Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

USB disk - změna souboru

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
xero78
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 07 srp 2014 10:01

USB disk - změna souboru

#1 Příspěvek od xero78 »

Ahoj. Mám problém, když vložím usb disk do počítače automaticky se mi na něho nahrajou nějaké soubory a složky co tam byly se změni na soubory s koncovkou .EXE např. měl jsem tam složku FILMY a změnila se na FILMY.EXE. Takto pozměněné soubory nejde otevřít. Nevíte coto může být?
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: USB disk - změna souboru

#2 Příspěvek od vyosek »

Zdravim :)

:arrow: V prve rade dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=130786
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
xero78
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 07 srp 2014 10:01

Re: USB disk - změna souboru

#3 Příspěvek od xero78 »

Bohužel, když chci udělát ten log tak mi vyskočí chyba ale log jsem našel asi neni uplny:

Logfile of random's system information tool 1.08 (written by random/random)
Run by pc at 2014-08-07 15:27:04
Microsoft Windows 7 Ultimate
System drive C: has 2 GB (1%) free of 200 GB
Total RAM: 4094 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:27:06, on 7.8.2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Gigabyte\ET6\GUI.exe
C:\Windows\syswow64\svchost.exe
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\msiexec.exe
C:\Users\pc\AppData\Roaming\Fuituf\fiyri.exe
C:\Users\pc\AppData\Local\Viber\Viber.exe
C:\Program Files (x86)\Trademanager\AliIM.exe
C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\pc\AppData\Roaming\xtbjgojzjsdfym3qloqcxfcfkshinw2r2\svcnost.exe
C:\Users\pc\AppData\Roaming\WMPRWISE.EXE
C:\Windows\SysWOW64\regsvr32.exe
C:\Users\pc\AppData\Roaming\Microsoft\nakysotook.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe
C:\Users\pc\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Users\pc\AppData\Local\Temp\hm14E88A59.tmp
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\pc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: BS Player ControlBar Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Users\pc\AppData\LocalLow\BS_Player_ControlBar\prxtbBS_0.dll
F2 - REG:system.ini: Shell=Explorer.exe regsvr.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: CrossriderApp0035382 - {11111111-1111-1111-1111-110311531182} - C:\Program Files (x86)\hosts\hosts-bho.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: BS Player ControlBar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Users\pc\AppData\LocalLow\BS_Player_ControlBar\prxtbBS_0.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O3 - Toolbar: BS Player ControlBar Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Users\pc\AppData\LocalLow\BS_Player_ControlBar\prxtbBS_0.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [Guard.Mail.ru.gui] "C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe" /gui
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [aaaaaaaa] C:\Windows\System32\aaaaaaaa.exe
O4 - HKLM\..\Run: [Regedit32] C:\Windows\system32\regedit.exe
O4 - HKLM\..\Run: [Etyhymgodyofb] C:\Users\pc\AppData\Roaming\Fuituf\fiyri.exe
O4 - HKLM\..\RunOnce: [EasyTuneVI] C:\Program Files (x86)\Gigabyte\ET6\ETCall.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.7\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Viber] "C:\Users\pc\AppData\Local\Viber\Viber.exe" StartMinimized
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\pc\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\pc\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [aliim] "C:\Program Files (x86)\Trademanager\AliIM.exe" /autorun
O4 - HKCU\..\Run: [MyDriveConnect.exe] C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
O4 - HKCU\..\Run: [BackgroundContainerV2] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\pc\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKCU\..\Run: [Windows Init] "C:\Users\pc\AppData\Roaming\xtbjgojzjsdfym3qloqcxfcfkshinw2r2\svcnost.exe"
O4 - HKCU\..\Run: [Microsoft Firewall 2.9] C:\Users\pc\AppData\Roaming\WMPRWISE.EXE
O4 - HKCU\..\Run: [hovajook] C:\Users\pc\AppData\Roaming\Microsoft\nakysotook.exe
O4 - HKCU\..\Run: [aaaaaaaa] C:\Users\pc\aaaaaaaa.exe
O4 - HKCU\..\Run: [USPmedia Update] regsvr32.exe C:\Users\pc\AppData\Local\USPmedia\OpenMayaRender.dll
O4 - HKCU\..\Run: [Msn Messsenger] C:\Windows\system32\regsvr.exe
O4 - HKCU\..\Run: [javaocom] C:\Windows\system32\makemote.exe
O4 - HKCU\..\Run: [soikles] rundll32 "C:\Users\pc\AppData\Local\soikles.dll",soikles
O4 - HKCU\..\Run: [nulowuolanu] C:\Users\pc\nulowuolanu.exe
O4 - HKCU\..\Run: [wxniof] C:\Users\pc\foinxw\wxniof.exe /r
O4 - HKCU\..\Run: [rchokoe] rundll32 "C:\Users\pc\AppData\Local\rchokoe.dll",rchokoe
O4 - HKCU\..\Run: [rckonne] rundll32 "C:\Users\pc\AppData\Local\rckonne.dll",rckonne
O4 - HKCU\..\Run: [IbadiRwega] regsvr32.exe "C:\ProgramData\IbadiRwega\IbadiRwega.dat"
O4 - HKCU\..\Run: [Etyhymgodyofb] C:\Users\pc\AppData\Roaming\Fuituf\fiyri.exe
O4 - HKLM\..\Policies\Explorer\Run: [884621673] C:\PROGRA~3\msfidbh.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: DECRYPT_INSTRUCTION.HTML
O4 - Startup: DECRYPT_INSTRUCTION.TXT
O4 - Startup: DECRYPT_INSTRUCTION.URL
O4 - Startup: wxniof.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O15 - Trusted Zone: http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: http://*.taobao.com
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://94.229.82.168:8081/VatDec.cab
O16 - DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} (RtspVaPgCtrlNew Class) - http://94.229.82.168:8081/RtspVaPgDec.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: rchokoe - C:\Users\pc\AppData\Local\rchokoe.dll
O20 - Winlogon Notify: rckonne - C:\Users\pc\AppData\Local\rckonne.dll
O20 - Winlogon Notify: soikles - C:\Users\pc\AppData\Local\soikles.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Guard.Mail.ru - Unknown owner - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: JMB36X - Unknown owner - C:\Windows\SysWOW64\XSrvSetup.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Security Center Server - 3863432951 (SecurityCenterServer3863432951) - Maskiseft Corporation - C:\Windows\SysWOW64\mafumo.exe
O23 - Service: ShadowExplorer Service (sesvc) - www.shadowexplorer.com - C:\Program Files (x86)\ShadowExplorer\sesvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: syshost32 - SupportSoft, Inc. - C:\Windows\Installer\{7C3BDE10-F246-B99B-7A7E-B7575A2B2DE4}\syshost.exe
O23 - Service: Toolbar Service (TBSrv) - ClientConnect Ltd. - C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater18.1.7 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 18688 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"taskhost.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe"
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe"
"C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe"
"C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe"
C:\Windows\SysWOW64\XSrvSetup.exe
"C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe"
"C:\Program Files (x86)\Gigabyte\ET6\GUI.exe" -m
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Windows\SysWOW64\mafumo.exe" -service "C:\Users\pc\AppData\Roaming\Fuituf\fiyri.exe"
"C:\Program Files (x86)\ShadowExplorer\sesvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Windows\Installer\{7C3BDE10-F246-B99B-7A7E-B7575A2B2DE4}\syshost.exe" /service
"C:\Windows\syswow64\svchost.exe"
"C:\Windows\system32\svchost.exe"
"C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe"
"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe"
C:\Windows\SysWOW64\msiexec.exe
"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe" 72648 "C:\ProgramData\AVG Secure Search\Logger\logger.properties"
\??\C:\Windows\system32\conhost.exe
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Users\pc\AppData\Roaming\Fuituf\fiyri.exe"
"C:\Users\pc\AppData\Local\Viber\Viber.exe" StartMinimized
"C:\Program Files (x86)\Trademanager\AliIM.exe" /autorun
"C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe"
"C:\Windows\SysWOW64\rundll32.exe" "C:\Users\pc\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
"C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
"C:\Windows\System32\regsvr32.exe" C:\Users\pc\AppData\Local\USPmedia\OpenMayaRender.dll
"C:\Windows\System32\rundll32.exe" "C:\Users\pc\AppData\Local\soikles.dll",soikles
"C:\Windows\System32\rundll32.exe" "C:\Users\pc\AppData\Local\soikles.dll",soikles
"C:\Users\pc\AppData\Roaming\xtbjgojzjsdfym3qloqcxfcfkshinw2r2\svcnost.exe"
"C:\Users\pc\AppData\Roaming\WMPRWISE.EXE"
C:\Users\pc\AppData\Local\USPmedia\OpenMayaRender.dll
"C:\Users\pc\AppData\Roaming\Microsoft\nakysotook.exe"
"C:\Windows\System32\rundll32.exe" "C:\Users\pc\AppData\Local\rchokoe.dll",rchokoe
"C:\Windows\System32\rundll32.exe" "C:\Users\pc\AppData\Local\rckonne.dll",rckonne
"C:\Windows\System32\rundll32.exe" "C:\Users\pc\AppData\Local\rckonne.dll",rckonne
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
"C:\Windows\System32\rundll32.exe" "C:\Users\pc\AppData\Local\rchokoe.dll",rchokoe
"C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe" /gui
"C:\Program Files (x86)\AVG Secure Search\vprot.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HydraDM64.exe -h:66002 "Maximalizovat na celou plochu" "Maximalizovat k rohům okna" "Obnovit pracovní plochu"
"C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
szndesktop.exe default start
"C:\PROGRA~2\Raptr\raptr.exe" --log_to_file --from_stub --startup
"C:\Users\pc\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
\??\C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
raptr_im.exe
"C:\Program Files (x86)\Raptr\raptr_ep64.exe"
C:\Users\pc\AppData\Local\Temp\hm14E88A59.tmp
taskeng.exe {FDE0E6B4-527E-43C8-8623-F8580C0D69C1}
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4216.0.1021955316\1859772670" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,16 --gpu-vendor-id=0x1002 --gpu-device-id=0x6738 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=14.100.0.0 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group7 pct:10g stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_57/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --extension-process --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --channel="4216.3.738727484\1722996320" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group7 pct:10g stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_57/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --extension-process --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --channel="4216.4.621501438\754235266" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group7 pct:10g stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_57/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --extension-process --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --channel="4216.6.589146309\1101119030" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group7 pct:10g stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_57/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --extension-process --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --channel="4216.7.852591844\1699304340" /prefetch:673131151
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -Embedding -noframemerging -private
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe" Restart Start CCC
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto -scheduled -critical
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group7 pct:10g stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_57/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --channel="4216.10.696057643\1959038056" /prefetch:673131151
explorer.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -Embedding -noframemerging -private
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group7 pct:10g stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_57/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --channel="4216.11.1777962429\1284555006" /prefetch:673131151
"C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe"
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k swprv
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group7 pct:10g stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_57/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --channel="4216.15.1311082991\1373658165" /prefetch:673131151
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"D:\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Security Center Update - 3863432951.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01 205416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-08-05 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll [2014-08-05 346576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL [2012-10-01 877720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL [2012-10-01 2322576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11 1154720]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311531182}]
hosts - C:\Program Files (x86)\hosts\hosts-bho.dll [2013-08-21 748032]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01 139368]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-05-14 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-08-05 194504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll [2014-08-05 1001936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL [2012-10-01 704664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL [2012-10-01 1720976]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11 1431712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2013-12-23 1520560]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-05-14 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player ControlBar Toolbar - C:\Users\pc\AppData\LocalLow\BS_Player_ControlBar\prxtbBS_0.dll [2014-04-10 423744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11 1154720]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-08-05 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2011-08-17 1055808]
{95B7759C-8C7F-4BF1-B163-73684A933233}
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player ControlBar Toolbar - C:\Users\pc\AppData\LocalLow\BS_Player_ControlBar\prxtbBS_0.dll [2014-04-10 423744]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11 1431712]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2013-12-23 1520560]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-08-05 194504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-04-06 10144288]
"Etyhymgodyofb"=C:\Users\pc\AppData\Roaming\Fuituf\fiyri.exe [2013-09-14 306853]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"884621673"=C:\PROGRA~3\msfidbh.exe [2014-06-30 31232]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ICQ"=C:\Program Files (x86)\ICQ7.7\ICQ.exe [2013-08-20 127040]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-07-03 3673184]
"Viber"=C:\Users\pc\AppData\Local\Viber\Viber.exe [2013-07-31 912904]
"cz.seznam.software.autoupdate"=C:\Users\pc\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\pc\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2013-04-12 92664]
"aliim"=C:\Program Files (x86)\Trademanager\AliIM.exe [2014-05-14 293272]
"MyDriveConnect.exe"=C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [2013-11-29 473496]
"BackgroundContainerV2"=C:\Windows\SysWOW64\Rundll32.exe [2009-07-14 44544]
"EADM"=C:\Program Files (x86)\Origin\Origin.exe [2014-05-04 3588952]
"Raptr"=C:\PROGRA~2\Raptr\raptrstub.exe [2014-07-30 55360]
"HydraVisionDesktopManager"=C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [2013-03-28 389120]
"Windows Init"=C:\Users\pc\AppData\Roaming\xtbjgojzjsdfym3qloqcxfcfkshinw2r2\svcnost.exe [2014-06-01 146165]
"Microsoft Firewall 2.9"=C:\Users\pc\AppData\Roaming\WMPRWISE.EXE [2014-06-08 201964]
"hovajook"=C:\Users\pc\AppData\Roaming\Microsoft\nakysotook.exe [2014-06-20 329948]
"aaaaaaaa"=C:\Users\pc\aaaaaaaa.exe [2014-07-28 76800]
"USPmedia Update"=regsvr32.exe C:\Users\pc\AppData\Local\USPmedia\OpenMayaRender.dll []
"Msn Messsenger"=C:\Windows\system32\regsvr.exe []
"javaocom"=C:\Windows\system32\makemote.exe []
"soikles"=rundll32 C:\Users\pc\AppData\Local\soikles.dll,soikles []
"nulowuolanu"=C:\Users\pc\nulowuolanu.exe []
"wxniof"=C:\Users\pc\foinxw\wxniof.exe [2014-07-31 188416]
"rchokoe"=rundll32 C:\Users\pc\AppData\Local\rchokoe.dll,rchokoe []
"rckonne"=rundll32 C:\Users\pc\AppData\Local\rckonne.dll,rckonne []
"IbadiRwega"=regsvr32.exe C:\ProgramData\IbadiRwega\IbadiRwega.dat []
"Etyhymgodyofb"=C:\Users\pc\AppData\Roaming\Fuituf\fiyri.exe [2013-09-14 306853]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BCU"=C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [2009-10-15 375000]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2010-01-19 43632]
"NUSB3MON"=C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2009-11-20 106496]
"Guard.Mail.ru.gui"=C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [2013-08-20 1564368]
"vProt"=C:\Program Files (x86)\AVG Secure Search\vprot.exe [2014-06-25 2571288]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2011-10-24 421888]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
""= []
"ApnUpdater"=C:\Program Files (x86)\Ask.com\Updater\Updater.exe [2013-12-23 1648048]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2014-04-17 767200]
"aaaaaaaa"=C:\Windows\System32\aaaaaaaa.exe []
"Regedit32"=C:\Windows\system32\regedit.exe []
"Etyhymgodyofb"=C:\Users\pc\AppData\Roaming\Fuituf\fiyri.exe [2013-09-14 306853]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"EasyTuneVI"=C:\Program Files (x86)\Gigabyte\ET6\ETCall.exe [2007-07-26 20480]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"884621673"=C:\PROGRA~3\msfidbh.exe [2014-06-30 31232]

[HKEY_CURRENT_USER\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Etyhymgodyofb"=C:\Users\pc\AppData\Roaming\Fuituf\fiyri.exe [2013-09-14 306853]
Nahoru
xero78
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 07 srp 2014 10:01

Re: USB disk - změna souboru

#4 Příspěvek od xero78 »

