Preventivní kontrola notebooku

[John10]

Zdravím, mohl bych poprosit o preventivku notebooku? Občas se mi zdá, že má celkem pomalé reakce. Děkuji

Logfile of random's system information tool 1.09 (written by random/random)
Run by John10 at 2011-10-14 23:28:31
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 461 GB (77%) free of 597 GB
Total RAM: 3767 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:28:38, on 14.10.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess32.exe
C:\Users\John10\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John10\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John10\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John10\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John10\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\John10\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John10\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John10\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John10\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\John10.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kr.yahoo.com/ilc101
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\John10\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NTI, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Acer ODD Power Service (ODDPwrSvc) - Acer Incorporated - C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VMware Workstation Server (VMwareHostd) - Unknown owner - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.16\bin\mysqld.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 13549 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 21029392
\??\C:\Windows\system32\conhost.exe "-1136398696-10106654817124712991410123861439390152-13577599501670296451267712859
C:\Windows\System32\spoolsv.exe
taskeng.exe {9C6308FE-AA44-4E51-A055-4F955E936E69}
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Program Files (x86)\Launch Manager\dsiwmis.exe"
"C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe"
"C:\Program Files (x86)\Acer\Registration\GREGsvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe"
"C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe"
"C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe"
"C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe"
C:\Windows\SysWOW64\vmnat.exe
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android
WLIDSvcM.exe 2620
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE3
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
"C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe"
"C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Launch Manager\LManager.exe"
"C:\Program Files (x86)\BlueStacks\HD-Network.exe" Android 0
\??\C:\Windows\system32\conhost.exe "-1199003546-133095095013513924531934483926285736954-15948867947084198171034500787
"C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe"
"C:\Program Files (x86)\Launch Manager\LMworker.exe"
C:\Windows\SysWOW64\vmnetdhcp.exe
"c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
C:\Windows\ehome\ehRecvr.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Users\John10\AppData\Local\Apps\2.0\CDRKY9WN.E8Y\6MMVPEVN.MXM\metr..tion_fcc08e2026e99b0f_0000.0008_9732142e3d73154d\MetroTwit.exe"
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess32.exe" /guid:391fce02-1048-4082-95a1-97b8f8df65b3 /pid:5568
\??\C:\Windows\system32\conhost.exe "-2050056135-6529838501846422617-356662684-350800238-18638594348443020841481146535
"C:\Users\John10\AppData\Local\Google\Chrome\Application\chrome.exe" --restore-last-session
"C:\Users\John10\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Prefetch/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/SuggestHostPrefix/Default_Prefix/WarmSocketImpact/warmest_socket/ --enable-print-preview --channel=5640.00A5A6E0.1359988654 --ignored=" --type=renderer " /prefetch:3
"C:\Users\John10\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Prefetch/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/SuggestHostPrefix/Default_Prefix/WarmSocketImpact/warmest_socket/ --enable-print-preview --channel=5640.00A5A580.176355624 --ignored=" --type=renderer " /prefetch:3
"C:\Users\John10\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Prefetch/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/SuggestHostPrefix/Default_Prefix/WarmSocketImpact/warmest_socket/ --enable-print-preview --channel=5640.043A5580.940923027 --ignored=" --type=renderer " /prefetch:3
"C:\Users\John10\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Prefetch/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/SuggestHostPrefix/Default_Prefix/WarmSocketImpact/warmest_socket/ --enable-print-preview --channel=5640.06CF0000.1488539995 /prefetch:3
C:\Windows\system32\rundll32.exe "C:\Users\John10\AppData\Local\Google\Chrome\APPLIC~1\150874~1.92\gcswf32.dll",BrokerMain browser=chrome
"C:\Users\John10\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\John10\AppData\Local\Google\Chrome\Application\15.0.874.92\gcswf32.dll" --lang=cs --channel=5640.0C3F5540.1601099066 --flash-broker=5864 /prefetch:4
"C:\Users\John10\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service --lang=cs
"C:\Users\John10\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --lang=cs --force-fieldtest=CacheListSize/CacheListSize_14/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Prefetch/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/SuggestHostPrefix/Default_Prefix/WarmSocketImpact/warmest_socket/ --enable-print-preview --channel=5640.0F463DC0.1465030767 --ignored=" --type=renderer " /prefetch:3
C:\Windows\system32\msiexec.exe /V
"C:\Users\John10\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=CacheListSize/CacheListSize_14/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Prefetch/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/SuggestHostPrefix/Default_Prefix/WarmSocketImpact/warmest_socket/ --enable-print-preview --channel=5640.0B92F160.1447854815 /prefetch:3
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe10_ Global\UsGthrCtrlFltPipeMssGthrPipe10 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey FA703191-F490-5A94-C41B-28CF25ECD0A3 -Reinvoke
"C:\Users\John10\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2571812427-918231049-1638034684-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2571812427-918231049-1638034684-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\John10\AppData\Roaming\Mozilla\Firefox\Profiles\0ylcuokl.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.0]
"Description"=ESN Sonar browser plugin
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=0.80.0]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@onlive.com/OlGameDetect,version=1.1.0.70351]
"Description"=
"Path"=C:\Program Files (x86)\OnLive\FirefoxPlugin\npolgdet.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18]
"Description"=Veetle TV Core
"Path"=C:\Program Files (x86)\Veetle\plugins\npVeetle.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18]
"Description"=Veetle TV Player
"Path"=C:\Program Files (x86)\Veetle\Player\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\John10\AppData\Roaming\Mozilla\Firefox\Profiles\0ylcuokl.default\extensions\
superstart@enjoyfreeware.org

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2011-08-09 75656]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08 3123072]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}]
DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08 3123072]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-04-22 10775072]
"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2010-04-22 2040352]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2009-04-09 320000]
"ODDPwr"=C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe [2010-04-22 223264]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-09-17 1842472]
"Acer ePower Management"=C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [2010-06-11 496160]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 1436736]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-08-25 161304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-08-25 386584]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-08-25 415256]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"=C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2011-08-12 3820032]
"Google Update"=C:\Users\John10\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-25 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-09-05 35736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeMovieService]
C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [2010-04-24 124136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AthBtTray]
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2010-07-29 377504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtherosBtStack]
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2010-07-29 594080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray]
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [2010-05-25 265984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent]
C:\Program Files (x86)\BlueStacks\HD-Agent.exe [2011-10-11 160096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe [2010-12-08 63360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2011-03-21 1230704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\John10\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-25 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Users\John10\AppData\Roaming\Google\Google Talk\googletalk.exe [2007-01-01 3739648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2011-05-25 1951112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2011-08-31 449608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2011-05-13 4283256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwlDaemon]
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [2010-05-27 349552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OscarEditor]
C:\Program Files (x86)\OSCAR Editor\OscarEditor.exe [2009-11-24 2642432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POPUPTV]
C:\Program Files (x86)\ASUS\PopupTV\ExpressTV.exe [2010-03-19 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files (x86)\QuickTime\QTTask.exe [2011-07-05 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartFind]
C:\Program Files (x86)\SmartFind\SmartFindUpt.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\steam.exe [2011-08-11 1242448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuiteTray]
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [2010-05-27 337264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [2011-08-22 103536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
c:\Program Files\Zune\ZuneLauncher.exe [2011-08-05 163552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
C:\PROGRA~2\Acer\ACERVC~1\AcerVCM.exe [2010-02-09 704032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2010-03-26 1125152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
C:\PROGRA~2\GAMERS~1\LIVE!\Live.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
C:\PROGRA~2\Secunia\PSI\psi_tray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk]
C:\PROGRA~2\ArcSoft\TOTALM~1.5\TMMONI~1.EXE [2009-07-27 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^John10^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
C:\Users\John10\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-05-25 24176560]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-03-04 284696]
"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2010-03-03 1300560]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-06-13 336384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-08-25 271360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-03-15 249344]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SolutoService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=95
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"VIDC.XFR1"=xfcodec64.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave5"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"mixer4"=wdmaud.drv
"midi5"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open - C:\Windows\NOTEPAD.EXE %1

