VIRY.CZ

Dobrý den,

nedávno mi začali z ničeho nic mizet soubory na přenosných discích. Oni tedy nezmizeli úplně, jen z nějakého důvodu se hodily jako neviditelné. Průzkumník je neviděl, zato Total Commander ano. Nešlo v nastavení odškrtnout neviditelnost, jediné co pomohlo bylo vytvořit nový soubor, podsoubory přesunout do nového soboru a ten starý smazat. Když jsem něco takového musel dělat, smazal jsem z inkriminovaného disku vše co tam nemělo být. Bylo to otravné, ale nic z čeho bych skákal pod vlak. Nicméně dnes se mi poprvé stalo, že soubory nevidí ani Total Comander, ale Podle průzkumníku je disk téměř plný, což by mělo být v pořádku. Nevíte co s tím?


Logfile of random's system information tool 1.09 (written by random/random)
Run by SMIDAK at 2012-10-15 14:34:38
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 313 GB (52%) free of 598 GB
Total RAM: 6079 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:34:43, on 15.10.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Šmíďák\Programy a prográmky\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\PC Suite\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Šmíďák\Programy a prográmky\Verbatim GREEN BUTTON\GREEN BUTTON.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Šmíďák\Programy a prográmky\Winamp\winamp.exe
C:\Šmíďák\Programy a prográmky\wincmd\TOTALCMD.EXE
C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
C:\Program Files\trend micro\SMIDAK.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5t5521l45p
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchamong.com/searchview.p ... s&bar=true
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchamong.com/searchview.p ... s&bar=true
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchamong.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5t5521l45p
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5t5521l45p
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchamong.com/searchview.p ... s&bar=true
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchamong.com/searchview.p ... s&bar=true
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SearchAmong Toolbar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files (x86)\SearchAmong Toolbar\SearchAmongToolbar.dll
O2 - BHO: CrossriderApp0005058 - {11111111-1111-1111-1111-110011501158} - C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.dll
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: SearchAmong Toolbar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files (x86)\SearchAmong Toolbar\SearchAmongToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files (x86)\PC Suite\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Šmíďák\Programy a prográmky\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Philips Device Listener] "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Šmíďák\Programy a prográmky\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files (x86)\PC Suite\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files (x86)\PC Suite\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Verbatim GREEN BUTTON.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &SearchAmong - res://C:\Program Files (x86)\SearchAmong Toolbar\SearchAmongToolbar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Acer ODD Power Service (ODDPwrSvc) - Acer Incorporated - C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\Partner.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files (x86)\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Šmíďák\Programy a prográmky\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 17084 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Program Files (x86)\Launch Manager\dsiwmis.exe"
"C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe"
"C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe"
"C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe"
"C:\Program Files (x86)\Common Files\Protexis\License Service\PSIService.exe"
"C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files\Acer\Acer Updater\UpdaterService.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
WLIDSvcM.exe 2116
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE3
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\PLFSetI.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"C:\Šmíďák\Programy a prográmky\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
"C:\Program Files (x86)\Launch Manager\LManager.exe"
"C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
"C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"C:\Program Files (x86)\PC Suite\Nokia PC Suite 6\LaunchApplication.exe" -startup
"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"
"C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe"
{5DC233FB-6659-4A06-BD1E-0FA74072F66E}
{529680E9-D093-4DA5-B512-0C6BA223A28F}
{D05A3A8E-C082-4E24-BC13-211F5CD46561}
"C:\Program Files (x86)\Launch Manager\LMworker.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Šmíďák\Programy a prográmky\Verbatim GREEN BUTTON\GREEN BUTTON.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=4732.137f8f20.411724119 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll" E7CF176E110C211B -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" 4732 "\\.\pipe\gecko-crash-server-pipe.4732" plugin
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe" --proxy-stub-channel=Flash5344.6D00F168.41 --host-broker-channel=Flash5344.6D00F168.18467 --host-pid=5344 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll"
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe" --channel=5384.003BF354.901873026 --proxy-stub-channel=Flash5344.6D00F168.41 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll" --host-npapi-version=27 --type=renderer
"C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe"
"C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe"
C:\Windows\system32\svchost.exe -k HPService
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Šmíďák\Programy a prográmky\Winamp\winamp.exe"
"C:\Šmíďák\Programy a prográmky\wincmd\TOTALCMD.EXE"
"C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
"C:\Šmíďák\Disk\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\SMIDAK\AppData\Roaming\Mozilla\Firefox\Profiles\tv2surgf.default

prefs.js - "browser.startup.homepage" - "http://www.centrum.cz/"
prefs.js - "keyword.URL" - "http://www.searchamong.com/searchview.p ... rue&query="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.287 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.287 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.dll
npwachk.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\SMIDAK\AppData\Roaming\Mozilla\Firefox\Profiles\tv2surgf.default\extensions\
centrumpomocnik@centrum.cz
crossriderapp5058@crossrider.com
{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

