Adware:Win32/Hebogo

[FieryDuck]

Adware:Win32/Hebogo

Nevim co to je a kde sem to vzal a porad se toho nemuzu zbavit

odkazuje me to na tuhle stranku
http://www.microsoft.com/security/porta ... tid=125525


win7 64bit

prosim o kontrolu logu

Logfile of random's system information tool 1.09 (written by random/random)
Run by Pavilion at 2013-01-11 16:35:45
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 39 GB (14%) free of 289 GB
Total RAM: 3999 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:36:14, on 11.1.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\tostpop\tostpop.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\Pavilion\AppData\Roaming\OpenTab\Opentab.exe
C:\Program Files (x86)\HiSearch\HSSearch.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\SmartFind\SmartFindUpt.exe
C:\Users\Pavilion\AppData\Roaming\QuickZone2\qznewver.exe
C:\Program Files (x86)\SmartFind\SmartFindApp.exe
C:\Program Files (x86)\NateFinder\NateFinderUpt.exe
C:\Program Files (x86)\NateFinder\NateFinderApp.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\ProgramData\WindowsPurchaseHelper\windowsph.exe
C:\ProgramData\WindowsTab\windowstab.exe
C:\Users\Pavilion\AppData\Roaming\MicroLab\MyEngin\Common\MicroProProc.exe
C:\Users\Pavilion\AppData\Local\KS SOFT\kcvs.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\fireboan\fireboanmon.exe
C:\Program Files (x86)\privacyclick\privacyclickmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Pavilion.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQCON/6
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000. ... 0AA9E98E32}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQCON/6
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000. ... 0AA9E98E32}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: NateFinder - {002C79E6-265B-48F8-AFCD-63CFCCE273F8} - C:\PROGRA~2\NATEFI~1\NATEFI~1.DLL
O2 - BHO: (no name) - {01266880-8556-4AC8-8871-0D4BF461FA0F} - (no file)
O2 - BHO: (no name) - {024B69A8-FF19-4D63-A03D-6927828B82DE} - (no file)
O2 - BHO: SmartFind - {0FC295D4-DC13-4F8F-8634-6283EB3DC86F} - C:\PROGRA~2\SMARTF~1\SMARTF~1.DLL
O2 - BHO: CrossriderApp0002258 - {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: HSAdvCtrl Class - {A433374B-2F44-402B-AB7E-E58B4A09DF8A} - C:\Program Files (x86)\HiSearch\HSHelper.dll
O2 - BHO: IEQZoneCtrl Class - {BEA50D29-A4D4-49CD-81DE-A506F57363DC} - C:\Users\Pavilion\AppData\Roaming\QuickZone2\IEQZone.dll
O2 - BHO: żŔÇÂĹÇ - {DA742A73-CFA7-4DE2-BF28-1FC51CF214BC} - C:\Users\Pavilion\AppData\Roaming\OpenTab\OpenTab.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll
O3 - Toolbar: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll
O3 - Toolbar: ?????? - {BCE04A5B-2B7D-4F4B-BB8E-2A59611733DD} - C:\Program Files (x86)\Racl\RaclTB.dll
O3 - Toolbar: (no name) - {41ED1FD7-8C37-4806-AF9E-D5238A30E56F} - (no file)
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SmartFind] C:\Program Files (x86)\SmartFind\SmartFindUpt.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickZoneUD] C:\Users\Pavilion\AppData\Roaming\QuickZone2\QZUpdate.exe
O4 - HKLM\..\Run: [QZNewVer] C:\Users\Pavilion\AppData\Roaming\QuickZone2\qznewver.exe
O4 - HKLM\..\Run: [Racl] C:\Program Files (x86)\Racl\RaclSvc.exe
O4 - HKLM\..\Run: [cloudpop_.exe] C:\Program Files (x86)\cloudpop\cloudpop_.exe
O4 - HKLM\..\Run: [KeyPang] "C:\Program Files (x86)\KeyPang\keypang.exe"
O4 - HKLM\..\Run: [NateFinder] C:\Program Files (x86)\NateFinder\NateFinderUpt.exe
O4 - HKLM\..\Run: [tostpop.exe] C:\Program Files (x86)\tostpop\tostpop.exe
O4 - HKLM\..\Run: [tostpop_.exe] C:\Program Files (x86)\tostpop\tostpop_.exe
O4 - HKLM\..\Run: [KS Popup Ad] C:\Users\Pavilion\AppData\Local\KS SOFT\kcvs.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MicroLabProc] C:\Users\Pavilion\AppData\Roaming\MicroLab\MyEngin\Common\MicroProProc.exe -rMCtHRA
O4 - HKLM\..\Run: [MicroProProc] C:\Users\Pavilion\AppData\Roaming\MicroLab\MyEngin\Common\MicroProProc.exe -XriYm
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Opentab] C:\Users\Pavilion\AppData\Roaming\Opentab\Opentab.exe
O4 - HKCU\..\Run: [ShoppingBoxChecker] "C:\Program Files (x86)\ShoppingBox\ShoppingBoxChecker.exe" /run
O4 - HKCU\..\Run: [WindowsTab] "C:\ProgramData\WindowsTab\windowstabup.exe"
O4 - HKCU\..\Run: [WindowsPurchaseHelper] "C:\ProgramData\WindowsPurchaseHelper\windowsphup.exe"
O4 - HKCU\..\Run: [windowviewcon] "C:\ProgramData\windowviewcon\windowviewconup.exe"
O4 - HKCU\..\Run: [HiSch] C:\Program Files (x86)\HiSearch\HSSearch.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Pavilion\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [GuardSupport] C:\Users\Pavilion\AppData\Roaming\GuardSupport\GuardConvert.exe -XriYm
O4 - HKCU\..\Run: [MicroProCon] C:\Users\Pavilion\AppData\Roaming\MicroLab\MyEngin\Common\MicroProCon.exe -XriYm
O4 - HKCU\..\Run: [MicroLabCon] C:\Users\Pavilion\AppData\Roaming\MicroLab\MyEngin\Common\MicroProCon.exe -rMCtHRA
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: żÁĽÇ - {8605E9B4-68C1-4ED9-B282-74C1AA3C312E} - http://click.dotmap.co.kr/iclick/?a_id= ... id=auction (file missing) (HKCU)
O9 - Extra button: G¸¶ÄĎ - {D64A7743-7E62-4002-90EA-80E0671F9902} - http://click.dotmap.co.kr/iclick/?a_id= ... id=gmarket (file missing) (HKCU)
O9 - Extra button: 11ąř°ˇ - {FA214B13-1A9F-480B-B749-94A566FC59D9} - http://click.dotmap.co.kr/iclick/?a_id= ... &m_id=11st (file missing) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.infoscan.co.kr
O15 - Trusted Zone: *.kmcert.com
O15 - Trusted Zone: *.realscan.co.kr
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: barocn svc (barocn) - Unknown owner - C:\Program Files (x86)\barocn\barosvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: fireboan SERVICE (fireboan SVC) - Unknown owner - C:\Users\Pavilion\AppData\Roaming\fireboan\fireboansvc.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: privacyclick SERVICE (privacyclick SVC) - Unknown owner - C:\Users\Pavilion\AppData\Roaming\privacyclick\privacyclicksvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TCCheckAgent - Unknown owner - C:\Program Files (x86)\AdvTopC\TCCheckAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: wepop svc (wepop) - Unknown owner - C:\Program Files (x86)\wepop\wepsv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14605 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe"
"taskhost.exe"
taskeng.exe {D76043CA-A848-412D-AA7B-0AB785916549}
C:\Windows\SysWOW64\svchost.exe -k netsvcs
"C:\Program Files (x86)\tostpop\tostpop.exe"
"C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe"
"C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe"
"C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Pavilion\AppData\Roaming\OpenTab\Opentab.exe"
"C:\Program Files (x86)\HiSearch\HSSearch.exe"
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" -quickstart
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files (x86)\\OpenOffice.org 3\\program"
"C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
"C:\Program Files (x86)\SmartFind\SmartFindUpt.exe"
"C:\Users\Pavilion\AppData\Roaming\QuickZone2\qznewver.exe"
"C:\Program Files (x86)\SmartFind\SmartFindApp.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
"C:\Program Files (x86)\NateFinder\NateFinderUpt.exe"
"C:\Program Files (x86)\NateFinder\NateFinderApp.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe" -Embedding
"C:\ProgramData\WindowsPurchaseHelper\windowsph.exe" clickkorea_r
"C:\ProgramData\WindowsTab\windowstab.exe" comoff
C:\Users\Pavilion\AppData\Roaming\MicroLab\MyEngin\Common\MicroProProc.exe
"C:\ProgramData\windowviewcon\windowviewcon.exe" clickkorea_v
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Users\Pavilion\AppData\Local\KS SOFT\kcvs.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\fireboan\fireboanmon.exe"
"C:\Program Files (x86)\privacyclick\privacyclickmon.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\system32\sppsvc.exe
taskeng.exe {54C947B8-08A6-4839-AB16-6BE8F8FC5031}
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Users\Pavilion\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2427249020-676195603-2020848152-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2427249020-676195603-2020848152-1000UA.job
C:\Windows\tasks\HPCeeScheduleForPavilion.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Pavilion\AppData\Roaming\Mozilla\Firefox\Profiles\fte4yckd.default-1349757073024

