winnetsvce problem s OpenCL.dll

Zpráva

avalancher · #1 Příspěvek od **avalancher** » 13 srp 2014 11:12

Zdravim,

nedavno jsem si z uloz.to stahnul minecraft, kvuli pristupu na lan server i hamachi a nasledne menil sitove nastaveni (mozna to neni dulezite). Kazdopadne cca od te doby mi vyskakuje hlaska:

winnetsvce.exe - Systemova chyba

Program nelze spustit, protoze v pocitaci chybi OpenCL.dll. Pokuste se tento problem vyresit preinstalaci programu.

Nevite co s tim? Snazil jsem se problem vyresit pomoci informaci nalezenych ruzne na netu ale nic nepomohlo. Ted mi bezi scan DriverDoc - uz celkem dlouho a ani nevim jestli to bude mit naky rozumny vysledek (predpokladam ze po scanu najede hlaska s x opravama apokud je chci opravit tak at si koupim tento program coz se mi moc nechce

)

Predem diky za odpovedi

PS: nejsem zrovna pocitacovy technik

tak snad jsem neco uplne nepokazil

#2 Příspěvek od **vyosek** » 13 srp 2014 12:10

Zdravim

A nebylo by lepsi si ten minecraft na Steamu koupit nez si jej stahovat i s bonusy z ulozta??

Poprosim o RSIT http://forum.viry.cz/viewtopic.php?f=13&t=130786

avalancher · #3 Příspěvek od **avalancher** » 13 srp 2014 12:42

No nejspis asi bylo

Tady je log: (snad neni az tak desivej ale misto par sekund jak se pise v navodu trval scan par minut

snad to nic neznamena)

Logfile of random's system information tool 1.10 (written by random/random)
Run by Marek at 2014-08-13 13:30:37
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 235 GB (39%) free of 596 GB
Total RAM: 3894 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:30:59, on 13.8.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\Marek\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Marek\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Users\Marek\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\SysWOW64\WScript.exe
C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wupdt32.exe
C:\Windows\SysWOW64\WScript.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Marek\AppData\Roaming\Microsoft\Networking\inet32e.exe
C:\Users\Marek\AppData\Roaming\Microsoft\Networking\winnetsvce.exe
C:\Windows\SysWOW64\lcpmncerry.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Marek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
R3 - URLSearchHook: Ashampoo US Toolbar - {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Program Files (x86)\Ashampoo_US\prxtbAsha.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: Ashampoo US - {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Program Files (x86)\Ashampoo_US\prxtbAsha.dll
O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
O2 - BHO: contiinuuetooseauvee - {3731E753-9E96-BFEE-77DC-7232B4459724} - C:\ProgramData\contiinuuetooseauvee\51927c32e6bf9.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SearchNewTab - {91951714-ECFF-9897-6539-8A0DC44A8453} - (no file)
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Ashampoo US Toolbar - {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Program Files (x86)\Ashampoo_US\prxtbAsha.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [msaypxvSrv] "C:\Windows\system32\msaypxv.vbe" mspahnjb msjbga
O4 - HKLM\..\Run: [MSStp] C:\Windows\inf\msstp.vbe
O4 - HKLM\..\Run: [mncerrySrv] C:\Windows\system32\mncerry.vbe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Marek\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1323881350-1781310941-3531503529-1006\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres')
O4 - HKUS\S-1-5-21-1323881350-1781310941-3531503529-1006\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres')
O4 - Startup: Dropbox.lnk = Marek\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: wupdt32.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Přidat do stávajícího PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit (mi-raysat_3dsmax2012_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: postgresql-8.4 - PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - c:/postgreSQL/bin/pg_ctl.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Wisaroc - Remak - C:\Windows\Wisaroc.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 20472 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\system32\WLANExt.exe 37952816
\??\C:\Windows\system32\conhost.exe "-48436174619676815991577308966106204245-352835683-2213880801732499910-2018311263
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe"
"C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
C:\Windows\SysWOW64\ezSharedSvcHost.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
c:/postgreSQL/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "c:/postgreSQL/data" -w
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"
c:/postgreSQL/bin/postgres.exe -D "c:/postgreSQL/data"
\??\C:\Windows\system32\conhost.exe "-773250213-20428572164153030291428548649-344724012047757074-9700889371027679749
"c:/postgreSQL/bin/postgres.exe" "--forkboot" "904" "-x3"
"c:/postgreSQL/bin/postgres.exe" "--forkboot" "912" "-x4"
"c:/postgreSQL/bin/postgres.exe" "--forkavlauncher" "904"
"c:/postgreSQL/bin/postgres.exe" "--forkcol" "912"
C:\Windows\system32\svchost.exe -k imgsvc
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe"
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files (x86)\Realtek\Audio\OSD\RTVOSD64.EXE"
"C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"
"C:\Program Files\Java\jre6\bin\jusched.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
C:\Windows\system32\wbem\wmiprvse.exe
WLIDSvcM.exe 2348
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Users\Marek\AppData\Local\Akamai\netsession_win.exe"
"C:\Program Files (x86)\Steam\Steam.exe" -silent
"C:/Users/Marek/AppData/Local/Akamai/netsession_win.exe" --client
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe"
"C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
"C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe"
"C:\Users\Marek\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
"C:\Windows\System32\WScript.exe" "C:\Windows\System32\msaypxv.vbe" mspahnjb msjbga
"C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wupdt32.exe"
"C:\Windows\System32\WScript.exe" "C:\Windows\System32\mncerry.vbe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Users\Marek\AppData\Roaming\Microsoft\Networking\inet32e.exe" -a scrypt -o stratum+tcp://eu.clevermining.com:3333 -u 1J5AXyXar52mwiAWaWam481zaAjTjbci12 -p any
\??\C:\Windows\system32\conhost.exe "2009478594-1066124044-11002277113074966-15700767442083944091777985525-1405473488
"C:\Users\Marek\AppData\Roaming\Microsoft\Networking\winnetsvce.exe" --scrypt -o stratum+tcp://eu.clevermining.com:3333 -u 1J5AXyXar52mwiAWaWam481zaAjTjbci12 -p any -T
\??\C:\Windows\system32\conhost.exe "-14671022992038902529998832335-6662824761820575291445616440-627870019-955123061
"C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" /hidden
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe"
"C:\Windows\system32\lcpmncerry.exe" --threads=1
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe"
\??\C:\Windows\system32\conhost.exe "605046288-1607943699-976232373709666417-209832812-203614224914762239351155472885
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe" "<hpNotification><Toast><Title>HP Wireless Assistant</Title><Text>Bluetooth®: Off
WLAN: On</Text><IconPath>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WA_tray_32_on.ico</IconPath><ID>1060704121</ID><Path>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe</Path><Parameters></Parameters></Toast></hpNotification>"
"C:\Windows\system32\wuauclt.exe"
taskeng.exe {ACFF39D4-5430-4136-9A27-1F4AE2310313}
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" /autoupdate /silent /autoclose
"C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe"
"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"
{7958000F-5BAC-48FD-94B1-12EDCFCD57E0}
{5FB9A609-01AD-45A2-BEFC-E8381675391D}
{15A6AABA-7573-40EA-A1D1-70DA6421E00B}
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-b191c261-f897-419c-8db0-2ca056b43411 -SystemEventPortName:HostProcess-e82ce6ce-58aa-4626-bfad-40eb6fb14f2f -IoCancelEventPortName:HostProcess-66f1c402-dec5-45a6-98ac-de8ee03f690a -NonStateChangingEventPortName:HostProcess-e8ccaed5-750d-4ab9-9f0e-5686dc12b400 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:352bd5ea-696a-47e5-935e-490324eccb4e -DeviceGroupId:
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 528 532 540 65536 536
"C:\Users\Marek\Downloads\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
C:\Windows\System32\svchost.exe -k WerSvcGroup

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\DriverDoc_UPDATES.job - C:\Program Files (x86)\DriverDoc\Solvusoftdd.exe -updatecheck
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\HPCeeScheduleForMarek.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForMarek (null)
C:\Windows\tasks\RegistryBooster.job - C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\gjwehkf1.default

prefs.js - "browser.startup.homepage" - "http://www.google.com/"
prefs.js - "keyword.URL" - "http://websearch.lookforithere.info/?pi ... =14&l=1&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.145 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.67.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.145 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

C:\Program Files (x86)\Mozilla Firefox\components\
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
NPOFF12.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\gjwehkf1.default\extensions\
DTToolbar@toolbarnet.com
plugin3@gameplaylabs.com
{ab91efd4-6975-4081-8552-1b3922ed79e2}

C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\gjwehkf1.default\searchplugins\
ashampoo-us-customized-web-search.xml
browsemngr.xml
daemon-search.xml
icqplugin-1.xml
icqplugin.xml
Search.xml
yahoo-zugo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-21 43520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09 96128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{124d001a-bdcb-472f-aa59-bbe7e4bc3204}]
Ashampoo US Toolbar - C:\Program Files (x86)\Ashampoo_US\prxtbAsha.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21A88CB9-84D2-4020-A2D1-B25A21034884}]
HistoryTriggerBHO Class - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll [2011-11-17 36208]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll [2011-03-28 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3731E753-9E96-BFEE-77DC-7232B4459724}]
contiinuuetooseauvee - C:\ProgramData\contiinuuetooseauvee\51927c32e6bf9.dll [2013-05-14 112128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll [2012-11-13 3214392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}]
Funmoods Helper Object

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91951714-ECFF-9897-6539-8A0DC44A8453}]
SearchNewTab