C:\Users\SMIDAK\AppData\Roaming\Mozilla\Firefox\Profiles\tv2surgf.default\searchplugins\
SearchAmong.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-09-05 537576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
Partner BHO Class - C:\ProgramData\Partner\Partner64.dll [2010-03-12 750064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-10-03 253584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll [2012-08-11 346096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-09-05 193512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}]
SearchAmong Toolbar - C:\Program Files (x86)\SearchAmong Toolbar\SearchAmongToolbar.dll [2012-05-09 311296]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011501158}]
Shopping Sidekick - C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.dll [2012-09-27 612736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]
Shopping Assistant Plugin - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll [2012-03-18 413568]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23 115072]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-09-05 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
Partner BHO Class - C:\ProgramData\Partner\Partner.dll [2010-03-12 433648]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-10-03 192144]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll [2012-08-11 1002992]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-09-05 157672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-10-03 253584]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - SearchAmong Toolbar - C:\Program Files (x86)\SearchAmong Toolbar\SearchAmongToolbar.dll [2012-05-09 311296]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-10-03 192144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-02-02 10038304]
"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2010-02-02 877600]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2010-02-05 324608]
"ODDPwr"=C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe [2010-02-05 222240]
"mwlDaemon"=C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe []
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-02-05 2046760]
"PLFSetI"=C:\Windows\PLFSetI.exe [2010-01-13 206208]
"Acer ePower Management"=C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [2010-03-10 496160]
"Logitech Download Assistant"=C:\Windows\System32\LogiLDA.dll [2010-11-03 1580368]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2012-09-12 1289704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-03-12 39408]
"DAEMON Tools Lite"=C:\Šmíďák\Programy a prográmky\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"ISUSPM"=C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-05-16 213936]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2009-12-24 284696]
"BackupManagerTray"=C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [2010-03-09 260608]
"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2010-02-25 1289296]
"MDS_Menu"=C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"ArcadeMovieService"=C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [2010-03-02 124136]
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2011-03-21 1230704]
"PCSuiteTrayApplication"=C:\Program Files (x86)\PC Suite\Nokia PC Suite 6\LaunchApplication.exe [2007-03-23 227328]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]
"UnlockerAssistant"=C:\Šmíďák\Programy a prográmky\Unlocker\UnlockerAssistant.exe []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"Philips Device Listener"=C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [2011-06-27 380416]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\SMIDAK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Verbatim GREEN BUTTON.lnk - C:\Šmíďák\Programy a prográmky\Verbatim GREEN BUTTON\GREEN BUTTON.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-10-15 14:34:38 ----D---- C:\rsit
2012-10-15 14:34:38 ----D---- C:\Program Files\trend micro
2012-10-15 14:22:39 ----D---- C:\Temp
2012-10-15 14:21:38 ----D---- C:\Users\SMIDAK\AppData\Roaming\Philips-Songbird
2012-10-15 14:19:49 ----D---- C:\ProgramData\{F0489EF2-D393-4114-85BA-A94D71D89543}
2012-10-15 14:19:49 ----A---- C:\Windows\SYSWOW64\GEARAspi.dll
2012-10-15 14:19:49 ----A---- C:\Windows\SYSWOW64\drivers\GEARAspiWDM.sys
2012-10-15 14:19:23 ----D---- C:\Program Files (x86)\Philips
2012-10-14 19:40:44 ----D---- C:\Program Files (x86)\Drakensang Online
2012-10-14 14:18:52 ----A---- C:\Windows\system32\drivers\ntfs.sys
2012-10-14 14:18:50 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-10-14 14:18:49 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-10-14 14:18:49 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-10-14 14:18:41 ----A---- C:\Windows\system32\winsrv.dll
2012-10-14 14:18:41 ----A---- C:\Windows\system32\KernelBase.dll
2012-10-14 14:18:41 ----A---- C:\Windows\system32\kernel32.dll
2012-10-14 14:18:40 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2012-10-14 14:18:40 ----A---- C:\Windows\system32\conhost.exe
2012-10-14 14:18:39 ----A---- C:\Windows\SYSWOW64\setup16.exe
2012-10-14 14:18:39 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2012-10-14 14:18:39 ----A---- C:\Windows\system32\wow64.dll
2012-10-14 14:18:38 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-14 14:18:38 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-14 14:18:38 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-14 14:18:38 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-14 14:18:38 ----A---- C:\Windows\SYSWOW64\wow32.dll
2012-10-14 14:18:38 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2012-10-14 14:18:38 ----A---- C:\Windows\system32\wow64win.dll
2012-10-14 14:18:38 ----A---- C:\Windows\system32\wow64cpu.dll
2012-10-14 14:18:38 ----A---- C:\Windows\system32\ntvdm64.dll
2012-10-14 14:18:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-14 14:18:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-14 14:18:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-14 14:18:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-14 14:18:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-14 14:18:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-14 14:18:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-14 14:18:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-14 14:18:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-14 14:18:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-14 14:18:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-14 14:18:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-14 14:18:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-14 14:18:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-14 14:18:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-14 14:18:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-14 14:18:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-14 14:18:37 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-10-14 14:18:37 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-14 14:18:37 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-10-14 14:18:37 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-14 14:18:37 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-10-14 14:18:37 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-14 14:18:37 ----A---- C:\Windows\SYSWOW64\instnm.exe
2012-10-14 14:18:36 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-14 14:18:36 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-14 14:18:36 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-14 14:18:36 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-10-14 14:18:35 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-14 14:18:35 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-14 14:18:35 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-10-14 14:18:35 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-10-14 14:18:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-14 14:18:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-14 14:18:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-14 14:18:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-14 14:18:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-14 14:18:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-14 14:18:34 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-14 14:18:34 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-10-14 14:18:34 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-14 14:18:34 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-10-14 14:18:34 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-14 14:18:34 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-14 14:18:34 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-10-14 14:18:34 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-14 14:18:34 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-10-14 14:18:34 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-14 14:18:34 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-10-14 14:18:34 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-14 14:18:34 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-14 14:18:32 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-10-14 14:18:32 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-10-14 14:18:31 ----A---- C:\Windows\SYSWOW64\user.exe
2012-10-14 14:18:22 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2012-10-14 14:18:22 ----A---- C:\Windows\system32\wintrust.dll
2012-10-14 14:16:40 ----A---- C:\Windows\SYSWOW64\tzres.dll
2012-10-14 14:16:40 ----A---- C:\Windows\system32\tzres.dll
2012-10-14 14:15:08 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2012-10-14 14:15:08 ----A---- C:\Windows\system32\kerberos.dll
2012-10-14 14:14:35 ----A---- C:\Windows\system32\crypt32.dll
2012-10-14 14:14:34 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2012-10-14 14:14:33 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2012-10-14 14:14:33 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2012-10-14 14:14:33 ----A---- C:\Windows\system32\cryptsvc.dll
2012-10-14 14:14:33 ----A---- C:\Windows\system32\cryptnet.dll
2012-10-09 12:36:34 ----D---- C:\Users\SMIDAK\AppData\Roaming\Might & Magic Heroes VI
2012-10-09 11:22:34 ----D---- C:\Program Files (x86)\Ubisoft
2012-10-09 10:34:09 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
2012-10-09 10:34:09 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
2012-10-09 10:34:09 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll
2012-10-09 10:34:09 ----A---- C:\Windows\system32\XAudio2_7.dll
2012-10-09 10:34:09 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2012-10-09 10:34:09 ----A---- C:\Windows\system32\xactengine3_7.dll
2012-10-09 10:34:08 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2012-10-09 10:34:08 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
2012-10-09 10:34:08 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2012-10-09 10:34:08 ----A---- C:\Windows\system32\d3dx11_43.dll
2012-10-09 10:34:08 ----A---- C:\Windows\system32\d3dcsx_43.dll
2012-10-09 10:34:08 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2012-10-09 10:34:07 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
2012-10-09 10:34:07 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2012-10-09 10:34:07 ----A---- C:\Windows\system32\D3DX9_43.dll
2012-10-09 10:34:07 ----A---- C:\Windows\system32\d3dx10_43.dll
2012-10-09 10:34:06 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2012-10-09 10:34:06 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2012-10-09 10:34:06 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2012-10-09 10:34:06 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2012-10-09 10:34:06 ----A---- C:\Windows\system32\XAudio2_6.dll
2012-10-09 10:34:06 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2012-10-09 10:34:06 ----A---- C:\Windows\system32\xactengine3_6.dll
2012-10-09 10:34:06 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2012-10-02 17:11:24 ----A---- C:\UNWISE.EXE
2012-10-02 17:04:32 ----A---- C:\Windows\SYSWOW64\DreamPopUpMenu.dll
2012-10-02 17:04:30 ----A---- C:\Windows\SYSWOW64\vbar332.dll
2012-09-30 14:10:06 ----D---- C:\Program Files (x86)\SearchAmong Toolbar
2012-09-30 14:09:55 ----D---- C:\Program Files (x86)\VIO Player
2012-09-30 14:09:44 ----D---- C:\Program Files (x86)\PriceGong
2012-09-30 14:09:27 ----D---- C:\Program Files (x86)\Shopping Sidekick
2012-09-26 09:35:32 ----A---- C:\Windows\system32\OxpsConverter.exe
2012-09-23 14:26:25 ----A---- C:\Windows\system32\mshtml.dll
2012-09-23 14:26:21 ----A---- C:\Windows\system32\ieframe.dll
2012-09-23 14:26:20 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-09-23 14:26:18 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-09-23 14:26:18 ----A---- C:\Windows\system32\msfeeds.dll
2012-09-23 14:26:17 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-09-23 14:26:17 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2012-09-23 14:26:17 ----A---- C:\Windows\system32\urlmon.dll
2012-09-23 14:26:16 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-09-23 14:26:16 ----A---- C:\Windows\system32\wininet.dll
2012-09-23 14:26:14 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-09-23 14:26:14 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-09-23 14:26:14 ----A---- C:\Windows\system32\mshtmled.dll
2012-09-23 14:26:14 ----A---- C:\Windows\system32\ieui.dll
2012-09-23 14:26:14 ----A---- C:\Windows\system32\iertutil.dll
2012-09-23 14:26:13 ----A---- C:\Windows\SYSWOW64\url.dll
2012-09-23 14:26:13 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-09-23 14:26:13 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-09-23 14:26:13 ----A---- C:\Windows\system32\url.dll
2012-09-23 14:26:13 ----A---- C:\Windows\system32\jsproxy.dll

