Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Win 7 naběhne ale je extremě pomalé

Moderátor: Moderátoři

Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní: http://forum.viry.cz/viewtopic.php?f=12&t=123975 . Děkujeme za pochopení.
Zamčeno
Zpráva
Autor
Mr.Pavek
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 10 zář 2009 16:50

Win 7 naběhne ale je extremě pomalé

#1 Příspěvek od Mr.Pavek »

Ahoj,
mám problém s notebookem. Po naběhnutí windows 7 se myš pohybuje sekaně a vyskakuje hláška od Microsoft .NET Framework, že nestíhá...Děkuji předem za radu, co s tím mám dělat.
Nahoru
Mr.Pavek
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 10 zář 2009 16:50

Re: Win 7 naběhne ale je extremě pomalé

#2 Příspěvek od Mr.Pavek »

Tady dávám log z FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-01-2014 02
Ran by Ihor (administrator) on IHOR-PC on 13-01-2014 21:00:25
Running from C:\Users\Ihor\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(forum.viry.cz) C:\Users\Ihor\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [862088 2011-01-28] (Acer Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe [295232 2010-11-12] (NTI Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-11-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1648264 2013-04-25] (Ask)
HKLM-x32\...\Run: [SweetIM] - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-05-29] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [Sweetpacks Communicator] - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [295728 2012-02-26] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4282728 2012-08-21] (AVAST Software)
HKLM-x32\...\Run: [msgnocuSrv] - C:\Windows\inf\msgnocu.vbe [1558 2013-08-27] ()
HKLM-x32\...\Run: [NtVdmSrv] - C:\Windows\inf\ntvdm.vbe [1219 2013-06-20] ()
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SearchSettings] - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [1383232 2013-12-13] (Spigot, Inc.)
HKCU\...\Run: [88b7da58a3e62f24b08f565445b53900] - C:\Users\Ihor\windows.exe [29696 2014-01-03] ()
HKCU\...\Run: [978bcc21dfa55450c519ce5e0cb9b4cb] - C:\Users\Ihor\AppData\Roaming\photo.exe [24064 2013-12-29] ()
HKCU\...\Run: [a0c37fcb5918c5f02ddbf004b53d120c] - C:\ProgramData\svchost.exe [24064 2013-12-30] ()
HKCU\...\Run: [b50b61dd4ed2297cbf16db09c0bed498] - C:\Users\Ihor\taskhost.exe [24064 2013-12-31] ()
HKCU\...\Run: [54d1350c8449fb4e18aebc0ad5fd2787] - C:\Users\Ihor\svchost.exe [24064 2013-12-31] ()
HKCU\...\Run: [tmp97EB] - wscript.exe //B "C:\Users\Ihor\AppData\Local\Temp\tmp97EB.tmp.vbs" <===== ATTENTION
HKCU\...\Run: [abb278f5f94f5be17c28e4761048b650] - C:\Users\Ihor\AppData\Roaming\taskhost.exe [29184 2014-01-01] ()
HKCU\...\Run: [b7c77f48dde2ad69a039c2aceab2d240] - C:\Windows\windows.exe [29696 2014-01-01] ()
HKCU\...\Run: [f8a3f37293dcb5954d599b582155c4e5] - C:\Users\Ihor\AppData\Roaming\mexhsy.exe [24576 2014-01-01] ()
HKCU\...\Run: [225659c6fa2732024934dc96358cf4cb] - C:\Users\Ihor\AppData\Roaming\windows.exe [29696 2014-01-01] ()
HKCU\...\Run: [aee62c22efb71f17ec0744e8f88d8439] - C:\ProgramData\taskhost .exe [29184 2014-01-01] ()
HKCU\...\Run: [xcrx] - C:\Users\Ihor\AppData\Roaming\Coffin Of Evil.exe [94720 2014-01-02] ()
HKCU\...\Run: [ăíßŃćČĎÇĘí.b] - [x]
HKCU\...\Run: [vdcwwdxbwo] - wscript.exe //B "C:\Users\Ihor\AppData\Local\Temp\vdcwwdxbwo..vbs" <===== ATTENTION
HKCU\...\Run: [96692782eb52a518c332d30387fbd310] - C:\Users\Ihor\trjpad.exe [24064 2014-01-02] ()
HKCU\...\Run: [20054a1b12d049fcaf4099727f96da6d] - C:\ProgramData\System.exe [24064 2014-01-03] ()
HKCU\...\Run: [tmp4106] - wscript.exe //B "C:\Users\Ihor\AppData\Local\Temp\tmp4106.tmp.vbs" <===== ATTENTION
HKCU\...\Run: [e7d208841702e4fe48243dfe74a60ee9] - C:\Users\Ihor\taskhost .exe [29184 2014-01-04] ()
HKCU\...\Run: [eb78d0b479ba41606efcf9194e178119] - C:\Users\Ihor\AppData\Roaming\torjan.exe [44544 2014-01-11] ()
HKCU\...\Run: [Windows] - C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.exe
HKCU\...\Run: [8181fef9f155186026993bbd38cb4855] - C:\Windows\Mozilla Firefoxe.exe [24064 2014-01-12] ()
HKCU\...\Run: [0e4da5cc90f75b7971f3fdafd56c9623] - C:\Windows\server.exe [619520 2014-01-12] (Microsoft Corporation)
HKCU\...\Run: [tdnkeeuwjq] - wscript.exe //B "C:\Users\Ihor\AppData\Local\Temp\tdnkeeuwjq..vbs" <===== ATTENTION
HKCU\...\Run: [mvpjbscryh] - wscript.exe //B "C:\Users\Ihor\AppData\Local\Temp\mvpjbscryh..vbs" <===== ATTENTION
HKCU\...\Run: [nxyjekzaeo] - wscript.exe //B "C:\Users\Ihor\AppData\Local\Temp\nxyjekzaeo..vbs" <===== ATTENTION
HKCU\...\Run: [fd2fbc3c9739d9ceb9388ed7eb6cf440] - "C:\Users\Ihor\AppData\Local\Temp\Mozilla Firefoxe.exe" .. <===== ATTENTION
HKCU\...\Run: [81ed0e74a40ed4fe8a36a7b819c4279f] - C:\Windows\Trojan.exe [29696 2014-01-13] ()
HKCU\...\Run: [tmp3E3F] - "C:\Users\Ihor\AppData\Local\Temp\tmp3E3F.tmp.vbs" <===== ATTENTION
HKCU\...\Run: [1ffcf52b0cd64d83554855bd6f04fc1f] - "C:\Users\Ihor\AppData\Local\Temp\taskhost.exe" .. <===== ATTENTION
HKCU\...\Run: [tmp791A] - "C:\Users\Ihor\AppData\Local\Temp\tmp791A.tmp.vbs" <===== ATTENTION
HKCU\...\Run: [TMP3E3~1] - "C:\Users\Ihor\AppData\Local\Temp\TMP3E3~1.VBS" <===== ATTENTION
HKCU\...\Run: [TMP791~1] - "C:\Users\Ihor\AppData\Local\Temp\TMP791~1.VBS" <===== ATTENTION
HKCU\...\Run: [tmpA025] - "C:\Users\Ihor\AppData\Local\Temp\tmpA025.tmp.vbs" <===== ATTENTION
HKCU\...\Run: [tmpD81C] - "C:\Users\Ihor\AppData\Local\Temp\tmpD81C.tmp.vbs" <===== ATTENTION
HKCU\...\Run: [tmpF24A] - "C:\Users\Ihor\AppData\Local\Temp\tmpF24A.tmp.vbs" <===== ATTENTION
HKCU\...\Run: [365bad42f4f98be74c2bf2cacfcb2958] - "C:\Users\Ihor\AppData\Local\Temp\help.exe" .. <===== ATTENTION
HKCU\...\Run: [TMPA02~1] - "C:\Users\Ihor\AppData\Local\Temp\TMPA02~1.VBS" <===== ATTENTION
HKCU\...\Run: [TMPD81~1] - "C:\Users\Ihor\AppData\Local\Temp\TMPD81~1.VBS" <===== ATTENTION
HKCU\...\Run: [TMPF24~1] - "C:\Users\Ihor\AppData\Local\Temp\TMPF24~1.VBS" <===== ATTENTION
HKCU\...\Run: [85ce27c90f0ba2b98ceb888e2ca7acde] - "C:\Users\Ihor\AppData\Local\Temp\google.exe" .. <===== ATTENTION
HKCU\...\Run: [6d0e9f17ea6b0b17fcc3b3d388e9e19d] - "C:\Users\Ihor\AppData\Local\Temp\ windows.exe" .. <===== ATTENTION
HKCU\...\Run: [34a197ecc5748dbb80c6ad3289a7fb7c] - "C:\Users\Ihor\AppData\Local\Temp\dell.exe" .. <===== ATTENTION
HKCU\...\Run: [a9f2d977c6de2e3f5debaca1def6c0a8] - "C:\Users\Ihor\AppData\Local\Temp\G.Chrome.exe" .. <===== ATTENTION
HKCU\...\Run: [96d5bbd31c1ef1f063007ac1abc25a6c] - "C:\Users\Ihor\AppData\Local\Temp\amdjed.exe" .. <===== ATTENTION
HKCU\...\Run: [958436d9be3c028f3254ca9056e72392] - "C:\Users\Ihor\AppData\Local\Temp\Google Chrome.exe" .. <===== ATTENTION
HKCU\...\Run: [912c76a909eaf9ea406e74f23b6290bf] - "C:\Users\Ihor\AppData\Local\Temp\Skype.exe" .. <===== ATTENTION
HKCU\...\Run: [bb62e28591030e826081bf1f4a74c0b8] - "C:\Users\Ihor\AppData\Local\Temp\dllhost.exe" .. <===== ATTENTION
HKCU\...\Run: [c210b18097fa9ee4b57d8d28130c4154] - "C:\Users\Ihor\AppData\Local\Temp\windows.exe" .. <===== ATTENTION
HKCU\...\Run: [b9f53cd24dbd8eb354a1d3b41e105755] - "C:\Users\Ihor\AppData\Local\Temp\systemx.exe" .. <===== ATTENTION
HKCU\...\Run: [bec07547ae282f99dd66988f212eb755] - "C:\Users\Ihor\AppData\Local\Temp\gogole.exe" .. <===== ATTENTION
MountPoints2: {d9805815-783b-11e1-b3e1-b870f470e97e} - E:\VTP_Manager.exe
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1ffcf52b0cd64d83554855bd6f04fc1f.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\225659c6fa2732024934dc96358cf4cb.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\34a197ecc5748dbb80c6ad3289a7fb7c.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\365bad42f4f98be74c2bf2cacfcb2958.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6d0e9f17ea6b0b17fcc3b3d388e9e19d.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8181fef9f155186026993bbd38cb4855.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\81ed0e74a40ed4fe8a36a7b819c4279f.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85ce27c90f0ba2b98ceb888e2ca7acde.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88b7da58a3e62f24b08f565445b53900.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\912c76a909eaf9ea406e74f23b6290bf.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\958436d9be3c028f3254ca9056e72392.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\96692782eb52a518c332d30387fbd310.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\96d5bbd31c1ef1f063007ac1abc25a6c.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\978bcc21dfa55450c519ce5e0cb9b4cb.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a9f2d977c6de2e3f5debaca1def6c0a8.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\abb278f5f94f5be17c28e4761048b650.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aee62c22efb71f17ec0744e8f88d8439.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b50b61dd4ed2297cbf16db09c0bed498.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9f53cd24dbd8eb354a1d3b41e105755.exe (aP__L_0_m_p_Y_)
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bb62e28591030e826081bf1f4a74c0b8.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bec07547ae282f99dd66988f212eb755.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c210b18097fa9ee4b57d8d28130c4154.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e7d208841702e4fe48243dfe74a60ee9.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eb78d0b479ba41606efcf9194e178119.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f8a3f37293dcb5954d599b582155c4e5.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fd2fbc3c9739d9ceb9388ed7eb6cf440.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mvpjbscryh..vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nxyjekzaeo..vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tdnkeeuwjq..vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp3E3F.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp4106.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp50DF.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp6D47.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp791A.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp7E34.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp97EB.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpA025.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpD81C.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpF24A.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdcwwdxbwo..vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yMdtsm8DG9h69i6yimxWMwxhb5h.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ymnZ67MlXvfC2KrXGksiLN1m8rfP.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.iminent.com/?appid=f826ef ... 8fcb83530a
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
URLSearchHook: HKCU - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\8.5\ytdToolbarIE64.dll (Spigot, Inc.)
URLSearchHook: HKCU - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\8.5\ytdToolbarIE.dll (Spigot, Inc.)
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?sr ... 70F470E97E}
SearchScopes: HKLM-x32 - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = http://search.iminent.com/?appId=&ref=t ... earchTerms}
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?sr ... 70F470E97E}
SearchScopes: HKCU - DefaultScope {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = http://search.iminent.com/?appId=&ref=t ... earchTerms}
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTer ... 55f99cca4b
SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://www.bigseekpro.com/search/browse ... earchTerms}
SearchScopes: HKCU - {B8D6B2AC-226A-402F-883E-D1F3D529C592} URL = http://websearch.ask.com/redirect?clien ... 24D3965BD1
SearchScopes: HKCU - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = http://search.iminent.com/?appId=&ref=t ... earchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb139/?se ... MIJQn&i=26
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?sr ... 70F470E97E}
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Protector by IB - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Protector by IB\Extension64.dll ()
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Browser Companion Helper - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( )
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Protector by IB - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Protector by IB\Extension32.dll ()
BHO-x32: TBSB01620 Class - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Browser Companion Helper Verifier - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( )
BHO-x32: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
BHO-x32: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\8.5\ytdToolbarIE.dll (Spigot, Inc.)
BHO-x32: SMTTB2009 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll ()
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\8.5\ytdToolbarIE64.dll (Spigot, Inc.)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - DealBulldog Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll ()
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - IMinent Toolbar - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\8.5\ytdToolbarIE.dll (Spigot, Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Toolbar: HKCU - No Name - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - No File
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - No File
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
Handler-x32: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
Handler-x32: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Chrome:
=======
CHR HomePage: hxxp://search.iminent.com/
CHR RestoreOnStartup: "hxxp://search.iminent.com/", "
CHR DefaultSearchKeyword: askws
CHR DefaultSearchProvider: Ask.com
CHR DefaultSearchURL: http://search.tb.ask.com/search/GGmain. ... pconverter
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Injovo Extension Plugin) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.426_0\npbrowserext.dll (Injovo)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (4game) - C:\Program Files (x86)\4game\4game\npplugin4game.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U4) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-04-11]
CHR Extension: (Browser Companion Helper) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0 [2012-09-03]
CHR Extension: (Google Search) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-03-28]
CHR Extension: (Protector by IB) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.426_0 [2012-08-25]
CHR Extension: (ADDICT-THING) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgkcpnkpkkmkjbbmnekccjiodanppin\1.0_0 [2012-08-25]
CHR Extension: (Ratchet & Clank Future 2) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhfomhehcinmhgnlhdpghklkjgppdmn\3_0 [2012-11-22]
CHR Extension: (wxDfast) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\epohjfbhajfojachcgdhgegmaadodlcd\1.0_0 [2012-08-25]
CHR Extension: (avast! WebRep) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0 [2012-09-26]
CHR Extension: (Iminent) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0 [2013-12-19]
CHR Extension: (SweetIM for Facebook) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0 [2012-08-29]
CHR Extension: (Google Wallet) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-19]
CHR Extension: (Allin1Convert) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkanglmmnniiolknlhaajllgmlgcdkj\5.81.3.15569_0 [2014-01-11]
CHR Extension: (Gmail) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 [2012-11-07]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Protector by IB\source.crx [2012-05-02]
CHR HKLM-x32\...\Chrome\Extension: [bodddioamolcibagionmmobehnbhiakf] - C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx [2012-06-28]
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Protector by IB\source.crx [2012-05-02]
CHR HKLM-x32\...\Chrome\Extension: [ehgkcpnkpkkmkjbbmnekccjiodanppin] - C:\ProgramData\ADDICT-THING\ehgkcpnkpkkmkjbbmnekccjiodanppin.crx [2012-05-02]
CHR HKLM-x32\...\Chrome\Extension: [epohjfbhajfojachcgdhgegmaadodlcd] - C:\ProgramData\wxDfast\epohjfbhajfojachcgdhgegmaadodlcd.crx [2012-05-02]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2012-09-25]
CHR HKLM-x32\...\Chrome\Extension: [igdhbblpcellaljokkpfhcjlagemhgjl] - C:\Program Files (x86)\Iminent\Iminent.crx [2012-08-24]
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2012-08-29]

==================== Services (Whitelisted) =================

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-11-19] (Advanced Micro Devices, Inc.)
S2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-08-21] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [133912 2012-08-21] (AVAST Software)
S2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868224 2011-01-28] (Acer Incorporated)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-11-09] (WildTangent)
S2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe [257344 2010-11-12] (NTI Corporation)
S2 Protector by IB Updater; C:\Program Files\Protector by IB\ExtensionUpdaterService.exe [185856 2012-04-24] ()
S2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)