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [2010-03-25 1548096]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll [2011-03-28 176936]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23 321120]
{124d001a-bdcb-472f-aa59-bbe7e4bc3204} - Ashampoo US Toolbar - C:\Program Files (x86)\Ashampoo_US\prxtbAsha.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-03-12 2107176]
"IAAnotif"=C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-10-13 186904]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2010-03-13 6234144]
"RtkOSD"=C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [2010-01-12 995840]
"HP Quick Launch"=C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2010-01-18 451072]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-04-21 172032]
"HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-01-27 8192]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2014-03-11 1271072]
"Autodesk Sync"=C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2012-02-05 415680]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-03-03 166424]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-03-03 391192]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-03-03 410648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2010-02-22 2363392]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Akamai NetSession Interface"=C:\Users\Marek\AppData\Local\Akamai\netsession_win.exe [2014-04-17 4672920]
"AdobeBridge"= []
"LG LinkAir"= []
"Steam"=C:\Program Files (x86)\Steam\Steam.exe [2014-07-16 1753280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NtVdmSrv]
C:\Windows\inf\ntvdm.vbe [2013-06-20 1219]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
C:\PROGRA~1\MCAFEE~1\385C9A~1.150\SSSCHE~1.EXE [2014-04-09 332016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Marek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
C:\Users\Marek\AppData\Local\Temp\{EDDB1EAF-427F-4707-B303-7AAAC3C2A3D0}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-03-02 98304]
"Easybits Recovery"=C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [2010-01-25 61112]
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
""= []
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-11-29 421888]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2006-10-23 620152]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"SDTray"=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [2012-11-13 3825176]
"msaypxvSrv"=C:\Windows\system32\msaypxv.vbe mspahnjb msjbga []
"MSStp"=C:\Windows\inf\msstp.vbe [2014-03-05 1584]
"mncerrySrv"=C:\Windows\system32\mncerry.vbe []
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2014-07-21 3816784]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-25 256896]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1029-0000-7760-000000000003}\_SC_Acrobat.exe
Adobe Acrobat Synchronizer.lnk - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Marek\AppData\Roaming\Dropbox\bin\Dropbox.exe
wupdt32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-03-03 268800]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"=C:\Windows\SysWow64\EZUPBH~1.DLL [2010-04-21 52920]
"UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"= []
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableTaskMgr"=0
"DisableChangePassword"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideFastUserSwitching"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
""=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"EnableShellExecuteHooks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2014-08-13 13:30:37 ----D---- C:\rsit
2014-08-13 13:30:37 ----D---- C:\Program Files\trend micro
2014-08-13 10:16:39 ----D---- C:\Program Files (x86)\DriverDoc
2014-08-11 08:08:49 ----A---- C:\Windows\SYSWOW64\javaws.exe
2014-08-11 08:08:41 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2014-08-11 08:08:41 ----A---- C:\Windows\SYSWOW64\javaw.exe
2014-08-11 08:08:41 ----A---- C:\Windows\SYSWOW64\java.exe
2014-08-10 13:55:38 ----D---- C:\ProgramData\Riot Games
2014-08-08 09:19:23 ----A---- C:\Windows\system32\drivers\pccsmcfdx64.sys
2014-08-08 09:19:13 ----D---- C:\Program Files (x86)\PC Connectivity Solution
2014-08-08 09:18:22 ----D---- C:\Program Files (x86)\Nokia
2014-08-03 14:16:40 ----D---- C:\Users\Marek\AppData\Roaming\Solvusoft
2014-08-03 14:16:31 ----A---- C:\Windows\system32\roboot64.exe
2014-08-03 13:25:19 ----A---- C:\Windows\wininit.ini
2014-08-02 18:31:35 ----D---- C:\Users\Marek\AppData\Roaming\.minecraft
2014-08-02 18:20:02 ----D---- C:\ProgramData\LogMeIn
2014-08-02 18:18:01 ----D---- C:\Program Files (x86)\LogMeIn Hamachi
2014-07-30 23:37:20 ----D---- C:\Program Files\Vlak
2014-07-30 17:18:39 ----AS---- C:\Windows\SYSWOW64\lcpmncerry.exe
2014-07-30 17:18:39 ----AS---- C:\Windows\SYSWOW64\dcgmncerry.exe
2014-07-30 17:18:37 ----D---- C:\Windows\SYSWOW64\bitstreams
2014-07-30 17:18:37 ----AS---- C:\Windows\SYSWOW64\zlib1.dll
2014-07-30 17:18:37 ----AS---- C:\Windows\SYSWOW64\acumncerry.exe
2014-07-30 17:18:36 ----AS---- C:\Windows\SYSWOW64\ssleay32.dll
2014-07-30 17:18:36 ----AS---- C:\Windows\SYSWOW64\pthreadVC2.dll
2014-07-30 17:18:36 ----AS---- C:\Windows\SYSWOW64\pthreadGC2.dll
2014-07-30 17:18:36 ----AS---- C:\Windows\SYSWOW64\libssh2.dll
2014-07-30 17:18:36 ----AS---- C:\Windows\SYSWOW64\librtmp.dll
2014-07-30 17:18:36 ----AS---- C:\Windows\SYSWOW64\libidn-11.dll
2014-07-30 17:18:36 ----AS---- C:\Windows\SYSWOW64\libeay32.dll
2014-07-30 17:18:35 ----AS---- C:\Windows\SYSWOW64\libcurl-4.dll
2014-07-30 17:18:35 ----AS---- C:\Windows\SYSWOW64\cudart32_50_35.dll
2014-07-30 11:55:55 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-07-29 12:28:05 ----A---- C:\Users\Marek\AppData\Roaming\msjbga.dat
2014-07-29 12:28:00 ----A---- C:\Users\Marek\AppData\Roaming\mspahnjb.dat
2014-07-29 12:26:33 ----AS---- C:\Windows\SYSWOW64\nircmdc.exe

======List of files/folders modified in the last 1 month======

2014-08-13 13:30:37 ----RD---- C:\Program Files
2014-08-13 12:14:11 ----D---- C:\Windows\Temp
2014-08-13 10:17:03 ----D---- C:\Windows\Tasks
2014-08-13 10:17:03 ----D---- C:\Windows\system32\Tasks
2014-08-13 10:16:39 ----D---- C:\Program Files (x86)
2014-08-13 10:07:26 ----D---- C:\Windows\system32\config
2014-08-13 09:57:09 ----D---- C:\Windows\system32\catroot
2014-08-13 09:57:08 ----D---- C:\Windows\winsxs
2014-08-13 09:56:30 ----D---- C:\Windows\system32\catroot2
2014-08-13 09:47:57 ----D---- C:\Windows\pss
2014-08-13 09:39:36 ----D---- C:\Users\Marek\AppData\Roaming\Dropbox
2014-08-13 09:37:28 ----D---- C:\Program Files (x86)\Steam
2014-08-13 09:36:19 ----A---- C:\Windows\SYSWOW64\log.txt
2014-08-12 09:58:37 ----D---- C:\Windows\Prefetch
2014-08-11 08:09:09 ----D---- C:\ProgramData\Oracle
2014-08-11 08:08:55 ----SHD---- C:\Windows\Installer
2014-08-11 08:08:55 ----SHD---- C:\Config.Msi
2014-08-11 08:08:53 ----D---- C:\Program Files (x86)\Common Files
2014-08-11 08:08:49 ----D---- C:\Windows\SysWOW64
2014-08-11 08:08:39 ----D---- C:\Program Files (x86)\Java
2014-08-11 08:06:58 ----SHD---- C:\System Volume Information
2014-08-10 13:55:38 ----HD---- C:\ProgramData
2014-08-08 16:29:27 ----D---- C:\Windows
2014-08-08 12:06:02 ----D---- C:\Program Files (x86)\PokerStars
2014-08-08 11:22:52 ----D---- C:\Windows\system32\drivers
2014-08-08 11:22:52 ----D---- C:\Windows\System32
2014-08-08 11:22:50 ----D---- C:\Windows\inf
2014-08-08 11:22:49 ----D---- C:\Windows\system32\DriverStore
2014-08-08 11:19:05 ----D---- C:\AMD
2014-08-08 10:04:04 ----D---- C:\Windows\system32\drivers\UMDF
2014-08-08 10:04:01 ----D---- C:\Users\Marek\AppData\Roaming\PC Suite
2014-08-08 09:19:23 ----DC---- C:\Windows\system32\DRVSTORE
2014-08-08 09:17:17 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-08-08 09:16:48 ----D---- C:\ProgramData\Installations
2014-08-06 01:17:35 ----D---- C:\Windows\system32\drivers\etc
2014-08-03 11:07:24 ----D---- C:\Windows\Panther
2014-08-03 11:07:24 ----D---- C:\Windows\Logs
2014-08-03 11:07:23 ----D---- C:\Windows\debug
2014-08-03 11:07:22 ----D---- C:\Windows\Minidump
2014-08-02 18:31:57 ----SD---- C:\Users\Marek\AppData\Roaming\Microsoft
2014-07-31 10:08:11 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-28 09:53:47 ----D---- C:\Program Files\Microsoft Silverlight
2014-07-28 09:53:43 ----D---- C:\Program Files (x86)\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-10-13 409624]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-01-25 268512]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-09-25 834544]
R1 MpKsl7dfaefcf;MpKsl7dfaefcf; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{97E6DEAA-15BB-4E2D-BF87-2F60BE94A12B}\MpKsl7dfaefcf.sys [2014-08-13 45352]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 133928]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-03-03 6402560]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-03-03 188928]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2013-09-24 94208]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl664.sys [2010-06-23 3058168]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-11 158720]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-03-13 2291616]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2010-03-03 7843040]
R3 LgBttPort;LGE Bluetooth TransPort; C:\Windows\system32\DRIVERS\lgbtpt64.sys [2009-09-29 16384]
R3 lgbusenum;LG Bluetooth Bus Enumerator; C:\Windows\system32\DRIVERS\lgbtbs64.sys [2009-09-29 14848]
R3 LGVMODEM;LGE Virtual Modem; C:\Windows\system32\DRIVERS\lgvmdm64.sys [2009-09-29 17408]
R3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2012-01-09 19968]
R3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2012-01-09 27136]
R3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-06-11 26112]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-03-12 316464]
R3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2012-01-09 9216]
R3 usbser;Nokia USB Serial Port Driver ; C:\Windows\system32\drivers\usbser.sys [2013-08-29 33280]
R3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2012-01-09 9216]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S1 jqxubrgu;jqxubrgu; \??\C:\Windows\system32\drivers\jqxubrgu.sys []
S1 ojfeldub;ojfeldub; \??\C:\Windows\system32\drivers\ojfeldub.sys []
S1 oyhsizvy;oyhsizvy; \??\C:\Windows\system32\drivers\oyhsizvy.sys []
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
S3 Andbus;LGE Android Platform Composite USB Device; C:\Windows\system32\DRIVERS\lgandbus64.sys [2010-12-23 19456]
S3 AndDiag;LGE Android Platform USB Serial Port; C:\Windows\system32\DRIVERS\lganddiag64.sys [2010-12-23 27648]
S3 AndGps;LGE Android Platform USB GPS NMEA Port; C:\Windows\system32\DRIVERS\lgandgps64.sys [2010-12-23 27136]
S3 ANDModem;LGE Android Platform USB Modem; C:\Windows\system32\DRIVERS\lgandmodem64.sys [2010-12-23 34304]
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-01-28 116736]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-01-07 98344]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2010-01-07 132648]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-01-07 35104]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-01-07 21160]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-03-03 7843040]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\syswow64\npptNT2.sys [2005-01-02 4682]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-09-23 225280]
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-03-09 295424]
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-09-03 65640]
R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-03-03 202752]
R2 Autodesk Content Service;Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-12-29 873248]
R2 ezSharedSvc;Easybits Services for Windows; C:\Windows\syswow64\ezSharedSvcHost.exe [2010-01-25 514232]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-07-21 2544976]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2009-10-15 120832]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
R2 HPWMISVC;HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-10-13 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-02-22 73728]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-07-16 377616]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-11-04 268824]
R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit; C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-22 86016]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-03-11 23808]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-12-24 75136]
R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4; c:/postgreSQL/bin/pg_ctl.exe runservice -N postgresql-8.4 -D c:/postgreSQL/data -w []
R2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2013-05-11 1045328]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2011-03-28 799800]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2014-03-11 347872]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S2 Service; Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-06-02 246520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-27 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09 262320]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-10-25 1432400]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-27 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-06-19 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 289256]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-07-30 119408]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\syswow64\GameMon.des [2011-08-07 3804120]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-05-28 564928]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-09-24 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