======List of files/folders modified in the last 1 month======

2012-10-15 14:34:38 ----RD---- C:\Program Files
2012-10-15 14:34:00 ----D---- C:\Windows\Temp
2012-10-15 14:24:25 ----A---- C:\Windows\WINCMD.INI
2012-10-15 14:21:32 ----D---- C:\Windows\system32\catroot2
2012-10-15 14:21:32 ----D---- C:\Windows\system32\catroot
2012-10-15 14:21:31 ----D---- C:\Windows\system32\DriverStore
2012-10-15 14:21:28 ----D---- C:\Windows\inf
2012-10-15 14:21:23 ----SHD---- C:\System Volume Information
2012-10-15 14:20:57 ----D---- C:\Windows\Prefetch
2012-10-15 14:19:49 ----HD---- C:\ProgramData
2012-10-15 14:19:49 ----D---- C:\Windows\SYSWOW64\drivers
2012-10-15 14:19:49 ----D---- C:\Windows\SysWOW64
2012-10-15 14:19:23 ----RD---- C:\Program Files (x86)
2012-10-15 13:23:18 ----D---- C:\Windows\system32\config
2012-10-15 13:08:42 ----D---- C:\Windows\winsxs
2012-10-15 13:08:25 ----A---- C:\Windows\SYSWOW64\log.txt
2012-10-15 13:06:44 ----D---- C:\Windows\SYSWOW64\cs-CZ
2012-10-15 13:06:44 ----D---- C:\Windows\system32\drivers
2012-10-15 13:06:44 ----D---- C:\Windows\system32\cs-CZ
2012-10-15 13:06:44 ----D---- C:\Windows\System32
2012-10-15 13:06:43 ----D---- C:\Windows\AppPatch
2012-10-15 13:05:11 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-10-15 13:03:44 ----A---- C:\Windows\system32\MRT.exe
2012-10-15 13:03:35 ----SHD---- C:\Windows\Installer
2012-10-15 13:03:35 ----D---- C:\ProgramData\Microsoft Help
2012-10-15 13:01:42 ----D---- C:\Program Files (x86)\Microsoft Works
2012-10-15 00:01:47 ----D---- C:\Windows\Tasks
2012-10-15 00:01:47 ----AD---- C:\Windows
2012-10-15 00:01:46 ----D---- C:\Windows\system32\wfp
2012-10-15 00:01:46 ----D---- C:\Windows\system32\Tasks
2012-10-15 00:01:46 ----D---- C:\Windows\system32\NDF
2012-10-15 00:01:46 ----D---- C:\Windows\system32\Macromed
2012-10-15 00:01:46 ----D---- C:\Windows\system32\CodeIntegrity
2012-10-15 00:01:44 ----D---- C:\Windows\AppCompat
2012-10-15 00:01:44 ----D---- C:\Users\SMIDAK\AppData\Roaming\Winamp
2012-10-15 00:01:42 ----SD---- C:\ProgramData\Microsoft
2012-10-15 00:01:20 ----D---- C:\Windows\system32\wbem
2012-10-15 00:01:20 ----D---- C:\Windows\registration
2012-10-15 00:01:15 ----D---- C:\Šmíďák
2012-10-15 00:00:25 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-10-14 22:53:54 ----D---- C:\Users\SMIDAK\AppData\Roaming\BSplayer
2012-10-14 14:40:36 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-10-10 13:26:21 ----D---- C:\ProgramData\boost_interprocess
2012-10-09 11:24:04 ----RSD---- C:\Windows\assembly
2012-10-02 17:04:30 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-10-02 00:05:31 ----D---- C:\Users\SMIDAK\AppData\Roaming\Azureus
2012-09-30 14:47:06 ----D---- C:\Windows\rescache
2012-09-27 04:10:04 ----D---- C:\Program Files\Microsoft Security Client
2012-09-27 04:09:51 ----D---- C:\Program Files (x86)\Microsoft Security Client
2012-09-24 12:38:04 ----D---- C:\Windows\SYSWOW64\migration
2012-09-24 12:38:04 ----D---- C:\Windows\system32\migration
2012-09-24 12:38:04 ----D---- C:\Program Files\Internet Explorer
2012-09-24 12:38:04 ----D---- C:\Program Files (x86)\Internet Explorer
2012-09-20 14:45:45 ----D---- C:\Program Files (x86)\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-12-17 538136]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2012-08-30 228768]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-08-03 834544]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2012-06-10 42696]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R2 TurboB;Turbo Boost UI Monitor driver; C:\Windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2010-01-05 1580584]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-02-02 2263584]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2010-01-18 75304]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2009-05-05 18432]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-02-05 316464]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2009-05-05 16896]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2012-06-10 310984]
S3 ae4x47o4;ae4x47o4; C:\Windows\system32\drivers\ae4x47o4.sys []
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHprint;Třída tiskárny protokolu Bluetooth (Microsoft); C:\Windows\system32\DRIVERS\bthprint.sys [2009-07-14 67072]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btusbflt;Bluetooth USB Filter; C:\Windows\system32\drivers\btusbflt.sys [2009-12-14 53800]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-01-15 98344]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2010-01-15 132648]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-01-15 21288]
S3 dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 19968]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Scan.sys [2009-07-14 13824]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys []
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 nmwcdcjx64;Nokia USB Port; C:\Windows\system32\drivers\nmwcdcjx64.sys [2007-02-22 17408]
S3 nmwcdcmx64;Nokia USB Modem; C:\Windows\system32\drivers\nmwcdcmx64.sys [2007-02-22 17408]
S3 nmwcdcx64;Nokia USB Generic; C:\Windows\system32\drivers\nmwcdcx64.sys [2007-02-22 12288]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
S3 nmwcdx64;Nokia USB Phone Parent; C:\Windows\system32\drivers\nmwcdx64.sys [2007-02-22 173056]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 usbser;Nokia USB Serial Port Driver ; C:\Windows\system32\DRIVERS\usbser.sys [2009-07-14 32768]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-01-12 873248]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-02-25 325200]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-03-10 820768]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-09-30 262144]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-09-12 22072]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-09 250368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-02-10 889664]
R2 ODDPwrSvc;Acer ODD Power Service; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-02-05 171040]
R2 ProtexisLicensing;ProtexisLicensing; C:\Program Files (x86)\Common Files\Protexis\License Service\PSIService.exe [2006-11-02 174656]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [2010-02-03 244904]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
R2 Updater Service;Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-16 135664]
S2 SkypeUpdate;Skype Updater; C:\Šmíďák\Programy a prográmky\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-14 250808]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-16 135664]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-11 194032]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-10 114144]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 Partner Service;Partner Service; C:\ProgramData\Partner\Partner.exe [2010-03-12 332272]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-05-20 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

Zdravim, pekny den preji a vitam Vas u nas na foru

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Search
• Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

• Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
• Spustte a kliknete na Deletion
• Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt

# AdwCleaner v2.005 - Logfile created 10/16/2012 at 11:50:22
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : SMIDAK - SMIDAK-PC
# Boot Mode : Normal
# Running from : C:\Šmíďák\Programy a prográmky\Logy\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Users\SMIDAK\AppData\Roaming\Mozilla\Firefox\Profiles\tv2surgf.default\searchplugins\SearchAmong.xml
Folder Found : C:\Program Files (x86)\PriceGong
Folder Found : C:\Program Files (x86)\SearchAmong Toolbar
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SearchAmong Toolbar
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Users\SMIDAK\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Folder Found : C:\Users\SMIDAK\AppData\Local\Temp\boost_interprocess
Folder Found : C:\Users\SMIDAK\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\SMIDAK\AppData\Roaming\Mozilla\Firefox\Profiles\tv2surgf.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&SearchAmong
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4f73-BBBA-9B2B222FB7D6}
Key Found : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Key Found : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Key Found : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0005058.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0005058.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0005058.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0005058.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Key Found : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Key Found : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO
Key Found : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1
Key Found : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl
Key Found : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1
Key Found : HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj
Key Found : HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C7456F74-B576-4A8E-BAB2-538C99EE38F0}_is1
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Key Found : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKU\S-1-5-21-126478104-3603825382-1825792262-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchamong.com
[HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://www.searchamong.com/searchview.php?quer ... s&bar=true
[HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://www.searchamong.com/searchview.php?quer ... s&bar=true
[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://www.searchamong.com/searchview.php?quer ... s&bar=true
[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://www.searchamong.com/searchview.php?quer ... s&bar=true

-\\ Mozilla Firefox v15.0.1 (cs)

Profile name : default
File : C:\Users\SMIDAK\AppData\Roaming\Mozilla\Firefox\Profiles\tv2surgf.default\prefs.js