Tady snad kompletní:

can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014
Ran by pc (administrator) on PC-PC on 07-08-2014 15:46:54
Running from D:\
Platform: Windows 7 Ultimate (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
() C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
() C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
() C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
() C:\Program Files (x86)\Gigabyte\ET6\GUI.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Maskiseft Corporation) C:\Windows\SysWOW64\mafumo.exe
(www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
(SupportSoft, Inc.) C:\Windows\Installer\{7C3BDE10-F246-B99B-7A7E-B7575A2B2DE4}\syshost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(ClientConnect Ltd.) C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Maskiseft Corporation) C:\Users\pc\AppData\Roaming\Fuituf\fiyri.exe
() C:\Users\pc\AppData\Local\Viber\Viber.exe
(Alibaba (China) Co., Ltd.) C:\Program Files (x86)\Trademanager\AliIM.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Users\pc\AppData\Roaming\xtbjgojzjsdfym3qloqcxfcfkshinw2r2\svcnost.exe
(drfedcfvgy) C:\Users\pc\AppData\Roaming\WMPRWISE.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(dcfvgydrfe) C:\Users\pc\AppData\Roaming\Microsoft\nakysotook.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Users\pc\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
() C:\Users\pc\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
() C:\Users\pc\AppData\Local\Temp\hm14E88A59.tmp
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-06] (Realtek Semiconductor)
HKLM\...\Run: [Etyhymgodyofb] => C:\Users\pc\AppData\Roaming\Fuituf\fiyri.exe [306853 2013-09-14] (Maskiseft Corporation)
HKLM-x32\...\Run: [BCU] => C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [375000 2009-10-15] (DeviceVM, Inc.)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [Guard.Mail.ru.gui] => C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2013-08-20] ()
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2571288 2014-06-25] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1648048 2013-12-23] (Ask)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [aaaaaaaa] => C:\Windows\SysWOW64\aaaaaaaa.exe [76800 2014-07-28] ()
HKLM-x32\...\Run: [Regedit32] => C:\Windows\SysWOW64\regedit.exe [398336 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\Run: [Etyhymgodyofb] => C:\Users\pc\AppData\Roaming\Fuituf\fiyri.exe [306853 2013-09-14] (Maskiseft Corporation)
HKLM-x32\...\RunOnce: [EasyTuneVI] => C:\Program Files (x86)\Gigabyte\ET6\ETCall.exe [20480 2007-07-26] ()
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVG <====== ATTENTION
HKLM-x32\...\Winlogon: [Shell] Explorer.exe regsvr.exe [ ] () <=== ATTENTION
Winlogon\Notify\rchokoe-x32: C:\Users\pc\AppData\Local\rchokoe.dll ()
Winlogon\Notify\rckonne-x32: C:\Users\pc\AppData\Local\rckonne.dll ()
Winlogon\Notify\soikles-x32: C:\Users\pc\AppData\Local\soikles.dll ()
HKLM\...\Policies\Explorer\Run: [884621673] => C:\ProgramData\msfidbh.exe [31232 2014-06-30] ( ())
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [ICQ] => C:\Program Files (x86)\ICQ7.7\ICQ.exe [127040 2013-08-20] (ICQ, LLC.)
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd)
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [Viber] => C:\Users\pc\AppData\Local\Viber\Viber.exe [912904 2013-07-31] ()
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\pc\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\pc\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [aliim] => C:\Program Files (x86)\Trademanager\AliIM.exe [293272 2014-05-14] (Alibaba (China) Co., Ltd.)
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [473496 2013-11-29] (TomTom)
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [BackgroundContainerV2] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\pc\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-05-04] (Electronic Arts)
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-07-30] (Raptr, Inc)
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-03-28] (AMD)
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [Windows Init] => C:\Users\pc\AppData\Roaming\xtbjgojzjsdfym3qloqcxfcfkshinw2r2\svcnost.exe [146165 2014-06-01] ()
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [Microsoft Firewall 2.9] => C:\Users\pc\AppData\Roaming\WMPRWISE.EXE [201964 2014-06-08] (drfedcfvgy)
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [hovajook] => C:\Users\pc\AppData\Roaming\Microsoft\nakysotook.exe [329948 2014-06-20] (dcfvgydrfe)
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [aaaaaaaa] => C:\Users\pc\aaaaaaaa.exe [76800 2014-07-28] ()
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [USPmedia Update] => regsvr32.exe C:\Users\pc\AppData\Local\USPmedia\OpenMayaRender.dll
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [Msn Messsenger] => C:\Windows\system32\regsvr.exe
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [javaocom] => C:\Windows\system32\makemote.exe
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [soikles] => rundll32 "C:\Users\pc\AppData\Local\soikles.dll",soikles <===== ATTENTION
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [nulowuolanu] => C:\Users\pc\nulowuolanu.exe
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [wxniof] => C:\Users\pc\foinxw\wxniof.exe [188416 2014-07-31] ()
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [rchokoe] => rundll32 "C:\Users\pc\AppData\Local\rchokoe.dll",rchokoe <===== ATTENTION
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [rckonne] => rundll32 "C:\Users\pc\AppData\Local\rckonne.dll",rckonne <===== ATTENTION
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [IbadiRwega] => regsvr32.exe "C:\ProgramData\IbadiRwega\IbadiRwega.dat"
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Run: [Etyhymgodyofb] => C:\Users\pc\AppData\Roaming\Fuituf\fiyri.exe [306853 2013-09-14] (Maskiseft Corporation)
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\MountPoints2: I - I:\Setup.exe
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\MountPoints2: {c5ed2903-24c7-11e3-8d52-1c6f65488f8f} - H:\iStudio.exe
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\MountPoints2: {ec5830e4-06fa-11e3-b2da-1c6f65488f8f} - I:\Setup.exe
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\MountPoints2: {fa037aa7-06f6-11e3-aa44-806e6f6e6963} - E:\Launch.exe
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\...\Winlogon: [Shell] C:\Users\pc\AppData\Roaming\template.xml [40960 2009-07-14] () <==== ATTENTION
Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.HTML ()
Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.TXT ()
InternetURL: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.URL -> https://kpai7ycr7jxqkilp.onion2web.com/bpgd
Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wxniof.lnk
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.ph ... &ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: HKLM-x32 - BS Player ControlBar Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Users\pc\AppData\LocalLow\BS_Player_ControlBar\prxtbBS_0.dll (ClientConnect Ltd.)
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll (DeviceVM, Inc.)
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
URLSearchHook: HKCU - BS Player ControlBar Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Users\pc\AppData\LocalLow\BS_Player_ControlBar\prxtbBS_0.dll (ClientConnect Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {B868D42F-E12C-4346-8D73-633A540A189C} URL = http://search.conduit.com/ResultsExt.as ... 31148&UM=1
SearchScopes: HKCU - A26643E6C8DC474FA4BE3678FD281628 URL = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0B6518FD-C995-445F-BAE1-6B930BA9538F} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_12454
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={search ... 4&tsp=4981
SearchScopes: HKCU - {1288BF25-D317-4B69-A3BA-67A0EDAC28BF} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_12454
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKCU - {19682B9B-2842-4297-8473-0DF162A3A714} URL = http://www.novinky.cz/hledej?w={searchT ... arch_12454
SearchScopes: HKCU - {3F3CBC6E-CE0C-4b9e-B53D-7EBE855EC1DF} URL = http://search.yahoo.com/search?p={searc ... type=STDVM
SearchScopes: HKCU - {5BC53F25-8151-422B-9C66-8496C85AADB1} URL = http://www.mapy.cz/?query={searchTerms} ... arch_12454
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKCU - {9706AB05-CEE5-4384-8746-489AF4C410A5} URL = http://encyklopedie.seznam.cz/search?q= ... arch_12454
SearchScopes: HKCU - {B135AA99-5CCD-4e38-B976-F2C31D89F205} URL = http://www.google.com/cse?cx=partner-pu ... 4067623346
SearchScopes: HKCU - {B868D42F-E12C-4346-8D73-633A540A189C} URL = http://search.conduit.com/ResultsExt.as ... 31148&UM=1
SearchScopes: HKCU - {C237E758-AB4A-44DC-8024-F25532D3E18B} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_12454
SearchScopes: HKCU - {EEE3D246-632A-45C7-8C84-0BFE1CEA034A} URL = http://search.seznam.cz/?q={searchTerms ... arch_12454
SearchScopes: HKCU - {F1E7676E-7E8A-4A28-9EC5-6FAF668EA786} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_12454
SearchScopes: HKCU - {F9B4D8BC-240D-4577-B4A7-976E775E902D} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_12454
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: hosts -> {11111111-1111-1111-1111-110311531182} -> C:\Program Files (x86)\hosts\hosts-bho.dll (Alex)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: BS Player ControlBar Toolbar -> {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} -> C:\Users\pc\AppData\LocalLow\BS_Player_ControlBar\prxtbBS_0.dll (ClientConnect Ltd.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKLM-x32 - BS Player ControlBar Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Users\pc\AppData\LocalLow\BS_Player_ControlBar\prxtbBS_0.dll (ClientConnect Ltd.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} http://94.229.82.168:8081/VatDec.cab
DPF: HKLM-x32 {45830FF9-D9E6-4F41-86ED-B266933D8E90} http://94.229.82.168:8081/RtspVaPgDec.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll (AVG Secure Search)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 81.200.48.55 81.200.48.11

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @alibaba.com/nptrademanager;version=1.0 -> C:\Program Files (x86)\Trademanager\nptrademanager.dll ( )
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: {@alibaba.com/alisetup;version=1.0} - C:\Users\pc\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)