==================== Drivers (Whitelisted) ====================

S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-08-21] (AVAST Software)
S1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [142128 2012-08-21] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-08-21] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-08-21] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2012-07-13] (ALWIL Software)
R0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [266776 2012-08-21] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-08-21] (AVAST Software)
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [969200 2012-08-21] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [359464 2012-08-21] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-08-21] (AVAST Software)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110723.001\BHDrvx64.sys [1151096 2011-07-23] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [481912 2011-07-28] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [136824 2011-07-28] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110808.030\IDSvia64.sys [488056 2011-08-02] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110808.024\ENG64.SYS [117880 2011-08-04] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110808.024\EX64.SYS [2048632 2011-08-04] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-06-10] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-13 20:50 - 2014-01-13 21:00 - 00033624 _____ C:\Users\Ihor\Desktop\FRST.txt
2014-01-13 20:49 - 2014-01-13 20:49 - 00000000 ____D C:\FRST
2014-01-13 20:48 - 2014-01-13 20:28 - 00112640 _____ (forum.viry.cz) C:\Users\Ihor\Desktop\FRSTLauncher.exe
2014-01-13 20:48 - 2014-01-13 20:25 - 02075648 _____ (Farbar) C:\Users\Ihor\Desktop\FRST64.exe
2014-01-13 20:09 - 2014-01-13 20:11 - 00007083 _____ C:\Windows\WindowsUpdate.log
2014-01-13 20:04 - 2014-01-13 20:04 - 00000056 _____ C:\Windows\setupact.log
2014-01-13 20:04 - 2014-01-13 20:04 - 00000000 _____ C:\Windows\setuperr.log
2014-01-13 20:03 - 2014-01-13 20:03 - 00001024 _____ C:\Windows\PFRO.log
2014-01-13 19:59 - 2014-01-13 20:02 - 00000000 ____D C:\Windows\pss
2014-01-13 19:15 - 2014-01-13 20:28 - 00000000 _____ C:\Windows\windows.exe.tmp
2014-01-13 19:05 - 2014-01-13 19:05 - 00000120 _____ C:\0.bak
2014-01-13 19:01 - 2014-01-13 19:01 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\ParetoLogic
2014-01-13 19:01 - 2014-01-13 19:01 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\DriverCure
2014-01-13 18:59 - 2014-01-13 19:52 - 00000000 ____D C:\ProgramData\ParetoLogic
2014-01-13 18:53 - 2014-01-13 18:53 - 00000000 ____D C:\Program Files\CCleaner
2014-01-13 14:45 - 2014-01-13 20:28 - 00000059 _____ C:\Windows\Trojan.exe.tmp
2014-01-13 14:43 - 2014-01-13 14:43 - 00029696 _____ C:\Windows\Trojan.exe
2014-01-13 14:12 - 2014-01-13 14:12 - 00029696 _____ C:\Users\Ihor\AppData\LocaltcgXeFJzyR.exe
2014-01-13 14:09 - 2014-01-13 14:09 - 00024064 _____ C:\Users\Ihor\Documents\Server1.exe
2014-01-12 18:03 - 2014-01-13 19:21 - 00000668 _____ C:\Users\Ihor\AppData\Roaming\Trojan.exe.tmp
2014-01-12 18:01 - 2014-01-12 18:01 - 00029696 _____ C:\Users\Ihor\AppData\Roaming\Trojan.exe
2014-01-12 14:53 - 2014-01-12 14:53 - 00619520 _____ (Microsoft Corporation) C:\Windows\server.exe
2014-01-12 14:35 - 2014-01-12 14:35 - 00024064 _____ C:\Windows\Mozilla Firefoxe.exe
2014-01-11 12:38 - 2014-01-13 20:28 - 00000503 _____ C:\Users\Ihor\AppData\Roaming\torjan.exe.tmp
2014-01-11 12:33 - 2014-01-11 12:32 - 00044544 _____ C:\Users\Ihor\AppData\Roaming\torjan.exe
2014-01-05 18:27 - 2014-01-05 18:27 - 00000000 ____D C:\Users\Ihor\Desktop\Nová složka (5)
2014-01-05 17:58 - 2014-01-13 20:28 - 00011323 _____ C:\Users\Ihor\taskhost .exe.tmp
2014-01-04 20:08 - 2014-01-04 20:07 - 00029184 _____ C:\Users\Ihor\taskhost .exe
2014-01-04 18:39 - 2014-01-04 18:44 - 00025276 _____ C:\Users\Ihor\AppData\Roaming\addons.dat
2014-01-04 13:50 - 2014-01-04 13:50 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\Micro
2014-01-03 10:16 - 2014-01-03 10:16 - 00024064 _____ C:\ProgramData\System.exe
2014-01-02 20:56 - 2014-01-02 20:56 - 00024064 _____ C:\Users\Ihor\trjpad.exe
2014-01-02 16:16 - 2014-01-13 20:05 - 00244224 _____ C:\Users\Ihor\AppData\Roaming\plugin.dat
2014-01-02 16:09 - 2014-01-02 16:09 - 00094720 _____ C:\Users\Ihor\AppData\Roaming\Coffin Of Evil.exe
2014-01-02 07:25 - 2014-01-13 20:28 - 00012057 _____ C:\ProgramData\taskhost .exe.tmp
2014-01-01 21:34 - 2014-01-01 21:34 - 00029184 _____ C:\ProgramData\taskhost .exe
2014-01-01 20:18 - 2014-01-13 20:27 - 00012648 _____ C:\Users\Ihor\AppData\Roaming\windows.exe.tmp
2014-01-01 20:17 - 2014-01-01 20:17 - 00029696 _____ C:\Users\Ihor\AppData\Roaming\windows.exe
2014-01-01 19:00 - 2014-01-01 19:00 - 00024576 _____ C:\Users\Ihor\AppData\Roaming\mexhsy.exe
2014-01-01 18:37 - 2014-01-13 20:28 - 00012748 _____ C:\Windows\system32\.tmp
2014-01-01 14:05 - 2014-01-01 14:05 - 00029696 _____ C:\Windows\windows.exe
2014-01-01 10:17 - 2014-01-01 10:17 - 00029184 _____ C:\Users\Ihor\AppData\Roaming\taskhost.exe
2013-12-31 16:09 - 2013-12-31 16:09 - 00024064 _____ C:\Users\Ihor\svchost.exe
2013-12-31 15:15 - 2014-01-13 20:28 - 00013006 _____ C:\Users\Ihor\AppData\Roaming\taskhost.exe.tmp
2013-12-31 15:12 - 2013-12-31 15:12 - 00024064 _____ C:\Users\Ihor\taskhost.exe
2013-12-30 18:42 - 2013-12-30 18:42 - 00024064 _____ C:\ProgramData\svchost.exe
2013-12-30 11:05 - 2013-12-30 11:42 - 00000000 ____D C:\Program Files (x86)\Dead Rising 2 Off The Record
2013-12-29 19:17 - 2013-12-29 19:17 - 00024064 _____ C:\Users\Ihor\AppData\Roaming\photo.exe
2013-12-21 15:49 - 2013-12-21 15:49 - 05565454 _____ C:\Users\Ihor\Downloads\mari0-win.zip
2013-12-21 15:49 - 2013-12-21 15:49 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\LOVE
2013-12-20 18:53 - 2014-01-13 20:27 - 00013210 _____ C:\Users\Ihor\windows.exe.tmp
2013-12-20 18:53 - 2014-01-03 10:06 - 00029696 _____ C:\Users\Ihor\windows.exe
2013-12-20 18:53 - 2013-12-20 18:53 - 00254464 _____ C:\Users\Ihor\Downloads\Photoshop-CS6.Exe
2013-12-20 09:07 - 2013-12-20 09:07 - 00000000 ____D C:\Program Files (x86)\YTD Toolbar
2013-12-20 09:07 - 2013-12-20 09:07 - 00000000 ____D C:\Program Files (x86)\Application Updater
2013-12-19 19:56 - 2013-12-27 15:30 - 00000000 ____D C:\Users\Ihor\Desktop\3333
2013-12-14 17:28 - 2013-12-14 17:51 - 189762510 _____ C:\Users\Ihor\Downloads\Doctor-Who_06x14---Doktor,-vdova-a-skříň.avi
2013-12-14 16:15 - 2013-12-14 16:16 - 01433600 _____ C:\Users\Ihor\Downloads\ja-legenda-cz.avi
2013-12-14 11:47 - 2013-12-14 11:47 - 00839168 _____ C:\Users\Ihor\Downloads\SimCity-5-Full-Download-+-Crack-v1.1.exe
2013-12-14 11:46 - 2013-12-14 11:46 - 00000000 ____D C:\Users\Ihor\Documents\SimCity 4
2013-12-14 11:46 - 2013-12-14 11:46 - 00000000 ____D C:\Program Files (x86)\SimCity 4 Deluxe - crack
2013-12-14 11:45 - 2013-12-14 11:45 - 06294084 _____ ( ) C:\Users\Ihor\Downloads\SimCity-4-Deluxe---crack.exe
2013-12-14 11:43 - 2013-12-14 11:43 - 00000000 ____D C:\Program Files (x86)\Sim city 4 deluxe - etina
2013-12-14 11:42 - 2013-12-14 11:42 - 04415524 _____ ( ) C:\Users\Ihor\Downloads\Sim-city-4-deluxe---etina.exe

==================== One Month Modified Files and Folders =======

2014-01-13 21:00 - 2014-01-13 20:50 - 00033624 _____ C:\Users\Ihor\Desktop\FRST.txt
2014-01-13 20:49 - 2014-01-13 20:49 - 00000000 ____D C:\FRST
2014-01-13 20:41 - 2011-04-16 03:24 - 00666422 _____ C:\Windows\system32\perfh005.dat
2014-01-13 20:41 - 2011-04-16 03:24 - 00140118 _____ C:\Windows\system32\perfc005.dat
2014-01-13 20:41 - 2009-07-14 06:13 - 01577482 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-13 20:28 - 2014-01-13 20:48 - 00112640 _____ (forum.viry.cz) C:\Users\Ihor\Desktop\FRSTLauncher.exe
2014-01-13 20:28 - 2014-01-13 19:15 - 00000000 _____ C:\Windows\windows.exe.tmp
2014-01-13 20:28 - 2014-01-13 14:45 - 00000059 _____ C:\Windows\Trojan.exe.tmp
2014-01-13 20:28 - 2014-01-11 12:38 - 00000503 _____ C:\Users\Ihor\AppData\Roaming\torjan.exe.tmp
2014-01-13 20:28 - 2014-01-05 17:58 - 00011323 _____ C:\Users\Ihor\taskhost .exe.tmp
2014-01-13 20:28 - 2014-01-02 07:25 - 00012057 _____ C:\ProgramData\taskhost .exe.tmp
2014-01-13 20:28 - 2014-01-01 18:37 - 00012748 _____ C:\Windows\system32\.tmp
2014-01-13 20:28 - 2013-12-31 15:15 - 00013006 _____ C:\Users\Ihor\AppData\Roaming\taskhost.exe.tmp
2014-01-13 20:28 - 2011-06-09 20:20 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-13 20:27 - 2014-01-01 20:18 - 00012648 _____ C:\Users\Ihor\AppData\Roaming\windows.exe.tmp
2014-01-13 20:27 - 2013-12-20 18:53 - 00013210 _____ C:\Users\Ihor\windows.exe.tmp
2014-01-13 20:25 - 2014-01-13 20:48 - 02075648 _____ (Farbar) C:\Users\Ihor\Desktop\FRST64.exe
2014-01-13 20:15 - 2009-07-14 05:45 - 00015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-13 20:15 - 2009-07-14 05:45 - 00015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-13 20:11 - 2014-01-13 20:09 - 00007083 _____ C:\Windows\WindowsUpdate.log
2014-01-13 20:08 - 2011-06-09 19:45 - 00000000 ___RD C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-13 20:06 - 2011-06-09 20:20 - 00000944 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-13 20:05 - 2014-01-02 16:16 - 00244224 _____ C:\Users\Ihor\AppData\Roaming\plugin.dat
2014-01-13 20:05 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-13 20:04 - 2014-01-13 20:04 - 00000056 _____ C:\Windows\setupact.log
2014-01-13 20:04 - 2014-01-13 20:04 - 00000000 _____ C:\Windows\setuperr.log
2014-01-13 20:03 - 2014-01-13 20:03 - 00001024 _____ C:\Windows\PFRO.log
2014-01-13 20:02 - 2014-01-13 19:59 - 00000000 ____D C:\Windows\pss
2014-01-13 19:52 - 2014-01-13 18:59 - 00000000 ____D C:\ProgramData\ParetoLogic
2014-01-13 19:50 - 2011-06-09 20:20 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\Skype
2014-01-13 19:33 - 2012-05-02 20:08 - 00000000 ____D C:\ProgramData\ADDICT-THING
2014-01-13 19:21 - 2014-01-12 18:03 - 00000668 _____ C:\Users\Ihor\AppData\Roaming\Trojan.exe.tmp
2014-01-13 19:20 - 2012-09-03 18:02 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\BrowserCompanion
2014-01-13 19:09 - 2011-04-16 04:06 - 00000000 ____D C:\ProgramData\boost_interprocess
2014-01-13 19:07 - 2012-08-25 20:34 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-13 19:05 - 2014-01-13 19:05 - 00000120 _____ C:\0.bak
2014-01-13 19:05 - 2013-05-06 14:42 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-13 19:05 - 2011-06-09 19:45 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\Macromedia
2014-01-13 19:01 - 2014-01-13 19:01 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\ParetoLogic
2014-01-13 19:01 - 2014-01-13 19:01 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\DriverCure
2014-01-13 18:55 - 2011-10-20 14:57 - 00000000 ____D C:\Windows\Minidump
2014-01-13 18:55 - 2011-06-10 09:29 - 00000000 ____D C:\Users\Ihor\AppData\Local\CrashDumps
2014-01-13 18:55 - 2007-07-12 02:49 - 00000000 ____D C:\Windows\Panther
2014-01-13 18:53 - 2014-01-13 18:53 - 00000000 ____D C:\Program Files\CCleaner
2014-01-13 18:45 - 2013-11-28 20:23 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\Clickteam
2014-01-13 18:45 - 2013-11-28 20:23 - 00000000 ____D C:\Program Files (x86)\The Games Factory 2
2014-01-13 14:43 - 2014-01-13 14:43 - 00029696 _____ C:\Windows\Trojan.exe
2014-01-13 14:12 - 2014-01-13 14:12 - 00029696 _____ C:\Users\Ihor\AppData\LocaltcgXeFJzyR.exe
2014-01-13 14:09 - 2014-01-13 14:09 - 00024064 _____ C:\Users\Ihor\Documents\Server1.exe
2014-01-12 18:01 - 2014-01-12 18:01 - 00029696 _____ C:\Users\Ihor\AppData\Roaming\Trojan.exe
2014-01-12 14:53 - 2014-01-12 14:53 - 00619520 _____ (Microsoft Corporation) C:\Windows\server.exe
2014-01-12 14:35 - 2014-01-12 14:35 - 00024064 _____ C:\Windows\Mozilla Firefoxe.exe
2014-01-11 12:32 - 2014-01-11 12:33 - 00044544 _____ C:\Users\Ihor\AppData\Roaming\torjan.exe
2014-01-11 10:45 - 2009-07-14 06:08 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-05 18:27 - 2014-01-05 18:27 - 00000000 ____D C:\Users\Ihor\Desktop\Nová složka (5)
2014-01-05 17:58 - 2011-06-09 19:27 - 00000000 ____D C:\Users\Ihor
2014-01-04 20:07 - 2014-01-04 20:08 - 00029184 _____ C:\Users\Ihor\taskhost .exe
2014-01-04 18:44 - 2014-01-04 18:39 - 00025276 _____ C:\Users\Ihor\AppData\Roaming\addons.dat
2014-01-04 13:50 - 2014-01-04 13:50 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\Micro
2014-01-03 10:16 - 2014-01-03 10:16 - 00024064 _____ C:\ProgramData\System.exe
2014-01-03 10:06 - 2013-12-20 18:53 - 00029696 _____ C:\Users\Ihor\windows.exe
2014-01-02 20:56 - 2014-01-02 20:56 - 00024064 _____ C:\Users\Ihor\trjpad.exe
2014-01-02 19:39 - 2011-06-09 19:45 - 00000000 ____D C:\Users\Ihor\AppData\Local\VirtualStore
2014-01-02 16:09 - 2014-01-02 16:09 - 00094720 _____ C:\Users\Ihor\AppData\Roaming\Coffin Of Evil.exe
2014-01-01 21:34 - 2014-01-01 21:34 - 00029184 _____ C:\ProgramData\taskhost .exe
2014-01-01 20:17 - 2014-01-01 20:17 - 00029696 _____ C:\Users\Ihor\AppData\Roaming\windows.exe
2014-01-01 19:00 - 2014-01-01 19:00 - 00024576 _____ C:\Users\Ihor\AppData\Roaming\mexhsy.exe
2014-01-01 14:05 - 2014-01-01 14:05 - 00029696 _____ C:\Windows\windows.exe
2014-01-01 10:17 - 2014-01-01 10:17 - 00029184 _____ C:\Users\Ihor\AppData\Roaming\taskhost.exe
2013-12-31 16:09 - 2013-12-31 16:09 - 00024064 _____ C:\Users\Ihor\svchost.exe
2013-12-31 15:12 - 2013-12-31 15:12 - 00024064 _____ C:\Users\Ihor\taskhost.exe
2013-12-30 18:42 - 2013-12-30 18:42 - 00024064 _____ C:\ProgramData\svchost.exe
2013-12-30 11:42 - 2013-12-30 11:05 - 00000000 ____D C:\Program Files (x86)\Dead Rising 2 Off The Record
2013-12-30 11:19 - 2010-12-22 13:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-30 09:43 - 2012-12-25 18:48 - 00000000 ____D C:\Users\Ihor\Desktop\SVJATYK
2013-12-30 09:33 - 2012-03-29 19:44 - 00000000 ____D C:\Users\Ihor\Desktop\nestor
2013-12-29 19:17 - 2013-12-29 19:17 - 00024064 _____ C:\Users\Ihor\AppData\Roaming\photo.exe
2013-12-29 14:17 - 2011-11-16 19:07 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\.minecraft
2013-12-27 15:30 - 2013-12-19 19:56 - 00000000 ____D C:\Users\Ihor\Desktop\3333
2013-12-23 17:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-22 13:33 - 2011-06-09 20:19 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-22 13:33 - 2011-06-09 20:19 - 00000000 ____D C:\ProgramData\Skype
2013-12-21 15:49 - 2013-12-21 15:49 - 05565454 _____ C:\Users\Ihor\Downloads\mari0-win.zip
2013-12-21 15:49 - 2013-12-21 15:49 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\LOVE
2013-12-20 18:53 - 2013-12-20 18:53 - 00254464 _____ C:\Users\Ihor\Downloads\Photoshop-CS6.Exe
2013-12-20 09:07 - 2013-12-20 09:07 - 00000000 ____D C:\Program Files (x86)\YTD Toolbar
2013-12-20 09:07 - 2013-12-20 09:07 - 00000000 ____D C:\Program Files (x86)\Application Updater
2013-12-20 09:05 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-16 13:54 - 2011-06-09 20:20 - 00000000 ____D C:\Users\Ihor\AppData\Local\Google
2013-12-15 05:40 - 2013-11-05 14:14 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 05:32 - 2011-07-16 18:43 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 17:51 - 2013-12-14 17:28 - 189762510 _____ C:\Users\Ihor\Downloads\Doctor-Who_06x14---Doktor,-vdova-a-skříň.avi
2013-12-14 16:16 - 2013-12-14 16:15 - 01433600 _____ C:\Users\Ihor\Downloads\ja-legenda-cz.avi
2013-12-14 11:47 - 2013-12-14 11:47 - 00839168 _____ C:\Users\Ihor\Downloads\SimCity-5-Full-Download-+-Crack-v1.1.exe
2013-12-14 11:46 - 2013-12-14 11:46 - 00000000 ____D C:\Users\Ihor\Documents\SimCity 4
2013-12-14 11:46 - 2013-12-14 11:46 - 00000000 ____D C:\Program Files (x86)\SimCity 4 Deluxe - crack
2013-12-14 11:45 - 2013-12-14 11:45 - 06294084 _____ ( ) C:\Users\Ihor\Downloads\SimCity-4-Deluxe---crack.exe
2013-12-14 11:43 - 2013-12-14 11:43 - 00000000 ____D C:\Program Files (x86)\Sim city 4 deluxe - etina
2013-12-14 11:42 - 2013-12-14 11:42 - 04415524 _____ ( ) C:\Users\Ihor\Downloads\Sim-city-4-deluxe---etina.exe