======List of files/folders created in the last 1 month======

2011-10-14 21:32:04 ----D---- C:\ProgramData\Atheros
2011-10-14 21:18:57 ----D---- C:\Program Files (x86)\Bluetooth Suite
2011-10-14 20:56:16 ----D---- C:\wamp
2011-10-13 15:05:39 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-10-13 15:05:39 ----A---- C:\Windows\system32\mshtmled.dll
2011-10-13 15:05:38 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-10-13 15:05:38 ----A---- C:\Windows\SYSWOW64\url.dll
2011-10-13 15:05:38 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-10-13 15:05:38 ----A---- C:\Windows\system32\urlmon.dll
2011-10-13 15:05:38 ----A---- C:\Windows\system32\url.dll
2011-10-13 15:05:38 ----A---- C:\Windows\system32\iertutil.dll
2011-10-13 15:05:37 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-10-13 15:05:37 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-10-13 15:05:37 ----A---- C:\Windows\system32\wininet.dll
2011-10-13 15:05:37 ----A---- C:\Windows\system32\jsproxy.dll
2011-10-13 15:05:36 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-10-13 15:05:36 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2011-10-13 15:05:36 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-10-13 15:05:36 ----A---- C:\Windows\system32\jscript9.dll
2011-10-13 15:05:36 ----A---- C:\Windows\system32\jscript.dll
2011-10-13 15:05:36 ----A---- C:\Windows\system32\ieui.dll
2011-10-13 15:05:35 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-10-13 15:05:34 ----A---- C:\Windows\system32\mshtml.dll
2011-10-13 15:05:33 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-10-13 15:05:32 ----A---- C:\Windows\system32\ieframe.dll
2011-10-13 14:58:15 ----A---- C:\Windows\system32\win32k.sys
2011-10-13 14:58:14 ----A---- C:\Windows\SYSWOW64\psisdecd.dll
2011-10-13 14:58:14 ----A---- C:\Windows\system32\psisdecd.dll
2011-10-13 14:57:54 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2011-10-13 14:57:54 ----A---- C:\Windows\SYSWOW64\oleacc.dll
2011-10-13 14:57:54 ----A---- C:\Windows\system32\oleacc.dll
2011-10-13 14:57:53 ----A---- C:\Windows\system32\oleaut32.dll
2011-10-12 15:17:08 ----D---- C:\ProgramData\BlueStacks
2011-10-12 15:17:08 ----D---- C:\Program Files (x86)\BlueStacks
2011-10-09 16:54:25 ----D---- C:\Users\John10\AppData\Roaming\Bitcoin
2011-10-09 16:54:18 ----D---- C:\Program Files (x86)\Bitcoin
2011-10-02 15:11:49 ----D---- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-10-02 15:10:19 ----D---- C:\ProgramData\Apple Computer
2011-10-02 15:10:19 ----D---- C:\Program Files (x86)\QuickTime
2011-10-02 15:09:54 ----D---- C:\Program Files\Common Files\Apple
2011-10-02 15:09:36 ----D---- C:\Program Files\Bonjour
2011-10-02 15:09:36 ----D---- C:\Program Files (x86)\Bonjour
2011-10-02 15:09:23 ----D---- C:\ProgramData\Apple
2011-09-29 17:40:43 ----D---- C:\Program Files (x86)\Battlelog Web Plugins
2011-09-29 15:05:27 ----D---- C:\Users\John10\AppData\Roaming\Origin
2011-09-29 15:04:13 ----D---- C:\Program Files (x86)\Origin Games
2011-09-29 15:04:02 ----D---- C:\Program Files (x86)\Origin
2011-09-28 13:57:43 ----D---- C:\Program Files (x86)\sponsorkeyword
2011-09-28 13:57:37 ----D---- C:\Program Files (x86)\CodiGirls KM
2011-09-28 13:27:00 ----D---- C:\Users\John10\AppData\Roaming\Mozilla
2011-09-28 13:26:41 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-09-16 06:34:53 ----A---- C:\Windows\system32\drivers\vmx86.sys
2011-09-16 06:34:20 ----A---- C:\Windows\SYSWOW64\vmnetdhcp.exe
2011-09-16 06:34:16 ----A---- C:\Windows\SYSWOW64\vmnat.exe
2011-09-16 06:34:16 ----A---- C:\Windows\system32\drivers\vmnetuserif.sys
2011-09-16 06:34:05 ----A---- C:\Windows\system32\vnetlib64.dll
2011-09-16 06:32:41 ----A---- C:\Windows\system32\drivers\hcmon.sys
2011-09-16 06:31:14 ----D---- C:\Program Files (x86)\VMware
2011-09-16 06:30:54 ----D---- C:\Program Files\Common Files\VMware