Chrome:
=======
CHR HomePage: hxxp://www.msn.com/?pc=UP94&ocid=UP94DHP
CHR StartupUrls: "hxxp://www.msn.com/?pc=UP94&ocid=UP94DHP", "hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=34BAD85D4C99B0A3&affID=123895&tsp=4982"
CHR NewTab: "chrome-extension://olfeabkoenfaoljndfecamgilllcpiak/core/chrome/content/speedDial/speedDial.html"
CHR DefaultSearchKeyword: isearch.avg.com
CHR DefaultNewTabURL: https://isearch.avg.com/chroment?espv=2 ... 2013-10-28 11:49:58&v=17.1.2.0&pid=avg&sg=
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Extension: (CLSID_SeparateMultipleProcessExplorerHost) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-06-13]
CHR Extension: (Dokumenty Google) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-19]
CHR Extension: (AVG Security Toolbar) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-08-22]
CHR Extension: (Peněženka Google) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2014-02-28]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [2014-04-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
R2 Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2013-08-20] ()
R2 ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [247872 2011-08-17] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-19] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-04] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 SecurityCenterServer3863432951; C:\Users\pc\AppData\Roaming\Fuituf\fiyri.exe [306853 2013-09-14] (Maskiseft Corporation) [File not signed]
R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]
R2 syshost32; C:\Windows\Installer\{7C3BDE10-F246-B99B-7A7E-B7575A2B2DE4}\syshost.exe [187904 2014-06-01] (SupportSoft, Inc.) [File not signed]
R2 TBSrv; C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe [350528 2014-03-31] (ClientConnect Ltd.)
R2 vToolbarUpdater18.1.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [1813528 2014-06-25] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 8652bb12e0b3918c; C:\Windows\System32\Drivers\8652bb12e0b3918c.sys [59840 2014-06-01] () <===== ATTENTION Necurs Rootkit?
R3 AODDriver; C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
S3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [265728 2010-09-06] (AVEO Corp)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-04-28] (AVG Technologies)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-08-22] (Disc Soft Ltd)
R3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-08-07] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-07 15:46 - 2014-08-07 15:46 - 00000000 ____D () C:\FRST
2014-08-07 15:26 - 2014-08-07 15:26 - 00000000 ____D () C:\Program Files (x86)\trend micro
2014-08-07 15:25 - 2014-08-07 15:27 - 00000000 ____D () C:\Program Files\trend micro
2014-08-07 15:25 - 2014-08-07 15:25 - 00000000 ____D () C:\rsit
2014-08-06 22:20 - 2014-08-06 22:20 - 00001889 _____ () C:\Users\pc\Desktop\ShadowExplorer.lnk
2014-08-06 22:20 - 2014-08-06 22:20 - 00000000 ____D () C:\Users\pc\AppData\Roaming\www.shadowexplorer.com
2014-08-06 22:20 - 2014-08-06 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2014-08-06 22:20 - 2014-08-06 22:20 - 00000000 ____D () C:\Program Files (x86)\ShadowExplorer
2014-08-06 20:46 - 2014-08-06 20:46 - 00000000 _____ () C:\Users\pc\0719.exe
2014-08-06 20:43 - 2014-08-07 15:07 - 00000112 _____ () C:\Windows\setupact.log
2014-08-06 20:43 - 2014-08-06 20:43 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-06 20:06 - 2014-08-06 20:06 - 00000000 _____ () C:\autoexec.bat
2014-08-06 20:05 - 2014-08-06 20:05 - 00000000 ____D () C:\sh4ldr
2014-08-06 20:05 - 2014-08-06 20:05 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-06 19:53 - 2014-08-06 20:42 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Tor
2014-08-06 19:53 - 2014-08-06 20:42 - 00000000 ____D () C:\Program Files (x86)\Vidalia Bundle
2014-08-06 19:53 - 2014-08-06 20:36 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Vidalia
2014-08-06 15:00 - 2014-08-06 15:00 - 00023393 _____ () C:\Users\pc\Desktop\PSLogZip.zip
2014-08-05 16:48 - 2014-08-06 21:39 - 00001609 _____ () C:\Windows\WindowsUpdate.log
2014-08-05 16:40 - 2014-08-05 16:40 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Google
2014-08-05 16:10 - 2014-08-05 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-05 16:10 - 2014-08-05 16:10 - 00000000 ____D () C:\Program Files\Google
2014-08-05 16:09 - 2014-08-05 16:10 - 00000000 ____D () C:\ProgramData\Google
2014-08-03 11:36 - 2014-08-03 11:36 - 00023552 _____ () C:\Users\pc\AppData\Local\rckonne.dll
2014-08-03 11:36 - 2014-08-03 11:36 - 00000000 ____D () C:\ProgramData\IbadiRwega
2014-08-02 09:23 - 2014-08-07 05:01 - 00000778 _____ () C:\Windows\Tasks\Security Center Update - 3863432951.job
2014-08-02 09:23 - 2014-08-02 09:23 - 00003784 _____ () C:\Windows\System32\Tasks\Security Center Update - 3863432951
2014-08-02 09:23 - 2014-08-02 09:23 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Fuituf
2014-08-02 09:23 - 2013-09-14 00:09 - 00306853 _____ (Maskiseft Corporation) C:\Windows\SysWOW64\mafumo.exe
2014-08-02 09:22 - 2014-08-02 09:22 - 00023552 _____ () C:\Users\pc\AppData\Local\rchokoe.dll
2014-07-31 18:39 - 2014-08-06 21:31 - 00000000 _RSHD () C:\Users\pc\foinxw
2014-07-31 17:54 - 2014-07-31 17:54 - 00008198 _____ () C:\Users\pc\Downloads\DECRYPT_INSTRUCTION.HTML
2014-07-31 17:54 - 2014-07-31 17:54 - 00008198 _____ () C:\Users\pc\DECRYPT_INSTRUCTION.HTML
2014-07-31 17:54 - 2014-07-31 17:54 - 00008198 _____ () C:\Users\DECRYPT_INSTRUCTION.HTML
2014-07-31 17:54 - 2014-07-31 17:54 - 00004144 _____ () C:\Users\pc\Downloads\DECRYPT_INSTRUCTION.TXT
2014-07-31 17:54 - 2014-07-31 17:54 - 00004144 _____ () C:\Users\pc\DECRYPT_INSTRUCTION.TXT
2014-07-31 17:54 - 2014-07-31 17:54 - 00004144 _____ () C:\Users\DECRYPT_INSTRUCTION.TXT
2014-07-31 17:54 - 2014-07-31 17:54 - 00000274 _____ () C:\Users\pc\Downloads\DECRYPT_INSTRUCTION.URL
2014-07-31 17:54 - 2014-07-31 17:54 - 00000274 _____ () C:\Users\pc\DECRYPT_INSTRUCTION.URL
2014-07-31 17:54 - 2014-07-31 17:54 - 00000274 _____ () C:\Users\DECRYPT_INSTRUCTION.URL
2014-07-31 17:52 - 2014-07-31 17:52 - 00008198 _____ () C:\Users\pc\Documents\DECRYPT_INSTRUCTION.HTML
2014-07-31 17:52 - 2014-07-31 17:52 - 00004144 _____ () C:\Users\pc\Documents\DECRYPT_INSTRUCTION.TXT
2014-07-31 17:52 - 2014-07-31 17:52 - 00000274 _____ () C:\Users\pc\Documents\DECRYPT_INSTRUCTION.URL
2014-07-31 17:11 - 2014-07-31 17:11 - 00008198 _____ () C:\Users\pc\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-07-31 17:11 - 2014-07-31 17:11 - 00008198 _____ () C:\Users\pc\AppData\DECRYPT_INSTRUCTION.HTML
2014-07-31 17:11 - 2014-07-31 17:11 - 00004144 _____ () C:\Users\pc\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-07-31 17:11 - 2014-07-31 17:11 - 00004144 _____ () C:\Users\pc\AppData\DECRYPT_INSTRUCTION.TXT
2014-07-31 17:11 - 2014-07-31 17:11 - 00000274 _____ () C:\Users\pc\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2014-07-31 17:11 - 2014-07-31 17:11 - 00000274 _____ () C:\Users\pc\AppData\DECRYPT_INSTRUCTION.URL
2014-07-31 17:06 - 2014-07-31 17:06 - 00008198 _____ () C:\Users\pc\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-07-31 17:06 - 2014-07-31 17:06 - 00004144 _____ () C:\Users\pc\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-07-31 17:06 - 2014-07-31 17:06 - 00000274 _____ () C:\Users\pc\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-07-31 15:10 - 2014-07-31 17:06 - 00000000 ____D () C:\Users\pc\AppData\Roaming\G001
2014-07-31 15:08 - 2014-07-31 15:08 - 00099328 _____ () C:\Users\pc\17816.exe
2014-07-30 14:48 - 2014-07-30 14:48 - 00099328 _____ () C:\Users\pc\17639.exe
2014-07-29 15:53 - 2014-07-29 15:53 - 00073728 _____ () C:\Users\pc\28199.exe
2014-07-29 15:53 - 2014-07-29 15:53 - 00000000 _____ () C:\Windows\28199.INI
2014-07-28 19:04 - 2014-07-28 19:04 - 00008196 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-07-28 19:04 - 2014-07-28 19:04 - 00004142 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-07-28 19:04 - 2014-07-28 19:04 - 00000272 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-07-28 19:01 - 2014-07-28 19:01 - 00092891 _____ (dcfdcvfdcd) C:\Users\pc\irarar.exe
2014-07-28 19:01 - 2014-07-28 19:01 - 00076800 _____ () C:\Users\pc\29817.exe
2014-07-28 18:57 - 2014-07-28 18:57 - 00270336 _____ () C:\Windows\SysWOW64\makemote.exe
2014-07-28 18:57 - 2014-07-28 18:57 - 00023552 _____ () C:\Users\pc\AppData\Local\soikles.dll
2014-07-28 16:30 - 2014-08-07 15:08 - 00000004 _____ () C:\Windows\SysWOW64\GVTunner.ref
2014-07-26 10:46 - 2014-07-26 10:46 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\iziziz.exe
2014-07-26 10:42 - 2014-07-26 10:42 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ifefef.exe
2014-07-26 10:38 - 2014-07-26 10:38 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\idadad.exe
2014-07-26 10:37 - 2014-07-26 10:37 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ijijij.exe
2014-07-26 10:36 - 2014-07-26 10:36 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\iwewew.exe
2014-07-26 10:35 - 2014-07-26 10:35 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ibobob.exe
2014-07-26 10:34 - 2014-07-26 10:34 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\imemem.exe
2014-07-26 10:32 - 2014-07-26 10:32 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\iqoqoq.exe
2014-07-26 10:29 - 2014-07-26 10:29 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ininin.exe
2014-07-26 10:28 - 2014-07-26 10:28 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ilolol.exe
2014-07-26 10:28 - 2014-07-26 10:28 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ijejej.exe
2014-07-26 10:27 - 2014-07-26 10:27 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\igogog.exe
2014-07-26 10:26 - 2014-07-26 10:26 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ivevev.exe
2014-07-26 10:24 - 2014-07-26 10:24 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\itutut.exe
2014-07-26 10:24 - 2014-07-26 10:24 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\itatat.exe
2014-07-26 10:23 - 2014-07-31 17:30 - 00000000 ____D () C:\Users\pc\Desktop\Fotky
2014-07-26 10:21 - 2014-07-26 10:21 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\itotot.exe
2014-07-26 10:20 - 2014-07-26 10:20 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\imamam.exe
2014-07-26 10:20 - 2014-07-26 10:20 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ibibib.exe
2014-07-26 10:19 - 2014-07-26 10:19 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\izazaz.exe
2014-07-26 10:19 - 2014-07-26 10:19 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ixuxux.exe
2014-07-26 10:19 - 2014-07-26 10:19 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ixoxox.exe
2014-07-26 10:19 - 2014-07-26 10:19 - 00000000 ____D () C:\Users\pc\Desktop\Nová složka
2014-07-26 10:18 - 2014-07-26 10:18 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ivovov.exe
2014-07-23 18:51 - 2014-07-23 18:51 - 00000000 ____D () C:\Users\pc\AppData\Local\G001
2014-07-19 16:13 - 2014-07-19 16:13 - 00241925 _____ () C:\Users\pc\18369.exe
2014-07-19 16:13 - 2014-07-19 16:13 - 00069632 _____ () C:\Users\pc\38369.exe
2014-07-19 10:57 - 2014-07-19 10:57 - 00002449 __RSH () C:\Windows\SysWOW64\setting.ini
2014-07-19 10:57 - 2014-07-19 10:57 - 00000096 __RSH () C:\Windows\SysWOW64\setup.ini
2014-07-19 10:57 - 2014-07-19 10:57 - 00000000 __SHD () C:\Windows\SysWOW64\28463
2014-07-19 10:57 - 2008-07-14 11:36 - 00656763 __RSH () C:\Windows\SysWOW64\svchost .exe
2014-07-19 10:57 - 2008-07-14 11:36 - 00656763 __RSH () C:\Windows\SysWOW64\regsvr.exe
2014-07-19 10:57 - 2008-07-14 11:36 - 00656763 _____ () C:\Windows\regsvr.exe
2014-07-19 10:47 - 2014-08-06 21:01 - 00000000 ____D () C:\Users\pc\Desktop\zaloha fotak 19.7.2014
2014-07-17 16:05 - 2014-07-31 17:32 - 00000280 _____ () C:\Users\pc\Desktop\Nový textový dokument.txt
2014-07-12 20:09 - 2014-07-12 20:09 - 00001071 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.lnk
2014-07-12 20:09 - 2014-07-12 20:09 - 00001065 _____ () C:\Users\Public\Desktop\PokerStars.lnk
2014-07-12 20:09 - 2014-07-12 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars
2014-07-12 19:54 - 2014-07-12 19:54 - 00000000 ____D () C:\Users\pc\AppData\Roaming\IDM
2014-07-11 18:54 - 2014-07-11 18:54 - 00234664 _____ () C:\Users\pc\19756.exe
2014-07-11 18:54 - 2014-07-11 18:54 - 00035840 _____ () C:\Users\pc\29756.exe
2014-07-11 18:51 - 2014-07-31 17:31 - 00000000 ____D () C:\Users\pc\Desktop\Gavlyn
2014-07-10 20:35 - 2014-07-31 17:53 - 1792860184 _____ () C:\Users\pc\Downloads\hbmutkjx.avi
2014-07-10 18:28 - 2014-07-31 17:53 - 166317085 _____ () C:\Users\pc\Downloads\Czech_Harem_2_part1.mp4
2014-07-10 18:21 - 2014-07-31 17:13 - 00000000 ____D () C:\Users\pc\Desktop\103-Pack
2014-07-10 18:20 - 2014-07-31 17:52 - 261248040 _____ () C:\Users\pc\Downloads\Czech_Harem_1-part1.mp4
2014-07-08 16:31 - 2014-07-31 17:53 - 136277280 _____ () C:\Users\pc\Downloads\Czech_Harem_3_part3.mp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-07 15:46 - 2014-08-07 15:46 - 00000000 ____D () C:\FRST
2014-08-07 15:38 - 2014-06-04 15:21 - 00000312 _____ () C:\Users\pc\AppData\Roaming\template.css
2014-08-07 15:30 - 2013-08-17 07:11 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-07 15:27 - 2014-08-07 15:25 - 00000000 ____D () C:\Program Files\trend micro
2014-08-07 15:26 - 2014-08-07 15:26 - 00000000 ____D () C:\Program Files (x86)\trend micro
2014-08-07 15:26 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-07 15:26 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-07 15:25 - 2014-08-07 15:25 - 00000000 ____D () C:\rsit
2014-08-07 15:16 - 2013-08-17 10:29 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-07 15:13 - 2009-07-14 17:18 - 00671356 _____ () C:\Windows\system32\perfh005.dat
2014-08-07 15:13 - 2009-07-14 17:18 - 00142044 _____ () C:\Windows\system32\perfc005.dat
2014-08-07 15:13 - 2009-07-14 07:13 - 01590870 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-07 15:12 - 2013-11-09 14:20 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Seznam.cz
2014-08-07 15:11 - 2013-10-05 11:43 - 00000000 ____D () C:\Users\pc\AppData\Roaming\ViberPC
2014-08-07 15:10 - 2014-06-01 16:58 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Raptr
2014-08-07 15:10 - 2013-12-19 16:07 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-08-07 15:10 - 2013-08-20 18:00 - 00000000 ____D () C:\Users\pc\AppData\Roaming\ICQ
2014-08-07 15:08 - 2014-07-28 16:30 - 00000004 _____ () C:\Windows\SysWOW64\GVTunner.ref
2014-08-07 15:08 - 2013-10-05 11:41 - 00000000 ____D () C:\Users\pc\AppData\Local\Viber
2014-08-07 15:08 - 2013-08-17 08:26 - 00030528 _____ () C:\Windows\GVTDrv64.sys
2014-08-07 15:07 - 2014-08-06 20:43 - 00000112 _____ () C:\Windows\setupact.log
2014-08-07 15:07 - 2013-08-17 08:25 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-08-07 15:07 - 2013-08-17 07:11 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-07 15:07 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-07 05:01 - 2014-08-02 09:23 - 00000778 _____ () C:\Windows\Tasks\Security Center Update - 3863432951.job
2014-08-06 22:20 - 2014-08-06 22:20 - 00001889 _____ () C:\Users\pc\Desktop\ShadowExplorer.lnk
2014-08-06 22:20 - 2014-08-06 22:20 - 00000000 ____D () C:\Users\pc\AppData\Roaming\www.shadowexplorer.com
2014-08-06 22:20 - 2014-08-06 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2014-08-06 22:20 - 2014-08-06 22:20 - 00000000 ____D () C:\Program Files (x86)\ShadowExplorer
2014-08-06 21:39 - 2014-08-05 16:48 - 00001609 _____ () C:\Windows\WindowsUpdate.log
2014-08-06 21:34 - 2011-03-31 16:49 - 00000000 ____D () C:\Notebook
2014-08-06 21:31 - 2014-07-31 18:39 - 00000000 _RSHD () C:\Users\pc\foinxw
2014-08-06 21:01 - 2014-07-19 10:47 - 00000000 ____D () C:\Users\pc\Desktop\zaloha fotak 19.7.2014
2014-08-06 20:48 - 2013-08-21 18:26 - 00000866 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-06 20:48 - 2013-08-17 06:49 - 00000000 ____D () C:\Users\pc
2014-08-06 20:46 - 2014-08-06 20:46 - 00000000 _____ () C:\Users\pc\0719.exe
2014-08-06 20:43 - 2014-08-06 20:43 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-06 20:42 - 2014-08-06 19:53 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Tor
2014-08-06 20:42 - 2014-08-06 19:53 - 00000000 ____D () C:\Program Files (x86)\Vidalia Bundle
2014-08-06 20:42 - 2013-12-11 18:01 - 00000000 ____D () C:\Program Files (x86)\Trademanager
2014-08-06 20:42 - 2013-11-17 20:08 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-08-06 20:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-08-06 20:36 - 2014-08-06 19:53 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Vidalia
2014-08-06 20:06 - 2014-08-06 20:06 - 00000000 _____ () C:\autoexec.bat
2014-08-06 20:05 - 2014-08-06 20:05 - 00000000 ____D () C:\sh4ldr
2014-08-06 20:05 - 2014-08-06 20:05 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-06 15:00 - 2014-08-06 15:00 - 00023393 _____ () C:\Users\pc\Desktop\PSLogZip.zip
2014-08-05 16:52 - 2013-08-18 19:26 - 00000000 ____D () C:\Users\pc\AppData\Local\PokerStars
2014-08-05 16:52 - 2013-08-18 19:26 - 00000000 ____D () C:\Program Files (x86)\PokerStars
2014-08-05 16:40 - 2014-08-05 16:40 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Google
2014-08-05 16:40 - 2013-08-17 07:11 - 00000000 ____D () C:\Users\pc\AppData\Local\Google
2014-08-05 16:12 - 2013-08-22 19:41 - 00000000 ____D () C:\Users\pc\AppData\Roaming\DAEMON Tools Lite
2014-08-05 16:10 - 2014-08-05 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-05 16:10 - 2014-08-05 16:10 - 00000000 ____D () C:\Program Files\Google
2014-08-05 16:10 - 2014-08-05 16:09 - 00000000 ____D () C:\ProgramData\Google
2014-08-05 16:10 - 2013-08-21 18:26 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-05 16:10 - 2013-08-17 07:11 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-05 15:22 - 2014-05-04 10:09 - 00000000 ____D () C:\ProgramData\Origin
2014-08-05 15:14 - 2014-06-01 16:58 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-08-05 15:14 - 2014-05-04 10:09 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-08-03 11:36 - 2014-08-03 11:36 - 00023552 _____ () C:\Users\pc\AppData\Local\rckonne.dll
2014-08-03 11:36 - 2014-08-03 11:36 - 00000000 ____D () C:\ProgramData\IbadiRwega
2014-08-02 09:23 - 2014-08-02 09:23 - 00003784 _____ () C:\Windows\System32\Tasks\Security Center Update - 3863432951
2014-08-02 09:23 - 2014-08-02 09:23 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Fuituf
2014-08-02 09:22 - 2014-08-02 09:22 - 00023552 _____ () C:\Users\pc\AppData\Local\rchokoe.dll
2014-07-31 18:27 - 2012-08-04 11:38 - 00000000 ____D () C:\czshare
2014-07-31 17:54 - 2014-07-31 17:54 - 00008198 _____ () C:\Users\pc\Downloads\DECRYPT_INSTRUCTION.HTML
2014-07-31 17:54 - 2014-07-31 17:54 - 00008198 _____ () C:\Users\pc\DECRYPT_INSTRUCTION.HTML
2014-07-31 17:54 - 2014-07-31 17:54 - 00008198 _____ () C:\Users\DECRYPT_INSTRUCTION.HTML
2014-07-31 17:54 - 2014-07-31 17:54 - 00004144 _____ () C:\Users\pc\Downloads\DECRYPT_INSTRUCTION.TXT
2014-07-31 17:54 - 2014-07-31 17:54 - 00004144 _____ () C:\Users\pc\DECRYPT_INSTRUCTION.TXT
2014-07-31 17:54 - 2014-07-31 17:54 - 00004144 _____ () C:\Users\DECRYPT_INSTRUCTION.TXT
2014-07-31 17:54 - 2014-07-31 17:54 - 00000274 _____ () C:\Users\pc\Downloads\DECRYPT_INSTRUCTION.URL
2014-07-31 17:54 - 2014-07-31 17:54 - 00000274 _____ () C:\Users\pc\DECRYPT_INSTRUCTION.URL
2014-07-31 17:54 - 2014-07-31 17:54 - 00000274 _____ () C:\Users\DECRYPT_INSTRUCTION.URL
2014-07-31 17:54 - 2014-06-11 19:21 - 08832792 _____ () C:\Users\pc\Downloads\TTP (1).ppt
2014-07-31 17:54 - 2014-06-08 19:22 - 07637016 _____ () C:\Users\pc\Downloads\TTP_.pptx
2014-07-31 17:54 - 2014-05-24 20:39 - 1124994822 _____ () C:\Users\pc\Downloads\Vlk z Wall Streat CZ- dab.avi
2014-07-31 17:54 - 2014-05-11 15:25 - 08832792 _____ () C:\Users\pc\Downloads\TTP.ppt
2014-07-31 17:54 - 2014-04-13 10:10 - 00000000 ____D () C:\Users\pc\P5JavaClientSettings
2014-07-31 17:53 - 2014-07-10 20:35 - 1792860184 _____ () C:\Users\pc\Downloads\hbmutkjx.avi
2014-07-31 17:53 - 2014-07-10 18:28 - 166317085 _____ () C:\Users\pc\Downloads\Czech_Harem_2_part1.mp4
2014-07-31 17:53 - 2014-07-08 16:31 - 136277280 _____ () C:\Users\pc\Downloads\Czech_Harem_3_part3.mp4
2014-07-31 17:53 - 2014-07-06 15:03 - 342930813 _____ () C:\Users\pc\Downloads\rychlyprachy70 - Cesky amaterky [xxx].wmv
2014-07-31 17:53 - 2014-07-06 15:02 - 146135721 _____ () C:\Users\pc\Downloads\Czech_Harem_3_part2.mp4
2014-07-31 17:53 - 2014-07-06 14:09 - 682479579 _____ () C:\Users\pc\Downloads\Czech_Harem_3_Part_1.wmv
2014-07-31 17:53 - 2014-06-11 21:01 - 1034965016 _____ () C:\Users\pc\Downloads\Na život a na smrt BRRip CZ.avi
2014-07-31 17:53 - 2014-05-25 08:35 - 1574288928 _____ () C:\Users\pc\Downloads\Planeta ocean.Planet Ocean (2012) v CZ dokument Francie V.Británie.avi
2014-07-31 17:53 - 2014-03-11 17:53 - 00016152 _____ () C:\Users\pc\Downloads\hotel_Maj_ceník2014 (1).xls
2014-07-31 17:53 - 2014-03-09 15:28 - 00016152 _____ () C:\Users\pc\Downloads\hotel_Maj_ceník2014.xls
2014-07-31 17:53 - 2013-11-09 22:42 - 00016664 _____ () C:\Users\pc\Downloads\Osobni udaje.odt
2014-07-31 17:53 - 2013-11-01 20:56 - 00059416 _____ () C:\Users\pc\Downloads\Seznam objektů bytového a nebytového fondu (2).xls
2014-07-31 17:53 - 2013-10-07 15:35 - 00059416 _____ () C:\Users\pc\Downloads\Seznam objektů bytového a nebytového fondu (1).xls
2014-07-31 17:53 - 2013-09-26 17:01 - 00059416 _____ () C:\Users\pc\Downloads\Seznam objektů bytového a nebytového fondu.xls
2014-07-31 17:52 - 2014-07-31 17:52 - 00008198 _____ () C:\Users\pc\Documents\DECRYPT_INSTRUCTION.HTML
2014-07-31 17:52 - 2014-07-31 17:52 - 00004144 _____ () C:\Users\pc\Documents\DECRYPT_INSTRUCTION.TXT
2014-07-31 17:52 - 2014-07-31 17:52 - 00000274 _____ () C:\Users\pc\Documents\DECRYPT_INSTRUCTION.URL
2014-07-31 17:52 - 2014-07-10 18:20 - 261248040 _____ () C:\Users\pc\Downloads\Czech_Harem_1-part1.mp4
2014-07-31 17:52 - 2014-06-29 07:24 - 00040216 _____ () C:\Users\pc\Downloads\BRASIL2014 (1).xls
2014-07-31 17:52 - 2014-06-25 20:40 - 00000000 ____D () C:\Users\pc\Downloads\com.garmin.android.apps.viago
2014-07-31 17:52 - 2014-06-20 17:24 - 00036120 _____ () C:\Users\pc\Downloads\BRASIL2014.xls
2014-07-31 17:52 - 2014-06-11 19:20 - 00400408 _____ () C:\Users\pc\Downloads\03 Spalovacie teploty (1).ppt
2014-07-31 17:52 - 2014-06-11 19:20 - 00234520 _____ () C:\Users\pc\Downloads\02 Spalovanie paliv (1).ppt
2014-07-31 17:52 - 2014-06-11 19:18 - 00235544 _____ () C:\Users\pc\Downloads\01 Paliva (1).ppt
2014-07-31 17:52 - 2014-05-11 15:25 - 00400408 _____ () C:\Users\pc\Downloads\03 Spalovacie teploty.ppt
2014-07-31 17:52 - 2014-05-11 15:25 - 00235544 _____ () C:\Users\pc\Downloads\01 Paliva.ppt
2014-07-31 17:52 - 2014-05-11 15:25 - 00234520 _____ () C:\Users\pc\Downloads\02 Spalovanie paliv.ppt
2014-07-31 17:49 - 2014-07-06 14:15 - 95018028 _____ () C:\Users\pc\Documents\Czech_Harem_3_Part_1.wmv.crdownload.avi
2014-07-31 17:49 - 2014-05-14 21:12 - 00000000 ____D () C:\Users\pc\Documents\Soubory aplikace Outlook
2014-07-31 17:49 - 2014-04-28 20:17 - 2033147928 _____ () C:\Users\pc\Desktop\Zprávař 2 - Legenda pokračuje.avi
2014-07-31 17:49 - 2014-01-05 20:50 - 588298264 _____ () C:\Users\pc\Documents\Jackass Presents- Bad Grandpa (2013) Novinka Angl. dabing Komedie HDRip kvalita.avi
2014-07-31 17:49 - 2013-10-27 16:56 - 00000000 ____D () C:\Users\pc\Documents\Euro Truck Simulator 2
2014-07-31 17:49 - 2013-09-23 18:21 - 00000000 ____D () C:\Users\pc\Desktop\zaloha HTC karta
2014-07-31 17:39 - 2014-07-07 16:11 - 27965473 _____ () C:\Users\pc\Desktop\VID_20140705_024747.mp4
2014-07-31 17:39 - 2014-07-07 16:10 - 15196558 _____ () C:\Users\pc\Desktop\VID_20140705_025049.mp4
2014-07-31 17:39 - 2014-05-11 15:28 - 08832792 _____ () C:\Users\pc\Desktop\výměníky tepla.ppt
2014-07-31 17:39 - 2014-02-19 19:11 - 00000000 ____D () C:\Users\pc\Desktop\Trading
2014-07-31 17:39 - 2013-11-10 11:23 - 00000000 ____D () C:\Users\pc\Desktop\School
2014-07-31 17:32 - 2014-07-17 16:05 - 00000280 _____ () C:\Users\pc\Desktop\Nový textový dokument.txt
2014-07-31 17:32 - 2014-05-27 18:00 - 00000000 ____D () C:\Users\pc\Desktop\Materiály2
2014-07-31 17:32 - 2014-05-27 18:00 - 00000000 ____D () C:\Users\pc\Desktop\Materiály
2014-07-31 17:32 - 2014-05-12 19:16 - 00006680 _____ () C:\Users\pc\Desktop\Nový Microsoft Excel Worksheet.xlsx
2014-07-31 17:32 - 2014-05-02 20:26 - 865974296 _____ () C:\Users\pc\Desktop\oh.avi
2014-07-31 17:32 - 2013-09-23 17:12 - 00000000 ____D () C:\Users\pc\Desktop\Lenovo CP
2014-07-31 17:32 - 2013-09-17 18:20 - 00000000 ____D () C:\Users\pc\Desktop\OpenOffice 4.0.0 (cs) Installation Files
2014-07-31 17:32 - 2013-09-03 16:24 - 00000000 ____D () C:\Users\pc\Desktop\Samsung sdhc 32gb
2014-07-31 17:31 - 2014-07-11 18:51 - 00000000 ____D () C:\Users\pc\Desktop\Gavlyn
2014-07-31 17:31 - 2014-04-24 16:19 - 00000000 ____D () C:\Users\pc\Desktop\inzeráty
2014-07-31 17:31 - 2014-04-21 15:35 - 1743384600 ____R () C:\Users\pc\Desktop\Last.Vegas.2013.480p.BDRip.AC3.XViD.CZ.4play.avi
2014-07-31 17:30 - 2014-07-26 10:23 - 00000000 ____D () C:\Users\pc\Desktop\Fotky
2014-07-31 17:30 - 2014-05-14 18:39 - 00000000 ____D () C:\Users\pc\Desktop\FreeRapid-0.9u3
2014-07-31 17:13 - 2014-07-10 18:21 - 00000000 ____D () C:\Users\pc\Desktop\103-Pack
2014-07-31 17:13 - 2014-06-20 17:24 - 00036120 _____ () C:\Users\pc\Desktop\BRASIL2014.xls
2014-07-31 17:13 - 2014-02-07 11:54 - 00000000 ____D () C:\Users\pc\Desktop\bum
2014-07-31 17:11 - 2014-07-31 17:11 - 00008198 _____ () C:\Users\pc\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-07-31 17:11 - 2014-07-31 17:11 - 00008198 _____ () C:\Users\pc\AppData\DECRYPT_INSTRUCTION.HTML
2014-07-31 17:11 - 2014-07-31 17:11 - 00004144 _____ () C:\Users\pc\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-07-31 17:11 - 2014-07-31 17:11 - 00004144 _____ () C:\Users\pc\AppData\DECRYPT_INSTRUCTION.TXT
2014-07-31 17:11 - 2014-07-31 17:11 - 00000274 _____ () C:\Users\pc\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2014-07-31 17:11 - 2014-07-31 17:11 - 00000274 _____ () C:\Users\pc\AppData\DECRYPT_INSTRUCTION.URL
2014-07-31 17:11 - 2014-05-14 18:41 - 00000000 ____D () C:\Users\pc\AppData\Roaming\VitySoft
2014-07-31 17:11 - 2014-02-04 17:22 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Winamp
2014-07-31 17:09 - 2014-01-01 16:30 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Skype
2014-07-31 17:09 - 2013-08-21 16:51 - 00000000 ____D () C:\Users\pc\AppData\Roaming\uTorrent
2014-07-31 17:08 - 2013-09-07 09:45 - 00000000 ____D () C:\Users\pc\AppData\Roaming\PacificPoker
2014-07-31 17:06 - 2014-07-31 17:06 - 00008198 _____ () C:\Users\pc\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-07-31 17:06 - 2014-07-31 17:06 - 00004144 _____ () C:\Users\pc\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-07-31 17:06 - 2014-07-31 17:06 - 00000274 _____ () C:\Users\pc\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-07-31 17:06 - 2014-07-31 15:10 - 00000000 ____D () C:\Users\pc\AppData\Roaming\G001
2014-07-31 17:06 - 2014-05-04 11:42 - 00000000 ____D () C:\Users\pc\AppData\Local\PunkBuster
2014-07-31 17:06 - 2014-05-04 10:10 - 00000000 ____D () C:\Users\pc\AppData\Local\Origin
2014-07-31 17:06 - 2014-04-13 10:10 - 00000000 ____D () C:\Users\pc\AppData\Local\P5
2014-07-31 17:06 - 2014-04-09 17:25 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Opera Software
2014-07-31 17:06 - 2014-01-17 19:09 - 00000000 ____D () C:\Users\pc\AppData\Roaming\BSplayer
2014-07-31 17:06 - 2013-09-17 18:23 - 00000000 ____D () C:\Users\pc\AppData\Roaming\OpenOffice
2014-07-31 17:06 - 2013-08-21 16:45 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Babylon
2014-07-31 17:06 - 2013-08-17 10:29 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Adobe
2014-07-31 17:05 - 2013-10-20 10:26 - 00000000 ____D () C:\Train Simulator 2014 Steam Edition
2014-07-31 17:05 - 2013-08-21 19:04 - 00000000 ____D () C:\Users\pc\AppData\Local\AVG Secure Search
2014-07-31 17:05 - 2013-08-21 17:49 - 00000000 ____D () C:\Users\pc\AppData\Local\AMD
2014-07-31 17:01 - 2014-04-13 10:10 - 00000000 ____D () C:\Redbet
2014-07-31 17:01 - 2013-08-17 10:27 - 00000000 ____D () C:\Poker
2014-07-31 15:08 - 2014-07-31 15:08 - 00099328 _____ () C:\Users\pc\17816.exe
2014-07-30 14:48 - 2014-07-30 14:48 - 00099328 _____ () C:\Users\pc\17639.exe
2014-07-30 14:46 - 2009-07-14 07:08 - 00032600 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-29 15:53 - 2014-07-29 15:53 - 00073728 _____ () C:\Users\pc\28199.exe
2014-07-29 15:53 - 2014-07-29 15:53 - 00000000 _____ () C:\Windows\28199.INI
2014-07-28 19:31 - 2011-11-28 16:59 - 00000000 ____D () C:\fotky notebook
2014-07-28 19:08 - 2013-08-21 16:36 - 00000000 ____D () C:\AMD
2014-07-28 19:04 - 2014-07-28 19:04 - 00008196 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-07-28 19:04 - 2014-07-28 19:04 - 00004142 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-07-28 19:04 - 2014-07-28 19:04 - 00000272 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-07-28 19:04 - 2014-04-28 15:36 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-07-28 19:04 - 2014-01-01 16:30 - 00000000 ____D () C:\ProgramData\Skype
2014-07-28 19:04 - 2013-08-21 16:40 - 00000000 ____D () C:\ProgramData\AMD
2014-07-28 19:01 - 2014-07-28 19:01 - 00092891 _____ (dcfdcvfdcd) C:\Users\pc\irarar.exe
2014-07-28 19:01 - 2014-07-28 19:01 - 00076800 _____ () C:\Users\pc\29817.exe
2014-07-28 19:01 - 2014-06-24 18:42 - 00076800 _____ () C:\Windows\SysWOW64\aaaaaaaa.exe
2014-07-28 19:01 - 2014-06-24 18:42 - 00076800 _____ () C:\Users\pc\aaaaaaaa.exe
2014-07-28 18:57 - 2014-07-28 18:57 - 00270336 _____ () C:\Windows\SysWOW64\makemote.exe
2014-07-28 18:57 - 2014-07-28 18:57 - 00023552 _____ () C:\Users\pc\AppData\Local\soikles.dll
2014-07-26 10:46 - 2014-07-26 10:46 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\iziziz.exe
2014-07-26 10:42 - 2014-07-26 10:42 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ifefef.exe
2014-07-26 10:38 - 2014-07-26 10:38 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\idadad.exe
2014-07-26 10:37 - 2014-07-26 10:37 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ijijij.exe
2014-07-26 10:36 - 2014-07-26 10:36 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\iwewew.exe
2014-07-26 10:35 - 2014-07-26 10:35 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ibobob.exe
2014-07-26 10:34 - 2014-07-26 10:34 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\imemem.exe
2014-07-26 10:32 - 2014-07-26 10:32 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\iqoqoq.exe
2014-07-26 10:29 - 2014-07-26 10:29 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ininin.exe
2014-07-26 10:28 - 2014-07-26 10:28 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ilolol.exe
2014-07-26 10:28 - 2014-07-26 10:28 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ijejej.exe
2014-07-26 10:27 - 2014-07-26 10:27 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\igogog.exe
2014-07-26 10:26 - 2014-07-26 10:26 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ivevev.exe
2014-07-26 10:24 - 2014-07-26 10:24 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\itutut.exe
2014-07-26 10:24 - 2014-07-26 10:24 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\itatat.exe
2014-07-26 10:21 - 2014-07-26 10:21 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\itotot.exe
2014-07-26 10:20 - 2014-07-26 10:20 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\imamam.exe
2014-07-26 10:20 - 2014-07-26 10:20 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ibibib.exe
2014-07-26 10:19 - 2014-07-26 10:19 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\izazaz.exe
2014-07-26 10:19 - 2014-07-26 10:19 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ixuxux.exe
2014-07-26 10:19 - 2014-07-26 10:19 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ixoxox.exe
2014-07-26 10:19 - 2014-07-26 10:19 - 00000000 ____D () C:\Users\pc\Desktop\Nová složka
2014-07-26 10:18 - 2014-07-26 10:18 - 00121578 _____ (dcfdcvfdcd) C:\Users\pc\ivovov.exe
2014-07-23 18:51 - 2014-07-23 18:51 - 00000000 ____D () C:\Users\pc\AppData\Local\G001
2014-07-22 05:21 - 2013-08-17 07:11 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-19 16:13 - 2014-07-19 16:13 - 00241925 _____ () C:\Users\pc\18369.exe
2014-07-19 16:13 - 2014-07-19 16:13 - 00069632 _____ () C:\Users\pc\38369.exe
2014-07-19 16:11 - 2014-06-13 19:02 - 00000000 ____D () C:\Users\pc\AppData\Local\USPmedia
2014-07-19 10:57 - 2014-07-19 10:57 - 00002449 __RSH () C:\Windows\SysWOW64\setting.ini
2014-07-19 10:57 - 2014-07-19 10:57 - 00000096 __RSH () C:\Windows\SysWOW64\setup.ini
2014-07-19 10:57 - 2014-07-19 10:57 - 00000000 __SHD () C:\Windows\SysWOW64\28463
2014-07-15 18:04 - 2013-09-07 09:45 - 00000000 ____D () C:\Users\pc\Documents\888poker
2014-07-12 20:09 - 2014-07-12 20:09 - 00001071 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.lnk
2014-07-12 20:09 - 2014-07-12 20:09 - 00001065 _____ () C:\Users\Public\Desktop\PokerStars.lnk
2014-07-12 20:09 - 2014-07-12 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars
2014-07-12 19:54 - 2014-07-12 19:54 - 00000000 ____D () C:\Users\pc\AppData\Roaming\IDM
2014-07-11 18:54 - 2014-07-11 18:54 - 00234664 _____ () C:\Users\pc\19756.exe
2014-07-11 18:54 - 2014-07-11 18:54 - 00035840 _____ () C:\Users\pc\29756.exe
2014-07-08 20:16 - 2013-08-17 10:29 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 20:16 - 2013-08-17 10:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 20:16 - 2013-08-17 10:29 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