Files to move or delete:
====================
C:\ProgramData\svchost.exe
C:\ProgramData\System.exe
C:\ProgramData\taskhost .exe
C:\Users\Ihor\svchost.exe
C:\Users\Ihor\taskhost .exe
C:\Users\Ihor\taskhost.exe
C:\Users\Ihor\trjpad.exe
C:\Users\Ihor\windows.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================


==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Internet Security (Disabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: avast! Internet Security (Disabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: avast! Internet Security (Disabled) {131692B0-0864-D491-4E21-3A3A1D8BBB47}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Ihor\Desktop" je 12618 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\22f881ced422d0a8cfa18224e8da0c19
"C:\Users\Ihor\AppData\Local\Temp\windowss.exe" .. [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2991ca02e1de7b64004ddf2762692c1a
"C:\Users\Ihor\AppData\Local\Temp\hackdragoncity.exe" .. [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5cd8f17f4086744065eb0992a09e05a2
"C:\Users\Ihor\AppData\Local\Temp\Trojan.exe" .. [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7ae1ff5603ac84828c7a0e5890086b01
"C:\Users\Ihor\AppData\Local\Temp\HaCkeD.exe" .. [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8515eb34d8f9de5af815466e9715b3e5
"C:\Users\Ihor\AppData\Roaming\Trojan.exe" ..

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\927023f818e6ce8ef3ccb347194b0a7e
"C:\Users\Ihor\AppData\Local\Temp\taskmgr.exe" .. [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\df405cf21c5c2ea6bf1bdcbf5b1e0bcf
"C:\Users\Ihor\AppData\Local\Temp\hack.exe" .. [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iminent
C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IminentMessenger
C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager
C:\Program Files (x86)\Launch Manager\LManager.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro
C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spy
C:\Users\Ihor\AppData\Roaming\Micro\spy.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh
%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^1ffcf52b0cd64d83554855bd6f04fc1f.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1ffcf52b0cd64d83554855bd6f04fc1f.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^2113atgzBG7JnU4ISFsSYJLZCBxd.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2113atgzBG7JnU4ISFsSYJLZCBxd.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^225659c6fa2732024934dc96358cf4cb.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\225659c6fa2732024934dc96358cf4cb.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^22f881ced422d0a8cfa18224e8da0c19.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\22f881ced422d0a8cfa18224e8da0c19.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^2991ca02e1de7b64004ddf2762692c1a.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2991ca02e1de7b64004ddf2762692c1a.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^34a197ecc5748dbb80c6ad3289a7fb7c.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\34a197ecc5748dbb80c6ad3289a7fb7c.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^365bad42f4f98be74c2bf2cacfcb2958.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\365bad42f4f98be74c2bf2cacfcb2958.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^5cd8f17f4086744065eb0992a09e05a2.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5cd8f17f4086744065eb0992a09e05a2.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^6d0e9f17ea6b0b17fcc3b3d388e9e19d.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6d0e9f17ea6b0b17fcc3b3d388e9e19d.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7350b4ce4c5b9059b3abecb448b12322.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7350b4ce4c5b9059b3abecb448b12322.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7ae1ff5603ac84828c7a0e5890086b01.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7ae1ff5603ac84828c7a0e5890086b01.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8181fef9f155186026993bbd38cb4855.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8181fef9f155186026993bbd38cb4855.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^81ed0e74a40ed4fe8a36a7b819c4279f.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\81ed0e74a40ed4fe8a36a7b819c4279f.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8515eb34d8f9de5af815466e9715b3e5.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8515eb34d8f9de5af815466e9715b3e5.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^85ce27c90f0ba2b98ceb888e2ca7acde.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85ce27c90f0ba2b98ceb888e2ca7acde.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^88b7da58a3e62f24b08f565445b53900.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88b7da58a3e62f24b08f565445b53900.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8IEVfHGetHjNhPokt1fxjPbhTinU5a.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8IEVfHGetHjNhPokt1fxjPbhTinU5a.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^912c76a909eaf9ea406e74f23b6290bf.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\912c76a909eaf9ea406e74f23b6290bf.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^927023f818e6ce8ef3ccb347194b0a7e.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\927023f818e6ce8ef3ccb347194b0a7e.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^958436d9be3c028f3254ca9056e72392.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\958436d9be3c028f3254ca9056e72392.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^96692782eb52a518c332d30387fbd310.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\96692782eb52a518c332d30387fbd310.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^96d5bbd31c1ef1f063007ac1abc25a6c.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\96d5bbd31c1ef1f063007ac1abc25a6c.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^978bcc21dfa55450c519ce5e0cb9b4cb.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\978bcc21dfa55450c519ce5e0cb9b4cb.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^a9f2d977c6de2e3f5debaca1def6c0a8.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a9f2d977c6de2e3f5debaca1def6c0a8.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^abb278f5f94f5be17c28e4761048b650.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\abb278f5f94f5be17c28e4761048b650.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^aee62c22efb71f17ec0744e8f88d8439.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aee62c22efb71f17ec0744e8f88d8439.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^b50b61dd4ed2297cbf16db09c0bed498.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b50b61dd4ed2297cbf16db09c0bed498.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^b9f53cd24dbd8eb354a1d3b41e105755.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9f53cd24dbd8eb354a1d3b41e105755.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ba4c12bee3027d94da5c81db2d196bfd.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ba4c12bee3027d94da5c81db2d196bfd.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^bb62e28591030e826081bf1f4a74c0b8.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bb62e28591030e826081bf1f4a74c0b8.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^bec07547ae282f99dd66988f212eb755.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bec07547ae282f99dd66988f212eb755.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^c210b18097fa9ee4b57d8d28130c4154.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c210b18097fa9ee4b57d8d28130c4154.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^cdc91361ec959706e6799be39d7a6c26.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cdc91361ec959706e6799be39d7a6c26.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^df405cf21c5c2ea6bf1bdcbf5b1e0bcf.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\df405cf21c5c2ea6bf1bdcbf5b1e0bcf.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^e7d208841702e4fe48243dfe74a60ee9.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e7d208841702e4fe48243dfe74a60ee9.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^eb78d0b479ba41606efcf9194e178119.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eb78d0b479ba41606efcf9194e178119.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EwMLMywkRcer8HrZMlWPKHwmHgR.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EwMLMywkRcer8HrZMlWPKHwmHgR.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^f8a3f37293dcb5954d599b582155c4e5.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f8a3f37293dcb5954d599b582155c4e5.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^fd2fbc3c9739d9ceb9388ed7eb6cf440.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fd2fbc3c9739d9ceb9388ed7eb6cf440.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^gtNvFAUT5ks1p9ktznHAcbAQEXTPt.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gtNvFAUT5ks1p9ktznHAcbAQEXTPt.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ITwQS8A9sQhkiE3km6m8NgpzYRNiF.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ITwQS8A9sQhkiE3km6m8NgpzYRNiF.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^iVTdTQxNbPFOwblwth5DPxfTEuXm.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iVTdTQxNbPFOwblwth5DPxfTEuXm.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^kWuvZfzxlODgGY2XrHt24Rz7TIr.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kWuvZfzxlODgGY2XrHt24Rz7TIr.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LGXobePv3iJYZ1FPwBX11xkmzaO.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LGXobePv3iJYZ1FPwBX11xkmzaO.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NeMOnAfEuJIYw7IANadhoif8NIJ.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NeMOnAfEuJIYw7IANadhoif8NIJ.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk
C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^rhePF2UrJywJ5kWKIaezg1Z6gn2FMx.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rhePF2UrJywJ5kWKIaezg1Z6gn2FMx.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^sGwFOYlDsM5oftLTnwIUCP5QpUh.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sGwFOYlDsM5oftLTnwIUCP5QpUh.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^tcbhn.lnk
C:\Users\Ihor\AppData\Roaming\BROWSE~1\tcbhn.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^UG2L2YusZscSQYJxQEliuRlof2e.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UG2L2YusZscSQYJxQEliuRlof2e.exe [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================
Přílohy
Addition.zip
(610 bajtů) Staženo 121 x
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Win 7 naběhne ale je extremě pomalé

#3 Příspěvek od vyosek »

Zdravim :)

:arrow: Jste se dal na chov konicku trojskych ci co :boxed: Cela zoo i s babkou pokladni :arcisit:

:arrow: Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Mr.Pavek
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 10 zář 2009 16:50

Re: Win 7 naběhne ale je extremě pomalé

#4 Příspěvek od Mr.Pavek »

Jsme se s manželkou zasmáli :D
Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/13/2014 09:48:13 PM in x64 mode. (Safe Mode)
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Služba BFE (Base Filtering Engine) (BFE) is not Running.
Startup Type set to: Automatic

* Klient DHCP (Dhcp) is not Running.
Startup Type set to: Automatic

* Klient DNS (Dnscache) is not Running.
Startup Type set to: Automatic

* Systém událostí COM+ (EventSystem) is not Running.
Startup Type set to: Automatic

* Brána Windows Firewall (MpsSvc) is not Running.
Startup Type set to: Automatic

* Síťová připojení (Netman) is not Running.
Startup Type set to: Manual

* Služba rozhraní síťového úložiště (nsi) is not Running.
Startup Type set to: Automatic

* Centrum zabezpečení (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Ancillary Function Driver for Winsock (AFD) is not Running.
Startup Type set to: System

* Ovladač ověření brány Windows Firewall (mpsdrv) is not Running.
Startup Type set to: Manual

* NetBT (NetBT) is not Running.
Startup Type set to: System

* NSI proxy service driver. (nsiproxy) is not Running.
Startup Type set to: System

* Ovladač pro podporu zastaralého rozhraní TDI NetIO (tdx) is not Running.
Startup Type set to: System

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 01/13/2014 09:48:40 PM
Execution time: 0 hours(s), 0 minute(s), and 27 seconds(s)
Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/13/2014 09:48:13 PM in x64 mode. (Safe Mode)
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Služba BFE (Base Filtering Engine) (BFE) is not Running.
Startup Type set to: Automatic

* Klient DHCP (Dhcp) is not Running.
Startup Type set to: Automatic

* Klient DNS (Dnscache) is not Running.
Startup Type set to: Automatic

* Systém událostí COM+ (EventSystem) is not Running.
Startup Type set to: Automatic

* Brána Windows Firewall (MpsSvc) is not Running.
Startup Type set to: Automatic

* Síťová připojení (Netman) is not Running.
Startup Type set to: Manual

* Služba rozhraní síťového úložiště (nsi) is not Running.
Startup Type set to: Automatic

* Centrum zabezpečení (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Ancillary Function Driver for Winsock (AFD) is not Running.
Startup Type set to: System

* Ovladač ověření brány Windows Firewall (mpsdrv) is not Running.
Startup Type set to: Manual

* NetBT (NetBT) is not Running.
Startup Type set to: System

* NSI proxy service driver. (nsiproxy) is not Running.
Startup Type set to: System

* Ovladač pro podporu zastaralého rozhraní TDI NetIO (tdx) is not Running.
Startup Type set to: System

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 01/13/2014 09:48:40 PM
Execution time: 0 hours(s), 0 minute(s), and 27 seconds(s)
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Win 7 naběhne ale je extremě pomalé

#5 Příspěvek od vyosek »

Jestli ma manzelka rada konicky, tak ji vemte do hrebcina nebo na nejake exoticke do zoo, ale at je v PC nechova, to nejsou dobri kamaradi :D :D I kdyz teda vystavni kousky tam tedy mate :mrgreen:


Ja se nad logem spise zdesil, ale to zvladnem a dame dohromady :) Sice to budem postupne osekavat jak Herakles Hydru, ale to pujde :)

Pokracujte ComboFixem, at se nam to aspon trochu procisti :x
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Mr.Pavek
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 10 zář 2009 16:50

Re: Win 7 naběhne ale je extremě pomalé

#6 Příspěvek od Mr.Pavek »

chvilku to trvalo:)