#4 Příspěvek od **vyosek** » 13 srp 2014 12:58

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

avalancher · #5 Příspěvek od **avalancher** » 13 srp 2014 13:08

tady je Rkill:

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/13/2014 02:05:35 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\SysWOW64\ezSharedSvcHost.exe (PID: 1320) [WD-HEUR]
* C:\Program Files\Java\jre6\bin\jusched.exe (PID: 2620) [FI]
* C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wupdt32.exe (PID: 2276) [UP-HEUR]
* C:\Users\Marek\AppData\Roaming\Microsoft\Networking\inet32e.exe (PID: 4292) [UP-HEUR]
* C:\Users\Marek\AppData\Roaming\Microsoft\Networking\winnetsvce.exe (PID: 4316) [UP-HEUR]
* C:\Windows\SysWOW64\lcpmncerry.exe (PID: 304) [WD-HEUR]

6 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com

20 out of 15490 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 08/13/2014 02:07:17 PM
Execution time: 0 hours(s), 1 minute(s), and 41 seconds(s)

#6 Příspěvek od **vyosek** » 13 srp 2014 13:35

Pokracujte ComboFixem

avalancher · #7 Příspěvek od **avalancher** » 13 srp 2014 14:32

ComboFix:

ComboFix 14-08-12.01 - Marek 13.08.2014 14:32:10.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3894.1882 [GMT 2:00]
Spuštěný z: c:\users\Marek\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eceibpcamaeeffalhcgliiccbbjopibm_0.localstorage
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jfggidhbgfeofofboapimpdanmjjdopg_0.localstorage
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wupdt32.exe
c:\users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\gjwehkf1.default\searchplugins\search.xml
c:\windows\inf\ntvdm.vbe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\tmp146A.tmp
c:\windows\SysWow64\tmp147A.tmp
c:\windows\SysWow64\tmp400B.tmp
c:\windows\SysWow64\tmpA51.tmp
c:\windows\SysWow64\tmpA62.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-13 do 2014-08-13 )))))))))))))))))))))))))))))))
.
.
2014-08-13 12:53 . 2014-08-13 12:53 -------- d-----w- c:\users\postgres\AppData\Local\temp
2014-08-13 11:30 . 2014-08-13 11:31 -------- d-----w- C:\rsit
2014-08-13 11:30 . 2014-08-13 11:30 -------- d-----w- c:\program files\trend micro
2014-08-13 08:16 . 2014-08-13 08:16 -------- d-----w- c:\program files (x86)\DriverDoc
2014-08-13 08:03 . 2014-08-13 08:03 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{97E6DEAA-15BB-4E2D-BF87-2F60BE94A12B}\offreg.dll
2014-08-13 08:03 . 2014-08-13 08:03 45352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{97E6DEAA-15BB-4E2D-BF87-2F60BE94A12B}\MpKsl7dfaefcf.sys
2014-08-12 07:59 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{97E6DEAA-15BB-4E2D-BF87-2F60BE94A12B}\mpengine.dll
2014-08-11 06:08 . 2014-08-11 06:08 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-08-11 06:08 . 2014-07-25 10:55 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-11 06:03 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-10 11:55 . 2014-08-10 11:55 -------- d-----w- c:\programdata\Riot Games
2014-08-08 07:19 . 2014-08-08 07:19 -------- d-----w- c:\program files (x86)\Common Files\PCSuite
2014-08-08 07:19 . 2014-08-08 07:19 -------- d-----w- c:\program files (x86)\Common Files\Nokia
2014-08-08 07:19 . 2012-06-11 09:33 26112 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys
2014-08-08 07:19 . 2014-08-08 07:19 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
2014-08-08 07:18 . 2014-08-08 07:19 -------- d-----w- c:\program files (x86)\Nokia
2014-08-04 07:35 . 2014-08-05 07:04 2216 ----a-w- c:\windows\system32\ASOROSet.bin
2014-08-03 12:16 . 2014-08-13 08:16 -------- d-----w- c:\users\Marek\AppData\Roaming\Solvusoft
2014-08-03 12:16 . 2012-10-15 15:02 19888 ----a-w- c:\windows\system32\roboot64.exe
2014-08-03 09:00 . 2014-05-03 10:40 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E83A7885-76ED-4C07-A16C-2975494ED1AB}\gapaengine.dll
2014-08-02 16:32 . 2014-07-17 11:18 13 ----a-w- c:\users\Marek\AppData\Roaming\Microsoft\Networking\work.bat
2014-08-02 16:32 . 2013-11-05 21:33 84992 ----a-w- c:\users\Marek\AppData\Roaming\Microsoft\Networking\zlib1.dll
2014-08-02 16:31 . 2013-11-05 21:33 364544 ----a-w- c:\users\Marek\AppData\Roaming\Microsoft\Networking\ssleay32.dll
2014-08-02 16:31 . 2013-11-05 21:33 1000462 ----a-w- c:\users\Marek\AppData\Roaming\Microsoft\Networking\winnetsvce.exe
2014-08-02 16:31 . 2014-02-27 19:41 72206 ----a-w- c:\users\Marek\AppData\Roaming\Microsoft\Networking\libwinpthread-1.dll
2014-08-02 16:31 . 2013-11-05 21:33 192512 ----a-w- c:\users\Marek\AppData\Roaming\Microsoft\Networking\libidn-11.dll
2014-08-02 16:31 . 2013-11-05 21:33 171008 ----a-w- c:\users\Marek\AppData\Roaming\Microsoft\Networking\libssh2.dll
2014-08-02 16:31 . 2013-11-05 21:33 1704448 ----a-w- c:\users\Marek\AppData\Roaming\Microsoft\Networking\libeay32.dll
2014-08-02 16:31 . 2013-11-05 21:33 133632 ----a-w- c:\users\Marek\AppData\Roaming\Microsoft\Networking\librtmp.dll
2014-08-02 16:31 . 2014-05-20 11:16 201728 ----a-w- c:\users\Marek\AppData\Roaming\Microsoft\Networking\inet32e.exe
2014-08-02 16:31 . 2013-11-05 21:33 538126 ----a-w- c:\users\Marek\AppData\Roaming\Microsoft\Networking\libcurl-4.dll
2014-08-02 16:31 . 2014-08-12 21:17 -------- d-----w- c:\users\Marek\AppData\Roaming\.minecraft
2014-08-02 16:20 . 2014-08-13 12:53 -------- d-----w- c:\users\Marek\AppData\Local\LogMeIn Hamachi
2014-08-02 16:20 . 2014-08-02 16:20 -------- d-----w- c:\users\Marek\AppData\Local\LogMeIn
2014-08-02 16:20 . 2014-08-02 16:20 -------- d-----w- c:\programdata\LogMeIn
2014-08-02 16:18 . 2014-08-02 16:18 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2014-07-30 21:37 . 2014-07-30 21:37 -------- d-----w- c:\program files\Vlak
2014-07-29 10:27 . 2014-07-29 10:27 -------- d-sh--w- c:\users\Marek\AppData\Local\EmieUserList
2014-07-29 10:27 . 2014-07-29 10:27 -------- d-sh--w- c:\users\Marek\AppData\Local\EmieSiteList
2014-07-29 10:26 . 2014-06-23 21:17 4332 --s-a-w- c:\windows\SysWow64\msjbga.vbe
2014-07-29 10:26 . 2014-06-23 21:17 9201 --s-a-w- c:\windows\SysWow64\mspahnjb.vbe
2014-07-29 10:26 . 2014-06-23 21:17 649 --s-a-w- c:\windows\SysWow64\msaypxv.vbe
2014-07-29 10:26 . 2013-08-11 13:40 43520 --s-a-w- c:\windows\SysWow64\nircmdc.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-10 01:09 . 2010-09-24 17:32 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-07-08 23:28 . 2013-05-19 13:54 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-08 23:28 . 2011-05-28 17:11 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-30 02:09 . 2014-07-09 10:12 519168 ----a-w- c:\windows\system32\aepdu.dll
2014-06-30 02:04 . 2014-07-09 10:12 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-06-20 20:14 . 2014-07-09 10:10 266424 ----a-w- c:\windows\system32\iedkcs32.dll
2014-06-19 01:39 . 2014-07-09 10:10 23464448 ----a-w- c:\windows\system32\mshtml.dll
2014-06-19 01:06 . 2014-07-09 10:11 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-06-19 01:06 . 2014-07-09 10:10 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-06-19 00:48 . 2014-07-09 10:10 2768384 ----a-w- c:\windows\system32\iertutil.dll
2014-06-19 00:42 . 2014-07-09 10:10 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-06-19 00:42 . 2014-07-09 10:10 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-06-19 00:41 . 2014-07-09 10:10 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-06-19 00:41 . 2014-07-09 10:10 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-06-19 00:32 . 2014-07-09 10:10 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-06-19 00:31 . 2014-07-09 10:11 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-06-19 00:26 . 2014-07-09 10:10 598016 ----a-w- c:\windows\system32\ieui.dll
2014-06-19 00:24 . 2014-07-09 10:10 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-06-19 00:24 . 2014-07-09 10:10 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-06-19 00:23 . 2014-07-09 10:10 752640 ----a-w- c:\windows\system32\jscript9diag.dll
2014-06-19 00:14 . 2014-07-09 10:10 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-06-19 00:09 . 2014-07-09 10:10 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2014-06-18 23:59 . 2014-07-09 10:10 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 23:56 . 2014-07-09 10:10 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-06-18 23:53 . 2014-07-09 10:10 195584 ----a-w- c:\windows\system32\msrating.dll
2014-06-18 23:51 . 2014-07-09 10:10 5721088 ----a-w- c:\windows\system32\jscript9.dll
2014-06-18 23:50 . 2014-07-09 10:10 85504 ----a-w- c:\windows\system32\mshtmled.dll
2014-06-18 23:48 . 2014-07-09 10:10 292864 ----a-w- c:\windows\system32\dxtrans.dll
2014-06-18 23:39 . 2014-07-09 10:10 608768 ----a-w- c:\windows\system32\ie4uinit.exe
2014-06-18 23:38 . 2014-07-09 10:10 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-06-18 23:37 . 2014-07-09 10:10 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-06-18 23:36 . 2014-07-09 10:11 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35 . 2014-07-09 10:10 62464 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-06-18 23:33 . 2014-07-09 10:10 631808 ----a-w- c:\windows\system32\msfeeds.dll
2014-06-18 23:27 . 2014-07-09 10:10 1249280 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-06-18 23:27 . 2014-07-09 10:10 2040832 ----a-w- c:\windows\system32\inetcpl.cpl
2014-06-18 23:23 . 2014-07-09 10:10 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-06-18 23:22 . 2014-07-09 10:11 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-06-18 23:06 . 2014-07-09 10:10 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58 . 2014-07-09 10:10 2266112 ----a-w- c:\windows\system32\wininet.dll
2014-06-18 22:52 . 2014-07-09 10:10 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-06-18 22:51 . 2014-07-09 10:10 13527040 ----a-w- c:\windows\system32\ieframe.dll
2014-06-18 22:46 . 2014-07-09 10:10 1068032 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45 . 2014-07-09 10:10 1964544 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-06-18 22:34 . 2014-07-09 10:10 1393664 ----a-w- c:\windows\system32\urlmon.dll
2014-06-18 22:15 . 2014-07-09 10:10 846336 ----a-w- c:\windows\system32\ieapfltr.dll
2014-06-18 22:13 . 2014-07-09 10:10 1791488 ----a-w- c:\windows\SysWow64\wininet.dll
2014-06-18 02:18 . 2014-07-09 10:12 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 10:12 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-18 01:10 . 2014-07-09 10:12 3157504 ----a-w- c:\windows\system32\win32k.sys