Files to move or delete:
====================
C:\ProgramData\msfidbh.exe
C:\Users\pc\0719.exe
C:\Users\pc\17639.exe
C:\Users\pc\17816.exe
C:\Users\pc\17917.exe
C:\Users\pc\18124.exe
C:\Users\pc\18369.exe
C:\Users\pc\19756.exe
C:\Users\pc\19814.exe
C:\Users\pc\25663.exe
C:\Users\pc\28124.exe
C:\Users\pc\28199.exe
C:\Users\pc\29673.exe
C:\Users\pc\29756.exe
C:\Users\pc\29817.exe
C:\Users\pc\35663.exe
C:\Users\pc\37449.exe
C:\Users\pc\37814.exe
C:\Users\pc\38369.exe
C:\Users\pc\39673.exe
C:\Users\pc\39814.exe
C:\Users\pc\aaaaaaaa.exe
C:\Users\pc\gigig.exe
C:\Users\pc\ibibib.exe
C:\Users\pc\ibobob.exe
C:\Users\pc\idadad.exe
C:\Users\pc\ifefef.exe
C:\Users\pc\igogog.exe
C:\Users\pc\ijejej.exe
C:\Users\pc\ijijij.exe
C:\Users\pc\ilolol.exe
C:\Users\pc\imamam.exe
C:\Users\pc\imemem.exe
C:\Users\pc\ininin.exe
C:\Users\pc\iqoqoq.exe
C:\Users\pc\irarar.exe
C:\Users\pc\itatat.exe
C:\Users\pc\itotot.exe
C:\Users\pc\itutut.exe
C:\Users\pc\ivevev.exe
C:\Users\pc\ivovov.exe
C:\Users\pc\iwewew.exe
C:\Users\pc\ixoxox.exe
C:\Users\pc\ixuxux.exe
C:\Users\pc\izazaz.exe
C:\Users\pc\iziziz.exe
C:\Users\pc\nenen.exe
C:\Users\pc\qiqiq.exe
C:\Users\pc\zezez.exe