ComboFix 14-01-13.01 - Ihor 13.01.2014 22:18:04.1.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2795.1917 [GMT 1:00]
Spuštěný z: c:\users\Ihor\Desktop\ComboFix11.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\0.bak
c:\program files (x86)\BrowserCompanion
c:\program files (x86)\BrowserCompanion\blabbers-ff-full.xpi
c:\program files (x86)\BrowserCompanion\blabbers-ch.crx
c:\program files (x86)\BrowserCompanion\jsloader.dll
c:\program files (x86)\BrowserCompanion\logo.ico
c:\program files (x86)\BrowserCompanion\tdataprotocol.dll
c:\program files (x86)\BrowserCompanion\terms.lnk.url
c:\program files (x86)\BrowserCompanion\toolbar.dll
c:\program files (x86)\BrowserCompanion\uninstall.exe
c:\program files (x86)\BrowserCompanion\updatebhoWin32.dll
c:\program files (x86)\BrowserCompanion\updater.ini
c:\program files (x86)\BrowserCompanion\widgetserv.exe
c:\program files (x86)\DealBulldog Toolbar
c:\program files (x86)\DealBulldog Toolbar\affid.dat
c:\program files (x86)\DealBulldog Toolbar\alert_plugin.dll
c:\program files (x86)\DealBulldog Toolbar\basis.xml
c:\program files (x86)\DealBulldog Toolbar\CustomTabPage.dll
c:\program files (x86)\DealBulldog Toolbar\icons.bmp
c:\program files (x86)\DealBulldog Toolbar\info.txt
c:\program files (x86)\DealBulldog Toolbar\install.ico
c:\program files (x86)\DealBulldog Toolbar\MacroParserPlugin.dll
c:\program files (x86)\DealBulldog Toolbar\mbback.bmp
c:\program files (x86)\DealBulldog Toolbar\mbbigopen.bmp
c:\program files (x86)\DealBulldog Toolbar\mbclose.bmp
c:\program files (x86)\DealBulldog Toolbar\mbfwd.bmp
c:\program files (x86)\DealBulldog Toolbar\mbsep.bmp
c:\program files (x86)\DealBulldog Toolbar\nav1c.bmp
c:\program files (x86)\DealBulldog Toolbar\somoto.dll
c:\program files (x86)\DealBulldog Toolbar\TbCommonUtils.dll
c:\program files (x86)\DealBulldog Toolbar\tbcore3.dll
c:\program files (x86)\DealBulldog Toolbar\tbcore3.inf
c:\program files (x86)\DealBulldog Toolbar\tbhelper.dll
c:\program files (x86)\DealBulldog Toolbar\TbHelper2.exe
c:\program files (x86)\DealBulldog Toolbar\uninstall.exe
c:\program files (x86)\DealBulldog Toolbar\UninstallToolbar.exe
c:\program files (x86)\DealBulldog Toolbar\update.exe
c:\program files (x86)\DealBulldog Toolbar\version.txt
c:\program files (x86)\IMinent Toolbar\tbHElper.dll
c:\program files\Protector by IB\ExTEnsion32.dll
c:\programdata\svchost.exe
c:\programdata\System.exe
c:\programdata\taskhost .exe
c:\programdata\taskhost .exe.tmp
c:\programdata\wxDfast
c:\programdata\wxDfast\background.html
c:\programdata\wxDfast\content.js
c:\programdata\wxDfast\data\content.js
c:\programdata\wxDfast\data\jsondb.js
c:\programdata\wxDfast\epohjfbhajfojachcgdhgegmaadodlcd.crx
c:\programdata\wxDfast\settings.ini
c:\programdata\wxDfast\uninstall.exe
c:\users\Ihor\AppData\LocalkPE_TXmLpg.jpg
c:\users\Ihor\AppData\LocaltcgXeFJzyR.exe
c:\users\Ihor\AppData\Roaming\Coffin Of Evil.exe
c:\users\Ihor\AppData\Roaming\dclogs
c:\users\Ihor\AppData\Roaming\Love
c:\users\Ihor\AppData\Roaming\Love\mari0\options.txt
c:\users\Ihor\AppData\Roaming\mexhsy.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1ffcf52b0cd64d83554855bd6f04fc1f.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\225659c6fa2732024934dc96358cf4cb.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\34a197ecc5748dbb80c6ad3289a7fb7c.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\365bad42f4f98be74c2bf2cacfcb2958.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6d0e9f17ea6b0b17fcc3b3d388e9e19d.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8181fef9f155186026993bbd38cb4855.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\81ed0e74a40ed4fe8a36a7b819c4279f.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85ce27c90f0ba2b98ceb888e2ca7acde.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88b7da58a3e62f24b08f565445b53900.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\912c76a909eaf9ea406e74f23b6290bf.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\958436d9be3c028f3254ca9056e72392.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\96692782eb52a518c332d30387fbd310.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\96d5bbd31c1ef1f063007ac1abc25a6c.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\978bcc21dfa55450c519ce5e0cb9b4cb.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a9f2d977c6de2e3f5debaca1def6c0a8.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\abb278f5f94f5be17c28e4761048b650.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aee62c22efb71f17ec0744e8f88d8439.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b50b61dd4ed2297cbf16db09c0bed498.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9f53cd24dbd8eb354a1d3b41e105755.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bb62e28591030e826081bf1f4a74c0b8.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bec07547ae282f99dd66988f212eb755.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c210b18097fa9ee4b57d8d28130c4154.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e7d208841702e4fe48243dfe74a60ee9.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eb78d0b479ba41606efcf9194e178119.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f8a3f37293dcb5954d599b582155c4e5.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fd2fbc3c9739d9ceb9388ed7eb6cf440.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yMdtsm8DG9h69i6yimxWMwxhb5h.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ymnZ67MlXvfC2KrXGksiLN1m8rfP.exe
c:\users\Ihor\AppData\Roaming\photo.exe
c:\users\Ihor\AppData\Roaming\taskhost.exe
c:\users\Ihor\AppData\Roaming\taskhost.exe.tmp
c:\users\Ihor\AppData\Roaming\torjan.exe
c:\users\Ihor\AppData\Roaming\torjan.exe.tmp
c:\users\Ihor\AppData\Roaming\Trojan.exe
c:\users\Ihor\AppData\Roaming\Trojan.exe.tmp
c:\users\Ihor\AppData\Roaming\windows.exe
c:\users\Ihor\AppData\Roaming\windows.exe.tmp
c:\users\Ihor\svchost.exe
c:\users\Ihor\taskhost .exe
c:\users\Ihor\taskhost .exe.tmp
c:\users\Ihor\taskhost.exe
c:\users\Ihor\trjpad.exe
c:\users\Ihor\windows.exe
c:\users\Ihor\windows.exe.tmp
c:\windows\Mozilla Firefoxe.exe
c:\windows\SysWow64\tmp7790.tmp
c:\windows\SysWow64\tmp784C.tmp
c:\windows\Trojan.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-12-13 do 2014-01-13 )))))))))))))))))))))))))))))))
.
.
2014-01-13 21:26 . 2014-01-13 21:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-13 19:49 . 2014-01-13 19:49 -------- d-----w- C:\FRST
2014-01-13 19:47 . 2014-01-13 19:47 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EA2B31AD-DAE2-49F9-9E8D-62D5CA63252C}\offreg.dll
2014-01-13 18:07 . 2014-01-13 21:26 -------- d-----w- c:\users\Ihor\AppData\Local\Temp
2014-01-13 18:01 . 2014-01-13 18:01 -------- d-----w- c:\users\Ihor\AppData\Roaming\ParetoLogic
2014-01-13 18:01 . 2014-01-13 18:01 -------- d-----w- c:\users\Ihor\AppData\Roaming\DriverCure
2014-01-13 17:59 . 2014-01-13 18:52 -------- d-----w- c:\programdata\ParetoLogic
2014-01-13 17:53 . 2014-01-13 17:53 -------- d-----w- c:\program files\CCleaner
2014-01-13 13:45 . 2014-01-13 19:28 59 ----a-w- c:\windows\Trojan.exe.tmp
2014-01-12 13:53 . 2014-01-12 13:53 619520 ----a-w- c:\windows\server.exe
2014-01-11 07:38 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EA2B31AD-DAE2-49F9-9E8D-62D5CA63252C}\mpengine.dll
2014-01-04 12:50 . 2014-01-04 12:50 -------- d-----w- c:\users\Ihor\AppData\Roaming\Micro
2014-01-01 17:37 . 2014-01-13 19:28 12748 ----a-w- c:\windows\system32\.tmp
2014-01-01 13:05 . 2014-01-01 13:05 29696 ----a-w- c:\windows\windows.exe
2013-12-30 10:05 . 2013-12-30 10:42 -------- d-----w- c:\program files (x86)\Dead Rising 2 Off The Record
2013-12-20 08:07 . 2013-12-20 08:07 -------- d-----w- c:\program files (x86)\Application Updater
2013-12-20 08:07 . 2013-12-20 08:07 -------- d-----w- c:\program files (x86)\YTD Toolbar
2013-12-20 08:07 . 2013-12-20 08:07 -------- d-----w- c:\program files (x86)\Common Files\Spigot
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-15 04:32 . 2011-07-16 17:43 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-11 16:46 . 2012-08-25 19:34 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 16:46 . 2012-08-25 19:34 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 10:38 . 2013-12-10 10:38 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-10 10:38 . 2013-12-10 10:38 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-10 10:38 . 2013-12-10 10:38 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-10 10:38 . 2013-12-10 10:38 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-10 10:38 . 2013-12-10 10:38 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-10 10:38 . 2013-12-10 10:38 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-10 10:38 . 2013-12-10 10:38 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-10 10:38 . 2013-12-10 10:38 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-10 10:38 . 2013-12-10 10:38 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-10 10:38 . 2013-12-10 10:38 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-10 10:38 . 2013-12-10 10:38 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-10 10:38 . 2013-12-10 10:38 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-10 10:38 . 2013-12-10 10:38 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-10 10:38 . 2013-12-10 10:38 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-10 10:38 . 2013-12-10 10:38 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-10 10:38 . 2013-12-10 10:38 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-12-10 10:38 . 2013-12-10 10:38 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-10 10:38 . 2013-12-10 10:38 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-10 10:38 . 2013-12-10 10:38 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-10 10:38 . 2013-12-10 10:38 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-10 10:38 . 2013-12-10 10:38 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-10 10:38 . 2013-12-10 10:38 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-10 10:38 . 2013-12-10 10:38 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-10 10:38 . 2013-12-10 10:38 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-10 10:38 . 2013-12-10 10:38 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-10 10:38 . 2013-12-10 10:38 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-10 10:38 . 2013-12-10 10:38 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-10 10:38 . 2013-12-10 10:38 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-10 10:38 . 2013-12-10 10:38 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-10 10:38 . 2013-12-10 10:38 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-10 10:38 . 2013-12-10 10:38 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-10 10:38 . 2013-12-10 10:38 195584 ----a-w- c:\windows\system32\msrating.dll
2013-12-10 10:38 . 2013-12-10 10:38 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-10 10:38 . 2013-12-10 10:38 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-10 10:38 . 2013-12-10 10:38 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-10 10:38 . 2013-12-10 10:38 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-10 10:38 . 2013-12-10 10:38 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-10 10:38 . 2013-12-10 10:38 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-10 10:38 . 2013-12-10 10:38 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-10 10:38 . 2013-12-10 10:38 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-10 10:38 . 2013-12-10 10:38 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-12-10 10:38 . 2013-12-10 10:38 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-10 10:38 . 2013-12-10 10:38 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-10 10:38 . 2013-12-10 10:38 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-12-10 10:38 . 2013-12-10 10:38 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-10 10:38 . 2013-12-10 10:38 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-10 10:38 . 2013-12-10 10:38 413696 ----a-w- c:\windows\system32\html.iec
2013-12-10 10:38 . 2013-12-10 10:38 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-10 10:38 . 2013-12-10 10:38 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-10 10:38 . 2013-12-10 10:38 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-10 10:38 . 2013-12-10 10:38 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-10 10:38 . 2013-12-10 10:38 235520 ----a-w- c:\windows\system32\url.dll
2013-12-10 10:38 . 2013-12-10 10:38 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-10 10:38 . 2013-12-10 10:38 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-10 10:38 . 2013-12-10 10:38 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-10 10:38 . 2013-12-10 10:38 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-10 10:38 . 2013-12-10 10:38 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-12-10 10:38 . 2013-12-10 10:38 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-10 10:38 . 2013-12-10 10:38 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-26 11:54 . 2013-12-12 02:09 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-12 02:10 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-12 02:10 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-12 02:09 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-12 02:09 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-12 02:09 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-12 02:09 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-12 02:09 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-12 02:10 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-12 02:10 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-12 02:09 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-12 02:09 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-12 02:09 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-12 02:09 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-12 02:09 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-12 02:09 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-12 02:09 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-12 02:09 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-12 02:09 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-12 02:09 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-12 02:09 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-12 02:09 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-12 02:09 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-12 02:09 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-11 14:34 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 14:34 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-19 02:33 . 2011-06-09 18:45 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-12 02:23 . 2013-12-11 14:35 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 14:35 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-10-30 02:32 . 2013-12-11 14:34 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-11 14:34 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-10-30 01:24 . 2013-12-11 14:34 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-10-19 02:18 . 2013-12-11 14:34 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-10-19 01:36 . 2013-12-11 14:34 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-25 1520776]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
2010-07-02 07:54 2607872 ----a-w- c:\program files (x86)\IMinent Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-04-25 15:36 1520776 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-06-04 14:12 1310040 ----a-w- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
2013-12-13 10:35 1398080 ----a-w- c:\program files (x86)\YTD Toolbar\IE\8.5\ytdToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-25 1520776]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-06-04 1310040]
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files (x86)\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]
"{F3FEE66E-E034-436a-86E4-9690573BEE8A}"= "c:\program files (x86)\YTD Toolbar\IE\8.5\ytdToolbarIE.dll" [2013-12-13 1398080]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
.
[HKEY_CLASSES_ROOT\clsid\{f3fee66e-e034-436a-86e4-9690573bee8a}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"aee62c22efb71f17ec0744e8f88d8439"="c:\programdata\taskhost .exe .." [X]
"e7d208841702e4fe48243dfe74a60ee9"="c:\users\Ihor\taskhost .exe .." [X]
"b7c77f48dde2ad69a039c2aceab2d240"="c:\windows\windows.exe" [2014-01-01 29696]
"0e4da5cc90f75b7971f3fdafd56c9623"="c:\windows\server.exe" [2014-01-12 619520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe" [2010-11-12 295232]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-18 336384]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-04-25 1648264]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
"Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"msgnocuSrv"="c:\windows\inf\msgnocu.vbe" [2013-08-27 1558]
"NtVdmSrv"="c:\windows\inf\ntvdm.vbe" [2013-06-20 1219]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2013-12-13 1383232]
.
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
mvpjbscryh..vbs [2014-1-12 14270]
nxyjekzaeo..vbs [2014-1-12 14270]
tdnkeeuwjq..vbs [2014-1-12 14270]
tmp3E3F.tmp.vbs [2014-1-2 11517]
tmp4106.tmp.vbs [2014-1-3 542852]
tmp50DF.tmp.vbs [2014-1-2 11517]
tmp6D47.tmp.vbs [2014-1-2 11517]
tmp791A.tmp.vbs [2014-1-2 11517]
tmp7E34.tmp.vbs [2014-1-2 11517]
tmp97EB.tmp.vbs [2013-12-31 14276]
tmpA025.tmp.vbs [2014-1-2 11517]
tmpD81C.tmp.vbs [2014-1-2 11517]
tmpF24A.tmp.vbs [2014-1-2 11517]
vdcwwdxbwo..vbs [2014-1-2 14264]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R1 aswFW;avast! TDI Firewall driver; [x]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110723.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110723.001\BHDrvx64.sys [x]
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110808.030\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110808.030\IDSvia64.sys [x]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\Ironx64.SYS [x]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1207020.003\SYMNETS.SYS [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [x]
R2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
R2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
R2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [x]
R2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [x]
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [x]
R2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe;c:\program files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe [x]
R2 Protector by IB Updater;Protector by IB Updater;c:\program files\Protector by IB\ExtensionUpdaterService.exe;c:\program files\Protector by IB\ExtensionUpdaterService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMEFA64.SYS [x]
S1 aswKbd;aswKbd; [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 11:40 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-25 16:47]
.
2014-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-09 19:20]
.
2014-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-09 19:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2011-01-28 862088]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.iminent.com/?appid=f826efdc-1507-4783-b9fa-bc8fcb83530a
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
BHO-{00cbb66b-1d3b-46d3-9577-323a336acb50} - c:\program files (x86)\BrowserCompanion\jsloader.dll
BHO-{336D0C35-8A85-403a-B9D2-65C292C39087} - c:\program files\Protector by IB\Extension32.dll
Toolbar-Locked - (no file)
Toolbar-{338B4DFE-2E2C-4338-9E41-E176D497299E} - c:\program files (x86)\DealBulldog Toolbar\tbcore3.dll
Wow6432Node-HKCU-Run-88b7da58a3e62f24b08f565445b53900 - c:\users\Ihor\windows.exe
Wow6432Node-HKCU-Run-978bcc21dfa55450c519ce5e0cb9b4cb - c:\users\Ihor\AppData\Roaming\photo.exe
Wow6432Node-HKCU-Run-a0c37fcb5918c5f02ddbf004b53d120c - c:\programdata\svchost.exe
Wow6432Node-HKCU-Run-b50b61dd4ed2297cbf16db09c0bed498 - c:\users\Ihor\taskhost.exe
Wow6432Node-HKCU-Run-54d1350c8449fb4e18aebc0ad5fd2787 - c:\users\Ihor\svchost.exe
Wow6432Node-HKCU-Run-abb278f5f94f5be17c28e4761048b650 - c:\users\Ihor\AppData\Roaming\taskhost.exe
Wow6432Node-HKCU-Run-f8a3f37293dcb5954d599b582155c4e5 - c:\users\Ihor\AppData\Roaming\mexhsy.exe
Wow6432Node-HKCU-Run-225659c6fa2732024934dc96358cf4cb - c:\users\Ihor\AppData\Roaming\windows.exe
Wow6432Node-HKCU-Run-xcrx - c:\users\Ihor\AppData\Roaming\Coffin Of Evil.exe
Wow6432Node-HKCU-Run-ăíßŃćČĎÇĘí.b - (no file)
Wow6432Node-HKCU-Run-96692782eb52a518c332d30387fbd310 - c:\users\Ihor\trjpad.exe
Wow6432Node-HKCU-Run-20054a1b12d049fcaf4099727f96da6d - c:\programdata\System.exe
Wow6432Node-HKCU-Run-eb78d0b479ba41606efcf9194e178119 - c:\users\Ihor\AppData\Roaming\torjan.exe
Wow6432Node-HKCU-Run-8181fef9f155186026993bbd38cb4855 - c:\windows\Mozilla Firefoxe.exe
Wow6432Node-HKCU-Run-81ed0e74a40ed4fe8a36a7b819c4279f - c:\windows\Trojan.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-BrowserCompanion - c:\program files (x86)\BrowserCompanion\uninstall.exe
AddRemove-DealBulldog Toolbar - c:\program files (x86)\DealBulldog Toolbar\UninstallToolbar.exe
AddRemove-{4F4C5E11-0612-48D2-8055-987992AAC432} - c:\programdata\wxDfast\uninstall.exe
.
.
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"aíßNcCDÇEí.b"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1439821017-4003384198-2142392356-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1439821017-4003384198-2142392356-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-01-13 22:30:26
ComboFix-quarantined-files.txt 2014-01-13 21:30
.
Před spuštěním: Volných bajtů: 383 927 095 296
Po spuštění: Volných bajtů: 383 276 101 632
.
- - End Of File - - 04C7DC57F9AF34E10510A27C3627BBFF
A36C5E4F47E84449FF07ED3517B43A31
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Win 7 naběhne ale je extremě pomalé

#7 Příspěvek od vyosek »

:arrow: Ani se nedivim, nez se tim bordelem probral :arcisit:

:arrow: Pouzijte tento remover ftp://ftp.symantec.com/public/english_u ... l_Tool.exe at odstranime zbytky antiviru Norton. Ponechame jen Avast

:arrow: Pri nasledujicim mazani bude ComboFix posilat vzorky haveti autorovi, tak se nedeste co kam posila. Je to pro dalsi vyvoj ComboFixu

:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

Driver::
Application Updater

Collect::
c:\windows\Trojan.exe.tmp
c:\windows\windows.exe
c:\windows\server.exe
c:\users\Ihor\taskhost .exe
c:\programdata\taskhost .exe
c:\windows\inf\ntvdm.vbe
c:\windows\inf\msgnocu.vbe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mvpjbscryh..vbs
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nxyjekzaeo..vbs
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tdnkeeuwjq..vbs
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp3E3F.tmp.vbs
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp4106.tmp.vbs
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp50DF.tmp.vbs
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp6D47.tmp.vbs
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp791A.tmp.vbs
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp7E34.tmp.vbs
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp97EB.tmp.vbs
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpA025.tmp.vbs
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpD81C.tmp.vbs
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpF24A.tmp.vbs
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdcwwdxbwo..vbs