Found : user_pref("extensions.50470884557a9.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Found : user_pref("extensions.crossriderapp5058.5058.InstallationThankYouPage", true);
Found : user_pref("extensions.crossriderapp5058.5058.InstallationTime", 1349006965);
Found : user_pref("extensions.crossriderapp5058.5058.InstallationUserSettings.searchUserConifrmation", false[...]
Found : user_pref("extensions.crossriderapp5058.5058.InstallationUserSettings.setHomepage", false);
Found : user_pref("extensions.crossriderapp5058.5058.InstallationUserSettings.setNewTab", false);
Found : user_pref("extensions.crossriderapp5058.5058.InstallationUserSettings.setSearch", false);
Found : user_pref("extensions.crossriderapp5058.5058.active", true);
Found : user_pref("extensions.crossriderapp5058.5058.addressbar", "");
Found : user_pref("extensions.crossriderapp5058.5058.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]
Found : user_pref("extensions.crossriderapp5058.5058.backgroundver", 6);
Found : user_pref("extensions.crossriderapp5058.5058.can_run_bg_code", true);
Found : user_pref("extensions.crossriderapp5058.5058.certdomaininstaller", "");
Found : user_pref("extensions.crossriderapp5058.5058.changeprevious", false);
Found : user_pref("extensions.crossriderapp5058.5058.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Found : user_pref("extensions.crossriderapp5058.5058.cookie.InstallationTime.value", "1349006965");
Found : user_pref("extensions.crossriderapp5058.5058.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_aoi.value", "1349006965");
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_blocklist.expiration", "Tue Oct 16 2012 11:[...]
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_country_code.expiration", "Sun Oct 21 2012 [...]
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_country_code.value", "%22CZ%22");
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_crr.value", "1350299364");
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_hotfix20111102645.value", "%221%22");
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_parent_zoneid.value", "%2214019%22");
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_pc_20120828.value", "1349007112862");
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_product_id.value", "%221222%22");
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_zoneid.value", "%2288247%22");
Found : user_pref("extensions.crossriderapp5058.5058.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Found : user_pref("extensions.crossriderapp5058.5058.cookie.dbtest.value", "1349007030902");
Found : user_pref("extensions.crossriderapp5058.5058.cookie.lastrequest.expiration", "Fri Feb 01 2030 00:00:[...]
Found : user_pref("extensions.crossriderapp5058.5058.cookie.lastrequest.value", "%7B%22path%22%3A%22/%22%2C%[...]
Found : user_pref("extensions.crossriderapp5058.5058.description", "Shopping Sidekick");
Found : user_pref("extensions.crossriderapp5058.5058.domain", "");
Found : user_pref("extensions.crossriderapp5058.5058.enablesearch", false);
Found : user_pref("extensions.crossriderapp5058.5058.fbremoteurl", "");
Found : user_pref("extensions.crossriderapp5058.5058.group", 0);
Found : user_pref("extensions.crossriderapp5058.5058.homepage", "");
Found : user_pref("extensions.crossriderapp5058.5058.iframe", false);
Found : user_pref("extensions.crossriderapp5058.5058.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
Found : user_pref("extensions.crossriderapp5058.5058.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]
Found : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Found : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_appVer.value", "37");
Found : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Found : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_lastVersion.value", "0");
Found : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_meta.value", "%7B%7D");
Found : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_nextCheck.expiration", "Tue Oct 16[...]
Found : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_nextCheck.value", "true");
Found : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Found : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_queue.value", "%7B%7D");
Found : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_remote_resources.expiration", "Fri[...]
Found : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_remote_resources.value", "%7B%22re[...]
Found : user_pref("extensions.crossriderapp5058.5058.internaldb.SoftwareDetected.expiration", "Fri Feb 01 20[...]
Found : user_pref("extensions.crossriderapp5058.5058.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%[...]
Found : user_pref("extensions.crossriderapp5058.5058.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Found : user_pref("extensions.crossriderapp5058.5058.manifesturl", "");
Found : user_pref("extensions.crossriderapp5058.5058.name", "Shopping Sidekick");
Found : user_pref("extensions.crossriderapp5058.5058.newtab", "");
Found : user_pref("extensions.crossriderapp5058.5058.opensearch", "");
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1.name", "base");
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1.ver", 3);
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1000014.ver", 7);
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1000015.name", "GPL Background (BG)");
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1000015.ver", 3);
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_13.name", "CrossriderAppUtils");
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_13.ver", 2);
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_14.name", "CrossriderUtils");
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_14.ver", 2);
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_15.name", "FacebookFFIE");
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_15.ver", 1);
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_16.code", "(function(f,b){if(typeof(b)==[...]
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_16.name", "FFAppAPIWrapper");
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_16.ver", 3);
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_17.name", "jQuery");
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_17.ver", 3);
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_21.name", "debug");
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_21.ver", 3);
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_22.name", "resources");
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_22.ver", 2);
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_28.name", "initializer");
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_28.ver", 2);
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_4.name", "jquery_1_7_1");
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_4.ver", 3);
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_47.name", "resources_background");
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_47.ver", 1);
Found : user_pref("extensions.crossriderapp5058.5058.plugins_lists.plugins_0", "17,14,16,47,1000015");
Found : user_pref("extensions.crossriderapp5058.5058.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,100[...]
Found : user_pref("extensions.crossriderapp5058.5058.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Found : user_pref("extensions.crossriderapp5058.5058.pluginsversion", 14);
Found : user_pref("extensions.crossriderapp5058.5058.publisher", "215 Apps");
Found : user_pref("extensions.crossriderapp5058.5058.searchstatus", 0);
Found : user_pref("extensions.crossriderapp5058.5058.setnewtab", false);
Found : user_pref("extensions.crossriderapp5058.5058.settingsurl", "");
Found : user_pref("extensions.crossriderapp5058.5058.thankyou", "");
Found : user_pref("extensions.crossriderapp5058.5058.updateinterval", 360);
Found : user_pref("extensions.crossriderapp5058.5058.ver", 37);
Found : user_pref("extensions.crossriderapp5058.adsOldValue", -1);
Found : user_pref("extensions.crossriderapp5058.apps", "5058");
Found : user_pref("extensions.crossriderapp5058.bic", "13a17159c27e9d8babc5756c629e487c");
Found : user_pref("extensions.crossriderapp5058.cid", 5058);
Found : user_pref("extensions.crossriderapp5058.firstrun", false);
Found : user_pref("extensions.crossriderapp5058.hadappinstalled", true);
Found : user_pref("extensions.crossriderapp5058.installationdate", 1349007023);
Found : user_pref("extensions.crossriderapp5058.lastcheck", 22506335);
Found : user_pref("extensions.crossriderapp5058.lastcheckitem", 22506349);
Found : user_pref("extensions.crossriderapp5058.modetype", "production");
Found : user_pref("extensions.crossriderapp5058.reportInstall", true);
Found : user_pref("extensions.enabledAddons", "centrumpomocnik@centrum.cz:1.1,personas@christopher.beard:1.6[...]
Found : user_pref("keyword.URL", "hxxp://www.searchamong.com/searchview.php?cat= ... rue&query=");

-\\ Google Chrome v15.0.874.102

File : C:\Users\SMIDAK\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.3] : homepage = "hxxp://www.searchamong.com",
Found [l.7] : urls_to_restore_on_startup = [ "hxxp://www.searchamong.com" ]
Found [l.28] : icon_url = "hxxp://www.searchamong.com/favicon.ico",
Found [l.31] : keyword = "searchamong.com",
Found [l.34] : search_url = "hxxp://www.searchamong.com/searchview.php?quer ... s&bar=true",
Found [l.1189] : homepage = "hxxp://www.searchamong.com",
Found [l.1346] : urls_to_restore_on_startup = [ "hxxp://www.searchamong.com" ]

*************************

AdwCleaner[R1].txt - [19670 octets] - [16/10/2012 11:47:43]
AdwCleaner[R2].txt - [19610 octets] - [16/10/2012 11:50:22]

########## EOF - C:\AdwCleaner[R2].txt - [19671 octets] ##########

############################## | UsbFix 7.059 | [Deletion]

User: SMIDAK (Administrator) # SMIDAK-PC [Acer Aspire 5745G]
Updated 16/09/2011 by El Desaparecido
Started at 11:55:09 | 16/10/2012
Website: http://eldesaparecido.com
Submit your sample: http://eldesaparecido.com/support.php
Contact: contact@eldesaparecido.com

CPU: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz
CPU 2: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz
Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1
Internet Explorer 8.0.7601.17514

Windows Firewall: Enabled
RAM -> 6079 Mb
C:\ (%systemdrive%) -> Fixed drive # 584 Gb (307 Mb free - 53%) [Acer] # NTFS
D:\ -> Fixed drive # 298 Gb (206 Mb free - 69%) [Games] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Removable drive # 4 Gb (1 Mb free - 0%) [] # FAT32
H:\ -> Removable drive # 2 Gb (1 Mb free - 71%) [HOVÍNKOŽROU] # FAT
I:\ -> Fixed drive # 931 Gb (392 Mb free - 42%) [Verbatim] # FAT32