Some content of TEMP:
====================
C:\Users\pc\AppData\Local\Temp\KMP_3.9.0.126.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2014-07-29 18:56

==================== End Of Log ============================
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: USB disk - změna souboru

#5 Příspěvek od vyosek »

:arrow: Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: USB disk - změna souboru

#6 Příspěvek od vyosek »

:arrow: Jinak ty zasiforvane soubory nevim, uvidime jestli se nam je podari rozsifrovat - to bychom pak udelali pripadne ale pres vzdalenou plochu

:arrow: Muzete mi pak tech zasifrovanych souboru zabalil a poslat na mail
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
xero78
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 07 srp 2014 10:01

Re: USB disk - změna souboru

#7 Příspěvek od xero78 »

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/08/2014 04:18:17 PM in x64 mode.
Windows Version: Windows 7 Ultimate

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\pc\AppData\Roaming\Fuituf\fiyri.exe (PID: 2224) [UP-HEUR]
* C:\Users\pc\AppData\Roaming\xtbjgojzjsdfym3qloqcxfcfkshinw2r2\svcnost.exe (PID: 2884) [UP-HEUR]
* C:\Users\pc\AppData\Roaming\WMPRWISE.EXE (PID: 2896) [UP-HEUR]
* C:\Users\pc\AppData\Roaming\Microsoft\nakysotook.exe (PID: 2944) [UP-HEUR]
* C:\Users\pc\augoer\reogua.exe (PID: 3988) [UP-HEUR]
* C:\Users\pc\AppData\Local\Temp\hm14E88A59.tmp (PID: 4664) [UP-HEUR]
* C:\Windows\Installer\{7C3BDE10-F246-B99B-7A7E-B7575A2B2DE4}\syshost.exe (PID: 5816) [WD-HEUR]
* C:\Users\pc\ilolol.exe (PID: 8968) [UP-HEUR]
* C:\Users\pc\iyoyoy.exe (PID: 4020) [UP-HEUR]

9 proccesses terminated!

Checking Registry for malware related settings:

* System Policy Removed: DisableRegistryTools [HKCU]

Backup Registry file created at:
C:\Users\pc\Desktop\rkill\rkill-08-08-2014-04-18-22.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Modified HKCU\...\Winlogon: [Shell] => explorer.exe,C:\Users\pc\AppData\Roaming\template.xml

* Windows Automatic Updates Disabled

[HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate" = dword:00000001

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* Brána Windows Firewall (MpsSvc) is not Running.
Startup Type set to: Disabled

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Disabled

* Centrum zabezpečení (wscsvc) is not Running.
Startup Type set to: Disabled

* Windows Update (wuauserv) is not Running.
Startup Type set to: Disabled

* Ovladač ověření brány Windows Firewall (mpsdrv) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 downloads4.kaspersky-labs.com
127.0.0.1 downloads3.kaspersky-labs.com
127.0.0.1 downloads2.kaspersky-labs.com
127.0.0.1 downloads1.kaspersky-labs.com
127.0.0.1 downloads-us1.kaspersky-labs.com
127.0.0.1 rads.mcafee.com
127.0.0.1 www.secuser.com
127.0.0.1 a188.x.akamai.net
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 liveupdate.symantec.d4p.net
127.0.0.1 update.symantec.com
127.0.0.1 ftp.nai.com
127.0.0.1 www.grisoft.cz
127.0.0.1 www.grisoft.com
127.0.0.1 free.grisoft.cz
127.0.0.1 tds.diamondcs.com.au
127.0.0.1 ieupdate.gdata.de
127.0.0.1 ieupdate6.gdata.de
127.0.0.1 ieupdate5.gdata.de

20 out of 195 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 08/08/2014 04:18:55 PM
Execution time: 0 hours(s), 0 minute(s), and 38 seconds(s)
Nahoru
xero78
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 07 srp 2014 10:01

Re: USB disk - změna souboru

#8 Příspěvek od xero78 »

ComboFix 14-08-06.02 - pc 08.08.2014 16:23:48.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4094.2627 [GMT 2:00]
Spuštěný z: D:\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení


((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))


C:\ProgramData\msfidbh.exe
C:\Users\pc\0719.exe
C:\Users\pc\08358.exe
C:\Users\pc\08592.exe
C:\Users\pc\08795.exe
C:\Users\pc\08807.exe
C:\Users\pc\08811.exe
C:\Users\pc\08825.exe
C:\Users\pc\17639.exe
C:\Users\pc\17816.exe
C:\Users\pc\17917.exe
C:\Users\pc\18124.exe
C:\Users\pc\18369.exe
C:\Users\pc\19756.exe
C:\Users\pc\19814.exe
C:\Users\pc\25663.exe
C:\Users\pc\28124.exe
C:\Users\pc\28199.exe
C:\Users\pc\29673.exe
C:\Users\pc\29756.exe
C:\Users\pc\29817.exe
C:\Users\pc\35663.exe
C:\Users\pc\37449.exe
C:\Users\pc\37814.exe
C:\Users\pc\38369.exe
C:\Users\pc\39673.exe
C:\Users\pc\39814.exe
C:\Users\pc\aaaaaaaa.exe
C:\Users\pc\AppData\Local\rckonne.dll
C:\Users\pc\AppData\Local\rchokoe.dll
C:\Users\pc\AppData\Local\soikles.dll
C:\Users\pc\AppData\Roaming\84fbc1f8d562c60.xml
C:\Users\pc\AppData\Roaming\desktop.ini
C:\Users\pc\AppData\Roaming\Fuituf
C:\Users\pc\AppData\Roaming\Fuituf\fiyri.exe
C:\Users\pc\AppData\Roaming\Microsoft\nakysotook.exe
C:\Users\pc\AppData\Roaming\template.xml
C:\Users\pc\AppData\Roaming\WMPRWISE.EXE
C:\Users\pc\AppData\Roaming\xtbjgojzjsdfym3qloqcxfcfkshinw2r2\svcnost.exe
C:\Users\pc\augoer\reogua.exe
C:\Users\pc\Desktop\Setup.exe
C:\Users\pc\foinxw\wxniof.exe
C:\Users\pc\gigig.exe
C:\Users\pc\ibibib.exe
C:\Users\pc\ibobob.exe
C:\Users\pc\idadad.exe
C:\Users\pc\ifefef.exe
C:\Users\pc\igogog.exe
C:\Users\pc\ijejej.exe
C:\Users\pc\ijijij.exe
C:\Users\pc\ilolol.exe
C:\Users\pc\imamam.exe
C:\Users\pc\imemem.exe
C:\Users\pc\ininin.exe
C:\Users\pc\iqoqoq.exe
C:\Users\pc\irarar.exe
C:\Users\pc\itatat.exe
C:\Users\pc\itotot.exe
C:\Users\pc\itutut.exe
C:\Users\pc\ivevev.exe
C:\Users\pc\ivovov.exe
C:\Users\pc\ixoxox.exe
C:\Users\pc\ixuxux.exe
C:\Users\pc\iyoyoy.exe
C:\Users\pc\izazaz.exe
C:\Users\pc\iziziz.exe
C:\Users\pc\nenen.exe
C:\Users\pc\nulowuolanu.exe
C:\Users\pc\qiqiq.exe
C:\Users\pc\zezez.exe
C:\Windows\Installer\{7C3BDE10-F246-B99B-7A7E-B7575A2B2DE4}\syshost.exe
C:\Windows\regsvr.exe
C:\Windows\system32\makemote.exe
C:\Windows\SysWow64\28463
C:\Windows\SysWow64\aaaaaaaa.exe
C:\Windows\SysWow64\makemote.exe
C:\Windows\SysWow64\regsvr.exe
C:\Windows\SysWow64\setting.ini
C:\Windows\SysWow64\setup.ini
C:\Windows\SysWow64\svchost .exe


((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SecurityCenterServer3863432951
-------\Service_syshost32


((((((((((((((((((((((((( Soubory vytvořené od 2014-07-08 do 2014-08-08 )))))))))))))))))))))))))))))))


2014-08-08 14:29:22 . 2014-08-08 14:29:22 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-08-08 14:29:08 . 2014-08-08 14:32:45 -------- d-----w- C:\Users\pc\AppData\Roaming\Fuituf
2014-08-07 14:31:33 . 2014-08-07 14:32:38 -------- d-sh--r- C:\Users\pc\kieev
2014-08-07 14:29:52 . 2014-08-07 14:29:52 -------- d-sh--w- C:\Windows\system32\%APPDATA%
2014-08-07 14:11:15 . 2014-08-08 14:28:53 -------- d-sh--r- C:\Users\pc\augoer
2014-08-07 13:26:08 . 2014-08-07 13:26:09 -------- d-----w- C:\Program Files (x86)\trend micro
2014-08-07 13:25:48 . 2014-08-07 13:27:05 -------- d-----w- C:\Program Files\trend micro
2014-08-07 13:25:48 . 2014-08-07 13:25:48 -------- d-----w- C:\rsit
2014-08-06 20:20:47 . 2014-08-06 20:20:47 -------- d-----w- C:\Users\pc\AppData\Roaming\www.shadowexplorer.com
2014-08-06 20:20:30 . 2014-08-06 20:20:33 -------- d-----w- C:\Program Files (x86)\ShadowExplorer
2014-08-06 18:05:46 . 2014-08-06 18:05:47 -------- d-----w- C:\sh4ldr
2014-08-06 18:05:46 . 2014-08-06 18:05:46 -------- d-----w- C:\Program Files\Enigma Software Group
2014-08-06 17:53:55 . 2014-08-06 18:42:35 -------- d-----w- C:\Program Files (x86)\Vidalia Bundle
2014-08-06 17:53:55 . 2014-08-06 18:42:34 -------- d-----w- C:\Users\pc\AppData\Roaming\Tor
2014-08-06 17:53:55 . 2014-08-06 18:36:58 -------- d-----w- C:\Users\pc\AppData\Roaming\Vidalia
2014-08-05 14:10:07 . 2014-08-05 14:10:07 -------- d-----w- C:\Program Files\Google
2014-08-03 09:36:33 . 2014-08-03 09:36:33 -------- d-----w- C:\ProgramData\IbadiRwega
2014-08-02 07:23:47 . 2013-09-13 22:09:55 306853 ----a-w- C:\Windows\SysWow64\mafumo.exe
2014-07-31 16:39:45 . 2014-08-08 14:28:54 -------- d-sh--r- C:\Users\pc\foinxw
2014-07-31 13:10:32 . 2014-07-31 15:06:46 -------- d-----w- C:\Users\pc\AppData\Roaming\G001
2014-07-23 16:51:38 . 2014-07-23 16:51:38 -------- d-----w- C:\Users\pc\AppData\Local\G001
2014-07-12 17:54:03 . 2014-07-12 17:54:03 -------- d-----w- C:\Users\pc\AppData\Roaming\IDM
.


(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))

2014-08-08 14:32:20 . 2013-08-17 06:25:57 25640 ----a-w- C:\Windows\gdrv.sys
2014-08-07 14:39:03 . 2013-08-17 06:26:25 30528 ----a-w- C:\Windows\GVTDrv64.sys
2014-08-07 14:37:26 . 2014-06-01 16:09:14 55808 ---h--w- C:\Users\pc\AppData\Roaming\ntuser.dat
2014-07-08 18:16:20 . 2013-08-17 08:29:14 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-08 18:16:20 . 2013-08-17 08:29:14 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-01 16:11:30 . 2014-06-01 16:11:30 59840 ----a-w- C:\Windows\system32\drivers\8652bb12e0b3918c.sys
2014-06-01 15:01:09 . 2013-08-25 15:55:42 25640 ----a-w- C:\Windows\etdrv.sys
2014-05-14 16:40:42 . 2014-05-14 16:40:51 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-11 17:17:24 . 2014-05-04 09:42:53 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-05-11 17:17:24 . 2014-05-04 08:57:31 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-05-11 06:42:09 . 2014-05-04 08:57:31 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0


(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))