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.146 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.9.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]
"Description"=WildTangent Games App Presence Detector Plugin
"Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.146 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
avg-secure-search.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Pavilion\AppData\Roaming\Mozilla\Firefox\Profiles\fte4yckd.default-1349757073024\extensions\
{ea614400-e918-4741-9a97-7a972ff7c30b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-26 49440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{002C79E6-265B-48F8-AFCD-63CFCCE273F8}]
NateFinder - C:\PROGRA~2\NATEFI~1\NATEFI~1.DLL [2012-05-02 492192]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01266880-8556-4AC8-8871-0D4BF461FA0F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{024B69A8-FF19-4D63-A03D-6927828B82DE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FC295D4-DC13-4F8F-8634-6283EB3DC86F}]
SmartFind - C:\PROGRA~2\SMARTF~1\SMARTF~1.DLL [2011-09-29 491032]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158}]
I Want This - C:\Program Files (x86)\I Want This\I Want This.dll [2012-06-12 488832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-12-16 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A433374B-2F44-402B-AB7E-E58B4A09DF8A}]
HSAdvCtrl Class - C:\Program Files (x86)\HiSearch\HSHelper.dll [2012-11-30 247880]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BEA50D29-A4D4-49CD-81DE-A506F57363DC}]
IEQZoneCtrl Class - C:\Users\Pavilion\AppData\Roaming\QuickZone2\IEQZone.dll [2012-02-21 350280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA742A73-CFA7-4DE2-BF28-1FC51CF214BC}]
żŔÇÂĹÇ - C:\Users\Pavilion\AppData\Roaming\OpenTab\OpenTab.dll [2012-07-09 250944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-12-16 155384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09 351136]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}]
FreeOnlineRadioPlayerRecorder Toolbar - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll [2010-06-13 2734688]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{f999a48b-1950-4d81-9971-79018f807b4b} - FreeOnlineRadioPlayerRecorder Toolbar - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll [2010-06-13 2734688]
{BCE04A5B-2B7D-4F4B-BB8E-2A59611733DD} - 잠김영역복사 - C:\Program Files (x86)\Racl\RaclTB.dll [2012-03-26 243760]
{41ED1FD7-8C37-4806-AF9E-D5238A30E56F}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-03-05 166424]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-03-05 391192]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-03-05 410648]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-02-06 2046760]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2010-01-30 6160928]
"RtkOSD"=C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [2010-01-13 995840]
"HP Quick Launch"=C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2010-01-18 451072]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2012-09-12 1289704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2010-02-22 2363392]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"Opentab"=C:\Users\Pavilion\AppData\Roaming\Opentab\Opentab.exe [2012-11-09 332352]
"ShoppingBoxChecker"=C:\Program Files (x86)\ShoppingBox\ShoppingBoxChecker.exe [2012-05-14 249856]
"WindowsTab"=C:\ProgramData\WindowsTab\windowstabup.exe [2012-12-13 226304]
"WindowsPurchaseHelper"=C:\ProgramData\WindowsPurchaseHelper\windowsphup.exe [2012-12-06 193024]
"windowviewcon"=C:\ProgramData\windowviewcon\windowviewconup.exe [2012-12-13 230912]
"HiSch"=C:\Program Files (x86)\HiSearch\HSSearch.exe [2012-11-30 119296]
"Google Update"=C:\Users\Pavilion\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-21 136176]
"GuardSupport"=C:\Users\Pavilion\AppData\Roaming\GuardSupport\GuardConvert.exe [2012-12-30 155248]
"MicroProCon"=C:\Users\Pavilion\AppData\Roaming\MicroLab\MyEngin\Common\MicroProCon.exe [2013-01-09 105944]
"MicroLabCon"=C:\Users\Pavilion\AppData\Roaming\MicroLab\MyEngin\Common\MicroProCon.exe [2013-01-09 105944]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Opentabhper]
C:\Users\Pavilion\AppData\Roaming\Opentab\Opentabhper.exe [2012-10-05 239680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Opentabup]
c:\users\pavilion\appdata\roaming\opentab\opentabup.exe [2012-10-05 754752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopSpace]
C:\Program Files (x86)\TopSpace\bin\TopSpaceHelper.exe UPDATE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wmapa]
C:\Program Files (x86)\wmapa\wmapa.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Easybits Recovery"=C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [2009-09-02 60464]
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
"WirelessAssistant"=C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2009-07-23 498744]
"SmartFind"=C:\Program Files (x86)\SmartFind\SmartFindUpt.exe [2011-09-29 529432]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]
"QuickZoneUD"=C:\Users\Pavilion\AppData\Roaming\QuickZone2\QZUpdate.exe [2012-02-21 291400]
"QZNewVer"=C:\Users\Pavilion\AppData\Roaming\QuickZone2\qznewver.exe [2012-02-21 137288]
"Racl"=C:\Program Files (x86)\Racl\RaclSvc.exe [2012-03-26 284208]
"cloudpop_.exe"=C:\Program Files (x86)\cloudpop\cloudpop_.exe [2012-05-05 536968]
"KeyPang"=C:\Program Files (x86)\KeyPang\keypang.exe [2012-04-25 215992]
"NateFinder"=C:\Program Files (x86)\NateFinder\NateFinderUpt.exe [2012-05-02 530592]
"tostpop.exe"=C:\Program Files (x86)\tostpop\tostpop.exe [2012-09-08 858504]
"tostpop_.exe"=C:\Program Files (x86)\tostpop\tostpop_.exe [2012-09-08 536968]
"KS Popup Ad"=C:\Users\Pavilion\AppData\Local\KS SOFT\kcvs.exe [2012-11-02 2004992]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"MicroLabProc"=C:\Users\Pavilion\AppData\Roaming\MicroLab\MyEngin\Common\MicroProProc.exe [2013-01-09 794072]
"MicroProProc"=C:\Users\Pavilion\AppData\Roaming\MicroLab\MyEngin\Common\MicroProProc.exe [2013-01-09 794072]