======List of files/folders modified in the last 1 month======

2011-10-14 23:28:34 ----D---- C:\Program Files\trend micro
2011-10-14 23:28:17 ----D---- C:\Windows\Temp
2011-10-14 23:21:55 ----SHD---- C:\Windows\Installer
2011-10-14 23:21:49 ----RD---- C:\Program Files (x86)
2011-10-14 23:21:18 ----SHD---- C:\System Volume Information
2011-10-14 23:10:20 ----D---- C:\Users\John10\AppData\Roaming\Opera
2011-10-14 23:10:02 ----D---- C:\Windows\system32\catroot2
2011-10-14 22:12:31 ----D---- C:\Windows\system32\config
2011-10-14 22:01:54 ----D---- C:\ProgramData\VMware
2011-10-14 22:01:21 ----A---- C:\Windows\SYSWOW64\log.txt
2011-10-14 21:58:32 ----D---- C:\Windows\system32\DriverStore
2011-10-14 21:58:32 ----D---- C:\Windows\system32\catroot
2011-10-14 21:58:32 ----D---- C:\Windows\inf
2011-10-14 21:56:33 ----AD---- C:\Windows\System32
2011-10-14 21:56:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-10-14 21:36:07 ----D---- C:\ProgramData\boost_interprocess
2011-10-14 21:32:04 ----D---- C:\ProgramData
2011-10-14 21:27:56 ----D---- C:\Windows
2011-10-14 21:20:58 ----D---- C:\Windows\system32\drivers
2011-10-14 18:35:28 ----RSD---- C:\Windows\assembly
2011-10-14 18:31:29 ----D---- C:\Users\John10\AppData\Roaming\Skype
2011-10-13 20:40:24 ----D---- C:\Windows\Microsoft.NET
2011-10-13 18:27:51 ----D---- C:\Users\John10\AppData\Roaming\Media Player Classic
2011-10-13 15:19:51 ----D---- C:\Windows\winsxs
2011-10-13 15:17:32 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-10-13 15:16:46 ----D---- C:\Program Files (x86)\Internet Explorer
2011-10-13 15:16:45 ----D---- C:\Windows\SYSWOW64\migration
2011-10-13 15:16:45 ----D---- C:\Windows\SysWOW64
2011-10-13 15:16:45 ----D---- C:\Windows\system32\migration
2011-10-13 15:16:45 ----D---- C:\Windows\ehome
2011-10-13 15:16:45 ----D---- C:\Program Files\Internet Explorer
2011-10-13 15:12:13 ----D---- C:\Windows\debug
2011-10-13 15:12:09 ----A---- C:\Windows\system32\MRT.exe
2011-10-13 15:06:35 ----D---- C:\ProgramData\Microsoft Help
2011-10-12 15:17:41 ----D---- C:\Windows\system32\Tasks
2011-10-11 19:18:15 ----D---- C:\Users\John10\AppData\Roaming\FileZilla
2011-10-08 11:07:34 ----RD---- C:\Program Files
2011-10-08 11:06:33 ----DC---- C:\Windows\system32\DRVSTORE
2011-10-07 15:28:48 ----D---- C:\Program Files\CCleaner
2011-10-02 15:12:36 ----D---- C:\Users\John10\AppData\Roaming\Apple Computer
2011-10-02 15:09:54 ----D---- C:\Program Files\Common Files
2011-10-02 15:09:23 ----D---- C:\Program Files (x86)\Common Files
2011-10-02 00:02:58 ----D---- C:\Program Files (x86)\proXPN
2011-10-01 11:53:07 ----D---- C:\Program Files (x86)\Electronic Arts
2011-09-29 17:56:10 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2011-09-29 17:39:04 ----D---- C:\ProgramData\Electronic Arts
2011-09-29 17:34:16 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2011-09-29 16:50:13 ----D---- C:\ProgramData\Origin
2011-09-29 16:07:34 ----D---- C:\Windows\Logs
2011-09-29 15:02:31 ----D---- C:\Program Files (x86)\EA Sports
2011-09-29 06:28:59 ----D---- C:\Windows\Panther
2011-09-29 06:24:19 ----D---- C:\Windows\SYSWOW64\drivers
2011-09-28 16:49:20 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-28 13:50:20 ----D---- C:\Program Files\Defraggler
2011-09-25 21:29:19 ----D---- C:\Users\John10\AppData\Roaming\MaskMyIP
2011-09-25 21:29:19 ----D---- C:\ProgramData\MaskMyIP
2011-09-25 21:23:25 ----D---- C:\Users\John10\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2011-09-25 16:17:01 ----D---- C:\Users\John10\AppData\Roaming\Liteon
2011-09-25 12:48:30 ----SD---- C:\Users\John10\AppData\Roaming\Microsoft
2011-09-23 15:38:12 ----D---- C:\Windows\system32\wdi
2011-09-22 06:08:43 ----D---- C:\Windows\Prefetch
2011-09-17 17:57:19 ----D---- C:\Users\John10\AppData\Roaming\.minecraft
2011-09-16 14:29:11 ----D---- C:\Users\John10\AppData\Roaming\VMware
2011-09-16 14:25:11 ----D---- C:\Windows\system32\FxsTmp
2011-09-16 06:32:04 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2011-09-15 16:19:04 ----D---- C:\Users\John10\AppData\Roaming\DAEMON Tools Lite

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-03-04 540696]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-12-24 834544]
R0 vmci;VMware VMCI Bus Driver; C:\Windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 189440]
R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
R1 TsLwWfF;WiFi Capture Driver; C:\Windows\system32\DRIVERS\TsLwWfF.sys [2011-05-12 26728]
R2 BstHdDrv;BlueStacks Hypervisor; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2011-10-11 74592]
R2 cpuz134;cpuz134; \??\C:\Windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
R2 cpuz135;cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2011-08-21 39024]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-06-25 35344]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2011-08-22 45680]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2011-08-22 30320]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\drivers\vmx86.sys [2011-08-22 62064]
R3 Afc;PPdus ASPI Shell; C:\Windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-06-14 9319424]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-06-13 303616]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-05-06 125456]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2010-04-01 3060800]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2010-07-29 28832]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-04-22 2356000]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2010-08-25 10611552]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2009-12-22 74280]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-08-31 25416]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2010-04-28 18432]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-09-17 292912]
R3 tap0901;tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [2011-06-07 40128]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2010-04-28 17408]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2011-08-22 20080]
S3 AF9035BDA;ASUS U3100 Mini Plus BDA Devices; C:\Windows\System32\Drivers\AF9035BDA.sys [2009-07-16 492008]
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
S3 ASUSVRC64;ASUSTeK Virtual Capture Device; C:\Windows\system32\DRIVERS\AsusVRC64.sys [2008-10-13 23424]
S3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2010-07-29 36000]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2010-04-07 2216960]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2010-07-29 295072]
S3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2010-07-29 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2010-07-29 51872]
S3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2010-07-29 154272]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btwampfl;Bluetooth AMP USB Filter; C:\Windows\system32\drivers\btwampfl.sys [2010-03-05 335400]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-02-14 102440]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2010-01-13 135720]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-03-01 39464]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-01-13 21544]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CV2K1;CommView Network Monitor; C:\Windows\system32\DRIVERS\cv2k1.sys []
S3 epmntdrv;epmntdrv; \??\C:\Windows\syswow64\epmntdrv.sys [2011-03-24 14216]
S3 EuGdiDrv;EuGdiDrv; \??\C:\Windows\syswow64\EuGdiDrv.sys [2011-03-24 8456]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 pwdrvio;pwdrvio; \??\C:\Windows\syswow64\pwdrvio.sys []
S3 pwdspio;pwdspio; \??\C:\Windows\syswow64\pwdspio.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RTCore64;RTCore64; \??\C:\Program Files\RMClock\RTCore64.sys []
S3 RTL2832U_IRHID;HID Infrared Remote Receiver; C:\Windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-07-13 42912]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\Windows\system32\drivers\RTL2832UBDA.sys [2009-07-06 114080]
S3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\Windows\System32\Drivers\RTL2832UUSB.sys [2009-07-06 38944]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\Windows\system32\DRIVERS\s0016bus.sys [2008-05-16 115240]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 19496]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 158760]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 137256]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\Windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 34344]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s0016obex.sys [2008-05-16 136744]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\Windows\system32\DRIVERS\s0016unic.sys [2008-05-16 151592]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2011-08-15 146736]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
S4 RsFx0103;RsFx0103 Driver; C:\Windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-06-13 203264]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-05-25 37664]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2010-07-29 52896]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2011-07-12 387944]
R2 BstHdAndroidSvc;BlueStacks Android Service; C:\Program Files (x86)\BlueStacks\HD-Service.exe [2011-10-11 102752]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-03-26 920352]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-03-03 325200]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-06-11 821792]
R2 GREGService;GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-10-01 262144]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 12784]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-05-25 255744]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-04-17 144640]
R2 ODDPwrSvc;Acer ODD Power Service; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-04-22 171040]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2011-09-29 75136]
R2 RS_Service;Raw Socket Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [2011-08-22 79872]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\syswow64\vmnetdhcp.exe [2011-08-22 354416]
R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-21 846448]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\syswow64\vmnat.exe [2011-08-22 432752]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 135664]
S2 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S2 VMwareHostd;VMware Workstation Server; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-08-22 11837440]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service; C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 135664]
S3 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 2275720]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2010-09-17 57966424]
S3 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
S3 MWLService;MyWinLocker Service; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-04-17 50432]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2010-06-25 117264]
S3 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 430424]
S3 SQLBrowser;SQL Server Browser; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808]
S3 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-09-17 154968]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-08-11 411432]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [2010-02-03 244904]
S4 Updater Service;Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]

-----------------EOF-----------------

[Roli]

Zdravím, tohle fixni v HJT :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kr.yahoo.com/ilc101
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\John10\AppData\Local\Google\Update\GoogleUpdate.exe" /c

HJT najdeš zde :

C:\Program Files\trend micro\John10.exe

Fix znamená že spustíš HJT jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Přes Odebrat programy odinstaluj Pando Media Booster.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Pak použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !!!