2014-06-06 10:10 . 2014-07-09 10:11 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-09 10:11 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-09 10:10 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-09 10:09 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-09 10:09 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-05-30 08:08 . 2014-07-09 10:11 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-09 10:11 86528 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-09 10:11 340992 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-09 10:11 314880 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-09 10:11 307200 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-09 10:11 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-09 10:11 22016 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-09 10:11 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-09 10:11 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-09 10:11 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-09 10:11 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-09 10:11 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-09 10:11 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-09 10:11 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-09 10:12 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-05-29 10:31 . 2014-05-29 10:31 0 ---ha-w- c:\users\Marek\AppData\Local\BIT1112.tmp
2013-05-11 12:13 . 2013-05-11 12:13 19249152 ----a-w- c:\program files (x86)\Scia Licence utility.msi
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{124d001a-bdcb-472f-aa59-bbe7e4bc3204}"= "c:\program files (x86)\Ashampoo_US\prxtbAsha.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{124d001a-bdcb-472f-aa59-bbe7e4bc3204}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{124d001a-bdcb-472f-aa59-bbe7e4bc3204}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Ashampoo_US\prxtbAsha.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3731E753-9E96-BFEE-77DC-7232B4459724}]
2013-05-14 18:02 112128 ----a-w- c:\programdata\contiinuuetooseauvee\51927c32e6bf9.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936]
"{124d001a-bdcb-472f-aa59-bbe7e4bc3204}"= "c:\program files (x86)\Ashampoo_US\prxtbAsha.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{124d001a-bdcb-472f-aa59-bbe7e4bc3204}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Akamai NetSession Interface"="c:\users\Marek\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2014-07-16 1753280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-01-25 61112]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"msaypxvSrv"="c:\windows\system32\msaypxv.vbe" [2014-06-23 649]
"MSStp"="c:\windows\inf\msstp.vbe" [2014-03-05 1584]
"mncerrySrv"="c:\windows\system32\mncerry.vbe" [2014-03-05 7670]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-07-21 3816784]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
c:\users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Marek\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-21 35464216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1029-0000-7760-000000000003}\_SC_Acrobat.exe [2011-10-2 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 jqxubrgu;jqxubrgu;c:\windows\system32\drivers\jqxubrgu.sys;c:\windows\SYSNATIVE\drivers\jqxubrgu.sys [x]
R1 ojfeldub;ojfeldub;c:\windows\system32\drivers\ojfeldub.sys;c:\windows\SYSNATIVE\drivers\ojfeldub.sys [x]
R1 oyhsizvy;oyhsizvy;c:\windows\system32\drivers\oyhsizvy.sys;c:\windows\SYSNATIVE\drivers\oyhsizvy.sys [x]
R2 Service; Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [x]
R2 Wisaroc;Wisaroc;c:\windows\Wisaroc.exe;c:\windows\Wisaroc.exe [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 MpKsl7dfaefcf;MpKsl7dfaefcf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{97E6DEAA-15BB-4E2D-BF87-2F60BE94A12B}\MpKsl7dfaefcf.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{97E6DEAA-15BB-4E2D-BF87-2F60BE94A12B}\MpKsl7dfaefcf.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;c:/postgreSQL/bin/pg_ctl.exe runservice -N postgresql-8.4 -D c:/postgreSQL/data -w;c:/postgreSQL/bin/pg_ctl.exe runservice -N postgresql-8.4 -D c:/postgreSQL/data -w [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtpt64.sys [x]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtbs64.sys [x]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvmdm64.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSL7DFAEFCF
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 09:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-27 16:14 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-09 23:28]
.
2014-08-13 c:\windows\Tasks\DriverDoc_UPDATES.job
- c:\program files (x86)\DriverDoc\Solvusoftdd.exe [2014-08-13 17:06]
.
2014-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-27 11:33]
.
2014-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-27 11:33]
.
2014-08-13 c:\windows\Tasks\HPCeeScheduleForMarek.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 01:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-03-13 6234144]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-12 995840]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-04-21 172032]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-03 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-03 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-03 410648]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Převést cíl vazby do Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Přidat do stávajícího PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\gjwehkf1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.lookforithere.info/?pid=964&r=2013/05/14&hid=1727478287&lg=EN&cc=CZ&unqvl=14&l=1&q=
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://websearch.lookforithere.info/?pid=964&r=2013/05/14&hid=1727478287&lg=EN&cc=CZ&unqvl=14&l=1&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=220512_53all
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 944369ce00000000000078e400a82b5a
FF - user.js: extensions.BabylonToolbar_i.hardId - 944369ce00000000000078e400a82b5a
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15486
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:52
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=irtest1&chnl=irtest1&cd=2XzuyEtN2Y1L1QzuyBzz0EyEtDtD0AzztB0ByD0AyCzy0C0EtN0D0Tzu0StCzytCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1626486624
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=irtest1&chnl=irtest1&cd=2XzuyEtN2Y1L1QzuyBzz0EyEtDtD0AzztB0ByD0AyCzy0C0EtN0D0Tzu0StCzytCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1626486624
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=irtest1&chnl=irtest1&cd=2XzuyEtN2Y1L1QzuyBzz0EyEtDtD0AzztB0ByD0AyCzy0C0EtN0D0Tzu0StCzytCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1626486624&q=
FF - user.js: extensions.funmoods.id - 78E400A82B5A69CE
FF - user.js: extensions.funmoods.instlDay - 15531
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.228:34
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - irtest1
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - irtest1
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
BHO-{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - (no file)
BHO-{91951714-ECFF-9897-6539-8A0DC44A8453} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-LG LinkAir - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-MC BP-Modpack - c:\users\Marek\AppData\Roaming\.minecraft\uninst.exe
AddRemove-Portal 2 1.00 - c:\program files (x86)\Portal 2\Uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-SP_4e24eecb - c:\program files (x86)\WebSearch\uninstall.exe
AddRemove-{2335A6E4-AE21-2CB5-F2AB-D1A2AB2D86F3}_is1 - c:\program files (x86)\MINECRAFT 1.4.5 2\unins000.exe
AddRemove-{495A8A3C-8FD0-4C46-9979-95C26181A1AB} - c:\program files (x86)\InstallShield Installation Information\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}\setup.exe
AddRemove-{DBED7CA6-62FD-E4D4-FE58-FDA1A6460103}_is1 - c:\program files (x86)\MINECRAFT 1.4.5\unins000.exe
AddRemove-{E1C2AF29-E3FB-EFF6-1C3E-6C30F1435FBB}_is1 - c:\program files (x86)\Minecraft 1.4.5\unins000.exe
AddRemove-{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B} - c:\program files (x86)\InstallShield Installation Information\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}\setup.exe
AddRemove-Rise of the Witch King Unofficial Patch 2.02 - c:\program files (x86)\Electronic Arts\The Lord of the Rings
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\postgresql-8.4]
"ImagePath"="c:/postgreSQL/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"c:/postgreSQL/data\" -w"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\postgresql-8.4]
"ImagePath"="c:/postgreSQL/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"c:/postgreSQL/data\" -w"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1323881350-1781310941-3531503529-1000\Software\Microsoft\Internet Explorer\Approved Extensions]
@DACL=(02 0000)
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,3b,1b,bc,85,18,
29,06,9a,51,0d,81,94,0c,76,4b,06,03,0a
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,81,14,
e4,6e,97,49,02,a0,35,d4,a9,28,92,18,1e
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c1,fb,
a6,51,99,b7,5d,a3,e3,42,e0,c8,4e,f8,12
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,17,ce,
03,99,b3,e4,0e,ba,98,b8,17,8d,6a,f0,de
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,cb,21,
8b,36,17,d8,06,91,c2,13,24,77,4c,2e,db
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,3b,1b,7b,fe,cc,
84,5b,d8,61,04,b4,11,56,15,ca,ab,bf,94
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,d9,
c0,71,ff,3c,0f,a3,7a,de,65,c0,81,c5,b4
"{687578B9-7132-4A7A-80E4-30EE31099E03}"=hex:51,66,7a,6c,4c,1d,3b,1b,a9,67,64,
73,06,2a,1d,06,9f,ea,72,ae,30,4d,d3,1e
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2e,94,
69,f1,6b,45,01,a8,f7,49,fc,1c,7c,ee,63
"{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}"=hex:51,66,7a,6c,4c,1d,3b,1b,fc,6d,d3,
bf,aa,b6,a9,06,b9,fc,d7,18,c6,b6,d3,ee
"{182EC0BE-5110-49C8-A062-BEB1D02A220B}"=hex:51,66,7a,6c,4c,1d,3b,1b,ae,df,3f,
03,24,0a,af,05,bf,6c,fc,f1,d1,6e,6f,16
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,05,45,
31,c2,00,02,0a,b7,ad,8d,e9,66,6a,0f,8c
"{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,3b,1b,4b,e0,e3,
8c,38,7d,a8,00,9c,44,6f,9a,4f,6d,ae,83
"{21A88CB9-84D2-4020-A2D1-B25A21034884}"=hex:51,66,7a,6c,4c,1d,3b,1b,a9,93,b9,
3a,e6,df,47,0c,bd,df,f0,1a,20,47,05,99
"{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}"=hex:51,66,7a,6c,4c,1d,3b,1b,ba,af,fa,
6e,20,19,d3,00,8f,e2,a1,a0,7f,89,49,ea
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,24,3c,
56,8a,32,1d,0b,8f,fb,bf,9b,04,71,34,68
.
[HKEY_USERS\S-1-5-21-1323881350-1781310941-3531503529-1000\Software\SecuROM\License information*]
"datasecu"=hex:b0,51,78,a0,08,86,c9,7c,d3,bc,4d,86,59,79,77,a7,cd,9e,13,21,67,
3e,8e,a3,cd,76,a7,ed,2e,d2,c7,ae,11,67,f3,39,f6,c3,04,08,2b,6b,69,d0,d2,f3,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-08-13 15:01:08
ComboFix-quarantined-files.txt 2014-08-13 13:01
.
Před spuštěním: Volných bajtů: 245 929 897 984
Po spuštění: Volných bajtů: 245 473 288 192
.
- - End Of File - - 2088E92933A1A637300F58E1307D2C42
66B631854CD69025DB810B7CD723E806