################## | Files # Infected Folders |

Deleted ! C:\Users\Public\NTUSER.DAT{8052d708-8613-11e0-bd80-c80aa93b1226}.TM.blf
Deleted ! C:\Users\Public\NTUSER.DAT{8052d708-8613-11e0-bd80-c80aa93b1226}.TMContainer00000000000000000001.regtrans-ms
Deleted ! C:\Users\Public\NTUSER.DAT{8052d708-8613-11e0-bd80-c80aa93b1226}.TMContainer00000000000000000002.regtrans-ms
Deleted ! C:\Users\Public\NTUSER.DAT{b664d638-8044-11e0-bb92-c80aa93b1226}.TM.blf
Deleted ! C:\Users\Public\NTUSER.DAT{b664d638-8044-11e0-bb92-c80aa93b1226}.TMContainer00000000000000000001.regtrans-ms
Deleted ! C:\Users\Public\NTUSER.DAT{b664d638-8044-11e0-bb92-c80aa93b1226}.TMContainer00000000000000000002.regtrans-ms
Deleted ! C:\Users\SMIDAK\AppData\Local\Temp\AutoRun.exe
Deleted ! C:\$RECYCLE.BIN\S-1-5-21-1075842321-1744812802-831500219-500
Deleted ! C:\$RECYCLE.BIN\S-1-5-21-126478104-3603825382-1825792262-1000
Deleted ! D:\$RECYCLE.BIN\S-1-5-21-1007189617-1149851593-3231655990-1001
Deleted ! D:\$RECYCLE.BIN\S-1-5-21-126478104-3603825382-1825792262-1000
Deleted ! D:\$RECYCLE.BIN\S-1-5-21-2511699518-3134644729-2302199527-1000
Deleted ! D:\$RECYCLE.BIN\S-1-5-21-2546488488-472339807-4178705946-1000
Deleted ! D:\$RECYCLE.BIN\S-1-5-21-686824951-2816290884-2463462922-1001
Deleted ! G:\AUTORUN.INF

(!) Temporary files deleted.


################## | Registry |


################## | Mountpoints2 |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{40f5ef55-21d4-11e1-a400-001eec1b01b0}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{76b7ddac-bdbe-11e0-b8e7-001eec1b01b0}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{9f689808-cc78-11e0-8d28-001eec1b01b0}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{b98a9902-1949-11e1-9e22-001eec1b01b0}

################## | Listing |

[16/10/2012 - 12:04:31 | SHD ] C:\$Recycle.Bin
[16/10/2012 - 11:47:47 | N | 19670] C:\AdwCleaner[R1].txt
[16/10/2012 - 11:50:25 | N | 19731] C:\AdwCleaner[R2].txt
[16/10/2012 - 11:54:44 | N | 19792] C:\AdwCleaner[R3].txt
[16/05/2011 - 20:13:33 | D ] C:\book
[12/03/2010 - 05:33:23 | N | 8192] C:\BOOTSECT.BAK
[14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings
[15/10/2012 - 13:07:27 | ASH | 4780535808] C:\hiberfil.sys
[27/08/2011 - 13:49:51 | D ] C:\Hospital
[02/10/2012 - 17:11:28 | N | 1256] C:\INSTALL.LOG
[12/03/2010 - 05:43:56 | D ] C:\Intel
[12/03/2010 - 06:06:42 | RHD ] C:\MSOCache
[24/02/2012 - 12:00:51 | D ] C:\NVIDIA
[16/05/2011 - 20:50:26 | D ] C:\OEM
[15/10/2012 - 13:07:32 | ASH | 6374047744] C:\pagefile.sys
[14/07/2009 - 05:20:08 | D ] C:\PerfLogs
[24/05/2011 - 14:23:03 | D ] C:\plugins
[15/10/2012 - 14:34:38 | D ] C:\Program Files
[15/10/2012 - 14:19:23 | D ] C:\Program Files (x86)
[15/10/2012 - 14:19:49 | HD ] C:\ProgramData
[16/05/2011 - 20:09:30 | SHD ] C:\Recovery
[12/03/2010 - 05:45:29 | N | 2244] C:\RHDSetup.log
[15/10/2012 - 14:34:45 | D ] C:\rsit
[15/10/2012 - 18:03:56 | SHD ] C:\System Volume Information
[15/10/2012 - 14:22:39 | D ] C:\Temp
[26/07/2002 - 17:02:06 | N | 153088] C:\UNWISE.EXE
[16/10/2012 - 12:04:34 | D ] C:\UsbFix
[16/10/2012 - 11:55:16 | A | 4056] C:\UsbFix.txt
[24/02/2012 - 12:54:09 | D ] C:\Users
[16/05/2011 - 20:24:26 | N | 190] C:\Webcam.log
[15/10/2012 - 00:01:47 | D ] C:\Windows
[15/10/2012 - 00:01:15 | D ] C:\Šmíďák
[16/10/2012 - 12:04:32 | SHD ] D:\$RECYCLE.BIN
[16/10/2012 - 11:52:43 | N | 172] D:\.SBSettings.xml
[24/08/2012 - 17:48:42 | D ] D:\Fyziologie rostlin
[24/08/2012 - 17:47:49 | D ] D:\Games
[24/08/2012 - 17:48:07 | D ] D:\Molekulární Biologie
[24/08/2012 - 17:48:26 | D ] D:\Protokoly
[27/05/2012 - 20:32:10 | SHD ] D:\System Volume Information
[01/01/1980 - 21:46:30 | N | 251] G:\SETSTOR.DAT
[01/01/1980 - 21:55:40 | N | 138] G:\DevDiversity.ini
[01/01/1980 - 23:20:54 | N | 171014] G:\DEVICON.FIL
[01/01/1980 - 23:20:54 | N | 171014] G:\RAGAICON.FIL
[16/10/2012 - 11:51:42 | N | 186] G:\.SBSettings.xml
[20/11/2011 - 15:18:14 | D ] H:\FOUND.000
[21/06/2011 - 13:14:08 | D ] H:\boot
[28/06/2012 - 09:18:10 | D ] H:\slax
[27/09/2011 - 10:51:10 | N | 872668] H:\anal1.pdf
[27/09/2011 - 13:41:02 | N | 31846] H:\file.pdf
[28/09/2011 - 15:02:18 | N | 34816] H:\zivotopis-struktura (2).doc
[20/10/2011 - 23:37:42 | D ] H:\UDG
[05/11/2011 - 18:58:06 | D ] H:\fotky
[07/12/2011 - 23:16:40 | D ] H:\Kulhánek
[03/10/2010 - 21:54:38 | N | 293525] H:\periodická tabulka prvků.pdf
[17/01/2012 - 12:31:40 | N | 136601] H:\pv182-hci.pdf
[19/01/2012 - 00:57:18 | N | 46592] H:\tahák.doc
[27/01/2012 - 11:07:48 | N | 74752] H:\souhrn-otazek.doc
[27/01/2012 - 11:07:38 | N | 11090597] H:\obrazky-zk.docx
[27/01/2012 - 11:06:54 | N | 29184] H:\otazky-s-odpovedmi.doc
[06/03/2012 - 20:26:34 | N | 221696] H:\5_plotnova_metoda.doc
[23/03/2012 - 08:48:38 | D ] H:\Základní dokumenty pro nováčka
[24/06/2011 - 11:00:12 | N | 26876] H:\Bi4020-260_protříděných_otázek_+.odt
[24/06/2011 - 11:00:02 | N | 144896] H:\Bi4020-500_testovych_otazek.doc
[23/06/2012 - 22:56:36 | N | 132486426] H:\Prednasky_koplet.pdf
[06/06/2012 - 11:16:30 | N | 9119368] H:\vypisky-z-prednasek.docx
[25/06/2012 - 17:48:14 | HD ] H:\RECYCLER
[14/08/2011 - 03:23:52 | SHD ] I:\$RECYCLE.BIN
[21/07/2012 - 22:52:46 | HD ] I:\RECYCLER
[25/09/2012 - 17:25:20 | D ] I:\Movies
[25/09/2012 - 17:26:00 | D ] I:\Music
[25/09/2012 - 17:26:52 | D ] I:\Series
[16/10/2012 - 11:53:12 | N | 175] I:\.SBSettings.xml

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
D:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
G:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
H:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
I:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)

################## | E.O.F |

Spustte znovu AdwCleaner

• Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
• Kliknete na Delete
• PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