[John10]

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Verze databáze: 7954

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

15.10.2011 20:44:16
mbam-log-2011-10-15 (20-44-16).txt

Typ: Rychlá kontrola
Kontrolované objekty: 182824
Uplynulý čas: 4 minut, 1 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[Roli]

Mbam (Malwarebytes' Anti-Malware) odinstaluj.


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

[John10]

ComboFix 11-10-15.04 - John10 15.10.2011 22:34:23.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3767.1936 [GMT 2:00]
Spuštěný z: c:\users\John10\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\sponsorkeyword
c:\program files (x86)\windows live\messenger\sensapi.dll
c:\users\John10\AppData\Roaming\chrtmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-15 do 2011-10-15 )))))))))))))))))))))))))))))))
.
.
2011-10-15 20:42 . 2011-10-15 20:42 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-10-15 20:42 . 2011-10-15 20:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-15 12:01 . 2011-10-15 12:01 -------- d-----w- c:\program files (x86)\vShare.tv plugin
2011-10-15 10:32 . 2011-10-15 10:32 -------- d-----w- c:\users\John10\AppData\Roaming\Box.Net
2011-10-15 10:28 . 2011-10-15 10:28 -------- d-----w- c:\program files (x86)\Box
2011-10-15 09:39 . 2011-10-15 09:39 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E930A44-72D4-48E5-BAA3-AF7E0196A347}\offreg.dll
2011-10-15 09:39 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E930A44-72D4-48E5-BAA3-AF7E0196A347}\mpengine.dll
2011-10-15 09:22 . 2011-10-15 09:32 -------- d-----w- C:\UsbFix
2011-10-14 19:32 . 2011-10-14 19:32 -------- d-----w- c:\programdata\Atheros
2011-10-14 19:27 . 2011-10-14 19:27 -------- d-----w- c:\users\John10\AppData\Local\BMExplorer
2011-10-14 19:18 . 2011-10-14 19:19 -------- d-----w- c:\program files (x86)\Bluetooth Suite
2011-10-14 18:56 . 2011-10-14 18:57 -------- d-----w- C:\wamp
2011-10-13 12:58 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 12:58 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 12:58 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 12:58 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-13 12:58 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-13 12:57 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 12:57 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-13 12:57 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-13 12:57 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 13:17 . 2011-10-12 13:18 -------- d-----w- c:\users\John10\AppData\Local\BlueStacks
2011-10-12 13:17 . 2011-10-12 13:18 -------- d-----w- c:\program files (x86)\BlueStacks
2011-10-12 13:17 . 2011-10-12 13:17 -------- d-----w- c:\programdata\BlueStacks
2011-10-11 13:02 . 2011-10-11 13:02 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9295EB70-4820-49E8-A3D2-421DECAE589A}\gapaengine.dll
2011-10-09 14:54 . 2011-10-09 14:54 -------- d-----w- c:\users\John10\AppData\Roaming\Bitcoin
2011-10-09 14:54 . 2011-10-09 14:54 -------- d-----w- c:\program files (x86)\Bitcoin
2011-10-02 13:11 . 2011-10-02 13:12 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-10-02 13:10 . 2011-10-02 13:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-10-02 13:10 . 2011-10-02 13:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-10-02 13:10 . 2011-10-02 13:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-10-02 13:10 . 2011-10-02 13:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-10-02 13:10 . 2011-10-02 13:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-10-02 13:10 . 2011-10-02 13:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-10-02 13:10 . 2011-10-02 13:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-10-02 13:10 . 2011-10-08 09:07 -------- d-----w- c:\programdata\Apple Computer
2011-10-02 13:10 . 2011-10-02 13:10 -------- d-----w- c:\program files (x86)\QuickTime
2011-10-02 13:10 . 2011-10-02 13:10 -------- d-----w- c:\users\John10\AppData\Local\Apple
2011-10-02 13:09 . 2011-10-02 13:09 -------- d-----w- c:\program files\Common Files\Apple
2011-10-02 13:09 . 2011-10-02 13:09 -------- d-----w- c:\program files\Bonjour
2011-10-02 13:09 . 2011-10-02 13:09 -------- d-----w- c:\program files (x86)\Bonjour
2011-10-02 13:09 . 2011-10-15 11:20 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-10-02 13:09 . 2011-10-02 13:09 -------- d-----w- c:\programdata\Apple
2011-09-29 15:43 . 2011-09-29 15:50 -------- d-----w- c:\users\John10\AppData\Local\ESN Sonar
2011-09-29 15:40 . 2011-09-29 15:40 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2011-09-29 14:11 . 2011-10-01 09:50 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2011-09-29 13:05 . 2011-09-29 13:05 -------- d-----w- c:\users\John10\AppData\Roaming\Origin
2011-09-29 13:05 . 2011-09-29 13:05 -------- d-----w- c:\users\John10\AppData\Local\Origin
2011-09-29 13:04 . 2011-09-29 13:04 -------- d-----w- c:\program files (x86)\Origin Games
2011-09-29 13:04 . 2011-09-29 13:07 -------- d-----w- c:\program files (x86)\Origin
2011-09-28 11:57 . 2011-09-28 11:57 -------- d-----w- c:\program files (x86)\CodiGirls KM
2011-09-17 13:36 . 2011-09-17 13:36 -------- d-----w- c:\users\John10\AppData\Local\CrashRpt
2011-09-16 04:48 . 2011-09-16 12:29 -------- d-----w- c:\users\John10\AppData\Local\VMware
2011-09-16 04:34 . 2011-08-22 15:07 62064 ----a-w- c:\windows\system32\drivers\vmx86.sys
2011-09-16 04:34 . 2011-08-22 15:07 354416 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2011-09-16 04:34 . 2011-08-22 15:06 432752 ----a-w- c:\windows\SysWow64\vmnat.exe
2011-09-16 04:34 . 2011-08-22 15:06 30320 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2011-09-16 04:34 . 2011-08-22 15:07 942192 ----a-w- c:\windows\system32\vnetlib64.dll
2011-09-16 04:32 . 2011-08-21 21:11 39024 ----a-w- c:\windows\system32\drivers\hcmon.sys
2011-09-16 04:31 . 2011-09-16 04:31 -------- d-----w- c:\program files (x86)\Common Files\VMware
2011-09-16 04:31 . 2011-09-16 04:31 -------- d-----w- c:\program files (x86)\VMware