PS: restartoval jsem po nem ntb a po spusteni jiz hlaska nenabehla takze uspech

diky moc

... asi je to zatim jen castecne a prubezne diky ale i tak vazne dekuju

#8 Příspěvek od **vyosek** » 13 srp 2014 15:05

Jeste je tam hodne cisteni, ale to pujde

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

avalancher · #9 Příspěvek od **avalancher** » 13 srp 2014 15:35

# AdwCleaner v3.304 - Report created 13/08/2014 at 16:22:45
# Updated 08/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Marek - MAREK7
# Running from : C:\Users\Marek\Desktop\adwcleaner_3.304.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\ProgramData\contiinuuetooseauvee
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\contiinuuetooseauvee
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\continuetosave
Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files (x86)\ICQ6Toolbar
Folder Deleted : C:\Program Files (x86)\Ashampoo_US
Folder Deleted : C:\Users\Guest\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Marek\AppData\Local\GamePlayLabs Plugin
Folder Deleted : C:\Users\Marek\AppData\Local\PackageAware
Folder Deleted : C:\Users\Marek\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Marek\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Marek\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Marek\AppData\LocalLow\Ashampoo_US
Folder Deleted : C:\Users\Marek\AppData\Roaming\Media Finder
Folder Deleted : C:\Users\Marek\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Deleted : C:\Users\Marek\AppData\Roaming\NCdownloader
Folder Deleted : C:\Users\Marek\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\Marek\AppData\Roaming\Solvusoft
Folder Deleted : C:\Users\Marek\AppData\Roaming\Uniblue
Folder Deleted : C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Deleted : C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\gjwehkf1.default\ConduitCommon
Folder Deleted : C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\gjwehkf1.default\ICQToolbarData
Folder Deleted : C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\gjwehkf1.default\Smartbar
Folder Deleted : C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\gjwehkf1.default\Extensions\DTToolbar@toolbarnet.com
Folder Deleted : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\5bzesdq0.default\Extensions\plugin3@gameplaylabs.com
Folder Deleted : C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\gjwehkf1.default\Extensions\plugin3@gameplaylabs.com
Folder Deleted : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Folder Deleted : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\gjwehkf1.default\invalidprefs.js
File Deleted : C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\gjwehkf1.default\searchplugins\browsemngr.xml
File Deleted : C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\gjwehkf1.default\searchplugins\daemon-search.xml
File Deleted : C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\gjwehkf1.default\searchplugins\icqplugin.xml
File Deleted : C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\gjwehkf1.default\searchplugins\icqplugin-1.xml
File Deleted : C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\gjwehkf1.default\searchplugins\yahoo-zugo.xml
File Deleted : C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\gjwehkf1.default\user.js

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS
Key Deleted : HKCU\Software\522dadab235bf14
Key Deleted : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Key Deleted : HKLM\SOFTWARE\522dadab235bf14
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_4e24eecb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_e14dcdfa
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2481032
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3031607
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_ybook_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_ybook_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{65C994A2-C65A-4A20-BA92-AADAFC0DCE49}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3731E753-9E96-BFEE-77DC-7232B4459724}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{124D001A-BDCB-472F-AA59-BBE7E4BC3204}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6568F275-5827-43C5-9778-A8A037FF06B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3731E753-9E96-BFEE-77DC-7232B4459724}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{124D001A-BDCB-472F-AA59-BBE7E4BC3204}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3731E753-9E96-BFEE-77DC-7232B4459724}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{124D001A-BDCB-472F-AA59-BBE7E4BC3204}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3731E753-9E96-BFEE-77DC-7232B4459724}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{124D001A-BDCB-472F-AA59-BBE7E4BC3204}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6568F275-5827-43C5-9778-A8A037FF06B8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B85AE7CB-6536-4D10-9731-E16419A10B4E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8DCE2F85-2709-4CB5-8906-75B1DB61C907}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D00B104E-1723-44A1-B07A-68A6E1FA7997}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{124D001A-BDCB-472F-AA59-BBE7E4BC3204}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{124D001A-BDCB-472F-AA59-BBE7E4BC3204}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{124D001A-BDCB-472F-AA59-BBE7E4BC3204}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\BabylonToolbar
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\dt soft\daemon tools toolbar
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\GamePlayLabs
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\Microsoft\Babylon
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Solvusoft
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Ashampoo_US
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\dt soft\daemon tools toolbar
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\Solvusoft
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\YourFileDownloader
Key Deleted : HKLM\Software\Ashampoo_US
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ashampoo_US Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Deleted : HKLM\Software\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193
Key Deleted : HKLM\Software\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

-\\ Mozilla Firefox v31.0 (x86 cs)

[ File : C:\Users\admin.Marek7\AppData\Roaming\Mozilla\Firefox\Profiles\fwnnb86o.default\prefs.js ]

[ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\5bzesdq0.default\prefs.js ]

Line Deleted : user_pref("browser.search.order.1", "Claro Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Claro Search");
Line Deleted : user_pref("extensions.plugin3@gameplaylabs.com.fr", "1304270620");
Line Deleted : user_pref("extensions.plugin3@gameplaylabs.com.ranonce", true);
Line Deleted : user_pref("extensions.plugin3@gameplaylabs.com.rule_/", "1304270624");
Line Deleted : user_pref("extensions.plugin3@gameplaylabs.com.var_installerid", "vid-exe");
Line Deleted : user_pref("extensions.plugin3@gameplaylabs.com.var_pid", "5");
Line Deleted : user_pref("extensions.plugin3@gameplaylabs.com.var_revision", "5");
Line Deleted : user_pref("extensions.plugin3@gameplaylabs.com.var_source", "4caa425a93dbdb1f6d1082322");
Line Deleted : user_pref("extensions.plugin3@gameplaylabs.com.var_sub_id", "a-0-2398-9346-7103-0-54-0");
Line Deleted : user_pref("extensions.plugin3@gameplaylabs.com.var_zdata", "9346");

[ File : C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\gjwehkf1.default\prefs.js ]