File::
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files (x86)\Application Updater
c:\program files (x86)\YTD Toolbar
c:\program files (x86)\Common Files\Spigot
c:\program files (x86)\Ask.com
c:\program files (x86)\IMinent Toolbar
c:\program files (x86)\YTD Toolbar
c:\program files (x86)\SweetIM

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"aíßNcCDÇEí.b"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"=-
"{F3FEE66E-E034-436a-86E4-9690573BEE8A}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[-HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
[-HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
[-HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[-HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
[-HKEY_CLASSES_ROOT\clsid\{f3fee66e-e034-436a-86e4-9690573bee8a}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"aee62c22efb71f17ec0744e8f88d8439"=-
"e7d208841702e4fe48243dfe74a60ee9"=-
"b7c77f48dde2ad69a039c2aceab2d240"=-
"0e4da5cc90f75b7971f3fdafd56c9623"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"=-
"Adobe Reader Speed Launcher"=-
"GrooveMonitor"=-
"ApnUpdater"=-
"SweetIM"=-
"Sweetpacks Communicator"=-
"SunJavaUpdateSched"=-
"msgnocuSrv"=-
"NtVdmSrv"=-
"SearchSettings"=-

RegLock::
[HKEY_USERS\S-1-5-21-1439821017-4003384198-2142392356-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Mr.Pavek
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 10 zář 2009 16:50

Re: Win 7 naběhne ale je extremě pomalé

#8 Příspěvek od Mr.Pavek »

ComboFix 14-01-13.01 - Ihor 13.01.2014 23:14:04.2.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2795.1775 [GMT 1:00]
Spuštěný z: c:\users\Ihor\Desktop\ComboFix11.exe
Použité ovládací přepínače :: c:\users\Ihor\Desktop\CFScript.lnk
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-12-13 do 2014-01-13 )))))))))))))))))))))))))))))))
.
.
2014-01-13 22:23 . 2014-01-13 22:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-13 22:03 . 2014-01-13 22:03 -------- d-----w- c:\programdata\Symantec
2014-01-13 19:49 . 2014-01-13 19:49 -------- d-----w- C:\FRST
2014-01-13 18:07 . 2014-01-13 22:23 -------- d-----w- c:\users\Ihor\AppData\Local\Temp
2014-01-13 18:01 . 2014-01-13 18:01 -------- d-----w- c:\users\Ihor\AppData\Roaming\ParetoLogic
2014-01-13 18:01 . 2014-01-13 18:01 -------- d-----w- c:\users\Ihor\AppData\Roaming\DriverCure
2014-01-13 17:59 . 2014-01-13 18:52 -------- d-----w- c:\programdata\ParetoLogic
2014-01-13 17:53 . 2014-01-13 17:53 -------- d-----w- c:\program files\CCleaner
2014-01-13 13:45 . 2014-01-13 19:28 59 ----a-w- c:\windows\Trojan.exe.tmp
2014-01-12 13:53 . 2014-01-12 13:53 619520 ----a-w- c:\windows\server.exe
2014-01-11 07:38 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EA2B31AD-DAE2-49F9-9E8D-62D5CA63252C}\mpengine.dll
2014-01-04 12:50 . 2014-01-04 12:50 -------- d-----w- c:\users\Ihor\AppData\Roaming\Micro
2014-01-01 17:37 . 2014-01-13 19:28 12748 ----a-w- c:\windows\system32\.tmp
2014-01-01 13:05 . 2014-01-01 13:05 29696 ----a-w- c:\windows\windows.exe
2013-12-30 10:05 . 2013-12-30 10:42 -------- d-----w- c:\program files (x86)\Dead Rising 2 Off The Record
2013-12-20 08:07 . 2013-12-20 08:07 -------- d-----w- c:\program files (x86)\Application Updater
2013-12-20 08:07 . 2013-12-20 08:07 -------- d-----w- c:\program files (x86)\YTD Toolbar
2013-12-20 08:07 . 2013-12-20 08:07 -------- d-----w- c:\program files (x86)\Common Files\Spigot
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-15 04:32 . 2011-07-16 17:43 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-11 16:46 . 2012-08-25 19:34 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 16:46 . 2012-08-25 19:34 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 10:38 . 2013-12-10 10:38 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-10 10:38 . 2013-12-10 10:38 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-10 10:38 . 2013-12-10 10:38 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-10 10:38 . 2013-12-10 10:38 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-10 10:38 . 2013-12-10 10:38 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-10 10:38 . 2013-12-10 10:38 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-10 10:38 . 2013-12-10 10:38 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-10 10:38 . 2013-12-10 10:38 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-10 10:38 . 2013-12-10 10:38 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-10 10:38 . 2013-12-10 10:38 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-10 10:38 . 2013-12-10 10:38 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-10 10:38 . 2013-12-10 10:38 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-10 10:38 . 2013-12-10 10:38 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-10 10:38 . 2013-12-10 10:38 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-10 10:38 . 2013-12-10 10:38 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-10 10:38 . 2013-12-10 10:38 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-12-10 10:38 . 2013-12-10 10:38 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-10 10:38 . 2013-12-10 10:38 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-10 10:38 . 2013-12-10 10:38 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-10 10:38 . 2013-12-10 10:38 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-10 10:38 . 2013-12-10 10:38 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-10 10:38 . 2013-12-10 10:38 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-10 10:38 . 2013-12-10 10:38 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-10 10:38 . 2013-12-10 10:38 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-10 10:38 . 2013-12-10 10:38 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-10 10:38 . 2013-12-10 10:38 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-10 10:38 . 2013-12-10 10:38 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-10 10:38 . 2013-12-10 10:38 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-10 10:38 . 2013-12-10 10:38 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-10 10:38 . 2013-12-10 10:38 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-10 10:38 . 2013-12-10 10:38 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-10 10:38 . 2013-12-10 10:38 195584 ----a-w- c:\windows\system32\msrating.dll
2013-12-10 10:38 . 2013-12-10 10:38 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-10 10:38 . 2013-12-10 10:38 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-10 10:38 . 2013-12-10 10:38 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-10 10:38 . 2013-12-10 10:38 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-10 10:38 . 2013-12-10 10:38 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-10 10:38 . 2013-12-10 10:38 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-10 10:38 . 2013-12-10 10:38 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-10 10:38 . 2013-12-10 10:38 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-10 10:38 . 2013-12-10 10:38 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-12-10 10:38 . 2013-12-10 10:38 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-10 10:38 . 2013-12-10 10:38 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-10 10:38 . 2013-12-10 10:38 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-12-10 10:38 . 2013-12-10 10:38 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-10 10:38 . 2013-12-10 10:38 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-10 10:38 . 2013-12-10 10:38 413696 ----a-w- c:\windows\system32\html.iec
2013-12-10 10:38 . 2013-12-10 10:38 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-10 10:38 . 2013-12-10 10:38 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-10 10:38 . 2013-12-10 10:38 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-10 10:38 . 2013-12-10 10:38 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-10 10:38 . 2013-12-10 10:38 235520 ----a-w- c:\windows\system32\url.dll
2013-12-10 10:38 . 2013-12-10 10:38 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-10 10:38 . 2013-12-10 10:38 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-10 10:38 . 2013-12-10 10:38 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-10 10:38 . 2013-12-10 10:38 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-10 10:38 . 2013-12-10 10:38 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-12-10 10:38 . 2013-12-10 10:38 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-10 10:38 . 2013-12-10 10:38 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-26 11:54 . 2013-12-12 02:09 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-12 02:10 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-12 02:10 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-12 02:09 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-12 02:09 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-12 02:09 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-12 02:09 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-12 02:09 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-12 02:10 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-12 02:10 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-12 02:09 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-12 02:09 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-12 02:09 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-12 02:09 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-12 02:09 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-12 02:09 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-12 02:09 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-12 02:09 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-12 02:09 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-12 02:09 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-12 02:09 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-12 02:09 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-12 02:09 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-12 02:09 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-11 14:34 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 14:34 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-19 02:33 . 2011-06-09 18:45 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-12 02:23 . 2013-12-11 14:35 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 14:35 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-10-30 02:32 . 2013-12-11 14:34 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-11 14:34 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-10-30 01:24 . 2013-12-11 14:34 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-10-19 02:18 . 2013-12-11 14:34 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-10-19 01:36 . 2013-12-11 14:34 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-25 1520776]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}]
c:\program files (x86)\BrowserCompanion\jsloader.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
c:\program files\Protector by IB\Extension32.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
2010-07-02 07:54 2607872 ----a-w- c:\program files (x86)\IMinent Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-04-25 15:36 1520776 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-06-04 14:12 1310040 ----a-w- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
2013-12-13 10:35 1398080 ----a-w- c:\program files (x86)\YTD Toolbar\IE\8.5\ytdToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-25 1520776]
"{338B4DFE-2E2C-4338-9E41-E176D497299E}"= "c:\program files (x86)\DealBulldog Toolbar\tbcore3.dll" [BU]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-06-04 1310040]
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files (x86)\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]
"{F3FEE66E-E034-436a-86E4-9690573BEE8A}"= "c:\program files (x86)\YTD Toolbar\IE\8.5\ytdToolbarIE.dll" [2013-12-13 1398080]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{338b4dfe-2e2c-4338-9e41-e176d497299e}]
[HKEY_CLASSES_ROOT\SMTTB2009.SMTTB2009.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\SMTTB2009.SMTTB2009]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
.
[HKEY_CLASSES_ROOT\clsid\{f3fee66e-e034-436a-86e4-9690573bee8a}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"aee62c22efb71f17ec0744e8f88d8439"="c:\programdata\taskhost .exe .." [X]
"e7d208841702e4fe48243dfe74a60ee9"="c:\users\Ihor\taskhost .exe .." [X]
"b7c77f48dde2ad69a039c2aceab2d240"="c:\windows\windows.exe" [2014-01-01 29696]
"ăíßŃćČĎÇĘí.b"="" [BU]
"0e4da5cc90f75b7971f3fdafd56c9623"="c:\windows\server.exe" [2014-01-12 619520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe" [2010-11-12 295232]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-18 336384]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-04-25 1648264]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
"Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"msgnocuSrv"="c:\windows\inf\msgnocu.vbe" [2013-08-27 1558]
"NtVdmSrv"="c:\windows\inf\ntvdm.vbe" [2013-06-20 1219]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2013-12-13 1383232]
.
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
mvpjbscryh..vbs [2014-1-12 14270]
nxyjekzaeo..vbs [2014-1-12 14270]
tdnkeeuwjq..vbs [2014-1-12 14270]
tmp3E3F.tmp.vbs [2014-1-2 11517]
tmp4106.tmp.vbs [2014-1-3 542852]
tmp50DF.tmp.vbs [2014-1-2 11517]
tmp6D47.tmp.vbs [2014-1-2 11517]
tmp791A.tmp.vbs [2014-1-2 11517]
tmp7E34.tmp.vbs [2014-1-2 11517]
tmp97EB.tmp.vbs [2013-12-31 14276]
tmpA025.tmp.vbs [2014-1-2 11517]
tmpD81C.tmp.vbs [2014-1-2 11517]
tmpF24A.tmp.vbs [2014-1-2 11517]
vdcwwdxbwo..vbs [2014-1-2 14264]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R1 aswFW;avast! TDI Firewall driver; [x]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [x]
R2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
R2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
R2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [x]
R2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [x]
R2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe;c:\program files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe [x]
R2 Protector by IB Updater;Protector by IB Updater;c:\program files\Protector by IB\ExtensionUpdaterService.exe;c:\program files\Protector by IB\ExtensionUpdaterService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswKbd;aswKbd; [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 11:40 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-25 16:47]
.
2014-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-09 19:20]
.
2014-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-09 19:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2011-01-28 862088]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.iminent.com/?appid=f826efdc-1507-4783-b9fa-bc8fcb83530a
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-BrowserCompanion - c:\program files (x86)\BrowserCompanion\uninstall.exe
AddRemove-DealBulldog Toolbar - c:\program files (x86)\DealBulldog Toolbar\UninstallToolbar.exe
AddRemove-{4F4C5E11-0612-48D2-8055-987992AAC432} - c:\programdata\wxDfast\uninstall.exe
.
.
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"aíßNcCDÇEí.b"=""
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1439821017-4003384198-2142392356-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1439821017-4003384198-2142392356-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-01-13 23:27:46
ComboFix-quarantined-files.txt 2014-01-13 22:27
ComboFix2.txt 2014-01-13 21:30
.
Před spuštěním: Volných bajtů: 384 205 430 784
Po spuštění: Volných bajtů: 383 619 645 440
.
- - End Of File - - 0CFEC4668CBFE9BABF100B63596117F8
A36C5E4F47E84449FF07ED3517B43A31
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Win 7 naběhne ale je extremě pomalé

#9 Příspěvek od vyosek »

Vy jste mel na plose jen zastupce Použité ovládací přepínače :: c:\users\Ihor\Desktop\CFScript.lnk te samotny skript, takze se nic neprovedlo :(

Na plose musi byt CFScript.txt, takze jej tam vytvorte\presunte a spustte znovu dle navodu
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Mr.Pavek
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 10 zář 2009 16:50

Re: Win 7 naběhne ale je extremě pomalé

#10 Příspěvek od Mr.Pavek »

Omlouvam se, trochu jsem tapal...