2011-09-16 04:30 . 2011-09-16 04:30 -------- d-----w- c:\program files\Common Files\VMware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-15 09:32 . 2011-10-15 09:32 49329164 ----a-w- C:\UsbFix_Upload_Me_JOHN10-PC.zip
2011-10-12 15:19 . 2011-05-14 12:03 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-29 15:56 . 2011-03-04 17:50 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-09-29 15:56 . 2011-02-20 14:26 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-09-29 15:53 . 2011-02-20 14:26 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-09-29 15:34 . 2011-02-20 14:26 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-09-13 00:26 . 2010-12-25 08:12 9049936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-04 07:57 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-09-04 07:57 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-09-01 08:54 . 2011-09-01 08:54 111960 ----a-w- c:\windows\dxsdkuninst.exe
2011-08-31 15:00 . 2011-05-13 19:51 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 13:40 . 2011-08-22 13:40 252016 ----a-w- c:\windows\SysWow64\vmnc.dll
2011-08-22 13:12 . 2011-08-22 13:12 62064 ----a-w- c:\windows\system32\vmnetbridge.dll
2011-08-22 13:12 . 2011-08-22 13:12 48752 ----a-w- c:\windows\system32\vnetinst.dll
2011-08-22 13:12 . 2011-08-22 13:12 45680 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2011-08-22 13:12 . 2011-08-22 13:12 24176 ----a-w- c:\windows\system32\drivers\vmnet.sys
2011-08-22 13:12 . 2011-08-22 13:12 20080 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2011-08-15 12:32 . 2011-09-14 14:59 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-08-15 12:32 . 2011-09-14 14:58 128816 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-08-15 12:32 . 2011-08-15 12:32 146736 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-08-14 06:02 . 2011-08-27 21:53 2742791 ----a-w- c:\windows\allegro-5.0.4-monolith-md.dll
2011-08-14 05:58 . 2011-08-27 21:53 2848944 ----a-w- c:\windows\allegro-5.0.4-monolith-mt.dll
2011-08-14 05:45 . 2011-08-27 21:53 7693952 ----a-w- c:\windows\allegro-5.0.4-monolith-md-debug.dll
2011-08-14 05:41 . 2011-08-27 21:53 7799593 ----a-w- c:\windows\allegro-5.0.4-monolith-mt-debug.dll
2011-08-14 05:08 . 2011-08-27 21:53 571875 ----a-w- c:\windows\allegro_ttf-5.0.4-md.dll
2011-08-14 05:08 . 2011-08-27 21:53 571403 ----a-w- c:\windows\allegro_ttf-5.0.4-mt.dll
2011-08-14 05:08 . 2011-08-27 21:53 1623370 ----a-w- c:\windows\allegro_ttf-5.0.4-md-debug.dll
2011-08-14 05:08 . 2011-08-27 21:53 1622898 ----a-w- c:\windows\allegro_ttf-5.0.4-mt-debug.dll
2011-08-14 05:07 . 2011-08-27 21:53 94257 ----a-w- c:\windows\allegro_primitives-5.0.4-md.dll
2011-08-14 05:07 . 2011-08-27 21:53 93785 ----a-w- c:\windows\allegro_primitives-5.0.4-mt.dll
2011-08-14 05:06 . 2011-08-27 21:53 416238 ----a-w- c:\windows\allegro_primitives-5.0.4-md-debug.dll
2011-08-14 05:06 . 2011-08-27 21:53 415766 ----a-w- c:\windows\allegro_primitives-5.0.4-mt-debug.dll
2011-08-14 05:04 . 2011-08-27 21:53 253403 ----a-w- c:\windows\allegro_physfs-5.0.4-md.dll
2011-08-14 05:03 . 2011-08-27 21:53 264332 ----a-w- c:\windows\allegro_physfs-5.0.4-mt.dll
2011-08-14 05:02 . 2011-08-27 21:53 454464 ----a-w- c:\windows\allegro_physfs-5.0.4-md-debug.dll
2011-08-14 05:02 . 2011-08-27 21:53 463781 ----a-w- c:\windows\allegro_physfs-5.0.4-mt-debug.dll
2011-08-14 04:59 . 2011-08-27 21:53 56297 ----a-w- c:\windows\allegro_dialog-5.0.4-md.dll
2011-08-14 04:59 . 2011-08-27 21:53 55313 ----a-w- c:\windows\allegro_dialog-5.0.4-mt.dll
2011-08-14 04:59 . 2011-08-27 21:53 90272 ----a-w- c:\windows\allegro_dialog-5.0.4-md-debug.dll
2011-08-14 04:59 . 2011-08-27 21:53 89800 ----a-w- c:\windows\allegro_dialog-5.0.4-mt-debug.dll
2011-08-14 04:58 . 2011-08-27 21:53 27425 ----a-w- c:\windows\allegro_memfile-5.0.4-md.dll
2011-08-14 04:58 . 2011-08-27 21:53 26441 ----a-w- c:\windows\allegro_memfile-5.0.4-mt.dll
2011-08-14 04:58 . 2011-08-27 21:53 34834 ----a-w- c:\windows\allegro_memfile-5.0.4-md-debug.dll
2011-08-14 04:58 . 2011-08-27 21:53 34362 ----a-w- c:\windows\allegro_memfile-5.0.4-mt-debug.dll
2011-08-14 04:57 . 2011-08-27 21:53 310963 ----a-w- c:\windows\allegro_image-5.0.4-md.dll
2011-08-14 04:57 . 2011-08-27 21:53 401012 ----a-w- c:\windows\allegro_image-5.0.4-mt.dll
2011-08-14 04:57 . 2011-08-27 21:53 456303 ----a-w- c:\windows\allegro_image-5.0.4-md-debug.dll
2011-08-14 04:56 . 2011-08-27 21:53 546864 ----a-w- c:\windows\allegro_image-5.0.4-mt-debug.dll
2011-08-14 04:55 . 2011-08-27 21:53 45828 ----a-w- c:\windows\allegro_font-5.0.4-md.dll
2011-08-14 04:55 . 2011-08-27 21:53 45356 ----a-w- c:\windows\allegro_font-5.0.4-mt.dll
2011-08-14 04:55 . 2011-08-27 21:53 69873 ----a-w- c:\windows\allegro_font-5.0.4-md-debug.dll
2011-08-14 04:55 . 2011-08-27 21:53 68889 ----a-w- c:\windows\allegro_font-5.0.4-mt-debug.dll
2011-08-14 04:54 . 2011-08-27 21:53 34761 ----a-w- c:\windows\allegro_color-5.0.4-md.dll
2011-08-14 04:54 . 2011-08-27 21:53 33777 ----a-w- c:\windows\allegro_color-5.0.4-mt.dll
2011-08-14 04:54 . 2011-08-27 21:53 44641 ----a-w- c:\windows\allegro_color-5.0.4-md-debug.dll
2011-08-14 04:54 . 2011-08-27 21:53 43657 ----a-w- c:\windows\allegro_color-5.0.4-mt-debug.dll
2011-08-14 04:53 . 2011-08-27 21:53 597997 ----a-w- c:\windows\allegro_acodec-5.0.4-md.dll
2011-08-14 04:53 . 2011-08-27 21:53 610271 ----a-w- c:\windows\allegro_acodec-5.0.4-mt.dll
2011-08-14 04:53 . 2011-08-27 21:53 1287023 ----a-w- c:\windows\allegro_acodec-5.0.4-md-debug.dll
2011-08-14 04:53 . 2011-08-27 21:53 1298709 ----a-w- c:\windows\allegro_acodec-5.0.4-mt-debug.dll
2011-08-14 04:51 . 2011-08-27 21:53 308688 ----a-w- c:\windows\allegro_audio-5.0.4-md.dll
2011-08-14 04:51 . 2011-08-27 21:53 399249 ----a-w- c:\windows\allegro_audio-5.0.4-mt.dll
2011-08-14 04:50 . 2011-08-27 21:53 418780 ----a-w- c:\windows\allegro_audio-5.0.4-md-debug.dll
2011-08-14 04:50 . 2011-08-27 21:53 507805 ----a-w- c:\windows\allegro_audio-5.0.4-mt-debug.dll
2011-08-14 04:46 . 2011-08-27 21:53 1240482 ----a-w- c:\windows\allegro-5.0.4-md.dll