Line Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3031607&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
Line Deleted : user_pref("CommunityToolbar.ConduitSearchList", "SFT_eng7 Customized Web Search,uTorrentControl2 Customized Web Search");
Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("avg.install.userHPSettings", "hxxp://www.claro-search.com/?affID=117423&tt=4 ... e400a82b5a");
Line Deleted : user_pref("avg.install.userSPSettings", "Claro Search");
Line Deleted : user_pref("backup.old.browser.search.defaultenginename", "Search the web (Babylon)");
Line Deleted : user_pref("backup.old.browser.search.selectedEngine", "SFT_eng7 Customized Web Search");
Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "uTorrentControl2 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.lookforithere.info/?pid=964&r=2013/05/14&hid=1727478287&lg=EN&cc=CZ&unqvl=14&l=1&q=");
Line Deleted : user_pref("browser.search.order.1", "Claro Search");
Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Deleted : user_pref("extensions.51927c32e6b11.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}c[...]
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112555&tt=220512_53all");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "944369ce00000000000078e400a82b5a");
Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "944369ce00000000000078e400a82b5a");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15486");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1717:52:20");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.enabledAddons", "plugin3%40gameplaylabs.com:3.0,%7Bab91efd4-6975-4081-8552-1b3922ed79e2%7D:2.0.4.6,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0");
Line Deleted : user_pref("extensions.funmoods.aflt", "irtest1");
Line Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Line Deleted : user_pref("extensions.funmoods.dfltLng", "");
Line Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Line Deleted : user_pref("extensions.funmoods.dnsErr", true);
Line Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Line Deleted : user_pref("extensions.funmoods.excTlbr", false);
Line Deleted : user_pref("extensions.funmoods.hmpg", true);
Line Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=irtest1&chnl=irtest1&cd=2XzuyEtN2Y1L1QzuyBzz0EyEtDtD0AzztB0ByD0AyCzy0C0EtN0D0Tzu0StCzytCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1626486[...]
Line Deleted : user_pref("extensions.funmoods.id", "78E400A82B5A69CE");
Line Deleted : user_pref("extensions.funmoods.instlDay", "15531");
Line Deleted : user_pref("extensions.funmoods.instlRef", "irtest1");
Line Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Line Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Line Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=irtest1&chnl=irtest1&cd=2XzuyEtN2Y1L1QzuyBzz0EyEtDtD0AzztB0ByD0AyCzy0C0EtN0D0Tzu0StCzytCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=16264[...]
Line Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Line Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Line Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Line Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Line Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=irtest1&chnl=irtest1&cd=2XzuyEtN2Y1L1QzuyBzz0EyEtDtD0AzztB0ByD0AyCzy0C0EtN0D0Tzu0StCzytCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=162[...]
Line Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Line Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Line Deleted : user_pref("extensions.funmoods_i.newTab", true);
Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.228:34:43");
Line Deleted : user_pref("extensions.plugin3@gameplaylabs.com.fr", "1359645488");
Line Deleted : user_pref("extensions.plugin3@gameplaylabs.com.ranonce", true);
Line Deleted : user_pref("extensions.plugin3@gameplaylabs.com.rule_/", "1359645490");
Line Deleted : user_pref("extensions.plugin3@gameplaylabs.com.var_installerid", "vid-exe");
Line Deleted : user_pref("extensions.plugin3@gameplaylabs.com.var_pid", "5");
Line Deleted : user_pref("extensions.plugin3@gameplaylabs.com.var_revision", "5");
Line Deleted : user_pref("extensions.plugin3@gameplaylabs.com.var_source", "4caa425a93dbdb1f6d1082322");
Line Deleted : user_pref("extensions.plugin3@gameplaylabs.com.var_sub_id", "a-0-2398-9346-7103-0-54-0");
Line Deleted : user_pref("extensions.plugin3@gameplaylabs.com.var_zdata", "9346");
Line Deleted : user_pref("keyword.URL", "hxxp://websearch.lookforithere.info/?pid=964&r=2013/05/14&hid=1727478287&lg=EN&cc=CZ&unqvl=14&l=1&q=");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "WebSearch");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "WebSearch");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://websearch.lookforithere.info/?pid=964&r=2013/05/14&hid=1727478287&lg=EN&cc=CZ&unqvl=14");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://websearch.lookforithere.info/?pid=964&r=2013/05/14&hid=1727478287&lg=EN&cc=CZ&unqvl=14&l=1&q=");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");

-\\ Google Chrome v36.0.1985.125

*************************

AdwCleaner[R0].txt - [30973 octets] - [13/08/2014 16:19:43]
AdwCleaner[S0].txt - [29667 octets] - [13/08/2014 16:22:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [29728 octets] ##########

je to tu:)

avalancher · #10 Příspěvek od **avalancher** » 13 srp 2014 19:13

Je to tedy uz v pohode?

#11 Příspěvek od **vyosek** » 13 srp 2014 20:13

Odinstalujte Spybot - Search and Destroy

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Collect::
c:\users\Marek\AppData\Roaming\Microsoft\Networking\work.bat
c:\windows\SysWow64\msjbga.vbe
c:\windows\SysWow64\mspahnjb.vbe
c:\windows\SysWow64\msaypxv.vbe
c:\windows\system32\mncerry.vbe
c:\windows\inf\msstp.vbe
c:\windows\system32\msaypxv.vbe
c:\windows\system32\drivers\jqxubrgu.sys
c:\windows\system32\drivers\ojfeldub.sys
c:\windows\system32\drivers\oyhsizvy.sys

Driver::
jqxubrgu
ojfeldub
oyhsizvy


File::
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\DriverDoc_UPDATES.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\HPCeeScheduleForMarek.job

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
"Akamai NetSession Interface"=-
"Steam"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=-
"QuickTime Task"=-
"SwitchBoard"=-
"AdobeCS5ServiceManager"=-
"Acrobat Assistant 8.0"=-
"GrooveMonitor"=-
"Adobe ARM"=-
"msaypxvSrv"=-
"MSStp"=-
"mncerrySrv"=-
"LogMeIn Hamachi Ui"=-
"SunJavaUpdateSched"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"AdobeAAMUpdater-1.0"=-

RegNull::
[HKEY_USERS\S-1-5-21-1323881350-1781310941-3531503529-1000\Software\SecuROM\License information*]
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]

RegLock::
[HKEY_USERS\S-1-5-21-1323881350-1781310941-3531503529-1000\Software\Microsoft\Internet Explorer\Approved Extensions]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

