", 0);
Line Deleted : user_pref("icqtoolbar.previousFFVersion", "9.0");
Line Deleted : user_pref("icqtoolbar.skip_default_search", "no");
Line Deleted : user_pref("icqtoolbar.suggestions", false);
Line Deleted : user_pref("icqtoolbar.uniqueID", "132609644413260966841326242904529");
Line Deleted : user_pref("icqtoolbar.usageStatstTimestamp", 1388406791);
Line Deleted : user_pref("icqtoolbar.version", "1.5.3");
Line Deleted : user_pref("icqtoolbar.voucherHideClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherWasShown", 0);
Line Deleted : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Line Deleted : user_pref("icqtoolbar.xmlLanguage", "cs");

-\\ Google Chrome v

[ File : C:\Users\domino\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [9718 octets] - [02/01/2014 10:54:58]
AdwCleaner[S0].txt - [9174 octets] - [02/01/2014 10:56:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9234 octets] ##########





MBAM:
--------------------------------------------------------------------------------------------------
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2014.01.02.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
domino :: DOMINO-PC [administrátor]

2.1.2014 11:03:01
MBAM-log-2014-01-02 (12-25-14).txt

Typ: Kompletní kontrola (C:\|Q:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 362335
Uplynulý čas: 53 minut, 29 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 1
C:\Program Files (x86)\WebexpEnhancedV1 (PUP.Optional.Webexp) -> Nebyla provedena žádná instrukce.

Nalezené soubory: 3
C:\Program Files (x86)\HandyUpdater\HandyUpdater.exe (PUP.Optional.Handy.A) -> Nebyla provedena žádná instrukce.
C:\Users\domino\AppData\Local\Temp\AVCBack\UpdUninstall.exe (PUP.Optional.Amonetize.A) -> Nebyla provedena žádná instrukce.
C:\User Data\Default\Extensions\newtab.crx (PUP.Optional.Elex.A) -> Nebyla provedena žádná instrukce.

(konec)

[cernohous13]

po ukončení -> Zobrazit výsledky -> zkontrolovat zda je vše označeno -> Odstranit označené
vyběhne log, ve kterém budou záznamy tohoto typu:
Nalezené soubory
C:\Program Files\xxxxxx -> Umístnění do karantény a smazání se zdařilo..(Quarantined and deleted successfully)
ten bych taky rád viděl

Ještě nějaký problém?

[mav3r!ck]

Vse se zda v poradu.
MBAM si pro uspesne dokonceni pral restart. I po restartu zustaly soubory v karantene MBAMu.



Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2014.01.02.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
domino :: DOMINO-PC [administrátor]

2.1.2014 11:03:01
mbam-log-2014-01-02 (11-03-01).txt

Typ: Kompletní kontrola (C:\|Q:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 362335
Uplynulý čas: 53 minut, 29 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 1
C:\Program Files (x86)\WebexpEnhancedV1 (PUP.Optional.Webexp) -> Přesun do karantény a smazání se zdařilo.

Nalezené soubory: 3
C:\Program Files (x86)\HandyUpdater\HandyUpdater.exe (PUP.Optional.Handy.A) -> Přesun do karantény a smazání se zdařilo.
C:\Users\domino\AppData\Local\Temp\AVCBack\UpdUninstall.exe (PUP.Optional.Amonetize.A) -> Přesun do karantény a smazání se zdařilo.
C:\User Data\Default\Extensions\newtab.crx (PUP.Optional.Elex.A) -> Přesun do karantény a smazání se zdařilo.

(konec)

[cernohous13]

V karanténě jsou neškodné ale klidně je odstraň.

Stáhni TempFolderCleaner http://oldtimer.geekstogo.com/TFC.exe
Zavři všechny programy a spusť. Po ukončení akce bude PC restartován.
Pokud ne, restartuj sám.
(čistí Temp složky , nečistí URL, historii, prefetch ani cookies)

Mohu doporučit kontrolu a vyčištění Ccleanerem

Stáhni Ccleaner - http://www.slunecnice.cz/sw/ccleaner/
Při instalaci vyhodit fajfku u "Instalovat Yahoo! Toolbar"

zavřít Internetový prohlížeč a
spustit "Čistič" > "Spustit Ccleaner" - odstraní nepotřebné
spustit "Registry" > "Hledej problémy" > "Opravit vybrané problémy"
souhlas se zálohou registrů - opakovat dokud nebudou registry čisté.

Návod:http://jnp.zive.cz/Clanky/Prirucka-do-k ... fault.aspx

Ten si můžeš nechat i na budoucí občasné čištění.

[mav3r!ck]

Ok, provedeno.

Predpokladam, ze jsme hotovi. Dekuji moc.

[cernohous13]

Hotovi jsme pokud už není žádný problém
Nemáš zač - rádo se stalo a jsme tady i příště