2011-08-14 04:43 . 2011-08-27 21:53 1336373 ----a-w- c:\windows\allegro-5.0.4-mt.dll
2011-08-14 04:36 . 2011-08-27 21:53 3618896 ----a-w- c:\windows\allegro-5.0.4-md-debug.dll
2011-08-14 04:34 . 2011-08-27 21:53 3715299 ----a-w- c:\windows\allegro-5.0.4-mt-debug.dll
2011-08-09 13:36 . 2011-01-15 11:27 627600 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-08 12:59 . 2011-08-08 12:59 67184 ----a-w- c:\windows\system32\vsocklib.dll
2011-08-08 12:59 . 2011-08-08 12:59 63088 ----a-w- c:\windows\SysWow64\vsocklib.dll
2011-08-08 12:59 . 2011-08-08 12:59 116336 ----a-w- c:\windows\system32\drivers\vmci.sys
2011-07-31 06:51 . 2011-07-31 06:51 71680 ----a-w- c:\windows\system32\frapsv64.dll
2011-07-31 06:51 . 2011-07-31 06:51 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}]
2011-09-22 16:58 177712 ----a-w- c:\program files (x86)\vShare.tv plugin\BarLcher.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"= "c:\program files (x86)\vShare.tv plugin\BarLcher.dll" [2011-09-22 177712]
.
[HKEY_CLASSES_ROOT\clsid\{7ac3e13b-3bca-4158-b330-f66dbb03c1b5}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1]
[HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\John10\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\John10\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\John10\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2011-08-12 3820032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-03 1300560]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-13 336384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 135664]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-08-22 11837440]
R3 AF9035BDA;ASUS U3100 Mini Plus BDA Devices;c:\windows\system32\Drivers\AF9035BDA.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 ASUSVRC64;ASUSTeK Virtual Capture Device;c:\windows\system32\DRIVERS\AsusVRC64.sys [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 9096]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 135664]
R3 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 2275720]
R3 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-04-17 50432]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RTCore64;RTCore64;c:\program files\RMClock\RTCore64.sys [x]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [x]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [x]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [x]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [x]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [x]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [x]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [x]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [x]
R3 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 430424]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 TsLwWfF;WiFi Capture Driver;c:\windows\system32\DRIVERS\TsLwWfF.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-07-29 52896]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2011-10-11 74592]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-03-03 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-06-11 821792]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-05-25 255744]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-04-17 144640]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-04-22 171040]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-21 846448]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S4 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 02:23]
.
2011-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 02:23]
.
2011-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2571812427-918231049-1638034684-1000Core.job
- c:\users\John10\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-25 02:23]
.
2011-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2571812427-918231049-1638034684-1000UA.job
- c:\users\John10\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-25 02:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\John10\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\John10\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\John10\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\John10\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-22 10775072]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-04-22 2040352]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-04-22 223264]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-06-11 496160]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://startsear.ch/?aff=1
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\John10\AppData\Roaming\Mozilla\Firefox\Profiles\0ylcuokl.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&src=sp&cf=734b4b6a-f725-11e0-b6de-005056c00008&q=
.
.
------- Asociace souborů -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
SafeBoot-SolutoService
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e,
5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:78,b0,95,b5,e6,1e,cc,01
.
[HKEY_USERS\S-1-5-21-2571812427-918231049-1638034684-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2571812427-918231049-1638034684-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2571812427-918231049-1638034684-1000\Software\SecuROM\License information*]
"datasecu"=hex:13,c0,e1,98,48,34,8e,8e,36,00,6d,22,14,8a,51,c3,d7,48,69,32,d7,
ba,ac,a5,42,ff,92,3b,21,28,b2,ce,9e,6d,5f,1a,77,1a,1a,ee,bc,e2,d1,aa,e6,ef,\
"rkeysecu"=hex:4a,bc,bc,29,47,a8,86,60,27,bf,5c,cb,5d,f5,72,9d
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/sma ... nts/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/sma ... A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\VMware, Inc.\VMnetLibSaved\VMnetBridge]
@DACL=(02 0000)
.
Celkový čas: 2011-10-15 22:45:23
ComboFix-quarantined-files.txt 2011-10-15 20:45
ComboFix2.txt 2011-05-13 22:13
.
Před spuštěním: Volných bajtů: 484 282 974 208
Po spuštění: Volných bajtů: 485 115 228 160
.
- - End Of File - - 57F5A60A12730DD8571E1B86E99461B3