avalancher · #12 Příspěvek od **avalancher** » 13 srp 2014 23:29

ComboFix 14-08-12.01 - Marek 13.08.2014 23:10:44.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3894.2596 [GMT 2:00]
Spuštěný z: c:\users\Marek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Marek\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk"
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk"
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\DriverDoc_UPDATES.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\HPCeeScheduleForMarek.job"
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
c:\users\Marek\AppData\Roaming\Microsoft\Networking\work.bat
c:\windows\inf\msstp.vbe
c:\windows\SysWow64\msaypxv.vbe
c:\windows\SysWow64\msjbga.vbe
c:\windows\SysWow64\mspahnjb.vbe
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\HPCeeScheduleForMarek.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_jqxubrgu
-------\Service_ojfeldub
-------\Service_oyhsizvy
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-13 do 2014-08-13 )))))))))))))))))))))))))))))))
.
.
2014-08-13 21:32 . 2014-08-13 21:32 -------- d-----w- c:\users\postgres\AppData\Local\temp
2014-08-13 21:32 . 2014-08-13 21:32 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-08-13 21:32 . 2014-08-13 21:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-13 21:32 . 2014-08-13 21:32 -------- d-----w- c:\users\ADMIN\AppData\Local\temp
2014-08-13 21:32 . 2014-08-13 21:32 -------- d-----w- c:\users\admin.Marek7\AppData\Local\temp
2014-08-13 14:21 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-08-13 14:19 . 2014-08-13 14:23 -------- d-----w- C:\AdwCleaner
2014-08-13 14:18 . 2014-08-13 14:18 -------- d-----w- c:\programdata\LightScribe
2014-08-13 14:17 . 2014-08-13 21:34 -------- d-----w- c:\windows\system32\MpEngineStore
2014-08-13 14:12 . 2014-08-13 14:22 -------- d-----w- C:\ba9a1eca6d0caa4b762074
2014-08-13 14:11 . 2014-08-13 14:15 -------- d-----w- c:\users\Marek\1_Plocha veci
2014-08-13 14:10 . 2014-08-13 14:09 319912 ----a-w- c:\windows\system32\javaws.exe
2014-08-13 14:09 . 2014-08-13 14:09 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-08-13 14:09 . 2014-08-13 14:09 189352 ----a-w- c:\windows\system32\javaw.exe
2014-08-13 14:09 . 2014-08-13 14:09 189352 ----a-w- c:\windows\system32\java.exe
2014-08-13 14:00 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-13 14:00 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-13 14:00 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-13 14:00 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-13 14:00 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-13 14:00 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-13 13:59 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-13 13:59 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-13 13:24 . 2014-05-03 10:40 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{704D1F4C-CDBD-4772-B74F-7925C4B0AF0B}\gapaengine.dll
2014-08-13 13:23 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3875ECDF-9A28-4262-BFCF-B8071388D322}\mpengine.dll
2014-08-13 13:06 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-13 11:30 . 2014-08-13 11:31 -------- d-----w- C:\rsit
2014-08-13 11:30 . 2014-08-13 11:30 -------- d-----w- c:\program files\trend micro
2014-08-13 07:59 . 2014-06-25 02:05 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-08-13 07:57 . 2014-07-25 12:57 1856512 ----a-w- c:\program files\Internet Explorer\MemoryAnalyzer.dll
2014-08-13 07:56 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-10 11:55 . 2014-08-10 11:55 -------- d-----w- c:\programdata\Riot Games
2014-08-08 07:19 . 2014-08-08 07:19 -------- d-----w- c:\program files (x86)\Common Files\PCSuite
2014-08-08 07:19 . 2014-08-08 07:19 -------- d-----w- c:\program files (x86)\Common Files\Nokia
2014-08-08 07:19 . 2012-06-11 09:33 26112 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys
2014-08-08 07:19 . 2014-08-08 07:19 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
2014-08-08 07:18 . 2014-08-08 07:19 -------- d-----w- c:\program files (x86)\Nokia
2014-08-04 07:35 . 2014-08-05 07:04 2216 ----a-w- c:\windows\system32\ASOROSet.bin
2014-08-02 16:32 . 2013-11-05 21:33 84992 ----a-w- c:\users\Marek\AppData\Roaming\Microsoft\Networking\zlib1.dll
2014-08-02 16:31 . 2013-11-05 21:33 364544 ----a-w- c:\users\Marek\AppData\Roaming\Microsoft\Networking\ssleay32.dll
2014-08-02 16:31 . 2013-11-05 21:33 1000462 ----a-w- c:\users\Marek\AppData\Roaming\Microsoft\Networking\winnetsvce.exe
2014-08-02 16:31 . 2014-02-27 19:41 72206 ----a-w- c:\users\Marek\AppData\Roaming\Microsoft\Networking\libwinpthread-1.dll
2014-08-02 16:31 . 2013-11-05 21:33 192512 ----a-w- c:\users\Marek\AppData\Roaming\Microsoft\Networking\libidn-11.dll
2014-08-02 16:31 . 2013-11-05 21:33 171008 ----a-w- c:\users\Marek\AppData\Roaming\Microsoft\Networking\libssh2.dll
2014-08-02 16:31 . 2013-11-05 21:33 1704448 ----a-w- c:\users\Marek\AppData\Roaming\Microsoft\Networking\libeay32.dll
2014-08-02 16:31 . 2013-11-05 21:33 133632 ----a-w- c:\users\Marek\AppData\Roaming\Microsoft\Networking\librtmp.dll
2014-08-02 16:31 . 2014-05-20 11:16 201728 ----a-w- c:\users\Marek\AppData\Roaming\Microsoft\Networking\inet32e.exe
2014-08-02 16:31 . 2013-11-05 21:33 538126 ----a-w- c:\users\Marek\AppData\Roaming\Microsoft\Networking\libcurl-4.dll
2014-08-02 16:31 . 2014-08-13 20:28 -------- d-----w- c:\users\Marek\AppData\Roaming\.minecraft
2014-08-02 16:20 . 2014-08-13 21:32 -------- d-----w- c:\users\Marek\AppData\Local\LogMeIn Hamachi
2014-08-02 16:20 . 2014-08-02 16:20 -------- d-----w- c:\users\Marek\AppData\Local\LogMeIn
2014-08-02 16:20 . 2014-08-02 16:20 -------- d-----w- c:\programdata\LogMeIn
2014-08-02 16:18 . 2014-08-02 16:18 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2014-07-30 21:37 . 2014-07-30 21:37 -------- d-----w- c:\program files\Vlak
2014-07-29 10:27 . 2014-07-29 10:27 -------- d-sh--w- c:\users\Marek\AppData\Local\EmieUserList
2014-07-29 10:27 . 2014-07-29 10:27 -------- d-sh--w- c:\users\Marek\AppData\Local\EmieSiteList
2014-07-29 10:26 . 2013-08-11 13:40 43520 --s-a-w- c:\windows\SysWow64\nircmdc.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-13 14:12 . 2010-09-24 17:32 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-07-08 23:28 . 2013-05-19 13:54 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-08 23:28 . 2011-05-28 17:11 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-18 02:18 . 2014-07-09 10:12 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 10:12 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-06 10:10 . 2014-07-09 10:11 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-09 10:11 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-09 10:10 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-09 10:09 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-09 10:09 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-05-30 08:08 . 2014-07-09 10:11 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-09 10:11 86528 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-09 10:11 340992 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-09 10:11 314880 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-09 10:11 307200 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-09 10:11 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-09 10:11 22016 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-09 10:11 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-09 10:11 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-09 10:11 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-09 10:11 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-09 10:11 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-09 10:11 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-09 10:11 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-09 10:12 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-05-29 10:31 . 2014-05-29 10:31 0 ---ha-w- c:\users\Marek\AppData\Local\BIT1112.tmp
2013-05-11 12:13 . 2013-05-11 12:13 19249152 ----a-w- c:\program files (x86)\Scia Licence utility.msi
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-01-25 61112]
.
c:\users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Marek\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-21 35464216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl840d74a4;MpKsl840d74a4;c:\windows\system32\MpEngineStore\MpKsl840d74a4.sys;c:\windows\SYSNATIVE\MpEngineStore\MpKsl840d74a4.sys [x]
R2 Service; Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Wisaroc;Wisaroc;c:\windows\Wisaroc.exe;c:\windows\Wisaroc.exe [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [x]
S2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;c:/postgreSQL/bin/pg_ctl.exe runservice -N postgresql-8.4 -D c:/postgreSQL/data -w;c:/postgreSQL/bin/pg_ctl.exe runservice -N postgresql-8.4 -D c:/postgreSQL/data -w [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtpt64.sys [x]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtbs64.sys [x]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvmdm64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 09:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-27 16:14 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-03-13 6234144]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-12 995840]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-03 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-03 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-03 410648]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Převést cíl vazby do Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Přidat do stávajícího PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
FF - ProfilePath - c:\users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\gjwehkf1.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{91951714-ECFF-9897-6539-8A0DC44A8453} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-MC BP-Modpack - c:\users\Marek\AppData\Roaming\.minecraft\uninst.exe
AddRemove-Portal 2 1.00 - c:\program files (x86)\Portal 2\Uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{2335A6E4-AE21-2CB5-F2AB-D1A2AB2D86F3}_is1 - c:\program files (x86)\MINECRAFT 1.4.5 2\unins000.exe
AddRemove-{495A8A3C-8FD0-4C46-9979-95C26181A1AB} - c:\program files (x86)\InstallShield Installation Information\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}\setup.exe
AddRemove-{C1C6816E-CBB3-A748-85F9-A8B47B68985B} - c:\programdata\contiinuuetooseauvee\uninstall.exe
AddRemove-{DBED7CA6-62FD-E4D4-FE58-FDA1A6460103}_is1 - c:\program files (x86)\MINECRAFT 1.4.5\unins000.exe
AddRemove-{E1C2AF29-E3FB-EFF6-1C3E-6C30F1435FBB}_is1 - c:\program files (x86)\Minecraft 1.4.5\unins000.exe
AddRemove-{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B} - c:\program files (x86)\InstallShield Installation Information\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\postgresql-8.4]
"ImagePath"="c:/postgreSQL/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"c:/postgreSQL/data\" -w"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\postgresql-8.4]
"ImagePath"="c:/postgreSQL/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"c:/postgreSQL/data\" -w"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\postgresql\bin\pg_ctl.exe
c:\postgresql\bin\postgres.exe
c:\postgresql\bin\postgres.exe
c:\postgresql\bin\postgres.exe
c:\postgresql\bin\postgres.exe
c:\postgresql\bin\postgres.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\users\Marek\AppData\Roaming\Dropbox\bin\Dropbox.exe
.
**************************************************************************
.
Celkový čas: 2014-08-13 23:59:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-08-13 21:59
ComboFix2.txt 2014-08-13 13:01
.
Před spuštěním: Volných bajtů: 251 253 915 648
Po spuštění: Volných bajtů: 251 347 161 088
.
- - End Of File - - CA111B2BFA612D3437562106DB179ECA
66B631854CD69025DB810B7CD723E806

Po restartu po me program chtel nahrani vzorku na internet tak jsem je tam nahral:

Your file was successfully submitted. Please let the user helping you know that you have submitted the file.

... davam vedet

#13 Příspěvek od **vyosek** » 14 srp 2014 08:34

Za nahrani dekujeme, slouzi pro dalsi vyvoj a aktualizaci ComboFixu

Jeste jeden skript pro ComboFix - postup stejny

Kód: Vybrat vše

KillAll::

Folder::
c:\program files (x86)\ICQ6Toolbar

Driver::
Service

DDS::
uInternet Settings,ProxyOverride = <local>

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]

RegNull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]

Reboot::