C:\Users\Pavilion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.4.1.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-03-05 269824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"=C:\Windows\SysWow64\EZUPBH~1.DLL [2010-05-08 52272]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-01-11 16:35:45 ----D---- C:\rsit
2013-01-11 16:35:45 ----D---- C:\Program Files\trend micro
2013-01-11 16:20:44 ----D---- C:\Program Files\CCleaner
2013-01-09 17:44:36 ----A---- C:\Windows\system32\taskhost.exe
2013-01-09 17:44:35 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2013-01-09 17:44:35 ----A---- C:\Windows\system32\win32spl.dll
2013-01-09 17:44:25 ----A---- C:\Windows\system32\msxml6.dll
2013-01-09 17:44:25 ----A---- C:\Windows\system32\msxml3.dll
2013-01-09 17:44:24 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2013-01-09 17:44:23 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2013-01-09 17:44:23 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2013-01-09 17:44:23 ----A---- C:\Windows\system32\ncrypt.dll
2013-01-09 17:44:22 ----A---- C:\Windows\SYSWOW64\usp10.dll
2013-01-09 17:44:22 ----A---- C:\Windows\system32\usp10.dll
2013-01-09 17:44:10 ----A---- C:\Windows\system32\Wpc.dll
2013-01-09 17:44:09 ----A---- C:\Windows\SYSWOW64\Wpc.dll
2013-01-09 17:44:09 ----A---- C:\Windows\SYSWOW64\gameux.dll
2013-01-09 17:44:09 ----A---- C:\Windows\system32\gameux.dll
2013-01-09 17:43:36 ----A---- C:\Windows\system32\KernelBase.dll
2013-01-09 17:43:35 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2013-01-09 17:43:35 ----A---- C:\Windows\system32\kernel32.dll
2013-01-09 17:43:33 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2013-01-09 17:43:33 ----A---- C:\Windows\system32\wow64win.dll
2013-01-09 17:43:33 ----A---- C:\Windows\system32\wow64cpu.dll
2013-01-09 17:43:33 ----A---- C:\Windows\system32\wow64.dll
2013-01-09 17:43:33 ----A---- C:\Windows\system32\winsrv.dll
2013-01-09 17:43:33 ----A---- C:\Windows\system32\conhost.exe
2013-01-09 17:43:32 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-01-09 17:43:32 ----A---- C:\Windows\SYSWOW64\wow32.dll
2013-01-09 17:43:32 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2013-01-09 17:43:32 ----A---- C:\Windows\system32\ntvdm64.dll
2013-01-09 17:43:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2013-01-09 17:43:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 17:43:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 17:43:31 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-01-09 17:43:31 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 17:43:31 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-01-09 17:43:31 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 17:43:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 17:43:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 17:43:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2013-01-09 17:43:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 17:43:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 17:43:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 17:43:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 17:43:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 17:43:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 17:43:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 17:43:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 17:43:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2013-01-09 17:43:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 17:43:30 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-01-09 17:43:30 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 17:43:30 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 17:43:30 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 17:43:30 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 17:43:30 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 17:43:30 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 17:43:30 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 17:43:30 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 17:43:30 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 17:43:30 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 17:43:30 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 17:43:30 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 17:43:30 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-01-09 17:43:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2013-01-09 17:43:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 17:43:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2013-01-09 17:43:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 17:43:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 17:43:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 17:43:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 17:43:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 17:43:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 17:43:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 17:43:29 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 17:43:29 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 17:43:29 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 17:43:29 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 17:43:29 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 17:43:29 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 17:43:29 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 17:43:26 ----A---- C:\Windows\SYSWOW64\setup16.exe
2013-01-09 17:43:26 ----A---- C:\Windows\SYSWOW64\instnm.exe
2013-01-09 17:43:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 17:43:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2013-01-09 17:43:25 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 17:43:25 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-01-09 17:43:24 ----A---- C:\Windows\SYSWOW64\user.exe
2013-01-09 17:43:12 ----A---- C:\Windows\system32\win32k.sys
2013-01-09 07:51:15 ----D---- C:\Users\Pavilion\AppData\Roaming\fireboan
2013-01-09 07:51:15 ----D---- C:\Program Files (x86)\fireboan
2013-01-09 07:51:06 ----D---- C:\Program Files (x86)\barocn
2013-01-09 07:50:36 ----D---- C:\Program Files (x86)\auxhazr
2013-01-07 07:24:43 ----D---- C:\Program Files (x86)\lgyuppg
2012-12-30 21:42:02 ----D---- C:\Users\Pavilion\AppData\Roaming\Media Player Classic
2012-12-30 18:44:57 ----D---- C:\Program Files (x86)\rhplinfqs
2012-12-21 10:53:48 ----D---- C:\Program Files (x86)\hhsrxmfrnqq
2012-12-21 10:48:41 ----D---- C:\Program Files (x86)\tkjexvdrz
2012-12-21 10:46:01 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2012-12-21 10:46:01 ----A---- C:\Windows\system32\atmlib.dll
2012-12-21 10:46:00 ----A---- C:\Windows\system32\atmfd.dll
2012-12-21 10:45:58 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2012-12-18 10:15:09 ----D---- C:\Users\Pavilion\AppData\Roaming\GuardSupport
2012-12-18 10:15:07 ----D---- C:\Users\Pavilion\AppData\Roaming\MicroLab
2012-12-18 09:52:42 ----D---- C:\Users\Pavilion\AppData\Roaming\privacyclick
2012-12-18 09:52:42 ----D---- C:\Program Files (x86)\privacyclick
2012-12-18 09:50:38 ----D---- C:\Program Files (x86)\dgcuhfvzi
2012-12-16 17:30:12 ----A---- C:\Windows\SYSWOW64\javaws.exe
2012-12-16 17:30:02 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2012-12-16 17:30:02 ----A---- C:\Windows\SYSWOW64\javaw.exe
2012-12-16 17:30:02 ----A---- C:\Windows\SYSWOW64\java.exe
2012-12-16 17:29:52 ----D---- C:\Program Files (x86)\Java
2012-12-16 14:10:19 ----A---- C:\Windows\SOF2.INI
2012-12-16 14:10:07 ----D---- C:\Program Files (x86)\Soldier of Fortune II - SP Demo
2012-12-16 11:08:55 ----D---- C:\Program Files (x86)\Codemasters
2012-12-16 09:31:23 ----D---- C:\Program Files (x86)\HiSearch
2012-12-16 09:30:32 ----D---- C:\Program Files (x86)\aaasgoxxz
2012-12-15 08:39:14 ----D---- C:\ProgramData\WindowsPurchaseHelper
2012-12-15 08:38:39 ----A---- C:\Windows\wepop.ini
2012-12-15 08:38:24 ----D---- C:\Program Files (x86)\wepop
2012-12-15 08:38:23 ----D---- C:\Program Files (x86)\nnlqabaur
2012-12-15 08:35:21 ----D---- C:\Program Files (x86)\Internet Explorer
2012-12-15 07:50:21 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-12-15 07:50:21 ----A---- C:\Windows\system32\mshtmled.dll
2012-12-15 07:50:20 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2012-12-15 07:50:19 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-12-15 07:50:19 ----A---- C:\Windows\system32\ieUnatt.exe
2012-12-15 07:50:19 ----A---- C:\Windows\system32\ieui.dll
2012-12-15 07:50:18 ----A---- C:\Windows\SYSWOW64\url.dll
2012-12-15 07:50:18 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-12-15 07:50:18 ----A---- C:\Windows\system32\url.dll
2012-12-15 07:50:17 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-12-15 07:50:17 ----A---- C:\Windows\system32\urlmon.dll
2012-12-15 07:50:16 ----A---- C:\Windows\system32\msfeeds.dll
2012-12-15 07:50:16 ----A---- C:\Windows\system32\jscript9.dll
2012-12-15 07:50:15 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-12-15 07:50:15 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2012-12-15 07:50:15 ----A---- C:\Windows\system32\wininet.dll
2012-12-15 07:50:14 ----A---- C:\Windows\system32\jsproxy.dll
2012-12-15 07:50:13 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-12-15 07:50:13 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-12-15 07:50:13 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-12-15 07:50:13 ----A---- C:\Windows\system32\vbscript.dll
2012-12-15 07:50:13 ----A---- C:\Windows\system32\jscript.dll
2012-12-15 07:50:13 ----A---- C:\Windows\system32\iertutil.dll
2012-12-15 07:50:12 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-12-15 07:50:09 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-12-15 07:50:08 ----A---- C:\Windows\system32\mshtml.dll
2012-12-15 07:50:07 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-12-15 07:50:07 ----A---- C:\Windows\system32\ieframe.dll
2012-12-14 21:58:21 ----A---- C:\Windows\SYSWOW64\tzres.dll
2012-12-14 21:58:21 ----A---- C:\Windows\system32\tzres.dll
2012-12-14 21:57:42 ----A---- C:\Windows\SYSWOW64\dpnet.dll
2012-12-14 21:57:42 ----A---- C:\Windows\system32\dpnet.dll