[Roli]

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

FireFox::  
FF - ProfilePath - c:\users\John10\AppData\Roaming\Mozilla\Firefox\Profiles\0ylcuokl.default\
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&src=sp&cf=73 ... 6c00008&q=

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[John10]

ComboFix 11-10-15.04 - John10 16.10.2011 0:11.6.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3767.1844 [GMT 2:00]
Spuštěný z: c:\users\John10\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\John10\Desktop\CFScript.txt.TXT
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-15 do 2011-10-15 )))))))))))))))))))))))))))))))
.
.
2011-10-15 22:15 . 2011-10-15 22:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-10-15 22:15 . 2011-10-15 22:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-15 22:09 . 2011-10-15 22:09 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{65E577DC-D14B-4FB0-8BFA-1BA2F5B9173A}\offreg.dll
2011-10-15 22:09 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{65E577DC-D14B-4FB0-8BFA-1BA2F5B9173A}\mpengine.dll
2011-10-15 12:01 . 2011-10-15 12:01 -------- d-----w- c:\program files (x86)\vShare.tv plugin
2011-10-15 10:32 . 2011-10-15 10:32 -------- d-----w- c:\users\John10\AppData\Roaming\Box.Net
2011-10-15 10:28 . 2011-10-15 10:28 -------- d-----w- c:\program files (x86)\Box
2011-10-15 09:22 . 2011-10-15 09:32 -------- d-----w- C:\UsbFix
2011-10-14 19:32 . 2011-10-14 19:32 -------- d-----w- c:\programdata\Atheros
2011-10-14 19:27 . 2011-10-14 19:27 -------- d-----w- c:\users\John10\AppData\Local\BMExplorer
2011-10-14 19:18 . 2011-10-14 19:19 -------- d-----w- c:\program files (x86)\Bluetooth Suite
2011-10-14 18:56 . 2011-10-14 18:57 -------- d-----w- C:\wamp
2011-10-13 12:58 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 12:58 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 12:58 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 12:58 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-13 12:58 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-13 12:57 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 12:57 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-13 12:57 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-13 12:57 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 13:17 . 2011-10-12 13:18 -------- d-----w- c:\users\John10\AppData\Local\BlueStacks
2011-10-12 13:17 . 2011-10-12 13:18 -------- d-----w- c:\program files (x86)\BlueStacks
2011-10-12 13:17 . 2011-10-12 13:17 -------- d-----w- c:\programdata\BlueStacks
2011-10-11 13:02 . 2011-10-11 13:02 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9295EB70-4820-49E8-A3D2-421DECAE589A}\gapaengine.dll
2011-10-09 14:54 . 2011-10-09 14:54 -------- d-----w- c:\users\John10\AppData\Roaming\Bitcoin
2011-10-09 14:54 . 2011-10-09 14:54 -------- d-----w- c:\program files (x86)\Bitcoin
2011-10-02 13:11 . 2011-10-02 13:12 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-10-02 13:10 . 2011-10-02 13:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-10-02 13:10 . 2011-10-02 13:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-10-02 13:10 . 2011-10-02 13:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-10-02 13:10 . 2011-10-02 13:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-10-02 13:10 . 2011-10-02 13:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-10-02 13:10 . 2011-10-02 13:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-10-02 13:10 . 2011-10-02 13:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-10-02 13:10 . 2011-10-08 09:07 -------- d-----w- c:\programdata\Apple Computer
2011-10-02 13:10 . 2011-10-02 13:10 -------- d-----w- c:\program files (x86)\QuickTime
2011-10-02 13:10 . 2011-10-02 13:10 -------- d-----w- c:\users\John10\AppData\Local\Apple
2011-10-02 13:09 . 2011-10-02 13:09 -------- d-----w- c:\program files\Common Files\Apple
2011-10-02 13:09 . 2011-10-02 13:09 -------- d-----w- c:\program files\Bonjour
2011-10-02 13:09 . 2011-10-02 13:09 -------- d-----w- c:\program files (x86)\Bonjour
2011-10-02 13:09 . 2011-10-15 11:20 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-10-02 13:09 . 2011-10-02 13:09 -------- d-----w- c:\programdata\Apple
2011-09-29 15:43 . 2011-09-29 15:50 -------- d-----w- c:\users\John10\AppData\Local\ESN Sonar
2011-09-29 15:40 . 2011-09-29 15:40 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2011-09-29 14:11 . 2011-10-01 09:50 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2011-09-29 13:05 . 2011-09-29 13:05 -------- d-----w- c:\users\John10\AppData\Roaming\Origin
2011-09-29 13:05 . 2011-09-29 13:05 -------- d-----w- c:\users\John10\AppData\Local\Origin
2011-09-29 13:04 . 2011-09-29 13:04 -------- d-----w- c:\program files (x86)\Origin Games
2011-09-29 13:04 . 2011-09-29 13:07 -------- d-----w- c:\program files (x86)\Origin
2011-09-28 11:57 . 2011-09-28 11:57 -------- d-----w- c:\program files (x86)\CodiGirls KM
2011-09-17 13:36 . 2011-09-17 13:36 -------- d-----w- c:\users\John10\AppData\Local\CrashRpt
2011-09-16 04:48 . 2011-09-16 12:29 -------- d-----w- c:\users\John10\AppData\Local\VMware
2011-09-16 04:34 . 2011-08-22 15:07 62064 ----a-w- c:\windows\system32\drivers\vmx86.sys
2011-09-16 04:34 . 2011-08-22 15:07 354416 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2011-09-16 04:34 . 2011-08-22 15:06 432752 ----a-w- c:\windows\SysWow64\vmnat.exe
2011-09-16 04:34 . 2011-08-22 15:06 30320 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2011-09-16 04:34 . 2011-08-22 15:07 942192 ----a-w- c:\windows\system32\vnetlib64.dll
2011-09-16 04:32 . 2011-08-21 21:11 39024 ----a-w- c:\windows\system32\drivers\hcmon.sys
2011-09-16 04:31 . 2011-09-16 04:31 -------- d-----w- c:\program files (x86)\Common Files\VMware
2011-09-16 04:31 . 2011-09-16 04:31 -------- d-----w- c:\program files (x86)\VMware
2011-09-16 04:30 . 2011-09-16 04:30 -------- d-----w- c:\program files\Common Files\VMware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-15 09:32 . 2011-10-15 09:32 49329164 ----a-w- C:\UsbFix_Upload_Me_JOHN10-PC.zip
2011-10-12 15:19 . 2011-05-14 12:03 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-29 15:56 . 2011-03-04 17:50 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-09-29 15:56 . 2011-02-20 14:26 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-09-29 15:53 . 2011-02-20 14:26 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-09-29 15:34 . 2011-02-20 14:26 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-09-13 00:26 . 2010-12-25 08:12 9049936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-04 07:57 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-09-04 07:57 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-09-01 08:54 . 2011-09-01 08:54 111960 ----a-w- c:\windows\dxsdkuninst.exe
2011-08-31 15:00 . 2011-05-13 19:51 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 13:40 . 2011-08-22 13:40 252016 ----a-w- c:\windows\SysWow64\vmnc.dll
2011-08-22 13:12 . 2011-08-22 13:12 62064 ----a-w- c:\windows\system32\vmnetbridge.dll
2011-08-22 13:12 . 2011-08-22 13:12 48752 ----a-w- c:\windows\system32\vnetinst.dll
2011-08-22 13:12 . 2011-08-22 13:12 45680 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2011-08-22 13:12 . 2011-08-22 13:12 24176 ----a-w- c:\windows\system32\drivers\vmnet.sys
2011-08-22 13:12 . 2011-08-22 13:12 20080 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2011-08-15 12:32 . 2011-09-14 14:59 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-08-15 12:32 . 2011-09-14 14:58 128816 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-08-15 12:32 . 2011-08-15 12:32 146736 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-08-14 06:02 . 2011-08-27 21:53 2742791 ----a-w- c:\windows\allegro-5.0.4-monolith-md.dll
2011-08-14 05:58 . 2011-08-27 21:53 2848944 ----a-w- c:\windows\allegro-5.0.4-monolith-mt.dll
2011-08-14 05:45 . 2011-08-27 21:53 7693952 ----a-w- c:\windows\allegro-5.0.4-monolith-md-debug.dll
2011-08-14 05:41 . 2011-08-27 21:53 7799593 ----a-w- c:\windows\allegro-5.0.4-monolith-mt-debug.dll
2011-08-14 05:08 . 2011-08-27 21:53 571875 ----a-w- c:\windows\allegro_ttf-5.0.4-md.dll
2011-08-14 05:08 . 2011-08-27 21:53 571403 ----a-w- c:\windows\allegro_ttf-5.0.4-mt.dll
2011-08-14 05:08 . 2011-08-27 21:53 1623370 ----a-w- c:\windows\allegro_ttf-5.0.4-md-debug.dll
2011-08-14 05:08 . 2011-08-27 21:53 1622898 ----a-w- c:\windows\allegro_ttf-5.0.4-mt-debug.dll
2011-08-14 05:07 . 2011-08-27 21:53 94257 ----a-w- c:\windows\allegro_primitives-5.0.4-md.dll
2011-08-14 05:07 . 2011-08-27 21:53 93785 ----a-w- c:\windows\allegro_primitives-5.0.4-mt.dll
2011-08-14 05:06 . 2011-08-27 21:53 416238 ----a-w- c:\windows\allegro_primitives-5.0.4-md-debug.dll
2011-08-14 05:06 . 2011-08-27 21:53 415766 ----a-w- c:\windows\allegro_primitives-5.0.4-mt-debug.dll
2011-08-14 05:04 . 2011-08-27 21:53 253403 ----a-w- c:\windows\allegro_physfs-5.0.4-md.dll
2011-08-14 05:03 . 2011-08-27 21:53 264332 ----a-w- c:\windows\allegro_physfs-5.0.4-mt.dll