# AdwCleaner v2.005 - Logfile created 10/16/2012 at 14:18:33
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : SMIDAK - SMIDAK-PC
# Boot Mode : Normal
# Running from : C:\Šmíďák\Programy a prográmky\Logy\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\SMIDAK\AppData\Roaming\Mozilla\Firefox\Profiles\tv2surgf.default\searchplugins\SearchAmong.xml
Folder Deleted : C:\Program Files (x86)\PriceGong
Folder Deleted : C:\Program Files (x86)\SearchAmong Toolbar
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SearchAmong Toolbar
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\SMIDAK\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Folder Deleted : C:\Users\SMIDAK\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\SMIDAK\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\SMIDAK\AppData\Roaming\Mozilla\Firefox\Profiles\tv2surgf.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
Folder Deleted : C:\Users\SMIDAK\AppData\Roaming\Mozilla\Firefox\Profiles\tv2surgf.default\extensions\staged

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&SearchAmong
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4f73-BBBA-9B2B222FB7D6}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005058.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005058.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005058.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005058.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO
Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl
Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C7456F74-B576-4A8E-BAB2-538C99EE38F0}_is1
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://www.searchamong.com/searchview.php?quer ... s&bar=true --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://www.searchamong.com/searchview.php?quer ... s&bar=true --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0.1 (cs)

Profile name : default
File : C:\Users\SMIDAK\AppData\Roaming\Mozilla\Firefox\Profiles\tv2surgf.default\prefs.js

Deleted : user_pref("extensions.50470884557a9.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp5058.5058.InstallationTime", 1349006965);
Deleted : user_pref("extensions.crossriderapp5058.5058.InstallationUserSettings.searchUserConifrmation", false[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp5058.5058.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp5058.5058.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp5058.5058.active", true);
Deleted : user_pref("extensions.crossriderapp5058.5058.addressbar", "");
Deleted : user_pref("extensions.crossriderapp5058.5058.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.backgroundver", 6);
Deleted : user_pref("extensions.crossriderapp5058.5058.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp5058.5058.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp5058.5058.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie.InstallationTime.value", "1349006965");
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_aoi.value", "1349006965");
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_blocklist.expiration", "Tue Oct 16 2012 14:[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_country_code.expiration", "Sun Oct 21 2012 [...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_country_code.value", "%22CZ%22");
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_crr.value", "1350384948");
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_parent_zoneid.value", "%2214019%22");
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_pc_20120828.value", "1349007112862");
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_product_id.value", "%221222%22");
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_zoneid.value", "%2288247%22");
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie.dbtest.value", "1349007030902");
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie.lastrequest.expiration", "Fri Feb 01 2030 00:00:[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie.lastrequest.value", "%7B%22path%22%3A%22/%22%2C%[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.description", "Shopping Sidekick");
Deleted : user_pref("extensions.crossriderapp5058.5058.domain", "");
Deleted : user_pref("extensions.crossriderapp5058.5058.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp5058.5058.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp5058.5058.group", 0);
Deleted : user_pref("extensions.crossriderapp5058.5058.homepage", "");
Deleted : user_pref("extensions.crossriderapp5058.5058.iframe", false);
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_appVer.value", "37");
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_lastVersion.value", "0");
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_nextCheck.expiration", "Tue Oct 16[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_remote_resources.expiration", "Fri[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_remote_resources.value", "%7B%22re[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.SoftwareDetected.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp5058.5058.name", "Shopping Sidekick");
Deleted : user_pref("extensions.crossriderapp5058.5058.newtab", "");
Deleted : user_pref("extensions.crossriderapp5058.5058.opensearch", "");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1.ver", 3);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1000014.ver", 7);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1000015.ver", 3);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_16.code", "(function(f,b){if(typeof(b)==[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_16.ver", 3);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_21.name", "debug");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_21.ver", 3);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_22.name", "resources");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_22.ver", 2);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_28.ver", 2);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_4.ver", 3);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins_lists.plugins_0", "17,14,16,47,1000015");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,100[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.pluginsversion", 14);
Deleted : user_pref("extensions.crossriderapp5058.5058.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp5058.5058.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp5058.5058.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp5058.5058.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp5058.5058.thankyou", "");
Deleted : user_pref("extensions.crossriderapp5058.5058.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp5058.5058.ver", 37);
Deleted : user_pref("extensions.crossriderapp5058.adsOldValue", -1);
Deleted : user_pref("extensions.crossriderapp5058.apps", "5058");
Deleted : user_pref("extensions.crossriderapp5058.bic", "13a17159c27e9d8babc5756c629e487c");
Deleted : user_pref("extensions.crossriderapp5058.cid", 5058);
Deleted : user_pref("extensions.crossriderapp5058.firstrun", false);
Deleted : user_pref("extensions.crossriderapp5058.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp5058.installationdate", 1349007023);
Deleted : user_pref("extensions.crossriderapp5058.lastcheck", 22506335);
Deleted : user_pref("extensions.crossriderapp5058.lastcheckitem", 22506496);
Deleted : user_pref("extensions.crossriderapp5058.modetype", "production");
Deleted : user_pref("extensions.crossriderapp5058.reportInstall", true);
Deleted : user_pref("extensions.enabledAddons", "centrumpomocnik@centrum.cz:1.1,personas@christopher.beard:1.6[...]
Deleted : user_pref("keyword.URL", "hxxp://www.searchamong.com/searchview.php?cat= ... rue&query=");

-\\ Google Chrome v15.0.874.102

File : C:\Users\SMIDAK\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.3] : homepage = "hxxp://www.searchamong.com",
Deleted [l.7] : urls_to_restore_on_startup = [ "hxxp://www.searchamong.com" ]
Deleted [l.28] : icon_url = "hxxp://www.searchamong.com/favicon.ico",
Deleted [l.31] : keyword = "searchamong.com",
Deleted [l.34] : search_url = "hxxp://www.searchamong.com/searchview.php?quer ... s&bar=true",
Deleted [l.1189] : homepage = "hxxp://www.searchamong.com",
Deleted [l.1346] : urls_to_restore_on_startup = [ "hxxp://www.searchamong.com" ]

*************************

AdwCleaner[R1].txt - [19670 octets] - [16/10/2012 11:47:43]
AdwCleaner[R2].txt - [19731 octets] - [16/10/2012 11:50:22]
AdwCleaner[R3].txt - [19792 octets] - [16/10/2012 11:54:41]
AdwCleaner[S1].txt - [19777 octets] - [16/10/2012 14:18:33]

########## EOF - C:\AdwCleaner[S1].txt - [19838 octets] ##########

Tak jsem provedl vše jak bylo řečeno a krom průzkumníka windows nafunguje na PC nic. Teď píši z jiného PC. Hlásí to u každého programu, že používá naplatnou operaci na klíč k registru, který je označen ke smazání.

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Fajn tak jsem zpanikařil a obnovil systém ze včerejší zálohy. Mám spustit adwcleaner a Combofix znovu?