======List of files/folders modified in the last 1 month======

2013-01-11 16:35:56 ----D---- C:\Windows\Prefetch
2013-01-11 16:35:45 ----RD---- C:\Program Files
2013-01-11 16:35:25 ----D---- C:\Windows\Temp
2013-01-11 16:31:15 ----D---- C:\Windows
2013-01-11 16:31:04 ----D---- C:\Windows\inf
2013-01-11 16:26:51 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-01-11 16:24:55 ----D---- C:\Users\Pavilion\AppData\Roaming\Winamp
2013-01-11 16:24:55 ----D---- C:\Users\Pavilion\AppData\Roaming\Vso
2013-01-11 16:24:55 ----D---- C:\Users\Pavilion\AppData\Roaming\Skype
2013-01-11 16:24:55 ----D---- C:\ProgramData\Spybot - Search & Destroy
2013-01-11 16:24:47 ----D---- C:\Windows\Panther
2013-01-11 16:24:47 ----D---- C:\Windows\ModemLogs
2013-01-11 16:24:46 ----D---- C:\Windows\Minidump
2013-01-11 16:24:46 ----D---- C:\Windows\Logs
2013-01-11 16:24:46 ----D---- C:\Windows\debug
2013-01-11 16:20:48 ----D---- C:\Windows\system32\Tasks
2013-01-11 06:19:20 ----D---- C:\Windows\system32\config
2013-01-11 06:07:01 ----D---- C:\Windows\System32
2013-01-11 06:07:01 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-01-11 06:05:29 ----HD---- C:\ProgramData
2013-01-11 06:05:29 ----A---- C:\ProgramData\HPWALog.txt
2013-01-10 20:21:33 ----D---- C:\Program Files (x86)
2013-01-09 21:16:39 ----D---- C:\Windows\Microsoft.NET
2013-01-09 21:16:38 ----RSD---- C:\Windows\assembly
2013-01-09 20:34:27 ----D---- C:\Windows\SysWOW64
2013-01-09 20:34:25 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-01-09 18:13:46 ----D---- C:\Windows\winsxs
2013-01-09 18:11:06 ----D---- C:\Windows\SYSWOW64\it-IT
2013-01-09 18:11:06 ----D---- C:\Windows\SYSWOW64\cs-CZ
2013-01-09 18:11:05 ----D---- C:\Windows\system32\it-IT
2013-01-09 18:11:05 ----D---- C:\Windows\system32\cs-CZ
2013-01-09 18:11:04 ----D---- C:\Windows\AppPatch
2013-01-09 18:10:16 ----SHD---- C:\Windows\Installer
2013-01-09 18:02:02 ----A---- C:\Windows\system32\MRT.exe
2013-01-09 18:00:05 ----SHD---- C:\System Volume Information
2013-01-09 17:43:07 ----D---- C:\Windows\system32\catroot
2013-01-09 17:43:01 ----D---- C:\Windows\system32\catroot2
2013-01-04 15:56:14 ----D---- C:\Windows\system32\NDF
2013-01-04 14:09:20 ----A---- C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-01-03 19:11:52 ----D---- C:\Program Files (x86)\Counter-Strike 1.6 Standalone
2013-01-03 18:15:15 ----D---- C:\Program Files (x86)\PokerStars
2013-01-01 14:55:53 ----D---- C:\Users\Pavilion\AppData\Roaming\vlc
2012-12-31 10:25:13 ----D---- C:\Program Files (x86)\OpenOffice.org 3
2012-12-31 10:25:09 ----SD---- C:\Users\Pavilion\AppData\Roaming\Microsoft
2012-12-31 10:24:43 ----RSD---- C:\Windows\Fonts
2012-12-31 10:21:47 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-12-30 19:10:56 ----D---- C:\Windows\Tasks
2012-12-24 20:37:24 ----D---- C:\Users\Pavilion\AppData\Roaming\temp
2012-12-21 10:52:07 ----D---- C:\Windows\system32\drivers
2012-12-18 10:37:21 ----D---- C:\Users\Pavilion\AppData\Roaming\Power Sound Editor Free
2012-12-16 17:30:24 ----D---- C:\Program Files (x86)\Common Files
2012-12-16 17:29:53 ----A---- C:\Windows\SYSWOW64\npdeployJava1.dll
2012-12-16 17:29:53 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2012-12-16 11:08:54 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-12-16 09:56:42 ----D---- C:\Users\Pavilion\AppData\Roaming\OpenTab
2012-12-15 08:39:46 ----D---- C:\ProgramData\windowviewcon
2012-12-15 08:38:31 ----D---- C:\ProgramData\WindowsTab
2012-12-15 08:35:21 ----D---- C:\Windows\SYSWOW64\migration
2012-12-15 08:35:21 ----D---- C:\Windows\system32\migration
2012-12-15 08:35:21 ----D---- C:\Program Files\Internet Explorer
2012-12-14 23:15:09 ----D---- C:\Program Files (x86)\adhelp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-10-13 409624]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2012-08-30 228768]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 eusk2par;Aladdin SmartKey Parallel Driver; \??\C:\Windows\system32\Drivers\eusk2par-amd64.sys [2008-12-18 32336]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aksdf;aksdf; C:\Windows\system32\DRIVERS\aksdf.sys [2006-12-13 65024]
R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2006-12-04 314368]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2012-11-04 42696]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-03-05 10300800]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-01-29 2260256]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2010-03-05 144896]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-11-28 295424]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver; C:\Windows\system32\DRIVERS\rtl8192se.sys [2010-01-20 1088544]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-02-06 316464]
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2012-11-07 303616]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
S3 athr;Driver di dispositivo LAN wireless estendibile Atheros; C:\Windows\system32\DRIVERS\athrx.sys [2009-06-20 1394688]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 CpqDfw;Compaq Dfw; C:\Windows\system32\drivers\CpqDfw.sys []
S3 iscFlash;iscFlash; \??\C:\Users\Pavilion\AppData\Local\Temp\7zS334F.tmp\iscflashx64.sys []
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-09-23 225280]
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R2 HPWMISVC;HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-02-22 73728]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-09-12 22072]
R2 PanService;PandoraService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-06-22 625816]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-07-06 247152]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2012-08-10 1001376]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
S2 aaasgoxxz;aaasgoxxz; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 aeyeswbdgr;aeyeswbdgr; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 aqidgsnuqzk;aqidgsnuqzk; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 auxhazr;auxhazr; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 barocn;barocn svc; C:\Program Files (x86)\barocn\barosvc.exe [2012-12-24 98382]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 dgcuhfvzi;dgcuhfvzi; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 fireboan SVC;fireboan SERVICE; C:\Users\Pavilion\AppData\Roaming\fireboan\fireboansvc.exe [2012-12-14 20480]
S2 fubptmfwy;fubptmfwy; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-23 116648]
S2 hhsrxmfrnqq;hhsrxmfrnqq; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 lgyuppg;lgyuppg; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 nnlqabaur;nnlqabaur; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 pewggddnktz;pewggddnktz; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 privacyclick SVC;privacyclick SERVICE; C:\Users\Pavilion\AppData\Roaming\privacyclick\privacyclicksvc.exe [2012-11-28 20480]
S2 rhplinfqs;rhplinfqs; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 roeuawwdq;roeuawwdq; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 sbodgldqw;sbodgldqw; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 sgaxxeqawxp;sgaxxeqawxp; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
S2 TCCheckAgent;TCCheckAgent; C:\Program Files (x86)\AdvTopC\TCCheckAgent.exe []
S2 tkjexvdrz;tkjexvdrz; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 uiwowthqxb;uiwowthqxb; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 wepop;wepop svc; C:\Program Files (x86)\wepop\wepsv.exe [2012-11-23 98416]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-09 251400]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-23 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-12-01 115168]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-05-27 1255736]

-----------------EOF-----------------

[Márty84]

Zdravim

Nejprve dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=105895 , jak je psano v pravidlech fora

[FieryDuck]

prihodil jsem log z rsit.dekuji

[Márty84]

Jezkovy voci To je vas pc? Co jste tam smarja delal? To poradate pro havet mejdan? Je tam toho hromada. Doufam, ze mate zalohovana data


Tak nejprve zkusime MBAM

Restratujte pc do nouzoveho rezimu a vnem udelejte !!!uplnou!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

[FieryDuck]

Už to běží.mmnt

[Márty84]