2011-08-14 05:02 . 2011-08-27 21:53 454464 ----a-w- c:\windows\allegro_physfs-5.0.4-md-debug.dll
2011-08-14 05:02 . 2011-08-27 21:53 463781 ----a-w- c:\windows\allegro_physfs-5.0.4-mt-debug.dll
2011-08-14 04:59 . 2011-08-27 21:53 56297 ----a-w- c:\windows\allegro_dialog-5.0.4-md.dll
2011-08-14 04:59 . 2011-08-27 21:53 55313 ----a-w- c:\windows\allegro_dialog-5.0.4-mt.dll
2011-08-14 04:59 . 2011-08-27 21:53 90272 ----a-w- c:\windows\allegro_dialog-5.0.4-md-debug.dll
2011-08-14 04:59 . 2011-08-27 21:53 89800 ----a-w- c:\windows\allegro_dialog-5.0.4-mt-debug.dll
2011-08-14 04:58 . 2011-08-27 21:53 27425 ----a-w- c:\windows\allegro_memfile-5.0.4-md.dll
2011-08-14 04:58 . 2011-08-27 21:53 26441 ----a-w- c:\windows\allegro_memfile-5.0.4-mt.dll
2011-08-14 04:58 . 2011-08-27 21:53 34834 ----a-w- c:\windows\allegro_memfile-5.0.4-md-debug.dll
2011-08-14 04:58 . 2011-08-27 21:53 34362 ----a-w- c:\windows\allegro_memfile-5.0.4-mt-debug.dll
2011-08-14 04:57 . 2011-08-27 21:53 310963 ----a-w- c:\windows\allegro_image-5.0.4-md.dll
2011-08-14 04:57 . 2011-08-27 21:53 401012 ----a-w- c:\windows\allegro_image-5.0.4-mt.dll
2011-08-14 04:57 . 2011-08-27 21:53 456303 ----a-w- c:\windows\allegro_image-5.0.4-md-debug.dll
2011-08-14 04:56 . 2011-08-27 21:53 546864 ----a-w- c:\windows\allegro_image-5.0.4-mt-debug.dll
2011-08-14 04:55 . 2011-08-27 21:53 45828 ----a-w- c:\windows\allegro_font-5.0.4-md.dll
2011-08-14 04:55 . 2011-08-27 21:53 45356 ----a-w- c:\windows\allegro_font-5.0.4-mt.dll
2011-08-14 04:55 . 2011-08-27 21:53 69873 ----a-w- c:\windows\allegro_font-5.0.4-md-debug.dll
2011-08-14 04:55 . 2011-08-27 21:53 68889 ----a-w- c:\windows\allegro_font-5.0.4-mt-debug.dll
2011-08-14 04:54 . 2011-08-27 21:53 34761 ----a-w- c:\windows\allegro_color-5.0.4-md.dll
2011-08-14 04:54 . 2011-08-27 21:53 33777 ----a-w- c:\windows\allegro_color-5.0.4-mt.dll
2011-08-14 04:54 . 2011-08-27 21:53 44641 ----a-w- c:\windows\allegro_color-5.0.4-md-debug.dll
2011-08-14 04:54 . 2011-08-27 21:53 43657 ----a-w- c:\windows\allegro_color-5.0.4-mt-debug.dll
2011-08-14 04:53 . 2011-08-27 21:53 597997 ----a-w- c:\windows\allegro_acodec-5.0.4-md.dll
2011-08-14 04:53 . 2011-08-27 21:53 610271 ----a-w- c:\windows\allegro_acodec-5.0.4-mt.dll
2011-08-14 04:53 . 2011-08-27 21:53 1287023 ----a-w- c:\windows\allegro_acodec-5.0.4-md-debug.dll
2011-08-14 04:53 . 2011-08-27 21:53 1298709 ----a-w- c:\windows\allegro_acodec-5.0.4-mt-debug.dll
2011-08-14 04:51 . 2011-08-27 21:53 308688 ----a-w- c:\windows\allegro_audio-5.0.4-md.dll
2011-08-14 04:51 . 2011-08-27 21:53 399249 ----a-w- c:\windows\allegro_audio-5.0.4-mt.dll
2011-08-14 04:50 . 2011-08-27 21:53 418780 ----a-w- c:\windows\allegro_audio-5.0.4-md-debug.dll
2011-08-14 04:50 . 2011-08-27 21:53 507805 ----a-w- c:\windows\allegro_audio-5.0.4-mt-debug.dll
2011-08-14 04:46 . 2011-08-27 21:53 1240482 ----a-w- c:\windows\allegro-5.0.4-md.dll
2011-08-14 04:43 . 2011-08-27 21:53 1336373 ----a-w- c:\windows\allegro-5.0.4-mt.dll
2011-08-14 04:36 . 2011-08-27 21:53 3618896 ----a-w- c:\windows\allegro-5.0.4-md-debug.dll
2011-08-14 04:34 . 2011-08-27 21:53 3715299 ----a-w- c:\windows\allegro-5.0.4-mt-debug.dll
2011-08-09 13:36 . 2011-01-15 11:27 627600 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-08 12:59 . 2011-08-08 12:59 67184 ----a-w- c:\windows\system32\vsocklib.dll
2011-08-08 12:59 . 2011-08-08 12:59 63088 ----a-w- c:\windows\SysWow64\vsocklib.dll
2011-08-08 12:59 . 2011-08-08 12:59 116336 ----a-w- c:\windows\system32\drivers\vmci.sys
2011-07-31 06:51 . 2011-07-31 06:51 71680 ----a-w- c:\windows\system32\frapsv64.dll
2011-07-31 06:51 . 2011-07-31 06:51 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}]
2011-09-22 16:58 177712 ----a-w- c:\program files (x86)\vShare.tv plugin\BarLcher.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"= "c:\program files (x86)\vShare.tv plugin\BarLcher.dll" [2011-09-22 177712]
.
[HKEY_CLASSES_ROOT\clsid\{7ac3e13b-3bca-4158-b330-f66dbb03c1b5}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1]
[HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\John10\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\John10\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\John10\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2011-08-12 3820032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-03 1300560]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-13 336384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 135664]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-08-22 11837440]
R3 AF9035BDA;ASUS U3100 Mini Plus BDA Devices;c:\windows\system32\Drivers\AF9035BDA.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 ASUSVRC64;ASUSTeK Virtual Capture Device;c:\windows\system32\DRIVERS\AsusVRC64.sys [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 9096]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 135664]
R3 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 2275720]
R3 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-04-17 50432]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RTCore64;RTCore64;c:\program files\RMClock\RTCore64.sys [x]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [x]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [x]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [x]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [x]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [x]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [x]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [x]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [x]
R3 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 430424]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 TsLwWfF;WiFi Capture Driver;c:\windows\system32\DRIVERS\TsLwWfF.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-07-29 52896]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2011-10-11 74592]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-03-03 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-06-11 821792]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-05-25 255744]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-04-17 144640]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-04-22 171040]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-21 846448]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S4 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 02:23]
.
2011-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 02:23]
.
2011-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2571812427-918231049-1638034684-1000Core.job
- c:\users\John10\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-25 02:23]
.
2011-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2571812427-918231049-1638034684-1000UA.job
- c:\users\John10\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-25 02:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\John10\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\John10\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\John10\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\John10\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-22 10775072]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-04-22 2040352]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-04-22 223264]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-06-11 496160]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://startsear.ch/?aff=1
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\John10\AppData\Roaming\Mozilla\Firefox\Profiles\0ylcuokl.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - google.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e,
5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:78,b0,95,b5,e6,1e,cc,01
.
[HKEY_USERS\S-1-5-21-2571812427-918231049-1638034684-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2571812427-918231049-1638034684-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2571812427-918231049-1638034684-1000\Software\SecuROM\License information*]
"datasecu"=hex:13,c0,e1,98,48,34,8e,8e,36,00,6d,22,14,8a,51,c3,d7,48,69,32,d7,
ba,ac,a5,42,ff,92,3b,21,28,b2,ce,9e,6d,5f,1a,77,1a,1a,ee,bc,e2,d1,aa,e6,ef,\
"rkeysecu"=hex:4a,bc,bc,29,47,a8,86,60,27,bf,5c,cb,5d,f5,72,9d
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/sma ... nts/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/sma ... A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\VMware, Inc.\VMnetLibSaved\VMnetBridge]
@DACL=(02 0000)
.
Celkový čas: 2011-10-16 00:17:01
ComboFix-quarantined-files.txt 2011-10-15 22:17
ComboFix2.txt 2011-10-15 22:08
ComboFix3.txt 2011-10-15 21:59
ComboFix4.txt 2011-10-15 20:45
ComboFix5.txt 2011-10-15 22:10
.
Před spuštěním: Volných bajtů: 484 720 594 944
Po spuštění: Volných bajtů: 484 652 154 880
.
- - End Of File - - 5377D6D09B67319D4CECFCA8C37E24D6

[Roli]

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Pak dej vědět jaký je stav PC.

[John10]

Počítač se zdá být v pohodě. Díky za pomoc

[Roli]

Není zač.