*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "C:\Users\pc\AppData\LocalLow\BS_Player_ControlBar\prxtbBS_0.dll" [2014-04-10 08:59:04 423744]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110311531182}]
2013-08-21 14:45:31 748032 ----a-w- C:\Program Files (x86)\hosts\hosts-bho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-12-23 13:38:54 1520560 ----a-w- C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2014-04-10 08:59:04 423744 ----a-w- C:\Users\pc\AppData\LocalLow\BS_Player_ControlBar\prxtbBS_0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "C:\Users\pc\AppData\LocalLow\BS_Player_ControlBar\prxtbBS_0.dll" [2014-04-10 08:59:04 423744]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll" [2013-12-23 13:38:54 1520560]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 19:38:12 1720976 ----a-w- C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 19:38:12 1720976 ----a-w- C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 19:38:12 1720976 ----a-w- C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="C:\Program Files (x86)\ICQ7.7\ICQ.exe" [2013-08-20 16:00:02 127040]
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-07-03 13:16:46 3673184]
"Viber"="C:\Users\pc\AppData\Local\Viber\Viber.exe" [2013-07-31 19:07:42 912904]
"cz.seznam.software.autoupdate"="C:\Users\pc\AppData\Roaming\Seznam.cz\szninstall.exe" [2013-05-16 13:25:04 1062472]
"cz.seznam.software.szndesktop"="C:\Users\pc\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2013-04-12 08:10:22 92664]
"aliim"="C:\Program Files (x86)\Trademanager\AliIM.exe" [2014-05-14 10:12:28 293272]
"MyDriveConnect.exe"="C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe" [2013-11-29 09:27:50 473496]
"BackgroundContainerV2"="C:\Users\pc\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll" [2014-03-31 13:40:06 325952]
"EADM"="C:\Program Files (x86)\Origin\Origin.exe" [2014-05-04 08:11:47 3588952]
"Raptr"="C:\PROGRA~2\Raptr\raptrstub.exe" [2014-07-30 20:10:42 55360]
"HydraVisionDesktopManager"="C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2013-03-28 20:08:14 389120]
"USPmedia Update"="C:\Users\pc\AppData\Local\USPmedia\OpenMayaRender.dll" [2014-07-11 19:51:38 795648]
"IbadiRwega"="C:\ProgramData\IbadiRwega\IbadiRwega.dat" [2014-08-05 18:48:05 239900]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCU"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 12:06:42 375000]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2010-01-19 02:27:56 43632]
"NUSB3MON"="C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 11:17:54 106496]
"Guard.Mail.ru.gui"="C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe" [2013-08-20 16:00:16 1564368]
"vProt"="C:\Program Files (x86)\AVG Secure Search\vprot.exe" [2014-06-25 13:07:53 2571288]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 16:57:26 959904]
"seznam-listicka-distribuce"="C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 13:25:04 1062472]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 06:22:28 59240]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2011-10-24 12:28:52 421888]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 07:16:26 254336]
"ApnUpdater"="C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [2013-12-23 13:38:58 1648048]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-17 20:38:10 767200]
"Regedit32"="C:\Windows\system32\regedit.exe" [2009-07-14 01:14:30 398336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"veeik"="C:\Users\pc\kieev\veeik.exe" [2014-07-23 16:56:46 139264]

C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DECRYPT_INSTRUCTION.HTML [2014-8-3 8196]
DECRYPT_INSTRUCTION.TXT [2014-8-3 4142]
DECRYPT_INSTRUCTION.URL [2014-8-3 272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe regsvr.exe"

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

R0 8652bb12e0b3918c;syshost.exe;C:\Windows\\SystemRoot\System32\Drivers\8652bb12e0b3918c.sys;C:\Windows\\SystemRoot\System32\Drivers\8652bb12e0b3918c.sys [x]
R2 AODDriver4.3;AODDriver4.3;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 sesvc;ShadowExplorer Service;C:\Program Files (x86)\ShadowExplorer\sesvc.exe;C:\Program Files (x86)\ShadowExplorer\sesvc.exe [x]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x]
R3 AODDriver;AODDriver;C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys;C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;C:\Windows\system32\AppleChargerSrv.exe;C:\Windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 AVEO;USB2.0 PC Camera;C:\Windows\system32\DRIVERS\AVEOdcnt.sys;C:\Windows\SYSNATIVE\DRIVERS\AVEOdcnt.sys [x]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]
R3 etdrv;etdrv;C:\Windows\etdrv.sys;C:\Windows\etdrv.sys [x]
R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys;C:\Windows\GVTDrv64.sys [x]
R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [x]
S1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys;C:\Windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 avgtp;avgtp;C:\Windows\system32\drivers\avgtpx64.sys;C:\Windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys;C:\Windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe;C:\Windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x]
S2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [x]
S2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE;C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [x]
S2 Guard.Mail.ru;Guard.Mail.ru;C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe;C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [x]
S2 ICQ Service;ICQ Service;C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe;C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [x]
S2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe;C:\Windows\SysWOW64\XSrvSetup.exe [x]
S2 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys;C:\Windows\SYSNATIVE\drivers\npf.sys [x]
S2 TBSrv;Toolbar Service;C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe;C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe [x]
S2 vToolbarUpdater18.1.7;vToolbarUpdater18.1.7;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys;C:\Windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys;C:\Windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys;C:\Windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys;C:\Windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]


--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - WS2IFSL

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-22 03:16:36 1104200 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe

Obsah adresáře 'Naplánované úlohy'

2014-08-08 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-17 08:29:14 . 2014-07-08 18:16:21]

2014-08-08 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-17 05:11:18 . 2013-08-17 05:11:18]

2014-08-08 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-17 05:11:18 . 2013-08-17 05:11:18]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 19:37:16 2322576 ----a-w- C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 19:37:16 2322576 ----a-w- C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 19:37:16 2322576 ----a-w- C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-06 09:59:40 10144288]

------- Doplňkový sken -------

uLocal Page = C:\Windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN30066941859531148&UM=1&ctid=CT1750559
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
TCP: DhcpNameServer = 81.200.48.55 81.200.48.11
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll
DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} - hxxp://94.229.82.168:8081/RtspVaPgDec.cab

- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Wow6432Node-HKCU-Run-hovajook - C:\Users\pc\AppData\Roaming\Microsoft\nakysotook.exe
Wow6432Node-HKCU-Run-aaaaaaaa - C:\Users\pc\aaaaaaaa.exe
Wow6432Node-HKCU-Run-javaocom - C:\Windows\system32\makemote.exe
Wow6432Node-HKCU-Run-soikles - C:\Users\pc\AppData\Local\soikles.dll
Wow6432Node-HKCU-Run-nulowuolanu - C:\Users\pc\nulowuolanu.exe
Wow6432Node-HKCU-Run-wxniof - C:\Users\pc\foinxw\wxniof.exe
Wow6432Node-HKCU-Run-rchokoe - C:\Users\pc\AppData\Local\rchokoe.dll
Wow6432Node-HKCU-Run-rckonne - C:\Users\pc\AppData\Local\rckonne.dll
Wow6432Node-HKCU-Run-Etyhymgodyofb - C:\Users\pc\AppData\Roaming\Fuituf\fiyri.exe
Wow6432Node-HKCU-Run-reogua - C:\Users\pc\augoer\reogua.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-aaaaaaaa - C:\Windows\System32\aaaaaaaa.exe
Wow6432Node-HKLM-Run-Etyhymgodyofb - C:\Users\pc\AppData\Roaming\Fuituf\fiyri.exe
Wow6432Node-HKU-Default-Run-Msn Messsenger - C:\Windows\system32\regsvr.exe
Wow6432Node-HKLM-Explorer_Run-884621673 - C:\PROGRA~3\msfidbh.exe
C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reogua.lnk - C:\Users\pc\augoer\reogua.exe /d
C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wxniof.lnk - (no file)
Notify-rchokoe - C:\Users\pc\AppData\Local\rchokoe.dll
Notify-rckonne - C:\Users\pc\AppData\Local\rckonne.dll
Notify-soikles - C:\Users\pc\AppData\Local\soikles.dll
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Etyhymgodyofb - C:\Users\pc\AppData\Roaming\Fuituf\fiyri.exe



--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)

------------------------ Jiné spuštené procesy ------------------------

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\pc\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\program files (x86)\hosts\hosts-bg.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Java\jre7\bin\javaw.exe

**************************************************************************

Celkový čas: 2014-08-08 16:38:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-08-08 14:38:45

Před spuštěním: 2 907 914 240
Po spuštění: 2 626 711 552

- - End Of File - - 0C9195FF2BCEFE96C8A5E546CE460519
A36C5E4F47E84449FF07ED3517B43A31
Nahoru
xero78
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 07 srp 2014 10:01

Re: USB disk - změna souboru

#9 Příspěvek od xero78 »

vyosek: Ano par zašifrovaných souborů Vám pošlu. Jaký mate email?
Nahoru
xero78
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 07 srp 2014 10:01

Re: USB disk - změna souboru

#10 Příspěvek od xero78 »

Podíval by se někdo na ty mé logy?
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: USB disk - změna souboru

#11 Příspěvek od vyosek »

:arrow: Podivam se na to, ale pracovni povinnosti mne sem nepustily

:arrow: Mail najdete v mem podpisu

:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

Folder::
C:\Users\pc\AppData\Roaming\Fuituf
C:\Users\pc\kieev
C:\Windows\system32\%APPDATA%
C:\Users\pc\augoer
C:\Users\pc\AppData\Roaming\xtbjgojzjsdfym3qloqcxfcfkshinw2r2
C:\Users\pc\AppData\Roaming\www.shadowexplorer.com
C:\Program Files (x86)\ShadowExplorer
C:\sh4ldr
C:\Program Files\Enigma Software Group
C:\Program Files (x86)\Vidalia Bundle
C:\Users\pc\AppData\Roaming\Tor
C:\Users\pc\AppData\Roaming\Vidalia
C:\ProgramData\IbadiRwega
C:\Users\pc\foinxw
C:\Users\pc\AppData\LocalLow\BS_Player_ControlBar
C:\Program Files (x86)\Ask.com
C:\Program Files (x86)\hosts
C:\Program Files (x86)\Guard-ICQ
C:\Program Files (x86)\AVG Secure Search
C:\ProgramData\IbadiRwega
C:\Users\pc\kieev
C:\Program Files (x86)\Tbccint\ToolbarService

Collect::
C:\Windows\\SystemRoot\System32\Drivers\8652bb12e0b3918c.sys
C:\Windows\SysWow64\mafumo.exe
C:\Windows\system32\drivers\8652bb12e0b3918c.sys
C:\Windows\system32\regedit.exe
C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.HTML
C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.TXT
C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.URL

Rootkit::
C:\Windows\system32\drivers\8652bb12e0b3918c.sys
C:\Windows\\SystemRoot\System32\Drivers\8652bb12e0b3918c.sys

File::
C:\Windows\Tasks\Adobe Flash Player Updater.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

Driver::
8652bb12e0b3918c
sesvc
SkypeUpdate
BBSvc
Guard.Mail.ru
ICQ Service
TBSrv
vToolbarUpdater18.1.7

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"=-
[-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110311531182}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"=-
"DAEMON Tools Lite"=-
"Viber"=-
"cz.seznam.software.autoupdate"=-
"cz.seznam.software.szndesktop"=-
"aliim"=-
"MyDriveConnect.exe"=-
"BackgroundContainerV2"=-
"EADM"=-
"USPmedia Update"=-
"IbadiRwega"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCU"=-
"Guard.Mail.ru.gui"=-
"vProt"=-
"Adobe ARM"=-
"seznam-listicka-distribuce"=-
"QuickTime Task"=-
"SunJavaUpdateSched"=-
"ApnUpdater"=-
"Regedit32"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"veeik"=-

DDS::
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT1750559
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]

ClearJavaCache::

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
xero78
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 07 srp 2014 10:01

Re: USB disk - změna souboru

#12 Příspěvek od xero78 »

Provedeno:

ComboFix 14-08-06.02 - pc 09.08.2014 9:49.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4094.2188 [GMT 2:00]
Spuštěný z: c:\users\pc\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\pc\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\assets\oobe\b.png
c:\program files (x86)\Ask.com\assets\oobe\bl.png
c:\program files (x86)\Ask.com\assets\oobe\br.png
c:\program files (x86)\Ask.com\assets\oobe\l.png
c:\program files (x86)\Ask.com\assets\oobe\pointer.png
c:\program files (x86)\Ask.com\assets\oobe\r.png
c:\program files (x86)\Ask.com\assets\oobe\t.png
c:\program files (x86)\Ask.com\assets\oobe\tl.png
c:\program files (x86)\Ask.com\assets\oobe\tr.png
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\precache.exe
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\Updater\config.xml
c:\program files (x86)\Ask.com\Updater\Updater.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
c:\program files (x86)\AVG Secure Search
c:\program files (x86)\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll
c:\program files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll
c:\program files (x86)\AVG Secure Search\17.0.0.9\AVG Secure Search_toolbar.dll
c:\program files (x86)\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll
c:\program files (x86)\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll
c:\program files (x86)\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll
c:\program files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll
c:\program files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll
c:\program files (x86)\AVG Secure Search\18.0.0.248\install.ini
c:\program files (x86)\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll
c:\program files (x86)\AVG Secure Search\18.0.5.292\install.ini
c:\program files (x86)\AVG Secure Search\18.1.0.443\AVG Secure Search_toolbar.dll
c:\program files (x86)\AVG Secure Search\18.1.0.443\install.ini
c:\program files (x86)\AVG Secure Search\18.1.7.644\AVG Secure Search_toolbar.dll
c:\program files (x86)\AVG Secure Search\18.1.7.644\install.ini
c:\program files (x86)\AVG Secure Search\about.gif
c:\program files (x86)\AVG Secure Search\active-threats18.gif
c:\program files (x86)\AVG Secure Search\AVG Secure Search
c:\program files (x86)\AVG Secure Search\AvgComponents.manifest
c:\program files (x86)\AVG Secure Search\avgMozXPCOM.js
c:\program files (x86)\AVG Secure Search\BundleInstall.exe
c:\program files (x86)\AVG Secure Search\BundleInstall\_._
c:\program files (x86)\AVG Secure Search\BundleInstaller.ini
c:\program files (x86)\AVG Secure Search\calc.gif
c:\program files (x86)\AVG Secure Search\CleanHistory.gif
c:\program files (x86)\AVG Secure Search\configuration.xml
c:\program files (x86)\AVG Secure Search\crash.avgdx
c:\program files (x86)\AVG Secure Search\current.gif
c:\program files (x86)\AVG Secure Search\currently-safe18.gif
c:\program files (x86)\AVG Secure Search\data.zip
c:\program files (x86)\AVG Secure Search\DSPDlg_IE\all.css
c:\program files (x86)\AVG Secure Search\DSPDlg_IE\btn-ok2.gif
c:\program files (x86)\AVG Secure Search\DSPDlg_IE\downBtn.png
c:\program files (x86)\AVG Secure Search\DSPDlg_IE\DSPDlg_IE.html
c:\program files (x86)\AVG Secure Search\DSPDlg_IE\logo2.png
c:\program files (x86)\AVG Secure Search\DSPDlg_IE\Thumbs.db
c:\program files (x86)\AVG Secure Search\DSPDlg_IE\upBtn.png
c:\program files (x86)\AVG Secure Search\EnableHelperRes\EEImageHandler.html
c:\program files (x86)\AVG Secure Search\EnableHelperRes\Images\box_ie.png
c:\program files (x86)\AVG Secure Search\EnableHelperRes\Images\Thumbs.db
c:\program files (x86)\AVG Secure Search\EULA.gif
c:\program files (x86)\AVG Secure Search\Eula.txt
c:\program files (x86)\AVG Secure Search\Facebook.gif
c:\program files (x86)\AVG Secure Search\favicon.ico
c:\program files (x86)\AVG Secure Search\feedback.gif
c:\program files (x86)\AVG Secure Search\FireFoxSearchXml.tmp
c:\program files (x86)\AVG Secure Search\help.gif
c:\program files (x86)\AVG Secure Search\Chrome\content\icons\bg_close.gif
c:\program files (x86)\AVG Secure Search\Chrome\content\icons\bg_expand.gif
c:\program files (x86)\AVG Secure Search\Chrome\content\icons\bg_tooltip.gif
c:\program files (x86)\AVG Secure Search\Chrome\content\icons\bg_tracking.gif
c:\program files (x86)\AVG Secure Search\Chrome\content\icons\bull4x4.gif
c:\program files (x86)\AVG Secure Search\Chrome\content\icons\divider.gif
c:\program files (x86)\AVG Secure Search\Chrome\content\icons\innerBG_gradient.gif
c:\program files (x86)\AVG Secure Search\Chrome\content\icons\loader.gif
c:\program files (x86)\AVG Secure Search\ChromeGuardRes\avg_logo_medium.png
c:\program files (x86)\AVG Secure Search\ChromeGuardRes\cg.css
c:\program files (x86)\AVG Secure Search\ChromeGuardRes\cg.js
c:\program files (x86)\AVG Secure Search\ChromeGuardRes\ChromeGuadDsp.html
c:\program files (x86)\AVG Secure Search\ChromeGuardRes\jquery-1.8.1.min.js
c:\program files (x86)\AVG Secure Search\ChromeRes\AVG Nation toolbar\nt28_2.html
c:\program files (x86)\AVG Secure Search\ChromeRes\AVG SafeGuard toolbar\nt28.html
c:\program files (x86)\AVG Secure Search\ChromeRes\AVG SafeGuard toolbar\nt28_2.html
c:\program files (x86)\AVG Secure Search\ChromeRes\AVG Secure Search\nt28.html
c:\program files (x86)\AVG Secure Search\ChromeRes\AVG Secure Search\nt28_2.html
c:\program files (x86)\AVG Secure Search\ChromeRes\nt.html
c:\program files (x86)\AVG Secure Search\ChromeRes\nt28.html
c:\program files (x86)\AVG Secure Search\ChromeRes\nt28.js
c:\program files (x86)\AVG Secure Search\ChromeRes\nt28_2.html
c:\program files (x86)\AVG Secure Search\ChromeRes\nt28_2.js
c:\program files (x86)\AVG Secure Search\icon18.gif
c:\program files (x86)\AVG Secure Search\IeDspHelperRes\ie_dsp_step1.html
c:\program files (x86)\AVG Secure Search\IeDspHelperRes\ie_dsp_step2.html
c:\program files (x86)\AVG Secure Search\IeDspHelperRes\ie_dsp1.css
c:\program files (x86)\AVG Secure Search\IeDspHelperRes\ie_dsp1.js
c:\program files (x86)\AVG Secure Search\IeDspHelperRes\ie_dsp2.css
c:\program files (x86)\AVG Secure Search\IeDspHelperRes\ie_dsp2.js
c:\program files (x86)\AVG Secure Search\IeDspHelperRes\Images\arrow-up.png
c:\program files (x86)\AVG Secure Search\IeDspHelperRes\Images\arrow.png
c:\program files (x86)\AVG Secure Search\IeDspHelperRes\Images\avg_logo.png
c:\program files (x86)\AVG Secure Search\IeDspHelperRes\Images\box-bottom-small.png
c:\program files (x86)\AVG Secure Search\IeDspHelperRes\Images\box-bottom.png
c:\program files (x86)\AVG Secure Search\IeDspHelperRes\Images\box-middle.png
c:\program files (x86)\AVG Secure Search\IeDspHelperRes\Images\box-top-small.png
c:\program files (x86)\AVG Secure Search\IeDspHelperRes\Images\box-top.png
c:\program files (x86)\AVG Secure Search\IeDspHelperRes\jquery-1.8.1.min.js
c:\program files (x86)\AVG Secure Search\labs.gif
c:\program files (x86)\AVG Secure Search\Licenses\CPOL license.txt
c:\program files (x86)\AVG Secure Search\Licenses\Encoding_decoding_base64.txt
c:\program files (x86)\AVG Secure Search\Licenses\hmac.txt
c:\program files (x86)\AVG Secure Search\Licenses\LICENSE-bsdiff.txt
c:\program files (x86)\AVG Secure Search\Licenses\LICENSE-bzip.txt
c:\program files (x86)\AVG Secure Search\Licenses\LICENSE-JasonCpp.txt
c:\program files (x86)\AVG Secure Search\Licenses\LICENSE-MPL-NPAPI.txt
c:\program files (x86)\AVG Secure Search\Licenses\LICENSE-sparsehash.txt
c:\program files (x86)\AVG Secure Search\Licenses\Log4CPlus.txt
c:\program files (x86)\AVG Secure Search\Licenses\PassthruApp.txt
c:\program files (x86)\AVG Secure Search\lip.exe
c:\program files (x86)\AVG Secure Search\note.gif
c:\program files (x86)\AVG Secure Search\PostInstall.exe
c:\program files (x86)\AVG Secure Search\PostInstall\_._
c:\program files (x86)\AVG Secure Search\PostInstaller.ini
c:\program files (x86)\AVG Secure Search\privacy.gif
c:\program files (x86)\AVG Secure Search\remote_configuration.xml
c:\program files (x86)\AVG Secure Search\search.gif
c:\program files (x86)\AVG Secure Search\setup.bmp
c:\program files (x86)\AVG Secure Search\surf-with-caution18.gif
c:\program files (x86)\AVG Secure Search\TBAPI.dll
c:\program files (x86)\AVG Secure Search\Uninstall.exe
c:\program files (x86)\AVG Secure Search\uninstall.gif
c:\program files (x86)\AVG Secure Search\UninstallRes\ClientPackage\Images\uninstall\cp-bg.png
c:\program files (x86)\AVG Secure Search\UninstallRes\ClientPackage\Images\uninstall\cp_logo.png
c:\program files (x86)\AVG Secure Search\UninstallRes\ClientPackage\Images\uninstall\downBtn.png
c:\program files (x86)\AVG Secure Search\UninstallRes\ClientPackage\Images\uninstall\loader.gif
c:\program files (x86)\AVG Secure Search\UninstallRes\ClientPackage\Images\uninstall\uninstall-bg.png
c:\program files (x86)\AVG Secure Search\UninstallRes\ClientPackage\Images\uninstall\upBtn.png
c:\program files (x86)\AVG Secure Search\UninstallRes\ClientPackage\jquery-1.5.1.min.js
c:\program files (x86)\AVG Secure Search\UninstallRes\ClientPackage\jquery-1.8.1.min.js
c:\program files (x86)\AVG Secure Search\UninstallRes\ClientPackage\JQueyExtensions.js
c:\program files (x86)\AVG Secure Search\UninstallRes\ClientPackage\uninstall_cp.css
c:\program files (x86)\AVG Secure Search\UninstallRes\ClientPackage\Uninstall_cp.html
c:\program files (x86)\AVG Secure Search\UninstallRes\ClientPackage\Uninstall_cp_step2.html
c:\program files (x86)\AVG Secure Search\updating18.gif
c:\program files (x86)\AVG Secure Search\vprot.exe
c:\program files (x86)\AVG Secure Search\weather.gif
c:\program files (x86)\AVG Secure Search\windows.gif
c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll
c:\program files (x86)\Guard-ICQ
c:\program files (x86)\Guard-ICQ\GuardICQ.exe
c:\program files (x86)\hosts
c:\program files (x86)\hosts\background.html
c:\program files (x86)\hosts\hosts-bg.exe
c:\program files (x86)\hosts\hosts-bho.dll
c:\program files (x86)\hosts\hosts-buttonutil.dll
c:\program files (x86)\hosts\hosts-buttonutil.exe
c:\program files (x86)\hosts\hosts-buttonutil64.dll
c:\program files (x86)\hosts\hosts-buttonutil64.exe
c:\program files (x86)\hosts\hosts-codedownloader.exe
c:\program files (x86)\hosts\hosts-helper.exe
c:\program files (x86)\hosts\hosts.ico
c:\program files (x86)\hosts\Installer.log
c:\program files (x86)\hosts\Uninstall.exe
c:\program files (x86)\ShadowExplorer
c:\program files (x86)\ShadowExplorer\icon.ico
c:\program files (x86)\ShadowExplorer\Microsoft.WindowsAPICodePack.dll
c:\program files (x86)\ShadowExplorer\sesvc.exe
c:\program files (x86)\ShadowExplorer\sesvc.InstallState
c:\program files (x86)\ShadowExplorer\ShadowExplorer.exe
c:\program files (x86)\ShadowExplorer\ShadowExplorer.exe.config
c:\program files (x86)\ShadowExplorer\unins000.dat
c:\program files (x86)\ShadowExplorer\unins000.exe
c:\program files (x86)\Tbccint\ToolbarService
c:\program files (x86)\Tbccint\ToolbarService\ToolbarService.exe
c:\program files (x86)\Vidalia Bundle
c:\program files (x86)\Vidalia Bundle\Polipo\config
c:\program files (x86)\Vidalia Bundle\Polipo\config.sample
c:\program files (x86)\Vidalia Bundle\Polipo\COPYING
c:\program files (x86)\Vidalia Bundle\Polipo\forbidden
c:\program files (x86)\Vidalia Bundle\Polipo\forbidden.sample
c:\program files (x86)\Vidalia Bundle\Polipo\CHANGES
c:\program files (x86)\Vidalia Bundle\Polipo\Polipo Website.url
c:\program files (x86)\Vidalia Bundle\Polipo\polipo.conf
c:\program files (x86)\Vidalia Bundle\Polipo\README.Windows
c:\program files (x86)\Vidalia Bundle\Tor\Documents\address-spec.txt
c:\program files (x86)\Vidalia Bundle\Tor\Documents\bridges-spec.txt
c:\program files (x86)\Vidalia Bundle\Tor\Documents\control-spec.txt
c:\program files (x86)\Vidalia Bundle\Tor\Documents\dir-spec.txt
c:\program files (x86)\Vidalia Bundle\Tor\Documents\HACKING
c:\program files (x86)\Vidalia Bundle\Tor\Documents\ChangeLog
c:\program files (x86)\Vidalia Bundle\Tor\Documents\LICENSE
c:\program files (x86)\Vidalia Bundle\Tor\Documents\path-spec.txt
c:\program files (x86)\Vidalia Bundle\Tor\Documents\README
c:\program files (x86)\Vidalia Bundle\Tor\Documents\rend-spec.txt
c:\program files (x86)\Vidalia Bundle\Tor\Documents\socks-extensions.txt
c:\program files (x86)\Vidalia Bundle\Tor\Documents\tor-gencert.html
c:\program files (x86)\Vidalia Bundle\Tor\Documents\tor-resolve.html
c:\program files (x86)\Vidalia Bundle\Tor\Documents\tor-spec.txt
c:\program files (x86)\Vidalia Bundle\Tor\Documents\tor.html
c:\program files (x86)\Vidalia Bundle\Tor\Documents\torify.html
c:\program files (x86)\Vidalia Bundle\Tor\Documents\version-spec.txt
c:\program files (x86)\Vidalia Bundle\Tor\Tor Website.url
c:\program files (x86)\Vidalia Bundle\Vidalia\CREDITS
c:\program files (x86)\Vidalia Bundle\Vidalia\CHANGELOG
c:\program files (x86)\Vidalia Bundle\Vidalia\LICENSE-GPLV2
c:\program files (x86)\Vidalia Bundle\Vidalia\LICENSE-GPLV3
c:\program files (x86)\Vidalia Bundle\Vidalia\LICENSE-LGPLV3
c:\program files (x86)\Vidalia Bundle\Vidalia\LICENSE-OPENSSL
c:\program files (x86)\Vidalia Bundle\Vidalia\LICENSE
c:\program files (x86)\Vidalia Bundle\Vidalia\README
c:\program files (x86)\Vidalia Bundle\Vidalia\Vidalia Website.url
c:\program files\Enigma Software Group
c:\program files\Enigma Software Group\SpyHunter\Czech.lng
c:\program files\Enigma Software Group\SpyHunter\Danish.lng
c:\program files\Enigma Software Group\SpyHunter\Data\dns.dat
c:\program files\Enigma Software Group\SpyHunter\Data\proxy.dat
c:\program files\Enigma Software Group\SpyHunter\Defs\def.dat
c:\program files\Enigma Software Group\SpyHunter\Dutch.lng
c:\program files\Enigma Software Group\SpyHunter\English.lng
c:\program files\Enigma Software Group\SpyHunter\Finnish.lng
c:\program files\Enigma Software Group\SpyHunter\French.lng
c:\program files\Enigma Software Group\SpyHunter\gas.dat
c:\program files\Enigma Software Group\SpyHunter\German.lng
c:\program files\Enigma Software Group\SpyHunter\gil.dat
c:\program files\Enigma Software Group\SpyHunter\INSTALL.LOG
c:\program files\Enigma Software Group\SpyHunter\Italian.lng
c:\program files\Enigma Software Group\SpyHunter\license.txt
c:\program files\Enigma Software Group\SpyHunter\Lithuanian.lng
c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20140806_200622.log
c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20140806_203643.log
c:\program files\Enigma Software Group\SpyHunter\mon\autoexec.bat.bk
c:\program files\Enigma Software Group\SpyHunter\mon\hosts.bk
c:\program files\Enigma Software Group\SpyHunter\mon\system.ini.bk
c:\program files\Enigma Software Group\SpyHunter\mon\win.ini.bk
c:\program files\Enigma Software Group\SpyHunter\Norwegian.lng
c:\program files\Enigma Software Group\SpyHunter\Portuguese.lng
c:\program files\Enigma Software Group\SpyHunter\purl.dat
c:\program files\Enigma Software Group\SpyHunter\Russian.lng
c:\program files\Enigma Software Group\SpyHunter\scanlog.log
c:\program files\Enigma Software Group\SpyHunter\SHDS.mht
c:\program files\Enigma Software Group\SpyHunter\Spanish.lng
c:\program files\Enigma Software Group\SpyHunter\Swedish.lng
c:\programdata\IbadiRwega
c:\programdata\IbadiRwega\IbadiRwega.dat
C:\sh4ldr
c:\sh4ldr\initrd.gz
c:\sh4ldr\shldr
c:\sh4ldr\shldr.mbr
c:\sh4ldr\vmlinuz
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_conduit_com_59_175_CT1750559_Images_634557624398258531_png.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_conduit_com_59_175_CT1750559_images_634571297250081251_24PX_png.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_conduit_com_59_175_CT1750559_images_634593767955696458_24PX_png.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_conduit_com_59_175_CT1750559_images_634593826325289055_24PX_png.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Uninstall_png.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_conduit_com_bankimages_iconsGallery_16_4822797188264580234_png.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_conduit_com_bankimages_iconsGallery_16_4829480468361840163_png.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_conduit_com_bankimages_iconsGallery_16_4891257746483578492_png.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_conduit_com_bankimages_iconsGallery_16_4992819580089752696_png.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_conduit_com_bankimages_iconsGallery_16_5017717765120465794_png.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_conduit_com_bankimages_iconsGallery_16_5241862250437351302_png.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_conduit_com_bankimages_iconsGallery_16_5423390466601380686_png.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_conduit_com_bankimages_iconsGallery_16_5657112715281953362_png.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_conduit_com_bankimages_iconsGallery_20_5600148706258463264_png.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_conduit_com_images_eula_png.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_conduit_com_images_Menu_uninstall-icon_png.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_conduit_com_MarketPlace_27_580_2760e0b4-18bf-4506-b490-68675d529580_Appearance_634162503573491253_24x24_png.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_conduit_com_MarketPlace_81_28e_816147d9-d2b0-4dc7-b220-fb7ea1b1228e_Appearance_634726106907093173_png.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___storage_conduit_com_MarketPlace_d5_3fe_d5c4c431-a6ed-49fe-9670-df872dce43fe_Appearance_634527283768578406_png.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___weather_conduit_com_images_weather_Default_cloudy_gif.gif
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___weather_conduit_com_images_weather_Default_drizzle_gif.gif
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___weather_conduit_com_images_weather_Default_flurries_gif.gif
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___weather_conduit_com_images_weather_Default_foggy_night_gif.gif
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___weather_conduit_com_images_weather_Default_hazy_gif.gif
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___weather_conduit_com_images_weather_Default_hazy_night_gif.gif
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_gif.gif
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_night_gif.gif
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___weather_conduit_com_images_weather_Default_showers_gif.gif
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_gif.gif
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_night_gif.gif
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\DECRYPT_INSTRUCTION.HTML
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\DECRYPT_INSTRUCTION.TXT
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\DECRYPT_INSTRUCTION.URL
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\AddedAppDialog\app-added.js
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\AddedAppDialog\main.html
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\DECRYPT_INSTRUCTION.HTML
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\DECRYPT_INSTRUCTION.TXT
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\DECRYPT_INSTRUCTION.URL
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\DefualtImages\icon.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\DetectedAppDialog\app-2go.js
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\DetectedAppDialog\main.html
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\DialogsAPI.js
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\EngineFirstTimeDialog\EngineFirstTimeDialog.js
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\EngineFirstTimeDialog\main.html
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\EngineFirstTimeDialog\right-click.gif
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\excanvas.js
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\generalDialogStyle.css
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\NewSearchProtectorDialog\images\ok-button.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\NewSearchProtectorDialog\images\separation-line.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\NewSearchProtectorDialog\images\warning.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\NewSearchProtectorDialog\main.html
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\NewSearchProtectorDialog\SearchProtector.css
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\NewSearchProtectorDialog\SearchProtector.js
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\PIE.htc
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\RoundedCorners.css
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\RoundedCornersIE9.css
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\SearchProtectorBubbleDialog\bubble.css
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\SearchProtectorBubbleDialog\bubble.js
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\SearchProtectorBubbleDialog\images\information.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\SearchProtectorBubbleDialog\images\x-default-LTR.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\SearchProtectorBubbleDialog\images\x-default-RTL.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-LTR.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-RTL.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\SearchProtectorBubbleDialog\main.html
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\SearchProtectorDialog\Images\info.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\SearchProtectorDialog\Images\ok-on.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\SearchProtectorDialog\Images\ok.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\SearchProtectorDialog\main.html
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\SearchProtectorDialog\SearchProtector.css
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\SearchProtectorDialog\SearchProtector.js
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\SearchProtectorRetakeoverDialog\Images\info.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\SearchProtectorRetakeoverDialog\Images\ok-on.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\SearchProtectorRetakeoverDialog\Images\ok.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\SearchProtectorRetakeoverDialog\main.html
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.css
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.js
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\settings.js
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\ToolbarFirstTimeDialog\images\app-store-icon.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\ToolbarFirstTimeDialog\images\arrow.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\ToolbarFirstTimeDialog\images\divider.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\ToolbarFirstTimeDialog\images\emailNotifier.gif
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\ToolbarFirstTimeDialog\images\facebook.png
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\ToolbarFirstTimeDialog\images\radio.GIF
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\ToolbarFirstTimeDialog\images\Thumbs.db
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\ToolbarFirstTimeDialog\images\truste_welcome.GIF
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\ToolbarFirstTimeDialog\images\weather.GIF
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\ToolbarFirstTimeDialog\main.html
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.css
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.js
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\ToolbarUntrustedAppsApprovalDialog\main.html
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\ToolbarUntrustedAppsApprovalDialog\ToolbarUntrustedAppsApprovalDialog.js
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\UntrustedAddedAppDialog\main.html
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\UntrustedAddedAppDialog\UT-app-dialog-added.js
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\UntrustedAppApprovalDialog\main.html
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\UntrustedAppApprovalDialog\UT-app-dialog-needs-your-approval.js
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\UntrustedAppPendingDialog\main.html
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\UntrustedAppPendingDialog\UT-app-dialog-is-waiting.js
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Dialogs\version.txt
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en-us&ctid=CT1750559.xml
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en-us&ctid=CT1750559.xml
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en-us&ctid=CT1750559.xml
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en-us&ctid=CT1750559&UM=1.xml
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\hk64tbBS_0.dll
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\hk64tbBS_2.dll
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\hk64tbBS_P.dll
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\hktbBS_0.dll
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\hktbBS_2.dll
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\hktbBS_P.dll
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\ldrtbBS_0.dll
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\ldrtbBS_2.dll
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\ldrtbBS_P.dll
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\prxtbBS_0.dll
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\prxtbBS_2.dll
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\RadioPlayer\IP_Stations_Media_List.xml
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\RadioPlayer\Predefined_Media_List.xml
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\AppsMetaData\data.bck.txt
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\AppsMetaData\data.txt
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\AppsMetaData\DECRYPT_INSTRUCTION.HTML
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\AppsMetaData\DECRYPT_INSTRUCTION.TXT
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\AppsMetaData\DECRYPT_INSTRUCTION.URL
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\DECRYPT_INSTRUCTION.HTML
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\DECRYPT_INSTRUCTION.TXT
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\DECRYPT_INSTRUCTION.URL
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\DynamicDialogs\data.bck.txt
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\DynamicDialogs\data.txt
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\DynamicDialogs\DECRYPT_INSTRUCTION.HTML
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\DynamicDialogs\DECRYPT_INSTRUCTION.TXT
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\DynamicDialogs\DECRYPT_INSTRUCTION.URL
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\ToolbarHiddenLogin\data.bck.txt
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\ToolbarHiddenLogin\data.txt
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\ToolbarHiddenLogin\DECRYPT_INSTRUCTION.HTML
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\ToolbarHiddenLogin\DECRYPT_INSTRUCTION.TXT
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\ToolbarHiddenLogin\DECRYPT_INSTRUCTION.URL
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\ToolbarHiddenSettings\data.bck.txt
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\ToolbarHiddenSettings\data.txt
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\ToolbarHiddenSettings\DECRYPT_INSTRUCTION.HTML
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\ToolbarHiddenSettings\DECRYPT_INSTRUCTION.TXT
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\ToolbarHiddenSettings\DECRYPT_INSTRUCTION.URL
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\ToolbarLogin\data.bck.txt
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\ToolbarLogin\data.txt
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\ToolbarLogin\DECRYPT_INSTRUCTION.HTML
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\ToolbarLogin\DECRYPT_INSTRUCTION.TXT
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\ToolbarLogin\DECRYPT_INSTRUCTION.URL
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\ToolbarSettings\data.bck.txt
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\ToolbarSettings\data.txt
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\ToolbarSettings\DECRYPT_INSTRUCTION.HTML
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\ToolbarSettings\DECRYPT_INSTRUCTION.TXT
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\ToolbarSettings\DECRYPT_INSTRUCTION.URL
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\ToolbarTranslation\data.txt
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\ToolbarTranslation\DECRYPT_INSTRUCTION.HTML
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\ToolbarTranslation\DECRYPT_INSTRUCTION.TXT
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_CT1750559\ToolbarTranslation\DECRYPT_INSTRUCTION.URL
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_en-us\DECRYPT_INSTRUCTION.HTML
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_en-us\DECRYPT_INSTRUCTION.TXT
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_en-us\DECRYPT_INSTRUCTION.URL
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_en-us\ToolbarTranslation\data.bck.txt
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_en-us\ToolbarTranslation\data.txt
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_en-us\ToolbarTranslation\DECRYPT_INSTRUCTION.HTML
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_en-us\ToolbarTranslation\DECRYPT_INSTRUCTION.TXT
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\conduit_CT1750559_en-us\ToolbarTranslation\DECRYPT_INSTRUCTION.URL
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\DECRYPT_INSTRUCTION.HTML
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\DECRYPT_INSTRUCTION.TXT
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\Repository\DECRYPT_INSTRUCTION.URL
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\tbBS_0.dll
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\tbBS_1.dll
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\tbBS_2.dll
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\tbBS_P.dll
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\ThirdPartyComponents.xml
c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\toolbar.cfg
c:\users\pc\AppData\Roaming\Fuituf
c:\users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.HTML
c:\users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.TXT
c:\users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.URL
c:\users\pc\AppData\Roaming\Tor
c:\users\pc\AppData\Roaming\Tor\cached-certs
c:\users\pc\AppData\Roaming\Tor\cached-consensus
c:\users\pc\AppData\Roaming\Tor\cached-descriptors
c:\users\pc\AppData\Roaming\Tor\geoip
c:\users\pc\AppData\Roaming\Tor\lock
c:\users\pc\AppData\Roaming\Tor\state
c:\users\pc\AppData\Roaming\Vidalia
c:\users\pc\AppData\Roaming\Vidalia\geoip-cache
c:\users\pc\AppData\Roaming\Vidalia\torrc
c:\users\pc\AppData\Roaming\Vidalia\vidalia.conf
c:\users\pc\AppData\Roaming\www.shadowexplorer.com
c:\users\pc\AppData\Roaming\www.shadowexplorer.com\ShadowExplorer.exe_StrongName_xtjupzqizfvrswisywb5m1z43nbxsnce\0.9.462.0\user.config
c:\users\pc\AppData\Roaming\xtbjgojzjsdfym3qloqcxfcfkshinw2r2
c:\users\pc\augoer
c:\users\pc\augoer\1.exe
c:\users\pc\augoer\2.exe
c:\users\pc\augoer\3.exe
c:\users\pc\augoer\4.exe
c:\users\pc\foinxw
c:\users\pc\kieev
c:\users\pc\kieev\veeik.exe
c:\windows\system32\drivers\8652bb12e0b3918c.sys
c:\windows\SysWow64\mafumo.exe
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_8652BB12E0B3918C
-------\Service_8652bb12e0b3918c
-------\Service_BBSvc
-------\Service_Guard.Mail.ru
-------\Service_ICQ Service
-------\Service_sesvc
-------\Service_SkypeUpdate
-------\Service_TBSrv
-------\Service_vToolbarUpdater18.1.7
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-09 do 2014-08-09 )))))))))))))))))))))))))))))))
.
.
2014-08-09 07:54 . 2014-08-09 07:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-07 14:29 . 2014-08-07 14:29 -------- d-sh--w- c:\windows\system32\%APPDATA%
2014-08-07 13:26 . 2014-08-07 13:26 -------- d-----w- c:\program files (x86)\trend micro
2014-08-07 13:25 . 2014-08-07 13:27 -------- d-----w- c:\program files\trend micro
2014-08-07 13:25 . 2014-08-07 13:25 -------- d-----w- C:\rsit
2014-08-05 14:10 . 2014-08-05 14:10 -------- d-----w- c:\program files\Google
2014-07-31 13:10 . 2014-07-31 15:06 -------- d-----w- c:\users\pc\AppData\Roaming\G001
2014-07-23 16:51 . 2014-07-23 16:51 -------- d-----w- c:\users\pc\AppData\Local\G001
2014-07-12 17:54 . 2014-07-12 17:54 -------- d-----w- c:\users\pc\AppData\Roaming\IDM
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-09 07:59 . 2013-08-17 06:25 25640 ----a-w- c:\windows\gdrv.sys
2014-08-07 14:39 . 2013-08-17 06:26 30528 ----a-w- c:\windows\GVTDrv64.sys
2014-08-07 14:37 . 2014-06-01 16:09 55808 ---h--w- c:\users\pc\AppData\Roaming\ntuser.dat
2014-07-08 18:16 . 2013-08-17 08:29 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-08 18:16 . 2013-08-17 08:29 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-01 15:01 . 2013-08-25 15:55 25640 ----a-w- c:\windows\etdrv.sys
2014-05-14 16:40 . 2014-05-14 16:40 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-11 17:17 . 2014-05-04 09:42 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-05-11 17:17 . 2014-05-04 08:57 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 19:38 1720976 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 19:38 1720976 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 19:38 1720976 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2014-07-30 55360]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2013-03-28 389120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-17 767200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"884621673"="c:\progra~3\msfidbh.exe" [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe regsvr.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AODDriver4.3;AODDriver4.3;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AODDriver;AODDriver;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 AVEO;USB2.0 PC Camera;c:\windows\system32\DRIVERS\AVEOdcnt.sys;c:\windows\SYSNATIVE\DRIVERS\AVEOdcnt.sys [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [x]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [x]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe;c:\windows\SysWOW64\XSrvSetup.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-22 03:16 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 19:37 2322576 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 19:37 2322576 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 19:37 2322576 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-06 10144288]
"Etyhymgodyofb"="c:\users\pc\AppData\Roaming\Fuituf\fiyri.exe" [BU]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 81.200.48.55 81.200.48.11
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} - hxxp://94.229.82.168:8081/RtspVaPgDec.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{11111111-1111-1111-1111-110311531182} - c:\program files (x86)\hosts\hosts-bho.dll
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
BHO-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\users\pc\AppData\LocalLow\BS_Player_ControlBar\prxtbBS_0.dll
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-rchokoe - c:\users\pc\AppData\Local\rchokoe.dll
Notify-rckonne - c:\users\pc\AppData\Local\rckonne.dll
Notify-soikles - c:\users\pc\AppData\Local\soikles.dll
AddRemove-AVG Secure Search - c:\program files (x86)\AVG Secure Search\UNINSTALL.exe
AddRemove-Guard.Mail.ru - c:\program files (x86)\Guard-ICQ\GuardICQ.exe
AddRemove-hosts - c:\program files (x86)\hosts\Uninstall.exe
AddRemove-ShadowExplorer_is1 - c:\program files (x86)\ShadowExplorer\unins000.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\progra~2\Raptr\raptr.exe
c:\progra~2\Raptr\raptr_im.exe
.
**************************************************************************
.
Celkový čas: 2014-08-09 10:02:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-08-09 08:02
ComboFix2.txt 2014-08-08 14:38
.
Před spuštěním: 2 317 754 368
Po spuštění: 2 004 029 440
.
- - End Of File - - 8D9FD3A0CB912C7575E54632A859FC02
A36C5E4F47E84449FF07ED3517B43A31
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: USB disk - změna souboru