Jasne

[FieryDuck]

Bude tam toho asi míň. Odinstaloval jsem nepotřebné a je to znát.Jak to zkontroluje hned to sem hodím.A jo je to můj PC. Kde jsem to vzal nevím ale parchanti něco stahovali,hry atd

[FieryDuck]

Tak už to je

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.70.0.1100
www.malwarebytes.org

Verze: v2013.01.11.09

Windows 7 Service Pack 1 x64 FAT32 (Nouzový režim)
Internet Explorer 9.0.8112.16421
Pavilion :: FIERYDUCK [administrátor]

Ochrana: Zakázána

11.1.2013 20:14:37
MBAM-log-2013-01-11 (21-02-29).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 418196
Uplynulý čas: 47 minut, 32 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 8
HKCR\CLSID\{DA742A73-CFA7-4DE2-BF28-1FC51CF214BC} (PUP.K.OpenTab) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DA742A73-CFA7-4DE2-BF28-1FC51CF214BC} (PUP.K.OpenTab) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA742A73-CFA7-4DE2-BF28-1FC51CF214BC} (PUP.K.OpenTab) -> Nebyla provedena žádná instrukce.
HKCR\Typelib\{4B8F8239-3D1D-4177-8168-FB0FBC61C9C8} (PUP.KorAd) -> Nebyla provedena žádná instrukce.
HKCR\Interface\{AF2DC23A-2592-432A-886C-D3960367F9B3} (PUP.KorAd) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{41ED1FD7-8C37-4806-AF9E-D5238A30E56F} (PUP.K.Speller) -> Data: -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{41ED1FD7-8C37-4806-AF9E-D5238A30E56F} (PUP.K.Speller) -> Data: -> Nebyla provedena žádná instrukce.
HKCU\Software\InstalledBrowserExtensions\215 Apps|2258 (PUP.CrossFire.SA) -> Data: I Want This -> Nebyla provedena žádná instrukce.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
C:\Users\Pavilion\AppData\Roaming\OpenTab\OpenTab.dll (PUP.K.OpenTab) -> Nebyla provedena žádná instrukce.

(konec)

[Márty84]

Nalezy nechte odstranit. Pokud se to podari, MBAM zase odinstalujte.



Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[FieryDuck]

ok mmnt

[FieryDuck]