avalancher · #14 Příspěvek od **avalancher** » 14 srp 2014 09:29

ComboFix 14-08-12.01 - Marek 14.08.2014 9:45.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3894.2378 [GMT 2:00]
Spuštěný z: c:\users\Marek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Marek\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\eceibpcamaeeffalhcgliiccbbjopibm
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\eceibpcamaeeffalhcgliiccbbjopibm\1\51927c32e69ae3.48097131.js
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\eceibpcamaeeffalhcgliiccbbjopibm\1\background.html
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\eceibpcamaeeffalhcgliiccbbjopibm\1\content.js
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\eceibpcamaeeffalhcgliiccbbjopibm\1\lsdb.js
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\eceibpcamaeeffalhcgliiccbbjopibm\1\manifest.json
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\eceibpcamaeeffalhcgliiccbbjopibm\1\sqlite.js
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfggidhbgfeofofboapimpdanmjjdopg
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfggidhbgfeofofboapimpdanmjjdopg\1\51927c847c5427.81833360.js
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfggidhbgfeofofboapimpdanmjjdopg\1\background.html
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfggidhbgfeofofboapimpdanmjjdopg\1\content.js
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfggidhbgfeofofboapimpdanmjjdopg\1\lsdb.js
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfggidhbgfeofofboapimpdanmjjdopg\1\manifest.json
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfggidhbgfeofofboapimpdanmjjdopg\1\newtab.html
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfggidhbgfeofofboapimpdanmjjdopg\1\sqlite.js
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eceibpcamaeeffalhcgliiccbbjopibm
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eceibpcamaeeffalhcgliiccbbjopibm\000005.ldb
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eceibpcamaeeffalhcgliiccbbjopibm\000008.ldb
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eceibpcamaeeffalhcgliiccbbjopibm\000011.ldb
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eceibpcamaeeffalhcgliiccbbjopibm\000012.log
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eceibpcamaeeffalhcgliiccbbjopibm\CURRENT
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eceibpcamaeeffalhcgliiccbbjopibm\LOCK
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eceibpcamaeeffalhcgliiccbbjopibm\LOG
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eceibpcamaeeffalhcgliiccbbjopibm\LOG.old
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eceibpcamaeeffalhcgliiccbbjopibm\MANIFEST-000010
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jfggidhbgfeofofboapimpdanmjjdopg
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jfggidhbgfeofofboapimpdanmjjdopg\000005.ldb
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jfggidhbgfeofofboapimpdanmjjdopg\000008.ldb
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jfggidhbgfeofofboapimpdanmjjdopg\000011.ldb
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jfggidhbgfeofofboapimpdanmjjdopg\000012.log
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jfggidhbgfeofofboapimpdanmjjdopg\CURRENT
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jfggidhbgfeofofboapimpdanmjjdopg\LOCK
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jfggidhbgfeofofboapimpdanmjjdopg\LOG
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jfggidhbgfeofofboapimpdanmjjdopg\LOG.old
c:\users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jfggidhbgfeofofboapimpdanmjjdopg\MANIFEST-000010
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Service
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-14 do 2014-08-14 )))))))))))))))))))))))))))))))
.
.
2014-08-14 08:03 . 2014-08-14 08:03 -------- d-----w- c:\users\postgres\AppData\Local\temp
2014-08-14 08:03 . 2014-08-14 08:03 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-08-14 08:03 . 2014-08-14 08:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-14 08:03 . 2014-08-14 08:03 -------- d-----w- c:\users\ADMIN\AppData\Local\temp
2014-08-14 08:03 . 2014-08-14 08:03 -------- d-----w- c:\users\admin.Marek7\AppData\Local\temp
2014-08-13 22:39 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0E0B137-1B82-49F7-8D17-FC758BF03104}\mpengine.dll
2014-08-13 14:21 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-08-13 14:19 . 2014-08-13 14:23 -------- d-----w- C:\AdwCleaner
2014-08-13 14:18 . 2014-08-13 14:18 -------- d-----w- c:\programdata\LightScribe
2014-08-13 14:17 . 2014-08-13 21:34 -------- d-----w- c:\windows\system32\MpEngineStore
2014-08-13 14:12 . 2014-08-13 14:22 -------- d-----w- C:\ba9a1eca6d0caa4b762074
2014-08-13 14:11 . 2014-08-13 14:15 -------- d-----w- c:\users\Marek\1_Plocha veci
2014-08-13 14:10 . 2014-08-13 14:09 319912 ----a-w- c:\windows\system32\javaws.exe
2014-08-13 14:09 . 2014-08-13 14:09 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-08-13 14:09 . 2014-08-13 14:09 189352 ----a-w- c:\windows\system32\javaw.exe
2014-08-13 14:09 . 2014-08-13 14:09 189352 ----a-w- c:\windows\system32\java.exe
2014-08-13 14:00 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-13 14:00 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-13 14:00 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-13 14:00 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-13 14:00 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-13 14:00 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-13 13:59 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-13 13:59 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-13 13:24 . 2014-05-03 10:40 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{704D1F4C-CDBD-4772-B74F-7925C4B0AF0B}\gapaengine.dll
2014-08-13 13:06 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-13 11:30 . 2014-08-13 11:31 -------- d-----w- C:\rsit
2014-08-13 11:30 . 2014-08-13 11:30 -------- d-----w- c:\program files\trend micro
2014-08-13 07:59 . 2014-06-25 02:05 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-08-13 07:57 . 2014-07-25 12:57 1856512 ----a-w- c:\program files\Internet Explorer\MemoryAnalyzer.dll
2014-08-13 07:56 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-10 11:55 . 2014-08-10 11:55 -------- d-----w- c:\programdata\Riot Games
2014-08-08 07:19 . 2014-08-08 07:19 -------- d-----w- c:\program files (x86)\Common Files\PCSuite
2014-08-08 07:19 . 2014-08-08 07:19 -------- d-----w- c:\program files (x86)\Common Files\Nokia
2014-08-08 07:19 . 2012-06-11 09:33 26112 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys
2014-08-08 07:19 . 2014-08-08 07:19 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
2014-08-08 07:18 . 2014-08-08 07:19 -------- d-----w- c:\program files (x86)\Nokia
2014-08-04 07:35 . 2014-08-05 07:04 2216 ----a-w- c:\windows\system32\ASOROSet.bin
2014-08-02 16:32 . 2013-11-05 21:33 84992 ----a-w- c:\users\Marek\AppData\Roaming\Microsoft\Networking\zlib1.dll
2014-08-02 16:31 . 2013-11-05 21:33 364544 ----a-w- c:\users\Marek\AppData\Roaming\Microsoft\Networking\ssleay32.dll
2014-08-02 16:31 . 2013-11-05 21:33 1000462 ----a-w- c:\users\Marek\AppData\Roaming\Microsoft\Networking\winnetsvce.exe
2014-08-02 16:31 . 2014-02-27 19:41 72206 ----a-w- c:\users\Marek\AppData\Roaming\Microsoft\Networking\libwinpthread-1.dll
2014-08-02 16:31 . 2013-11-05 21:33 192512 ----a-w- c:\users\Marek\AppData\Roaming\Microsoft\Networking\libidn-11.dll
2014-08-02 16:31 . 2013-11-05 21:33 171008 ----a-w- c:\users\Marek\AppData\Roaming\Microsoft\Networking\libssh2.dll
2014-08-02 16:31 . 2013-11-05 21:33 1704448 ----a-w- c:\users\Marek\AppData\Roaming\Microsoft\Networking\libeay32.dll
2014-08-02 16:31 . 2013-11-05 21:33 133632 ----a-w- c:\users\Marek\AppData\Roaming\Microsoft\Networking\librtmp.dll
2014-08-02 16:31 . 2014-05-20 11:16 201728 ----a-w- c:\users\Marek\AppData\Roaming\Microsoft\Networking\inet32e.exe
2014-08-02 16:31 . 2013-11-05 21:33 538126 ----a-w- c:\users\Marek\AppData\Roaming\Microsoft\Networking\libcurl-4.dll
2014-08-02 16:31 . 2014-08-13 22:48 -------- d-----w- c:\users\Marek\AppData\Roaming\.minecraft
2014-08-02 16:20 . 2014-08-14 08:03 -------- d-----w- c:\users\Marek\AppData\Local\LogMeIn Hamachi
2014-08-02 16:20 . 2014-08-02 16:20 -------- d-----w- c:\users\Marek\AppData\Local\LogMeIn
2014-08-02 16:20 . 2014-08-02 16:20 -------- d-----w- c:\programdata\LogMeIn
2014-08-02 16:18 . 2014-08-02 16:18 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2014-07-30 21:37 . 2014-07-30 21:37 -------- d-----w- c:\program files\Vlak
2014-07-29 10:27 . 2014-07-29 10:27 -------- d-sh--w- c:\users\Marek\AppData\Local\EmieUserList
2014-07-29 10:27 . 2014-07-29 10:27 -------- d-sh--w- c:\users\Marek\AppData\Local\EmieSiteList
2014-07-29 10:26 . 2013-08-11 13:40 43520 --s-a-w- c:\windows\SysWow64\nircmdc.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-13 14:12 . 2010-09-24 17:32 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-07-08 23:28 . 2013-05-19 13:54 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-08 23:28 . 2011-05-28 17:11 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-18 02:18 . 2014-07-09 10:12 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 10:12 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-06 10:10 . 2014-07-09 10:11 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-09 10:11 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-09 10:10 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-09 10:09 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-09 10:09 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-05-30 08:08 . 2014-07-09 10:11 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-09 10:11 86528 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-09 10:11 340992 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-09 10:11 314880 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-09 10:11 307200 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-09 10:11 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-09 10:11 22016 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-09 10:11 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-09 10:11 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-09 10:11 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-09 10:11 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-09 10:11 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-09 10:11 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-09 10:11 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-09 10:12 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-05-29 10:31 . 2014-05-29 10:31 0 ---ha-w- c:\users\Marek\AppData\Local\BIT1112.tmp
2013-05-11 12:13 . 2013-05-11 12:13 19249152 ----a-w- c:\program files (x86)\Scia Licence utility.msi
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-01-25 61112]
.
c:\users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Marek\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-21 35464216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl840d74a4;MpKsl840d74a4;c:\windows\system32\MpEngineStore\MpKsl840d74a4.sys;c:\windows\SYSNATIVE\MpEngineStore\MpKsl840d74a4.sys [x]
R2 Service; Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Wisaroc;Wisaroc;c:\windows\Wisaroc.exe;c:\windows\Wisaroc.exe [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [x]
S2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;c:/postgreSQL/bin/pg_ctl.exe runservice -N postgresql-8.4 -D c:/postgreSQL/data -w;c:/postgreSQL/bin/pg_ctl.exe runservice -N postgresql-8.4 -D c:/postgreSQL/data -w [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtpt64.sys [x]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtbs64.sys [x]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvmdm64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 09:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-13 23:15 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-03-13 6234144]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-12 995840]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-03 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-03 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-03 410648]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Převést cíl vazby do Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Přidat do stávajícího PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\gjwehkf1.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{91951714-ECFF-9897-6539-8A0DC44A8453} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-MC BP-Modpack - c:\users\Marek\AppData\Roaming\.minecraft\uninst.exe
AddRemove-Portal 2 1.00 - c:\program files (x86)\Portal 2\Uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{2335A6E4-AE21-2CB5-F2AB-D1A2AB2D86F3}_is1 - c:\program files (x86)\MINECRAFT 1.4.5 2\unins000.exe
AddRemove-{495A8A3C-8FD0-4C46-9979-95C26181A1AB} - c:\program files (x86)\InstallShield Installation Information\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}\setup.exe
AddRemove-{C1C6816E-CBB3-A748-85F9-A8B47B68985B} - c:\programdata\contiinuuetooseauvee\uninstall.exe
AddRemove-{DBED7CA6-62FD-E4D4-FE58-FDA1A6460103}_is1 - c:\program files (x86)\MINECRAFT 1.4.5\unins000.exe
AddRemove-{E1C2AF29-E3FB-EFF6-1C3E-6C30F1435FBB}_is1 - c:\program files (x86)\Minecraft 1.4.5\unins000.exe
AddRemove-{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B} - c:\program files (x86)\InstallShield Installation Information\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\postgresql-8.4]
"ImagePath"="c:/postgreSQL/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"c:/postgreSQL/data\" -w"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\postgresql-8.4]
"ImagePath"="c:/postgreSQL/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"c:/postgreSQL/data\" -w"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\postgresql\bin\pg_ctl.exe
c:\postgresql\bin\postgres.exe
c:\postgresql\bin\postgres.exe
c:\postgresql\bin\postgres.exe
c:\postgresql\bin\postgres.exe
c:\postgresql\bin\postgres.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\users\Marek\AppData\Roaming\Dropbox\bin\Dropbox.exe
.
**************************************************************************
.
Celkový čas: 2014-08-14 10:20:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-08-14 08:20
ComboFix2.txt 2014-08-13 21:59
ComboFix3.txt 2014-08-13 13:01
.
Před spuštěním: Volných bajtů: 255 748 698 112
Po spuštění: Volných bajtů: 255 414 321 152
.
- - End Of File - - 4686C085306BD99CF09D0843F94516C7
66B631854CD69025DB810B7CD723E806

#15 Příspěvek od **vyosek** » 14 srp 2014 09:31

Jak se chova PC??

VIRY.CZ

winnetsvce problem s OpenCL.dll

winnetsvce problem s OpenCL.dll

Re: winnetsvce problem s OpenCL.dll

Re: winnetsvce problem s OpenCL.dll

Re: winnetsvce problem s OpenCL.dll

Re: winnetsvce problem s OpenCL.dll

Re: winnetsvce problem s OpenCL.dll

Re: winnetsvce problem s OpenCL.dll

Re: winnetsvce problem s OpenCL.dll

Re: winnetsvce problem s OpenCL.dll

Re: winnetsvce problem s OpenCL.dll

Re: winnetsvce problem s OpenCL.dll

Re: winnetsvce problem s OpenCL.dll

Re: winnetsvce problem s OpenCL.dll

Re: winnetsvce problem s OpenCL.dll

Re: winnetsvce problem s OpenCL.dll