ComboFix 14-01-13.01 - Ihor 14.01.2014 0:08.4.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2795.1847 [GMT 1:00]
Spuštěný z: c:\users\Ihor\Desktop\ComboFix11.exe
Použité ovládací přepínače :: c:\users\Ihor\Desktop\CFScript.txt.txt
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Application Updater
c:\program files (x86)\Application Updater\ApplicationUpdater.exe
c:\program files (x86)\Application Updater\config.ini
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\assets\oobe\b.png
c:\program files (x86)\Ask.com\assets\oobe\bl.png
c:\program files (x86)\Ask.com\assets\oobe\br.png
c:\program files (x86)\Ask.com\assets\oobe\l.png
c:\program files (x86)\Ask.com\assets\oobe\pointer.png
c:\program files (x86)\Ask.com\assets\oobe\r.png
c:\program files (x86)\Ask.com\assets\oobe\t.png
c:\program files (x86)\Ask.com\assets\oobe\tl.png
c:\program files (x86)\Ask.com\assets\oobe\tr.png
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\precache.exe
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\Updater\config.xml
c:\program files (x86)\Ask.com\Updater\Updater.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
c:\program files (x86)\Common Files\Spigot
c:\program files (x86)\Common Files\Spigot\Search Settings\baidu_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\baidu_ie.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\config.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1031.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1033.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1034.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1036.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1040.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\searchcom_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\searchcom_ie.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe
c:\program files (x86)\Common Files\Spigot\Search Settings\wth175.dll
c:\program files (x86)\Common Files\Spigot\Search Settings\wthx175.dll
c:\program files (x86)\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\yandex_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\yandex_ie.xml
c:\program files (x86)\IMinent Toolbar
c:\program files (x86)\IMinent Toolbar\arrow_refresh.png
c:\program files (x86)\IMinent Toolbar\basis.xml
c:\program files (x86)\IMinent Toolbar\cog.png
c:\program files (x86)\IMinent Toolbar\computer_delete.png
c:\program files (x86)\IMinent Toolbar\icons.bmp
c:\program files (x86)\IMinent Toolbar\IMinent_Toolbar.crc
c:\program files (x86)\IMinent Toolbar\IMinent_Toolbar.dll
c:\program files (x86)\IMinent Toolbar\info.txt
c:\program files (x86)\IMinent Toolbar\TbCommonUtils.dll
c:\program files (x86)\IMinent Toolbar\tbcore3.dll
c:\program files (x86)\IMinent Toolbar\TbHelper2.exe
c:\program files (x86)\IMinent Toolbar\uninstall.exe
c:\program files (x86)\IMinent Toolbar\update.exe
c:\program files (x86)\IMinent Toolbar\version.txt
c:\program files (x86)\SweetIM
c:\program files (x86)\SweetIM\Communicator\mgcommon.dll
c:\program files (x86)\SweetIM\Communicator\mgcommunication.dll
c:\program files (x86)\SweetIM\Communicator\mgsimcommon.dll
c:\program files (x86)\SweetIM\Communicator\mgxml_wrapper.dll
c:\program files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
c:\program files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT\msvcm90.dll
c:\program files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT\msvcp90.dll
c:\program files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT\msvcr90.dll
c:\program files (x86)\SweetIM\Communicator\resources\sqlite\mgSqlite3.dll
c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
c:\program files (x86)\SweetIM\Messenger\ContentPackagesActivationHandler.exe
c:\program files (x86)\SweetIM\Messenger\default.xml
c:\program files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll
c:\program files (x86)\SweetIM\Messenger\mgArchive.dll
c:\program files (x86)\SweetIM\Messenger\mgcommon.dll
c:\program files (x86)\SweetIM\Messenger\mgcommunication.dll
c:\program files (x86)\SweetIM\Messenger\mgconfig.dll
c:\program files (x86)\SweetIM\Messenger\mgFlashPlayer.dll
c:\program files (x86)\SweetIM\Messenger\mghooking.dll
c:\program files (x86)\SweetIM\Messenger\mgICQAuto.dll
c:\program files (x86)\SweetIM\Messenger\mgICQMessengerAdapter.dll
c:\program files (x86)\SweetIM\Messenger\mglogger.dll
c:\program files (x86)\SweetIM\Messenger\mgMediaPlayer.dll
c:\program files (x86)\SweetIM\Messenger\mgMsnAuto.dll
c:\program files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll
c:\program files (x86)\SweetIM\Messenger\mgsimcommon.dll
c:\program files (x86)\SweetIM\Messenger\mgSweetIM.dll
c:\program files (x86)\SweetIM\Messenger\mgUpdateSupport.dll
c:\program files (x86)\SweetIM\Messenger\mgxml_wrapper.dll
c:\program files (x86)\SweetIM\Messenger\mgYahooAuto.dll
c:\program files (x86)\SweetIM\Messenger\mgYahooMessengerAdapter.dll
c:\program files (x86)\SweetIM\Messenger\msvcp71.dll
c:\program files (x86)\SweetIM\Messenger\msvcr71.dll
c:\program files (x86)\SweetIM\Messenger\resources\images\AudibleButton.png
c:\program files (x86)\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
c:\program files (x86)\SweetIM\Messenger\resources\images\EmoticonButton.png
c:\program files (x86)\SweetIM\Messenger\resources\images\GamesButton.png
c:\program files (x86)\SweetIM\Messenger\resources\images\KeyboardButton.png
c:\program files (x86)\SweetIM\Messenger\resources\images\NudgeButton.png
c:\program files (x86)\SweetIM\Messenger\resources\images\SoundFxButton.png
c:\program files (x86)\SweetIM\Messenger\resources\images\WinksButton.png
c:\program files (x86)\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll
c:\program files (x86)\SweetIM\Messenger\SweetIM.exe
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\default.xml
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mghooking.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mglogger.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\about.html
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\bing.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dating.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\find.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\games.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\glitter.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\google.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\help.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\highlight.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\locales.xml
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\music.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\news.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\options.html
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\photos.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\shopping.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\video.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\web-search.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\web-toolbar.js
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png
c:\program files (x86)\YTD Toolbar
c:\program files (x86)\YTD Toolbar\IE\8.5\config.ini
c:\program files (x86)\YTD Toolbar\IE\8.5\ytdToolbarIE.dll
c:\program files (x86)\YTD Toolbar\IE\8.5\ytdToolbarIE64.dll
c:\program files (x86)\YTD Toolbar\Res\amazon.gif
c:\program files (x86)\YTD Toolbar\Res\dailymotion.gif
c:\program files (x86)\YTD Toolbar\Res\ebay.gif
c:\program files (x86)\YTD Toolbar\Res\facebook.gif
c:\program files (x86)\YTD Toolbar\Res\googleplus.gif
c:\program files (x86)\YTD Toolbar\Res\hulu.gif
c:\program files (x86)\YTD Toolbar\Res\icon_settings.gif
c:\program files (x86)\YTD Toolbar\Res\Lang\res1031.ini
c:\program files (x86)\YTD Toolbar\Res\Lang\res1033.ini
c:\program files (x86)\YTD Toolbar\Res\Lang\res1034.ini
c:\program files (x86)\YTD Toolbar\Res\Lang\res1036.ini
c:\program files (x86)\YTD Toolbar\Res\Lang\res1040.ini
c:\program files (x86)\YTD Toolbar\Res\metacafe.gif
c:\program files (x86)\YTD Toolbar\Res\radio-close.gif
c:\program files (x86)\YTD Toolbar\Res\radio-minimize.gif
c:\program files (x86)\YTD Toolbar\Res\radiobeta.gif
c:\program files (x86)\YTD Toolbar\Res\search-button-hover.gif
c:\program files (x86)\YTD Toolbar\Res\search-button.gif
c:\program files (x86)\YTD Toolbar\Res\search-chevron-hover.gif
c:\program files (x86)\YTD Toolbar\Res\search-chevron.gif
c:\program files (x86)\YTD Toolbar\Res\search_amazon.gif
c:\program files (x86)\YTD Toolbar\Res\search_baidu.gif
c:\program files (x86)\YTD Toolbar\Res\search_ebay.gif
c:\program files (x86)\YTD Toolbar\Res\search_yahoo.gif
c:\program files (x86)\YTD Toolbar\Res\search_yandex.gif
c:\program files (x86)\YTD Toolbar\Res\search_youtube.gif
c:\program files (x86)\YTD Toolbar\Res\twitter.gif
c:\program files (x86)\YTD Toolbar\Res\veoh.gif
c:\program files (x86)\YTD Toolbar\Res\widgets.xml
c:\program files (x86)\YTD Toolbar\Res\youtube.gif
c:\program files (x86)\YTD Toolbar\Res\ytd.gif
c:\program files (x86)\YTD Toolbar\Res\ytd_logo.gif
c:\program files (x86)\YTD Toolbar\Res\ytd_logo_hover.gif
c:\program files (x86)\YTD Toolbar\WidgiHelper.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Application Updater
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-12-13 do 2014-01-13 )))))))))))))))))))))))))))))))
.
.
2014-01-13 23:16 . 2014-01-13 23:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-13 22:03 . 2014-01-13 22:03 -------- d-----w- c:\programdata\Symantec
2014-01-13 19:49 . 2014-01-13 19:49 -------- d-----w- C:\FRST
2014-01-13 18:07 . 2014-01-13 23:19 -------- d-----w- c:\users\Ihor\AppData\Local\Temp
2014-01-13 18:01 . 2014-01-13 18:01 -------- d-----w- c:\users\Ihor\AppData\Roaming\ParetoLogic
2014-01-13 18:01 . 2014-01-13 18:01 -------- d-----w- c:\users\Ihor\AppData\Roaming\DriverCure
2014-01-13 17:59 . 2014-01-13 18:52 -------- d-----w- c:\programdata\ParetoLogic
2014-01-13 17:53 . 2014-01-13 17:53 -------- d-----w- c:\program files\CCleaner
2014-01-13 13:45 . 2014-01-13 19:28 59 ------w- c:\windows\Trojan.exe.tmp
2014-01-12 13:53 . 2014-01-12 13:53 619520 ------w- c:\windows\server.exe
2014-01-11 07:38 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EA2B31AD-DAE2-49F9-9E8D-62D5CA63252C}\mpengine.dll
2014-01-04 12:50 . 2014-01-04 12:50 -------- d-----w- c:\users\Ihor\AppData\Roaming\Micro
2014-01-01 17:37 . 2014-01-13 19:28 12748 ----a-w- c:\windows\system32\.tmp
2014-01-01 13:05 . 2014-01-01 13:05 29696 ------w- c:\windows\windows.exe
2013-12-30 10:05 . 2013-12-30 10:42 -------- d-----w- c:\program files (x86)\Dead Rising 2 Off The Record
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-15 04:32 . 2011-07-16 17:43 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-11 16:46 . 2012-08-25 19:34 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 16:46 . 2012-08-25 19:34 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 10:38 . 2013-12-10 10:38 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-10 10:38 . 2013-12-10 10:38 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-10 10:38 . 2013-12-10 10:38 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-10 10:38 . 2013-12-10 10:38 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-10 10:38 . 2013-12-10 10:38 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-10 10:38 . 2013-12-10 10:38 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-10 10:38 . 2013-12-10 10:38 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-10 10:38 . 2013-12-10 10:38 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-10 10:38 . 2013-12-10 10:38 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-10 10:38 . 2013-12-10 10:38 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-10 10:38 . 2013-12-10 10:38 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-10 10:38 . 2013-12-10 10:38 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-10 10:38 . 2013-12-10 10:38 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-10 10:38 . 2013-12-10 10:38 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-10 10:38 . 2013-12-10 10:38 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-10 10:38 . 2013-12-10 10:38 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-12-10 10:38 . 2013-12-10 10:38 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-10 10:38 . 2013-12-10 10:38 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-10 10:38 . 2013-12-10 10:38 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-10 10:38 . 2013-12-10 10:38 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-10 10:38 . 2013-12-10 10:38 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-10 10:38 . 2013-12-10 10:38 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-10 10:38 . 2013-12-10 10:38 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-10 10:38 . 2013-12-10 10:38 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-10 10:38 . 2013-12-10 10:38 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-10 10:38 . 2013-12-10 10:38 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-10 10:38 . 2013-12-10 10:38 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-10 10:38 . 2013-12-10 10:38 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-10 10:38 . 2013-12-10 10:38 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-10 10:38 . 2013-12-10 10:38 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-10 10:38 . 2013-12-10 10:38 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-10 10:38 . 2013-12-10 10:38 195584 ----a-w- c:\windows\system32\msrating.dll
2013-12-10 10:38 . 2013-12-10 10:38 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-10 10:38 . 2013-12-10 10:38 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-10 10:38 . 2013-12-10 10:38 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-10 10:38 . 2013-12-10 10:38 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-10 10:38 . 2013-12-10 10:38 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-10 10:38 . 2013-12-10 10:38 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-10 10:38 . 2013-12-10 10:38 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-10 10:38 . 2013-12-10 10:38 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-10 10:38 . 2013-12-10 10:38 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-12-10 10:38 . 2013-12-10 10:38 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-10 10:38 . 2013-12-10 10:38 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-10 10:38 . 2013-12-10 10:38 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-12-10 10:38 . 2013-12-10 10:38 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-10 10:38 . 2013-12-10 10:38 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-10 10:38 . 2013-12-10 10:38 413696 ----a-w- c:\windows\system32\html.iec
2013-12-10 10:38 . 2013-12-10 10:38 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-10 10:38 . 2013-12-10 10:38 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-10 10:38 . 2013-12-10 10:38 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-10 10:38 . 2013-12-10 10:38 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-10 10:38 . 2013-12-10 10:38 235520 ----a-w- c:\windows\system32\url.dll
2013-12-10 10:38 . 2013-12-10 10:38 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-10 10:38 . 2013-12-10 10:38 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-10 10:38 . 2013-12-10 10:38 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-10 10:38 . 2013-12-10 10:38 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-10 10:38 . 2013-12-10 10:38 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-12-10 10:38 . 2013-12-10 10:38 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-10 10:38 . 2013-12-10 10:38 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-26 11:54 . 2013-12-12 02:09 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-12 02:10 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-12 02:10 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-12 02:09 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-12 02:09 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-12 02:09 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-12 02:09 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-12 02:09 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-12 02:10 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-12 02:10 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-12 02:09 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-12 02:09 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-12 02:09 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-12 02:09 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-12 02:09 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-12 02:09 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-12 02:09 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-12 02:09 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-12 02:09 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-12 02:09 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-12 02:09 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-12 02:09 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-12 02:09 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-12 02:09 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-11 14:34 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 14:34 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-19 02:33 . 2011-06-09 18:45 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-12 02:23 . 2013-12-11 14:35 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 14:35 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-10-30 02:32 . 2013-12-11 14:34 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-11 14:34 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-10-30 01:24 . 2013-12-11 14:34 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-10-19 02:18 . 2013-12-11 14:34 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-10-19 01:36 . 2013-12-11 14:34 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}]
c:\program files (x86)\BrowserCompanion\jsloader.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
c:\program files\Protector by IB\Extension32.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{338B4DFE-2E2C-4338-9E41-E176D497299E}"= "c:\program files (x86)\DealBulldog Toolbar\tbcore3.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{338b4dfe-2e2c-4338-9e41-e176d497299e}]
[HKEY_CLASSES_ROOT\SMTTB2009.SMTTB2009.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\SMTTB2009.SMTTB2009]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ăíßŃćČĎÇĘí.b"="" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe" [2010-11-12 295232]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-18 336384]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
mvpjbscryh..vbs [2014-1-12 14270]
nxyjekzaeo..vbs [2014-1-12 14270]
tdnkeeuwjq..vbs [2014-1-12 14270]
tmp3E3F.tmp.vbs [2014-1-2 11517]
tmp4106.tmp.vbs [2014-1-3 542852]
tmp50DF.tmp.vbs [2014-1-2 11517]
tmp6D47.tmp.vbs [2014-1-2 11517]
tmp791A.tmp.vbs [2014-1-2 11517]
tmp7E34.tmp.vbs [2014-1-2 11517]
tmp97EB.tmp.vbs [2013-12-31 14276]
tmpA025.tmp.vbs [2014-1-2 11517]
tmpD81C.tmp.vbs [2014-1-2 11517]
tmpF24A.tmp.vbs [2014-1-2 11517]
vdcwwdxbwo..vbs [2014-1-2 14264]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe;c:\program files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe [x]
S2 Protector by IB Updater;Protector by IB Updater;c:\program files\Protector by IB\ExtensionUpdaterService.exe;c:\program files\Protector by IB\ExtensionUpdaterService.exe [x]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 11:40 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-25 16:47]
.
2014-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-09 19:20]
.
2014-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-09 19:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2011-01-28 862088]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.iminent.com/?appid=f826efdc-1507-4783-b9fa-bc8fcb83530a
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{58124A0B-DC32-4180-9BFF-E0E21AE34026} - c:\program files (x86)\IMinent Toolbar\tbcore3.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
BHO-{F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files (x86)\YTD Toolbar\IE\8.5\ytdToolbarIE.dll
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-TMP3E3~1 - c:\users\Ihor\AppData\Local\Temp\TMP3E3~1.VBS
AddRemove-BrowserCompanion - c:\program files (x86)\BrowserCompanion\uninstall.exe
AddRemove-DealBulldog Toolbar - c:\program files (x86)\DealBulldog Toolbar\UninstallToolbar.exe
AddRemove-{4F4C5E11-0612-48D2-8055-987992AAC432} - c:\programdata\wxDfast\uninstall.exe
.
.
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"aíßNcCDÇEí.b"=""
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
.
**************************************************************************
.
Celkový čas: 2014-01-14 00:26:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-01-13 23:26
ComboFix2.txt 2014-01-13 22:27
ComboFix3.txt 2014-01-13 21:30
.
Před spuštěním: Volných bajtů: 383 701 340 160
Po spuštění: Volných bajtů: 383 221 575 680
.
- - End Of File - - 3CF8F674FD4E6ABF4F2D997DC394E0E8
A36C5E4F47E84449FF07ED3517B43A31
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Win 7 naběhne ale je extremě pomalé

#11 Příspěvek od vyosek »

:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
:arrow: Udelejte novy log z FRST
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Mr.Pavek
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 10 zář 2009 16:50

Re: Win 7 naběhne ale je extremě pomalé

#12 Příspěvek od Mr.Pavek »

Zdravím, ve 14hod. jsem doma z práce a hned se na to vrhnu
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Win 7 naběhne ale je extremě pomalé

#13 Příspěvek od vyosek »

Ou Kej, budu uz prubezne online cely den :)
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Mr.Pavek
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 10 zář 2009 16:50

Re: Win 7 naběhne ale je extremě pomalé

#14 Příspěvek od Mr.Pavek »

# AdwCleaner v3.017 - Report created 14/01/2014 at 13:59:22
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ihor - IHOR-PC
# Running from : C:\Users\Ihor\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Iminent
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\ProgramData\ADDICT-THING
Folder Deleted : C:\ProgramData\Alawar Fridays
Folder Deleted : C:\ProgramData\AlawarWrapper
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wxDfast
Folder Deleted : C:\Program Files (x86)\Iminent
Folder Deleted : C:\Program Files (x86)\optimizer pro
Folder Deleted : C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Program Files\Protector by IB
Folder Deleted : C:\Users\Ihor\AppData\Local\Babylon
Folder Deleted : C:\Users\Ihor\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Ihor\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Ihor\AppData\LocalLow\bbrs_002.tb
Folder Deleted : C:\Users\Ihor\AppData\LocalLow\incredibar.com
Folder Deleted : C:\Users\Ihor\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Ihor\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\Ihor\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Ihor\AppData\LocalLow\wxDfast
Folder Deleted : C:\Users\Ihor\AppData\LocalLow\ADDICT-THING
Folder Deleted : C:\Users\Ihor\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Ihor\AppData\Roaming\BrowserCompanion
Folder Deleted : C:\Users\Ihor\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Ihor\AppData\Roaming\Iminent
Folder Deleted : C:\Users\Ihor\AppData\Roaming\optimizer pro
Folder Deleted : C:\Users\Ihor\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf
Folder Deleted : C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Deleted : C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Folder Deleted : C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Folder Deleted : C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgkcpnkpkkmkjbbmnekccjiodanppin
File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js
File Deleted : C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ehgkcpnkpkkmkjbbmnekccjiodanppin
Key Deleted : HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Iminent
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Key Deleted : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{338B4DFE-2E2C-4338-9E41-E176D497299E}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Blabbers
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Somoto Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BrowserCompanion
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4F4C5E11-0612-48D2-8055-987992AAC432}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{774C0434-9948-4DEE-A14E-69CDD316E36C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A6E71E28-43CB-423E-B415-B7C00D77902E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealBulldog Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\Software\Classes\Installer\Features\254796BF4AC84B64891B61C529A2E23F
Key Deleted : HKLM\Software\Classes\Installer\Features\482AA67AD25E6E74E9F48BD5FBE8533C
Key Deleted : HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\254796BF4AC84B64891B61C529A2E23F
Key Deleted : HKLM\Software\Classes\Installer\Products\482AA67AD25E6E74E9F48BD5FBE8533C
Key Deleted : HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : search_url
Deleted : suggest_url
Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [42194 octets] - [14/01/2014 13:54:31]
AdwCleaner[S0].txt - [41717 octets] - [14/01/2014 13:59:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [41778 octets] ##########





Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-01-2014 02
Ran by Ihor (administrator) on IHOR-PC on 14-01-2014 14:12:23
Running from C:\Users\Ihor\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(forum.viry.cz) C:\Users\Ihor\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [862088 2011-01-28] (Acer Incorporated)
HKLM\...\Run: [TMP3E3~1] - "C:\Users\Ihor\AppData\Local\Temp\TMP3E3~1.VBS" <===== ATTENTION
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe [295232 2010-11-12] (NTI Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-11-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4282728 2012-08-21] (AVAST Software)
HKLM-x32\...\Run: [] - [x]
HKCU\...\Run: [ăíßŃćČĎÇĘí.b] - [x]
HKCU\...\Run: [mvpjbscryh] - C:\Users\Ihor\AppData\Local\Temp\mvpjbscryh..vbs [14270 2014-01-12] () <===== ATTENTION
HKCU\...\Run: [nxyjekzaeo] - C:\Users\Ihor\AppData\Local\Temp\nxyjekzaeo..vbs [14270 2014-01-12] () <===== ATTENTION
HKCU\...\Run: [tdnkeeuwjq] - C:\Users\Ihor\AppData\Local\Temp\tdnkeeuwjq..vbs [14270 2014-01-12] () <===== ATTENTION
HKCU\...\Run: [tmp4106] - C:\Users\Ihor\AppData\Local\Temp\tmp4106.tmp.vbs [542852 2014-01-03] () <===== ATTENTION
HKCU\...\Run: [tmp50DF] - C:\Users\Ihor\AppData\Local\Temp\tmp50DF.tmp.vbs [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [tmpA025] - C:\Users\Ihor\AppData\Local\Temp\tmpA025.tmp.vbs [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [tmp791A] - C:\Users\Ihor\AppData\Local\Temp\tmp791A.tmp.vbs [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [tmp6D47] - C:\Users\Ihor\AppData\Local\Temp\tmp6D47.tmp.vbs [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [vdcwwdxbwo] - C:\Users\Ihor\AppData\Local\Temp\vdcwwdxbwo..vbs [14264 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [tmp97EB] - C:\Users\Ihor\AppData\Local\Temp\tmp97EB.tmp.vbs [14276 2013-12-31] () <===== ATTENTION
HKCU\...\Run: [TMP6D4~1] - C:\Users\Ihor\AppData\Local\Temp\TMP6D4~1.VBS [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [TMP791~1] - C:\Users\Ihor\AppData\Local\Temp\TMP791~1.VBS [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [TMP50D~1] - C:\Users\Ihor\AppData\Local\Temp\TMP50D~1.VBS [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [TMPA02~1] - C:\Users\Ihor\AppData\Local\Temp\TMPA02~1.VBS [11517 2014-01-02] () <===== ATTENTION
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mvpjbscryh..vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nxyjekzaeo..vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tdnkeeuwjq..vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp3E3F.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp4106.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp50DF.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp6D47.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp791A.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp7E34.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp97EB.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpA025.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpD81C.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpF24A.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdcwwdxbwo..vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {B8D6B2AC-226A-402F-883E-D1F3D529C592} URL = http://websearch.ask.com/redirect?clien ... 24D3965BD1
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchKeyword: askws
CHR DefaultSearchProvider: Ask.com
CHR DefaultSearchURL: http://www.google.com
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Injovo Extension Plugin) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.426_0\npbrowserext.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (4game) - C:\Program Files (x86)\4game\4game\npplugin4game.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U4) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-04-11]
CHR Extension: (Google Search) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-03-28]
CHR Extension: (Ratchet & Clank Future 2) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhfomhehcinmhgnlhdpghklkjgppdmn\3_0 [2012-11-22]
CHR Extension: (wxDfast) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\epohjfbhajfojachcgdhgegmaadodlcd\1.0_0 [2012-08-25]
CHR Extension: (avast! WebRep) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0 [2012-09-26]
CHR Extension: (Google Wallet) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-19]
CHR Extension: (Allin1Convert) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkanglmmnniiolknlhaajllgmlgcdkj\5.81.3.15569_0 [2014-01-11]
CHR Extension: (Gmail) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 [2012-11-07]
CHR HKLM-x32\...\Chrome\Extension: [epohjfbhajfojachcgdhgegmaadodlcd] - C:\ProgramData\wxDfast\epohjfbhajfojachcgdhgegmaadodlcd.crx [2012-11-07]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2012-09-25]

==================== Services (Whitelisted) =================

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-11-19] (Advanced Micro Devices, Inc.)
S2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-08-21] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [133912 2012-08-21] (AVAST Software)
S2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868224 2011-01-28] (Acer Incorporated)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-11-09] (WildTangent)
S2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe [257344 2010-11-12] (NTI Corporation)
S2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
S2 Protector by IB Updater; C:\Program Files\Protector by IB\ExtensionUpdaterService.exe [x]

==================== Drivers (Whitelisted) ====================

S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-08-21] (AVAST Software)
S1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [142128 2012-08-21] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-08-21] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-08-21] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2012-07-13] (ALWIL Software)
R0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [266776 2012-08-21] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-08-21] (AVAST Software)
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [969200 2012-08-21] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [359464 2012-08-21] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-08-21] (AVAST Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix11\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-14 13:54 - 2014-01-14 13:59 - 00000000 ____D C:\AdwCleaner
2014-01-14 13:54 - 2014-01-14 13:48 - 01236282 _____ C:\Users\Ihor\Desktop\adwcleaner.exe
2014-01-14 13:13 - 2014-01-14 13:13 - 00559088 _____ C:\Windows\Minidump\011414-34148-01.dmp
2014-01-14 13:12 - 2014-01-14 13:12 - 549593748 _____ C:\Windows\MEMORY.DMP
2014-01-14 00:26 - 2014-01-14 00:26 - 00039242 _____ C:\ComboFix.txt
2014-01-14 00:08 - 2014-01-14 00:08 - 00001204 _____ C:\CF-Submit.htm
2014-01-13 23:03 - 2014-01-13 23:03 - 00000000 ____D C:\ProgramData\Symantec
2014-01-13 22:15 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-13 22:15 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-13 22:15 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-13 22:15 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-13 22:15 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-13 22:15 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-13 22:15 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-13 22:15 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-13 22:14 - 2014-01-13 22:13 - 05166068 ____R (Swearware) C:\Users\Ihor\Desktop\ComboFix11.exe
2014-01-13 22:10 - 2014-01-14 00:26 - 00000000 ____D C:\Qoobox
2014-01-13 22:09 - 2014-01-14 00:17 - 00000000 ____D C:\Windows\erdnt
2014-01-13 21:48 - 2014-01-13 21:48 - 00004582 _____ C:\Users\Ihor\Desktop\Rkill.txt
2014-01-13 21:47 - 2014-01-13 21:45 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Ihor\Desktop\rkill.exe
2014-01-13 20:50 - 2014-01-14 14:12 - 00015419 _____ C:\Users\Ihor\Desktop\FRST.txt
2014-01-13 20:49 - 2014-01-13 20:49 - 00000000 ____D C:\FRST
2014-01-13 20:48 - 2014-01-13 20:28 - 00112640 _____ (forum.viry.cz) C:\Users\Ihor\Desktop\FRSTLauncher.exe
2014-01-13 20:48 - 2014-01-13 20:25 - 02075648 _____ (Farbar) C:\Users\Ihor\Desktop\FRST64.exe
2014-01-13 20:09 - 2014-01-14 14:09 - 00060524 _____ C:\Windows\WindowsUpdate.log
2014-01-13 20:04 - 2014-01-14 14:01 - 00001070 _____ C:\Windows\setupact.log
2014-01-13 20:04 - 2014-01-13 20:04 - 00000000 _____ C:\Windows\setuperr.log
2014-01-13 20:03 - 2014-01-14 00:17 - 00019516 _____ C:\Windows\PFRO.log
2014-01-13 19:59 - 2014-01-13 20:02 - 00000000 ____D C:\Windows\pss
2014-01-13 19:15 - 2014-01-13 23:09 - 00000008 _____ C:\Windows\windows.exe.tmp
2014-01-13 18:53 - 2014-01-13 18:53 - 00000000 ____D C:\Program Files\CCleaner
2014-01-13 14:45 - 2014-01-13 20:28 - 00000059 ____N C:\Windows\Trojan.exe.tmp
2014-01-13 14:09 - 2014-01-13 14:09 - 00024064 _____ C:\Users\Ihor\Documents\Server1.exe
2014-01-12 14:53 - 2014-01-12 14:53 - 00619520 ____N (Microsoft Corporation) C:\Windows\server.exe
2014-01-05 18:27 - 2014-01-05 18:27 - 00000000 ____D C:\Users\Ihor\Desktop\Nová složka (5)
2014-01-04 18:39 - 2014-01-04 18:44 - 00025276 _____ C:\Users\Ihor\AppData\Roaming\addons.dat
2014-01-04 13:50 - 2014-01-04 13:50 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\Micro
2014-01-02 16:16 - 2014-01-13 20:05 - 00244224 _____ C:\Users\Ihor\AppData\Roaming\plugin.dat
2014-01-01 18:37 - 2014-01-13 20:28 - 00012748 _____ C:\Windows\system32\.tmp
2014-01-01 14:05 - 2014-01-01 14:05 - 00029696 ____N C:\Windows\windows.exe
2013-12-30 11:05 - 2013-12-30 11:42 - 00000000 ____D C:\Program Files (x86)\Dead Rising 2 Off The Record
2013-12-21 15:49 - 2013-12-21 15:49 - 05565454 _____ C:\Users\Ihor\Downloads\mari0-win.zip
2013-12-20 18:53 - 2013-12-20 18:53 - 00254464 _____ C:\Users\Ihor\Downloads\Photoshop-CS6.Exe
2013-12-19 19:56 - 2013-12-27 15:30 - 00000000 ____D C:\Users\Ihor\Desktop\3333

==================== One Month Modified Files and Folders =======

2014-01-14 14:12 - 2014-01-13 20:50 - 00015419 _____ C:\Users\Ihor\Desktop\FRST.txt
2014-01-14 14:09 - 2014-01-13 20:09 - 00060524 _____ C:\Windows\WindowsUpdate.log
2014-01-14 14:09 - 2011-04-16 03:24 - 00666672 _____ C:\Windows\system32\perfh005.dat
2014-01-14 14:09 - 2011-04-16 03:24 - 00140336 _____ C:\Windows\system32\perfc005.dat
2014-01-14 14:09 - 2009-07-14 06:13 - 01577482 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-14 14:09 - 2009-07-14 05:45 - 00015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-14 14:09 - 2009-07-14 05:45 - 00015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-14 14:06 - 2011-06-10 09:29 - 00000000 ____D C:\Users\Ihor\AppData\Local\CrashDumps
2014-01-14 14:01 - 2014-01-13 20:04 - 00001070 _____ C:\Windows\setupact.log
2014-01-14 14:01 - 2011-06-09 20:20 - 00000944 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-14 14:01 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-14 13:59 - 2014-01-14 13:54 - 00000000 ____D C:\AdwCleaner
2014-01-14 13:59 - 2012-05-02 20:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-14 13:48 - 2014-01-14 13:54 - 01236282 _____ C:\Users\Ihor\Desktop\adwcleaner.exe
2014-01-14 13:46 - 2012-08-25 20:34 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-14 13:46 - 2011-06-09 20:20 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-14 13:13 - 2014-01-14 13:13 - 00559088 _____ C:\Windows\Minidump\011414-34148-01.dmp
2014-01-14 13:13 - 2011-10-20 14:57 - 00000000 ____D C:\Windows\Minidump
2014-01-14 13:12 - 2014-01-14 13:12 - 549593748 _____ C:\Windows\MEMORY.DMP
2014-01-14 00:26 - 2014-01-14 00:26 - 00039242 _____ C:\ComboFix.txt
2014-01-14 00:26 - 2014-01-13 22:10 - 00000000 ____D C:\Qoobox
2014-01-14 00:19 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-14 00:17 - 2014-01-13 22:09 - 00000000 ____D C:\Windows\erdnt
2014-01-14 00:17 - 2014-01-13 20:03 - 00019516 _____ C:\Windows\PFRO.log
2014-01-14 00:17 - 2009-07-14 03:34 - 81264640 _____ C:\Windows\system32\config\software.bak
2014-01-14 00:17 - 2009-07-14 03:34 - 25690112 _____ C:\Windows\system32\config\system.bak
2014-01-14 00:17 - 2009-07-14 03:34 - 00524288 _____ C:\Windows\system32\config\default.bak
2014-01-14 00:17 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2014-01-14 00:17 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2014-01-14 00:08 - 2014-01-14 00:08 - 00001204 _____ C:\CF-Submit.htm
2014-01-13 23:09 - 2014-01-13 19:15 - 00000008 _____ C:\Windows\windows.exe.tmp
2014-01-13 23:03 - 2014-01-13 23:03 - 00000000 ____D C:\ProgramData\Symantec
2014-01-13 23:00 - 2011-06-09 19:47 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2014-01-13 23:00 - 2010-12-22 14:10 - 00000000 ____D C:\ProgramData\Norton
2014-01-13 22:25 - 2011-06-09 19:45 - 00000000 ___RD C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-13 22:25 - 2011-06-09 19:27 - 00000000 ____D C:\Users\Ihor
2014-01-13 22:13 - 2014-01-13 22:14 - 05166068 ____R (Swearware) C:\Users\Ihor\Desktop\ComboFix11.exe
2014-01-13 21:48 - 2014-01-13 21:48 - 00004582 _____ C:\Users\Ihor\Desktop\Rkill.txt
2014-01-13 21:45 - 2014-01-13 21:47 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Ihor\Desktop\rkill.exe
2014-01-13 20:49 - 2014-01-13 20:49 - 00000000 ____D C:\FRST
2014-01-13 20:28 - 2014-01-13 20:48 - 00112640 _____ (forum.viry.cz) C:\Users\Ihor\Desktop\FRSTLauncher.exe
2014-01-13 20:28 - 2014-01-13 14:45 - 00000059 ____N C:\Windows\Trojan.exe.tmp
2014-01-13 20:28 - 2014-01-01 18:37 - 00012748 _____ C:\Windows\system32\.tmp
2014-01-13 20:25 - 2014-01-13 20:48 - 02075648 _____ (Farbar) C:\Users\Ihor\Desktop\FRST64.exe
2014-01-13 20:05 - 2014-01-02 16:16 - 00244224 _____ C:\Users\Ihor\AppData\Roaming\plugin.dat
2014-01-13 20:04 - 2014-01-13 20:04 - 00000000 _____ C:\Windows\setuperr.log
2014-01-13 20:02 - 2014-01-13 19:59 - 00000000 ____D C:\Windows\pss
2014-01-13 19:50 - 2011-06-09 20:20 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\Skype
2014-01-13 19:05 - 2013-05-06 14:42 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-13 19:05 - 2011-06-09 19:45 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\Macromedia
2014-01-13 18:55 - 2007-07-12 02:49 - 00000000 ____D C:\Windows\Panther
2014-01-13 18:53 - 2014-01-13 18:53 - 00000000 ____D C:\Program Files\CCleaner
2014-01-13 18:45 - 2013-11-28 20:23 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\Clickteam
2014-01-13 18:45 - 2013-11-28 20:23 - 00000000 ____D C:\Program Files (x86)\The Games Factory 2
2014-01-13 14:09 - 2014-01-13 14:09 - 00024064 _____ C:\Users\Ihor\Documents\Server1.exe
2014-01-12 14:53 - 2014-01-12 14:53 - 00619520 ____N (Microsoft Corporation) C:\Windows\server.exe
2014-01-11 10:45 - 2009-07-14 06:08 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-05 18:27 - 2014-01-05 18:27 - 00000000 ____D C:\Users\Ihor\Desktop\Nová složka (5)
2014-01-04 18:44 - 2014-01-04 18:39 - 00025276 _____ C:\Users\Ihor\AppData\Roaming\addons.dat
2014-01-04 13:50 - 2014-01-04 13:50 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\Micro
2014-01-02 19:39 - 2011-06-09 19:45 - 00000000 ____D C:\Users\Ihor\AppData\Local\VirtualStore
2014-01-01 14:05 - 2014-01-01 14:05 - 00029696 ____N C:\Windows\windows.exe
2013-12-30 11:42 - 2013-12-30 11:05 - 00000000 ____D C:\Program Files (x86)\Dead Rising 2 Off The Record
2013-12-30 11:19 - 2010-12-22 13:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-30 09:43 - 2012-12-25 18:48 - 00000000 ____D C:\Users\Ihor\Desktop\SVJATYK
2013-12-30 09:33 - 2012-03-29 19:44 - 00000000 ____D C:\Users\Ihor\Desktop\nestor
2013-12-29 14:17 - 2011-11-16 19:07 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\.minecraft
2013-12-27 15:30 - 2013-12-19 19:56 - 00000000 ____D C:\Users\Ihor\Desktop\3333
2013-12-23 17:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-22 13:33 - 2011-06-09 20:19 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-22 13:33 - 2011-06-09 20:19 - 00000000 ____D C:\ProgramData\Skype
2013-12-21 15:49 - 2013-12-21 15:49 - 05565454 _____ C:\Users\Ihor\Downloads\mari0-win.zip
2013-12-20 18:53 - 2013-12-20 18:53 - 00254464 _____ C:\Users\Ihor\Downloads\Photoshop-CS6.Exe
2013-12-20 09:05 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-16 13:54 - 2011-06-09 20:20 - 00000000 ____D C:\Users\Ihor\AppData\Local\Google
2013-12-15 05:40 - 2013-11-05 14:14 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 05:32 - 2011-07-16 18:43 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\Users\Ihor\AppData\Local\Temp\mvpjbscryh..vbs
C:\Users\Ihor\AppData\Local\Temp\nxyjekzaeo..vbs
C:\Users\Ihor\AppData\Local\Temp\tdnkeeuwjq..vbs
C:\Users\Ihor\AppData\Local\Temp\tmp4106.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\tmp50DF.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\tmpA025.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\tmp791A.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\tmp6D47.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\vdcwwdxbwo..vbs
C:\Users\Ihor\AppData\Local\Temp\tmp97EB.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\TMP6D4~1.VBS
C:\Users\Ihor\AppData\Local\Temp\TMP791~1.VBS
C:\Users\Ihor\AppData\Local\Temp\TMP50D~1.VBS
C:\Users\Ihor\AppData\Local\Temp\TMPA02~1.VBS