ComboFix 13-01-11.02 - Pavilion 11.01.2013 21:30:38.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3999.2190 [GMT 1:00]
Spuštěný z: c:\users\Pavilion\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\aaasgoxxz
c:\program files (x86)\aeyeswbdgr\aeyeswbdgr.dll
c:\program files (x86)\aqidgsnuqzk
c:\program files (x86)\auxhazr\auxhazr.dll
c:\program files (x86)\barocn
c:\program files (x86)\barocn\uninst.exe
c:\program files (x86)\cloudpop
c:\program files (x86)\lgyuppg\lgyuppg.dll
c:\program files (x86)\NateFinder
c:\program files (x86)\pewggddnktz\pewggddnktz.dll
c:\program files (x86)\Racl
c:\program files (x86)\rhplinfqs\rhplinfqs.dll
c:\program files (x86)\sbodgldqw\sbodgldqw.dll
c:\program files (x86)\ShoppingBox
c:\program files (x86)\ShoppingBox\ShoppingBox.exe
c:\program files (x86)\ShoppingBox\ShoppingBoxChecker.exe
c:\program files (x86)\ShoppingBox\ShoppingBoxUninst.exe
c:\program files (x86)\ShoppingBox\ShoppingBoxUpdater.exe
c:\program files (x86)\SmartFind
c:\program files (x86)\top mysidebar
c:\program files (x86)\tostpop
c:\programdata\WindowsPurchaseHelper
c:\programdata\WindowsPurchaseHelper\uninst.exe
c:\programdata\WindowsPurchaseHelper\windowsph.exe
c:\programdata\WindowsPurchaseHelper\windowsphup.exe
c:\users\Pavilion\AppData\Roaming\FileDoumi
c:\users\Pavilion\AppData\Roaming\MicroLab
c:\users\Pavilion\AppData\Roaming\Microsoft\Windows\Templates\inst_run_s40014.exe
c:\users\Pavilion\AppData\Roaming\MSBV4
c:\users\Pavilion\AppData\Roaming\MSBV5
c:\users\Pavilion\AppData\Roaming\OpenTab
c:\users\Pavilion\AppData\Roaming\OpenTab\catedomain.dt
c:\users\Pavilion\AppData\Roaming\OpenTab\category.dat
c:\users\Pavilion\AppData\Roaming\OpenTab\category.dt
c:\users\Pavilion\AppData\Roaming\OpenTab\domainmatch.dat
c:\users\Pavilion\AppData\Roaming\OpenTab\except.dat
c:\users\Pavilion\AppData\Roaming\OpenTab\hka.dll
c:\users\Pavilion\AppData\Roaming\OpenTab\mainsite.dat
c:\users\Pavilion\AppData\Roaming\OpenTab\OpenTabg.dt
c:\users\Pavilion\AppData\Roaming\OpenTab\opentabhper.exe
c:\users\Pavilion\AppData\Roaming\OpenTab\Opentabch.exe
c:\users\Pavilion\AppData\Roaming\OpenTab\OpenTabUninstall.exe
c:\users\Pavilion\AppData\Roaming\OpenTab\opentabup.exe
c:\users\Pavilion\AppData\Roaming\OpenTab\sitedepth1.dat
c:\users\Pavilion\AppData\Roaming\OpenTab\vd.dat
c:\users\Pavilion\AppData\Roaming\QuickZone2
c:\users\Pavilion\AppData\Roaming\QuickZone2\qzcat.qzd
c:\users\Pavilion\AppData\Roaming\QuickZone2\QZoneRemove.exe
c:\users\Pavilion\AppData\Roaming\QuickZone2\recentpath.qzd
c:\users\Pavilion\AppData\Roaming\Temp\FreeListenSetup.exe
c:\users\Pavilion\AppData\Roaming\Temp\prime_prime77.exe
c:\users\Pavilion\AppData\Roaming\Temp\WindowsTabSetup_comoff.exe
c:\users\Pavilion\AppData\Roaming\Temp\WVCSetup_ck.exe
c:\users\Pavilion\AppData\Roaming\vso_ts_preview.xml
c:\users\Pavilion\AppData\Roaming\winggo
c:\users\Pavilion\AppData\Roaming\winggo\sm12029.dat
c:\users\Pavilion\AppData\Roaming\winggo\smlist.dat
c:\windows\11st.ico
c:\windows\auction.ico
c:\windows\FreeListenDownLoader.exe
c:\windows\gmarket.ico
c:\windows\gsshop.ico
c:\windows\lotte.ico
c:\windows\url_icon.ico
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_aeyeswbdgr
-------\Service_auxhazr
-------\Service_lgyuppg
-------\Service_pewggddnktz
-------\Service_rhplinfqs
-------\Service_sbodgldqw
-------\Service_aaasgoxxz
-------\Service_aqidgsnuqzk
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-11 do 2013-01-11 )))))))))))))))))))))))))))))))
.
.
2013-01-11 20:57 . 2013-01-11 20:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-11 19:01 . 2013-01-11 19:01 0 ----a-w- c:\windows\SysWow64\FAPEB1E.tmp
2013-01-11 19:01 . 2013-01-11 19:01 0 ----a-w- c:\windows\SysWow64\FAPEA70.tmp
2013-01-11 19:01 . 2013-01-11 19:01 0 ----a-w- c:\windows\SysWow64\FAPE965.tmp
2013-01-11 19:01 . 2013-01-11 19:01 0 ----a-w- c:\windows\SysWow64\FAPE80C.tmp
2013-01-11 19:00 . 2013-01-11 19:00 0 ----a-w- c:\windows\SysWow64\FAPB057.tmp
2013-01-11 19:00 . 2013-01-11 19:00 0 ----a-w- c:\windows\SysWow64\FAPB007.tmp
2013-01-11 19:00 . 2013-01-11 19:00 0 ----a-w- c:\windows\SysWow64\FAPAF98.tmp
2013-01-11 19:00 . 2013-01-11 19:00 0 ----a-w- c:\windows\SysWow64\FAPAF67.tmp
2013-01-11 19:00 . 2013-01-11 19:00 0 ----a-w- c:\windows\SysWow64\FAPADFE.tmp
2013-01-11 19:00 . 2013-01-11 19:00 0 ----a-w- c:\windows\SysWow64\FAPACF3.tmp
2013-01-11 18:58 . 2013-01-11 18:58 0 ----a-w- c:\windows\SysWow64\FAP65C4.tmp
2013-01-11 18:58 . 2013-01-11 18:58 0 ----a-w- c:\windows\SysWow64\FAP641D.tmp
2013-01-11 18:50 . 2013-01-11 18:50 -------- d-----w- c:\program files (x86)\Common Files\muvee Technologies
2013-01-11 18:23 . 2013-01-11 18:48 -------- d-----w- c:\programdata\muvee Technologies
2013-01-11 18:23 . 2013-01-11 18:51 -------- d-----w- c:\users\Pavilion\AppData\Roaming\muvee Technologies
2013-01-11 18:05 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5C83C67A-CE0D-4301-8200-368904708E7D}\mpengine.dll
2013-01-11 16:38 . 2013-01-11 16:38 -------- d-----w- c:\program files (x86)\VS Revo Group
2013-01-11 16:17 . 2013-01-11 16:17 -------- d-----w- c:\users\Pavilion\AppData\Roaming\Malwarebytes
2013-01-11 16:17 . 2013-01-11 16:17 -------- d-----w- c:\programdata\Malwarebytes
2013-01-11 16:17 . 2013-01-11 16:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-11 16:17 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-11 16:17 . 2013-01-11 16:17 -------- d-----w- c:\users\Pavilion\AppData\Local\Programs
2013-01-11 15:58 . 2013-01-11 16:07 -------- d-----w- c:\program files (x86)\Screamer Radio
2013-01-11 15:35 . 2013-01-11 15:36 -------- d-----w- C:\rsit
2013-01-11 15:35 . 2013-01-11 15:36 -------- d-----w- c:\program files\trend micro
2013-01-11 15:20 . 2013-01-11 15:20 -------- d-----w- c:\program files\CCleaner
2013-01-10 17:17 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-09 16:43 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-09 06:50 . 2013-01-11 20:39 -------- d-----w- c:\program files (x86)\auxhazr
2013-01-07 06:24 . 2013-01-11 20:39 -------- d-----w- c:\program files (x86)\lgyuppg
2012-12-30 20:42 . 2013-01-11 15:24 -------- d-----w- c:\users\Pavilion\AppData\Roaming\Media Player Classic
2012-12-30 17:44 . 2013-01-11 20:39 -------- d-----w- c:\program files (x86)\rhplinfqs
2012-12-21 09:53 . 2013-01-11 17:52 -------- d-----w- c:\program files (x86)\hhsrxmfrnqq
2012-12-21 09:48 . 2013-01-11 17:52 -------- d-----w- c:\program files (x86)\tkjexvdrz
2012-12-21 09:46 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 09:46 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 09:46 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 09:45 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-18 08:50 . 2013-01-11 17:52 -------- d-----w- c:\program files (x86)\dgcuhfvzi