#13 Příspěvek od vyosek »

:arrow: Na ty soubory se podivam a uvidime jestli pujdou rozsifrovat

:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
xero78
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 07 srp 2014 10:01

Re: USB disk - změna souboru

#14 Příspěvek od xero78 »

# AdwCleaner v3.304 - Report created 09/08/2014 at 11:41:27
# Updated 08/08/2014 by Xplode
# Operating System : Windows 7 Ultimate (64 bits)
# Username : pc - PC-PC
# Running from : C:\Users\pc\Desktop\adwcleaner_3.304.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : BCUService
[#] Service Deleted : AppleChargerSrv

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\apn
[!] Folder Deleted : C:\ProgramData\AVG Secure Search
[!] Folder Deleted : C:\ProgramData\Babylon
[!] Folder Deleted : C:\ProgramData\Conduit
[!] Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
[!] Folder Deleted : C:\Program Files (x86)\Conduit
[!] Folder Deleted : C:\Program Files (x86)\DeviceVM
[!] Folder Deleted : C:\Program Files (x86)\DownLite
[!] Folder Deleted : C:\Program Files (x86)\ICQ6Toolbar
[!] Folder Deleted : C:\Program Files (x86)\Tbccint
[!] Folder Deleted : C:\Program Files (x86)\BS_Player_ControlBar
[!] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[!] Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
[!] Folder Deleted : C:\Users\pc\AppData\Local\AVG Secure Search
[!] Folder Deleted : C:\Users\pc\AppData\Local\Conduit
[!] Folder Deleted : C:\Users\pc\AppData\LocalLow\AskToolbar
[!] Folder Deleted : C:\Users\pc\AppData\LocalLow\AVG Secure Search
[!] Folder Deleted : C:\Users\pc\AppData\LocalLow\Conduit
[!] Folder Deleted : C:\Users\pc\AppData\Roaming\Babylon
[!] Folder Deleted : C:\Users\pc\AppData\Roaming\DownLite
[!] Folder Deleted : C:\Users\pc\AppData\Roaming\OpenCandy
[!] Folder Deleted : C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Windows\System32\AppleChargerSrv.exe

***** [ Scheduled Tasks ] *****

Task Deleted : Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Key Deleted : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT1750559
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0035382.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0035382.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0035382.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1750559
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{055DD326-956C-4827-9467-A172509E81B3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311531182}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322532282}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355535582}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366536682}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311531182}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{055DD326-956C-4827-9467-A172509E81B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D5705DA-773F-4E0A-A08F-355D0AF5F96B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C89C0ACC-CF79-4267-9A6F-3A1EFE23BA77}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355535582}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366536682}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DeviceVM
Key Deleted : HKCU\Software\ICQ\ICQToolbar
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Tbccint_HKLM
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\BS_Player_ControlBar
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\BS_Player_ControlBar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=34BAD85D4C99B0A3&affID=121564&tsp=4981
Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={B70F3069-A0E2-4759-B9D8-52BD2F637544}&mid=bb91a2eb3c8047d38ed5cd2623ac667c-5b208bbb296ddc91fbc46319a86961504f651eda&lang=cs&ds=AVG&coid=&cmpid=&pr=sa&d=2013-08-21 19:04:12&v=17.3.0.49&pid=avg&sg=0&sap=dsp&q={searchTerms}
Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss&mntrId=34BAD85D4C99B0A3&affID=123895&tsp=4982
Deleted [Search Provider] : hxxp://www.search.ask.com/web?p2=%5EBBK%5EOSJ0 ... earchTerms}
Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={B70F3069-A0E2-4759-B9D8-52BD2F637544}&mid=bb91a2eb3c8047d38ed5cd2623ac667c-5b208bbb296ddc91fbc46319a86961504f651eda&lang=cs&ds=AVG&coid=&cmpid=&pr=sa&d=2013-08-21 19:04:12&v=17.3.0.49&pid=avg&sg=0&sap=dsp&q={searchTerms}
Deleted [Startup_urls] : hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=34BAD85D4C99B0A3&affID=123895&tsp=4982
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

AdwCleaner[R0].txt - [16218 octets] - [09/08/2014 11:40:29]
AdwCleaner[S0].txt - [15283 octets] - [09/08/2014 11:41:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15344 octets] ##########
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: USB disk - změna souboru

#15 Příspěvek od vyosek »

:arrow: Jeste jeden skript pro ComboFix - postup stejny

Kód: Vybrat vše

KillAll::

Collect::
c:\users\pc\AppData\Roaming\Fuituf\fiyri.exe
c:\progra~3\msfidbh.exe

Rootkit::
c:\users\pc\AppData\Roaming\Fuituf\fiyri.exe
c:\progra~3\msfidbh.exe

Folder::
c:\users\pc\AppData\Roaming\Fuituf

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Etyhymgodyofb"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"884621673"=-

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

Reboot::
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“