Some content of TEMP:
====================
C:\Users\Ihor\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================


==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Internet Security (Disabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Internet Security (Disabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security (Disabled) {131692B0-0864-D491-4E21-3A3A1D8BBB47}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Ihor\Desktop" je 12626 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\22f881ced422d0a8cfa18224e8da0c19
"C:\Users\Ihor\AppData\Local\Temp\windowss.exe" .. [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2991ca02e1de7b64004ddf2762692c1a
"C:\Users\Ihor\AppData\Local\Temp\hackdragoncity.exe" .. [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5cd8f17f4086744065eb0992a09e05a2
"C:\Users\Ihor\AppData\Local\Temp\Trojan.exe" .. [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7ae1ff5603ac84828c7a0e5890086b01
"C:\Users\Ihor\AppData\Local\Temp\HaCkeD.exe" .. [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8515eb34d8f9de5af815466e9715b3e5
"C:\Users\Ihor\AppData\Roaming\Trojan.exe" .. [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\927023f818e6ce8ef3ccb347194b0a7e
"C:\Users\Ihor\AppData\Local\Temp\taskmgr.exe" .. [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\df405cf21c5c2ea6bf1bdcbf5b1e0bcf
"C:\Users\Ihor\AppData\Local\Temp\hack.exe" .. [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iminent
C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IminentMessenger
C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager
C:\Program Files (x86)\Launch Manager\LManager.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro
C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spy
C:\Users\Ihor\AppData\Roaming\Micro\spy.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh
%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^1ffcf52b0cd64d83554855bd6f04fc1f.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1ffcf52b0cd64d83554855bd6f04fc1f.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^2113atgzBG7JnU4ISFsSYJLZCBxd.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2113atgzBG7JnU4ISFsSYJLZCBxd.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^225659c6fa2732024934dc96358cf4cb.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\225659c6fa2732024934dc96358cf4cb.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^22f881ced422d0a8cfa18224e8da0c19.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\22f881ced422d0a8cfa18224e8da0c19.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^2991ca02e1de7b64004ddf2762692c1a.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2991ca02e1de7b64004ddf2762692c1a.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^34a197ecc5748dbb80c6ad3289a7fb7c.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\34a197ecc5748dbb80c6ad3289a7fb7c.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^365bad42f4f98be74c2bf2cacfcb2958.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\365bad42f4f98be74c2bf2cacfcb2958.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^5cd8f17f4086744065eb0992a09e05a2.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5cd8f17f4086744065eb0992a09e05a2.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^6d0e9f17ea6b0b17fcc3b3d388e9e19d.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6d0e9f17ea6b0b17fcc3b3d388e9e19d.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7350b4ce4c5b9059b3abecb448b12322.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7350b4ce4c5b9059b3abecb448b12322.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7ae1ff5603ac84828c7a0e5890086b01.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7ae1ff5603ac84828c7a0e5890086b01.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8181fef9f155186026993bbd38cb4855.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8181fef9f155186026993bbd38cb4855.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^81ed0e74a40ed4fe8a36a7b819c4279f.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\81ed0e74a40ed4fe8a36a7b819c4279f.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8515eb34d8f9de5af815466e9715b3e5.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8515eb34d8f9de5af815466e9715b3e5.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^85ce27c90f0ba2b98ceb888e2ca7acde.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85ce27c90f0ba2b98ceb888e2ca7acde.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^88b7da58a3e62f24b08f565445b53900.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88b7da58a3e62f24b08f565445b53900.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8IEVfHGetHjNhPokt1fxjPbhTinU5a.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8IEVfHGetHjNhPokt1fxjPbhTinU5a.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^912c76a909eaf9ea406e74f23b6290bf.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\912c76a909eaf9ea406e74f23b6290bf.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^927023f818e6ce8ef3ccb347194b0a7e.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\927023f818e6ce8ef3ccb347194b0a7e.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^958436d9be3c028f3254ca9056e72392.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\958436d9be3c028f3254ca9056e72392.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^96692782eb52a518c332d30387fbd310.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\96692782eb52a518c332d30387fbd310.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^96d5bbd31c1ef1f063007ac1abc25a6c.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\96d5bbd31c1ef1f063007ac1abc25a6c.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^978bcc21dfa55450c519ce5e0cb9b4cb.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\978bcc21dfa55450c519ce5e0cb9b4cb.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^a9f2d977c6de2e3f5debaca1def6c0a8.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a9f2d977c6de2e3f5debaca1def6c0a8.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^abb278f5f94f5be17c28e4761048b650.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\abb278f5f94f5be17c28e4761048b650.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^aee62c22efb71f17ec0744e8f88d8439.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aee62c22efb71f17ec0744e8f88d8439.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^b50b61dd4ed2297cbf16db09c0bed498.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b50b61dd4ed2297cbf16db09c0bed498.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^b9f53cd24dbd8eb354a1d3b41e105755.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9f53cd24dbd8eb354a1d3b41e105755.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ba4c12bee3027d94da5c81db2d196bfd.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ba4c12bee3027d94da5c81db2d196bfd.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^bb62e28591030e826081bf1f4a74c0b8.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bb62e28591030e826081bf1f4a74c0b8.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^bec07547ae282f99dd66988f212eb755.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bec07547ae282f99dd66988f212eb755.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^c210b18097fa9ee4b57d8d28130c4154.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c210b18097fa9ee4b57d8d28130c4154.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^cdc91361ec959706e6799be39d7a6c26.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cdc91361ec959706e6799be39d7a6c26.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^df405cf21c5c2ea6bf1bdcbf5b1e0bcf.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\df405cf21c5c2ea6bf1bdcbf5b1e0bcf.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^e7d208841702e4fe48243dfe74a60ee9.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e7d208841702e4fe48243dfe74a60ee9.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^eb78d0b479ba41606efcf9194e178119.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eb78d0b479ba41606efcf9194e178119.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EwMLMywkRcer8HrZMlWPKHwmHgR.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EwMLMywkRcer8HrZMlWPKHwmHgR.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^f8a3f37293dcb5954d599b582155c4e5.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f8a3f37293dcb5954d599b582155c4e5.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^fd2fbc3c9739d9ceb9388ed7eb6cf440.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fd2fbc3c9739d9ceb9388ed7eb6cf440.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^gtNvFAUT5ks1p9ktznHAcbAQEXTPt.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gtNvFAUT5ks1p9ktznHAcbAQEXTPt.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ITwQS8A9sQhkiE3km6m8NgpzYRNiF.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ITwQS8A9sQhkiE3km6m8NgpzYRNiF.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^iVTdTQxNbPFOwblwth5DPxfTEuXm.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iVTdTQxNbPFOwblwth5DPxfTEuXm.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^kWuvZfzxlODgGY2XrHt24Rz7TIr.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kWuvZfzxlODgGY2XrHt24Rz7TIr.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LGXobePv3iJYZ1FPwBX11xkmzaO.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LGXobePv3iJYZ1FPwBX11xkmzaO.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NeMOnAfEuJIYw7IANadhoif8NIJ.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NeMOnAfEuJIYw7IANadhoif8NIJ.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk
C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^rhePF2UrJywJ5kWKIaezg1Z6gn2FMx.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rhePF2UrJywJ5kWKIaezg1Z6gn2FMx.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^sGwFOYlDsM5oftLTnwIUCP5QpUh.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sGwFOYlDsM5oftLTnwIUCP5QpUh.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^tcbhn.lnk
C:\Users\Ihor\AppData\Roaming\BROWSE~1\tcbhn.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^UG2L2YusZscSQYJxQEliuRlof2e.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UG2L2YusZscSQYJxQEliuRlof2e.exe [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Win 7 naběhne ale je extremě pomalé

#15 Příspěvek od vyosek »

:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    Start
HKLM\...\Run: [TMP3E3~1] - "C:\Users\Ihor\AppData\Local\Temp\TMP3E3~1.VBS" <===== ATTENTION
HKLM-x32\...\Run: [] - [x]
HKCU\...\Run: [ăíßŃćČĎÇĘí.b] - [x]
HKCU\...\Run: [mvpjbscryh] - C:\Users\Ihor\AppData\Local\Temp\mvpjbscryh..vbs [14270 2014-01-12] () <===== ATTENTION
HKCU\...\Run: [nxyjekzaeo] - C:\Users\Ihor\AppData\Local\Temp\nxyjekzaeo..vbs [14270 2014-01-12] () <===== ATTENTION
HKCU\...\Run: [tdnkeeuwjq] - C:\Users\Ihor\AppData\Local\Temp\tdnkeeuwjq..vbs [14270 2014-01-12] () <===== ATTENTION
HKCU\...\Run: [tmp4106] - C:\Users\Ihor\AppData\Local\Temp\tmp4106.tmp.vbs [542852 2014-01-03] () <===== ATTENTION
HKCU\...\Run: [tmp50DF] - C:\Users\Ihor\AppData\Local\Temp\tmp50DF.tmp.vbs [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [tmpA025] - C:\Users\Ihor\AppData\Local\Temp\tmpA025.tmp.vbs [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [tmp791A] - C:\Users\Ihor\AppData\Local\Temp\tmp791A.tmp.vbs [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [tmp6D47] - C:\Users\Ihor\AppData\Local\Temp\tmp6D47.tmp.vbs [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [vdcwwdxbwo] - C:\Users\Ihor\AppData\Local\Temp\vdcwwdxbwo..vbs [14264 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [tmp97EB] - C:\Users\Ihor\AppData\Local\Temp\tmp97EB.tmp.vbs [14276 2013-12-31] () <===== ATTENTION
HKCU\...\Run: [TMP6D4~1] - C:\Users\Ihor\AppData\Local\Temp\TMP6D4~1.VBS [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [TMP791~1] - C:\Users\Ihor\AppData\Local\Temp\TMP791~1.VBS [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [TMP50D~1] - C:\Users\Ihor\AppData\Local\Temp\TMP50D~1.VBS [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [TMPA02~1] - C:\Users\Ihor\AppData\Local\Temp\TMPA02~1.VBS [11517 2014-01-02] () <===== ATTENTION
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mvpjbscryh..vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nxyjekzaeo..vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tdnkeeuwjq..vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp3E3F.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp4106.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp50DF.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp6D47.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp791A.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp7E34.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp97EB.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpA025.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpD81C.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpF24A.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdcwwdxbwo..vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk

SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {B8D6B2AC-226A-402F-883E-D1F3D529C592} URL = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=U3&apn_dtid=OSJ000YYCZ&apn_uid=6F44F2EB-C8A3-40C6-901D-2299CC053965&apn_sauid=ECFB09E9-B264-4153-9235-F524D3965BD1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File

CHR DefaultSearchKeyword: askws
CHR DefaultSearchProvider: Ask.com
CHR DefaultNewTabURL: 
CHR Plugin: (Injovo Extension Plugin) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.426_0\npbrowserext.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Extension: (wxDfast) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\epohjfbhajfojachcgdhgegmaadodlcd\1.0_0 [2012-08-25]
CHR HKLM-x32\...\Chrome\Extension: [epohjfbhajfojachcgdhgegmaadodlcd] - C:\ProgramData\wxDfast\epohjfbhajfojachcgdhgegmaadodlcd.crx [2012-11-07]

S2 Protector by IB Updater; C:\Program Files\Protector by IB\ExtensionUpdaterService.exe [x]

C:\Program Files\Protector by IB
2014-01-13 23:03 - 2014-01-13 23:03 - 00000000 ____D C:\ProgramData\Symantec
2014-01-13 21:48 - 2014-01-13 21:48 - 00004582 _____ C:\Users\Ihor\Desktop\Rkill.txt
2014-01-13 21:47 - 2014-01-13 21:45 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Ihor\Desktop\rkill.exe
2014-01-13 22:14 - 2014-01-13 22:13 - 05166068 ____R (Swearware) C:\Users\Ihor\Desktop\ComboFix11.exe
2014-01-14 13:54 - 2014-01-14 13:48 - 01236282 _____ C:\Users\Ihor\Desktop\adwcleaner.exe
2014-01-14 00:08 - 2014-01-14 00:08 - 00001204 _____ C:\CF-Submit.htm
2014-01-13 19:15 - 2014-01-13 23:09 - 00000008 _____ C:\Windows\windows.exe.tmp
2014-01-13 14:45 - 2014-01-13 20:28 - 00000059 ____N C:\Windows\Trojan.exe.tmp
2014-01-13 14:09 - 2014-01-13 14:09 - 00024064 _____ C:\Users\Ihor\Documents\Server1.exe
2014-01-12 14:53 - 2014-01-12 14:53 - 00619520 ____N (Microsoft Corporation) C:\Windows\server.exe
2014-01-01 18:37 - 2014-01-13 20:28 - 00012748 _____ C:\Windows\system32\.tmp
2014-01-01 14:05 - 2014-01-01 14:05 - 00029696 ____N C:\Windows\windows.exe
C:\Users\Ihor\AppData\Local\Temp\mvpjbscryh..vbs
C:\Users\Ihor\AppData\Local\Temp\nxyjekzaeo..vbs
C:\Users\Ihor\AppData\Local\Temp\tdnkeeuwjq..vbs
C:\Users\Ihor\AppData\Local\Temp\tmp4106.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\tmp50DF.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\tmpA025.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\tmp791A.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\tmp6D47.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\vdcwwdxbwo..vbs
C:\Users\Ihor\AppData\Local\Temp\tmp97EB.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\TMP6D4~1.VBS
C:\Users\Ihor\AppData\Local\Temp\TMP791~1.VBS
C:\Users\Ihor\AppData\Local\Temp\TMP50D~1.VBS
C:\Users\Ihor\AppData\Local\Temp\TMPA02~1.VBS
C:\Users\Ihor\AppData\Local\Temp\Quarantine.exe
C:\Program Files (x86)\Iminent
C:\Program Files (x86)\Optimizer Pro

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\22f881ced422d0a8cfa18224e8da0c19" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2991ca02e1de7b64004ddf2762692c1a" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5cd8f17f4086744065eb0992a09e05a2" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7ae1ff5603ac84828c7a0e5890086b01" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8515eb34d8f9de5af815466e9715b3e5" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\927023f818e6ce8ef3ccb347194b0a7e" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\df405cf21c5c2ea6bf1bdcbf5b1e0bcf" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iminent" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IminentMessenger" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spy" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^1ffcf52b0cd64d83554855bd6f04fc1f.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^2113atgzBG7JnU4ISFsSYJLZCBxd.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^225659c6fa2732024934dc96358cf4cb.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^22f881ced422d0a8cfa18224e8da0c19.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^2991ca02e1de7b64004ddf2762692c1a.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^34a197ecc5748dbb80c6ad3289a7fb7c.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^365bad42f4f98be74c2bf2cacfcb2958.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^5cd8f17f4086744065eb0992a09e05a2.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^6d0e9f17ea6b0b17fcc3b3d388e9e19d.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7350b4ce4c5b9059b3abecb448b12322.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7ae1ff5603ac84828c7a0e5890086b01.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8181fef9f155186026993bbd38cb4855.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^81ed0e74a40ed4fe8a36a7b819c4279f.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8515eb34d8f9de5af815466e9715b3e5.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^85ce27c90f0ba2b98ceb888e2ca7acde.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^88b7da58a3e62f24b08f565445b53900.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8IEVfHGetHjNhPokt1fxjPbhTinU5a.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^912c76a909eaf9ea406e74f23b6290bf.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^927023f818e6ce8ef3ccb347194b0a7e.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^958436d9be3c028f3254ca9056e72392.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^96692782eb52a518c332d30387fbd310.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^96d5bbd31c1ef1f063007ac1abc25a6c.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^978bcc21dfa55450c519ce5e0cb9b4cb.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^a9f2d977c6de2e3f5debaca1def6c0a8.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^abb278f5f94f5be17c28e4761048b650.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^aee62c22efb71f17ec0744e8f88d8439.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^b50b61dd4ed2297cbf16db09c0bed498.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^b9f53cd24dbd8eb354a1d3b41e105755.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ba4c12bee3027d94da5c81db2d196bfd.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^bb62e28591030e826081bf1f4a74c0b8.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^bec07547ae282f99dd66988f212eb755.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^c210b18097fa9ee4b57d8d28130c4154.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^cdc91361ec959706e6799be39d7a6c26.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^df405cf21c5c2ea6bf1bdcbf5b1e0bcf.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^e7d208841702e4fe48243dfe74a60ee9.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^eb78d0b479ba41606efcf9194e178119.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EwMLMywkRcer8HrZMlWPKHwmHgR.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^f8a3f37293dcb5954d599b582155c4e5.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^fd2fbc3c9739d9ceb9388ed7eb6cf440.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^gtNvFAUT5ks1p9ktznHAcbAQEXTPt.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ITwQS8A9sQhkiE3km6m8NgpzYRNiF.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^iVTdTQxNbPFOwblwth5DPxfTEuXm.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^kWuvZfzxlODgGY2XrHt24Rz7TIr.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LGXobePv3iJYZ1FPwBX11xkmzaO.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NeMOnAfEuJIYw7IANadhoif8NIJ.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^rhePF2UrJywJ5kWKIaezg1Z6gn2FMx.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^sGwFOYlDsM5oftLTnwIUCP5QpUh.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^tcbhn.lnk" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^UG2L2YusZscSQYJxQEliuRlof2e.exe" /f

Hosts:
CMD: shutdown /r /f /t 2

End
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny fixlist vedle FRST
:arrow: Spustte znovu FRST.exe
  • Kliknete na Fix
  • Probehne oprava a vytvori log Fixlog.txt
:arrow: Restart PC a dejte mi sem fixlog.txt
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Zamčeno

Zpět na „Diskuze, řešení problémů“