2012-12-16 16:30 . 2012-12-16 16:30 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-12-16 16:30 . 2012-12-16 16:29 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-16 16:29 . 2012-12-16 16:29 -------- d-----w- c:\program files (x86)\Java
2012-12-16 13:10 . 2012-12-16 13:10 -------- d-----w- c:\program files (x86)\Soldier of Fortune II - SP Demo
2012-12-16 13:09 . 2001-06-19 17:53 266293 ----a-w- c:\windows\SysWow64\temp.001
2012-12-16 13:08 . 2001-06-19 17:53 266293 ----a-w- c:\windows\SysWow64\temp.000
2012-12-16 10:08 . 2012-12-16 10:08 -------- d-----w- c:\program files (x86)\Codemasters
2012-12-16 10:07 . 2004-07-15 23:20 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2012-12-16 10:07 . 2004-07-15 23:20 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2012-12-16 10:07 . 2004-07-15 23:19 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2012-12-16 10:07 . 2004-07-15 23:18 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2012-12-16 10:07 . 2004-07-15 23:18 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2012-12-16 10:07 . 2012-12-16 10:07 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2012-12-16 10:07 . 2012-12-16 10:07 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2012-12-15 07:38 . 2013-01-11 17:52 -------- d-----w- c:\program files (x86)\nnlqabaur
2012-12-14 20:58 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-14 20:58 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-14 20:57 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-14 20:57 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 19:34 . 2012-04-08 07:20 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 19:34 . 2011-05-26 09:44 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 17:02 . 2011-08-16 18:46 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-16 16:29 . 2012-08-16 18:04 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-12-16 16:29 . 2011-05-26 09:45 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-30 04:45 . 2013-01-09 16:43 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-28 05:12 . 2012-11-28 05:13 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EBC4D022-A24B-4D2E-9804-1D40DC3C5D83}\gapaengine.dll
2012-11-07 16:58 . 2012-11-03 22:36 303616 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-11-04 13:29 . 2012-11-03 22:36 42696 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-10-16 08:38 . 2012-11-28 15:43 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 15:43 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 15:43 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Pavilion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dgcuhfvzi;dgcuhfvzi;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 fubptmfwy;fubptmfwy;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 hhsrxmfrnqq;hhsrxmfrnqq;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 nnlqabaur;nnlqabaur;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 roeuawwdq;roeuawwdq;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 sgaxxeqawxp;sgaxxeqawxp;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R2 tkjexvdrz;tkjexvdrz;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 uiwowthqxb;uiwowthqxb;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 iscFlash;iscFlash;c:\users\Pavilion\AppData\Local\Temp\7zS334F.tmp\iscflashx64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-27 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 eusk2par;Aladdin SmartKey Parallel Driver;c:\windows\system32\Drivers\eusk2par-amd64.sys [2008-12-18 32336]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys [2006-12-13 65024]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-05 144896]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-28 295424]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-01-20 1088544]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
aqidgsnuqzk
sgaxxeqawxp
fubptmfwy
sbodgldqw
aeyeswbdgr
pewggddnktz
roeuawwdq
uiwowthqxb
nnlqabaur
aaasgoxxz
dgcuhfvzi
tkjexvdrz
hhsrxmfrnqq
rhplinfqs
lgyuppg
auxhazr
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 09:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-01-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 19:34]
.
2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-23 08:14]
.
2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-23 08:14]
.
2013-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2427249020-676195603-2020848152-1000Core.job
- c:\users\Pavilion\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-21 09:59]
.
2013-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2427249020-676195603-2020848152-1000UA.job
- c:\users\Pavilion\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-21 09:59]
.
2013-01-07 c:\windows\Tasks\HPCeeScheduleForPavilion.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-05 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-05 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-05 410648]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-01-29 6160928]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-13 995840]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10005&barid={F3E36216-0E30-11E2-8D84-C80AA9E98E32}
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10005&barid={F3E36216-0E30-11E2-8D84-C80AA9E98E32}
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: infoscan.co.kr
Trusted Zone: kmcert.com
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: realscan.co.kr
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Pavilion\AppData\Roaming\Mozilla\Firefox\Profiles\fte4yckd.default-1349757073024\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-ShoppingBoxChecker - c:\program files (x86)\ShoppingBox\ShoppingBoxChecker.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-Opentab - c:\users\Pavilion\AppData\Roaming\Opentab\Opentabuninstall.exe
AddRemove-QuickZone - c:\users\Pavilion\AppData\Roaming\QuickZone2\QZoneRemove.exe
AddRemove-ShoppingBox - c:\program files (x86)\ShoppingBox\ShoppingBoxUninst.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
AddRemove-WindowsPurchaseHelper - c:\programdata\WindowsPurchaseHelper\uninst.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Celkový čas: 2013-01-11 22:17:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-01-11 21:17
.
Před spuštěním: Volných bajtů: 41 274 834 944
Po spuštění: Volných bajtů: 40 488 902 656
.
- - End Of File - - 080C2B2414CC4B9019999DA7176A2ACF