Ano, spustte oboji znovu

ComboFix 12-10-16.02 - SMIDAK 16.10.2012 16:07:15.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.6079.4508 [GMT 2:00]
Spuštěný z: c:\users\SMIDAK\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
C:\UNWISE.EXE
c:\users\SMIDAK\AppData\Local\Temp\7zS02DF\HPSLPSVC64.DLL
c:\windows\PFRO.log
c:\windows\SysWow64\CddbCdda.dll
c:\windows\SysWow64\msstdfmt.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvsvc
-------\Service_HPSLPSVC
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-16 do 2012-10-16 )))))))))))))))))))))))))))))))
.
.
2012-10-16 14:13 . 2012-10-16 14:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-16 14:13 . 2012-10-16 14:13 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-10-16 13:33 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9C6863E9-657A-414B-9484-D8070CFB6BE9}\mpengine.dll
2012-10-16 09:52 . 2012-10-16 13:32 -------- d-----w- C:\UsbFix
2012-10-15 12:34 . 2012-10-16 13:32 -------- d-----w- c:\program files\trend micro
2012-10-15 12:34 . 2012-10-15 12:34 -------- d-----w- C:\rsit
2012-10-15 12:22 . 2012-10-15 12:22 -------- d-----w- C:\Temp
2012-10-15 12:21 . 2012-10-15 12:21 -------- d-----w- c:\users\SMIDAK\AppData\Local\Philips-Songbird
2012-10-15 12:21 . 2012-10-15 12:21 -------- d-----w- c:\users\SMIDAK\AppData\Roaming\Philips-Songbird
2012-10-15 12:19 . 2012-10-15 12:19 -------- d-----w- c:\programdata\{F0489EF2-D393-4114-85BA-A94D71D89543}
2012-10-15 12:19 . 2011-07-15 11:35 15664 ----a-w- c:\windows\SysWow64\drivers\GEARAspiWDM.sys
2012-10-15 12:19 . 2011-07-15 11:35 109360 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-10-15 12:19 . 2012-10-15 12:19 -------- d-----w- c:\program files (x86)\Philips
2012-10-14 17:40 . 2012-10-14 17:40 -------- d-----w- c:\program files (x86)\Drakensang Online
2012-10-14 12:16 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-14 12:16 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-14 12:15 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-14 12:15 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-14 12:14 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-14 12:14 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-14 12:14 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-14 12:14 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-14 12:14 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-14 12:14 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-14 12:03 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-09 10:36 . 2012-10-09 10:42 -------- d-----w- c:\users\SMIDAK\AppData\Local\Ubisoft Game Launcher
2012-10-09 10:36 . 2012-10-09 10:55 -------- d-----w- c:\users\SMIDAK\AppData\Roaming\Might & Magic Heroes VI
2012-10-09 09:22 . 2012-10-09 09:22 -------- d-----w- c:\program files (x86)\Ubisoft
2012-10-07 09:30 . 2012-09-28 17:00 972192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{09BD8459-793C-4F34-8F26-A635EDC74C46}\gapaengine.dll
2012-10-02 15:11 . 1998-06-25 22:00 644400 ----a-w- c:\windows\SysWow64\Mscomct2.ocx
2012-09-30 12:09 . 2012-09-30 12:11 -------- d-----w- c:\program files (x86)\VIO Player
2012-09-30 12:09 . 2012-09-30 12:09 -------- d-----w- c:\users\SMIDAK\AppData\Local\Shopping Sidekick
2012-09-30 12:09 . 2012-09-30 12:09 -------- d-----w- c:\program files (x86)\Shopping Sidekick
2012-09-26 07:35 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-15 11:03 . 2011-05-31 14:49 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-14 12:40 . 2012-04-02 07:17 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-14 12:40 . 2011-05-21 12:43 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-28 17:00 . 2011-05-21 12:40 972192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-05 14:11 . 2012-09-05 14:11 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-05 14:11 . 2011-12-18 17:49 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-05 13:58 . 2012-09-05 13:59 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-05 13:58 . 2012-09-05 13:59 289768 ----a-w- c:\windows\system32\javaws.exe
2012-09-05 13:58 . 2012-09-05 13:59 189416 ----a-w- c:\windows\system32\javaw.exe
2012-09-05 13:58 . 2012-09-05 13:59 188904 ----a-w- c:\windows\system32\java.exe
2012-09-05 13:58 . 2012-09-05 13:59 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-05 13:58 . 2012-09-05 13:59 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-30 20:03 . 2012-08-30 20:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2010-10-24 19:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-24 14:49 . 2011-12-18 17:49 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-22 18:12 . 2012-09-12 09:32 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 09:32 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 09:32 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 09:32 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-14 12:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 09:32 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 09:32 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-07-18 18:15 . 2012-08-20 07:53 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110011501158}]
2012-09-27 13:17 612736 ----a-w- c:\program files (x86)\Shopping Sidekick\Shopping Sidekick.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-12 39408]
"DAEMON Tools Lite"="c:\šmíďák\Programy a prográmky\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-09 260608]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-02-25 1289296]
"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2010-03-01 124136]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"PCSuiteTrayApplication"="c:\program files (x86)\PC Suite\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"UnlockerAssistant"="c:\šmíďák\Programy a prográmky\Unlocker\UnlockerAssistant.exe" [BU]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Philips Device Listener"="c:\program files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2011-06-27 380416]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files (x86)\PC Suite\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
.
c:\users\SMIDAK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Verbatim GREEN BUTTON.lnk - c:\šmíďák\Programy a prográmky\Verbatim GREEN BUTTON\GREEN BUTTON.exe [2011-8-12 442640]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-1-12 1082656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-16 135664]
R2 SkypeUpdate;Skype Updater;c:\šmíďák\Programy a prográmky\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-14 250808]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
R3 BTHprint;Třída tiskárny protokolu Bluetooth (Microsoft);c:\windows\system32\DRIVERS\bthprint.sys [2009-07-14 67072]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-14 53800]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-16 135664]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-10 114144]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 nmwcdcjx64;Nokia USB Port;c:\windows\system32\drivers\nmwcdcjx64.sys [2007-02-22 17408]
R3 nmwcdcmx64;Nokia USB Modem;c:\windows\system32\drivers\nmwcdcmx64.sys [2007-02-22 17408]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\nmwcdcx64.sys [2007-02-22 12288]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\nmwcdx64.sys [2007-02-22 173056]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-20 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-08-03 834544]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-02-25 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-03-10 820768]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-09 250368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-02-05 171040]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-01-18 75304]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 12:40]
.
2012-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-16 20:02]
.
2012-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-16 20:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-02 10038304]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-02-02 877600]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-02-05 324608]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-02-05 222240]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [BU]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-13 206208]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-03-10 496160]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=aspire_5745g&r=273605119706l04d3z195t5521l45p
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=aspire_5745g&r=273605119706l04d3z195t5521l45p
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.20.100.1
FF - ProfilePath - c:\users\SMIDAK\AppData\Roaming\Mozilla\Firefox\Profiles\tv2surgf.default\
FF - prefs.js: browser.search.selectedEngine - SearchAmong
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-09-05 10:09; 50470884556fc@5047088455735.info; c:\users\SMIDAK\AppData\Roaming\Mozilla\Firefox\Profiles\tv2surgf.default\extensions\50470884556fc@5047088455735.info.xpi
FF - ExtSQL: 2012-09-30 14:09; crossriderapp5058@crossrider.com; c:\users\SMIDAK\AppData\Roaming\Mozilla\Firefox\Profiles\tv2surgf.default\extensions\crossriderapp5058@crossrider.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-GooFer Patch - C:\UNWISE.EXE
AddRemove-Side 9 Screensaver - c:\windows\system32\Side 9 Screensaver.scr
AddRemove-_{63218538-4A69-497F-8455-904261B0E9E4} - c:\šmíďák\Programy a prográmky\Corel\Programs\MSILauncher {63218538-4A69-497F-8455-904261B0E9E4}
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-126478104-3603825382-1825792262-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-126478104-3603825382-1825792262-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-126478104-3603825382-1825792262-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:49,3d,ad,78,67,f0,6c,f6,cc,08,63,24,c1,eb,6c,4b,8e,23,62,b1,de,fd,a2,
0f,0d,9c,c5,38,fc,d4,ea,35,f9,93,42,b2,97,4b,64,46,bf,ef,bf,a3,0c,2b,25,8d,\
"??"=hex:40,ab,33,b0,ac,4c,e3,2c,d6,33,3c,35,c1,ab,6f,08
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Protexis\License Service\PSIService.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\windows\WLXPGSS.SCR
.
**************************************************************************
.
Celkový čas: 2012-10-16 16:25:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-16 14:25
ComboFix2.txt 2012-10-16 12:47
.
Před spuštěním: Volných bajtů: 322 630 184 960
Po spuštění: Volných bajtů: 322 963 193 856
.
- - End Of File - - 795734BBE8F1540EBDBDB7689D4DF7EC

Pokud nemate, tak presunte Combofix primo na disk c:\

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Folder::
  c:\programdata\{F0489EF2-D393-4114-85BA-A94D71D89543}
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "swg"=-
  "DAEMON Tools Lite"=-
  "ISUSPM"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  "DivXUpdate"=-
  "PCSuiteTrayApplication"=-
  "Adobe ARM"=-
  "UnlockerAssistant"=-
  "SunJavaUpdateSched"=-
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "Nokia.PCSync"=-
  
  Driver::
  gupdate
  gupdatem
  
  File::
  c:\windows\Tasks\Adobe Flash Player Updater.job
  c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  
  DDS::
  mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5t5521l45p
  mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5t5521l45p
  
  Firefox::
  FF - ProfilePath - c:\users\SMIDAK\AppData\Roaming\Mozilla\Firefox\Profiles\tv2surgf.default\
  FF - prefs.js: browser.search.selectedEngine - SearchAmong
  FF - prefs.js: network.proxy.type - 0
  
  RegNull::
  [HKEY_USERS\S-1-5-21-126478104-3603825382-1825792262-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
  
  RegLock::
  [HKEY_USERS\S-1-5-21-126478104-3603825382-1825792262-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
  [HKEY_USERS\S-1-5-21-126478104-3603825382-1825792262-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
  [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
  [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
  [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt tez primo na c:\
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

To nelze, protože PC mě evidentně odmítá uznat jako administrátora, takže tam nic zapsat nemohu. Momentálně je na ploše.

Tak jej nechte na plose jak je

ComboFix 12-10-16.02 - SMIDAK 16.10.2012 19:18:29.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.6079.4727 [GMT 2:00]
Spuštěný z: c:\users\SMIDAK\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\SMIDAK\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\{F0489EF2-D393-4114-85BA-A94D71D89543}
c:\programdata\{F0489EF2-D393-4114-85BA-A94D71D89543}\rdsinfo.dat
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-16 do 2012-10-16 )))))))))))))))))))))))))))))))
.
.
2012-10-16 17:23 . 2012-10-16 17:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-16 17:23 . 2012-10-16 17:23 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-10-16 14:25 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3A8792E2-2FBD-4D27-8755-5A82D608FD73}\mpengine.dll
2012-10-16 13:33 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-16 09:52 . 2012-10-16 13:32 -------- d-----w- C:\UsbFix
2012-10-15 12:34 . 2012-10-16 13:32 -------- d-----w- c:\program files\trend micro
2012-10-15 12:34 . 2012-10-15 12:34 -------- d-----w- C:\rsit
2012-10-15 12:22 . 2012-10-15 12:22 -------- d-----w- C:\Temp
2012-10-15 12:21 . 2012-10-15 12:21 -------- d-----w- c:\users\SMIDAK\AppData\Local\Philips-Songbird
2012-10-15 12:21 . 2012-10-15 12:21 -------- d-----w- c:\users\SMIDAK\AppData\Roaming\Philips-Songbird
2012-10-15 12:19 . 2011-07-15 11:35 15664 ----a-w- c:\windows\SysWow64\drivers\GEARAspiWDM.sys
2012-10-15 12:19 . 2011-07-15 11:35 109360 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-10-15 12:19 . 2012-10-15 12:19 -------- d-----w- c:\program files (x86)\Philips
2012-10-14 17:40 . 2012-10-14 17:40 -------- d-----w- c:\program files (x86)\Drakensang Online
2012-10-14 12:16 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-14 12:16 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-14 12:15 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-14 12:15 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-14 12:14 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-14 12:14 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-14 12:14 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-14 12:14 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-14 12:14 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-14 12:14 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-09 10:36 . 2012-10-09 10:42 -------- d-----w- c:\users\SMIDAK\AppData\Local\Ubisoft Game Launcher
2012-10-09 10:36 . 2012-10-09 10:55 -------- d-----w- c:\users\SMIDAK\AppData\Roaming\Might & Magic Heroes VI
2012-10-09 09:22 . 2012-10-09 09:22 -------- d-----w- c:\program files (x86)\Ubisoft
2012-10-07 09:30 . 2012-09-28 17:00 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{09BD8459-793C-4F34-8F26-A635EDC74C46}\gapaengine.dll
2012-10-02 15:11 . 1998-06-25 22:00 644400 ----a-w- c:\windows\SysWow64\Mscomct2.ocx
2012-09-30 12:09 . 2012-09-30 12:11 -------- d-----w- c:\program files (x86)\VIO Player
2012-09-30 12:09 . 2012-09-30 12:09 -------- d-----w- c:\users\SMIDAK\AppData\Local\Shopping Sidekick
2012-09-30 12:09 . 2012-09-30 12:09 -------- d-----w- c:\program files (x86)\Shopping Sidekick
2012-09-26 07:35 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-15 11:03 . 2011-05-31 14:49 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-14 12:40 . 2012-04-02 07:17 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-14 12:40 . 2011-05-21 12:43 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-28 17:00 . 2011-05-21 12:40 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-05 14:11 . 2012-09-05 14:11 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-05 14:11 . 2011-12-18 17:49 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-05 13:58 . 2012-09-05 13:59 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-05 13:58 . 2012-09-05 13:59 289768 ----a-w- c:\windows\system32\javaws.exe
2012-09-05 13:58 . 2012-09-05 13:59 189416 ----a-w- c:\windows\system32\javaw.exe
2012-09-05 13:58 . 2012-09-05 13:59 188904 ----a-w- c:\windows\system32\java.exe
2012-09-05 13:58 . 2012-09-05 13:59 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-05 13:58 . 2012-09-05 13:59 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-30 20:03 . 2012-08-30 20:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2010-10-24 19:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-24 14:49 . 2011-12-18 17:49 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-22 18:12 . 2012-09-12 09:32 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 09:32 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 09:32 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 09:32 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-14 12:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 09:32 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 09:32 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-07-18 18:15 . 2012-08-20 07:53 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110011501158}]
2012-09-27 13:17 612736 ----a-w- c:\program files (x86)\Shopping Sidekick\Shopping Sidekick.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-09 260608]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-02-25 1289296]
"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2010-03-01 124136]
"Philips Device Listener"="c:\program files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2011-06-27 380416]
.
c:\users\SMIDAK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Verbatim GREEN BUTTON.lnk - c:\šmíďák\Programy a prográmky\Verbatim GREEN BUTTON\GREEN BUTTON.exe [2011-8-12 442640]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-1-12 1082656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\šmíďák\Programy a prográmky\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-14 250808]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
R3 BTHprint;Třída tiskárny protokolu Bluetooth (Microsoft);c:\windows\system32\DRIVERS\bthprint.sys [2009-07-14 67072]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-14 53800]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-10 114144]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 nmwcdcjx64;Nokia USB Port;c:\windows\system32\drivers\nmwcdcjx64.sys [2007-02-22 17408]
R3 nmwcdcmx64;Nokia USB Modem;c:\windows\system32\drivers\nmwcdcmx64.sys [2007-02-22 17408]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\nmwcdcx64.sys [2007-02-22 12288]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\nmwcdx64.sys [2007-02-22 173056]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-20 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-08-03 834544]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-02-25 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-03-10 820768]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-09 250368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-02-05 171040]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-01-18 75304]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-02 10038304]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-02-02 877600]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-02-05 324608]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-02-05 222240]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [BU]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-13 206208]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-03-10 496160]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=aspire_5745g&r=273605119706l04d3z195t5521l45p
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=aspire_5745g&r=273605119706l04d3z195t5521l45p
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.20.100.1
FF - ProfilePath - c:\users\SMIDAK\AppData\Roaming\Mozilla\Firefox\Profiles\tv2surgf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - ExtSQL: 2012-09-05 10:09; 50470884556fc@5047088455735.info; c:\users\SMIDAK\AppData\Roaming\Mozilla\Firefox\Profiles\tv2surgf.default\extensions\50470884556fc@5047088455735.info.xpi
FF - ExtSQL: 2012-09-30 14:09; crossriderapp5058@crossrider.com; c:\users\SMIDAK\AppData\Roaming\Mozilla\Firefox\Profiles\tv2surgf.default\extensions\crossriderapp5058@crossrider.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
AddRemove-GooFer Patch - C:\UNWISE.EXE
AddRemove-Side 9 Screensaver - c:\windows\system32\Side 9 Screensaver.scr
AddRemove-_{63218538-4A69-497F-8455-904261B0E9E4} - c:\šmíďák\Programy a prográmky\Corel\Programs\MSILauncher {63218538-4A69-497F-8455-904261B0E9E4}
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Protexis\License Service\PSIService.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
**************************************************************************
.
Celkový čas: 2012-10-16 19:30:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-16 17:30
ComboFix2.txt 2012-10-16 14:25
ComboFix3.txt 2012-10-16 12:47
.
Před spuštěním: Volných bajtů: 322 686 365 696
Po spuštění: Volných bajtů: 322 796 666 880
.
- - End Of File - - 3BF34601A00CAC83CBBC1741CA939785