[Márty84]

Opet najedte do nouzoveho rezimu.
Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

File::
c:\windows\SysWow64\FAPEB1E.tmp
c:\windows\SysWow64\FAPEA70.tmp
c:\windows\SysWow64\FAPE965.tmp
c:\windows\SysWow64\FAPE80C.tmp
c:\windows\SysWow64\FAPB057.tmp
c:\windows\SysWow64\FAPB007.tmp
c:\windows\SysWow64\FAPAF98.tmp
c:\windows\SysWow64\FAPAF67.tmp
c:\windows\SysWow64\FAPADFE.tmp
c:\windows\SysWow64\FAPACF3.tmp
c:\windows\SysWow64\FAP65C4.tmp
c:\windows\SysWow64\FAP641D.tmp
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2427249020-676195603-2020848152-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2427249020-676195603-2020848152-1000UA.job
c:\windows\Tasks\HPCeeScheduleForPavilion.job

Folder::
c:\program files (x86)\auxhazr
c:\program files (x86)\lgyuppg
c:\program files (x86)\rhplinfqs
c:\program files (x86)\hhsrxmfrnqq
c:\program files (x86)\tkjexvdrz
c:\program files (x86)\dgcuhfvzi
c:\program files (x86)\nnlqabaur

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=-
"Adobe ARM"=-
"SunJavaUpdateSched"=-

dds::
uStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10005&barid={F3E36216-0E30-11E2-8D84-C80AA9E98E32}
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10005&barid={F3E36216-0E30-11E2-8D84-C80AA9E98E32}
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: infoscan.co.kr
Trusted Zone: kmcert.com
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: realscan.co.kr
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Driver::
aqidgsnuqzk
sgaxxeqawxp
fubptmfwy
sbodgldqw
aeyeswbdgr
pewggddnktz
roeuawwdq
uiwowthqxb
nnlqabaur
aaasgoxxz
dgcuhfvzi
tkjexvdrz
hhsrxmfrnqq
rhplinfqs
lgyuppg
auxhazr
SkypeUpdate

NetSvc64::
aqidgsnuqzk
sgaxxeqawxp
fubptmfwy
sbodgldqw
aeyeswbdgr
pewggddnktz
roeuawwdq
uiwowthqxb
nnlqabaur
aaasgoxxz
dgcuhfvzi
tkjexvdrz
hhsrxmfrnqq
rhplinfqs
lgyuppg
auxhazr

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[FieryDuck]

tady je log a pro dnesek koncim.ozvu se. dik


ComboFix 13-01-11.02 - Pavilion 11.01.2013 23:53:44.2.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3999.3064 [GMT 1:00]
Spuštěný z: c:\users\Pavilion\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Pavilion\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\SysWow64\FAP641D.tmp"
"c:\windows\SysWow64\FAP65C4.tmp"
"c:\windows\SysWow64\FAPACF3.tmp"
"c:\windows\SysWow64\FAPADFE.tmp"
"c:\windows\SysWow64\FAPAF67.tmp"
"c:\windows\SysWow64\FAPAF98.tmp"
"c:\windows\SysWow64\FAPB007.tmp"
"c:\windows\SysWow64\FAPB057.tmp"
"c:\windows\SysWow64\FAPE80C.tmp"
"c:\windows\SysWow64\FAPE965.tmp"
"c:\windows\SysWow64\FAPEA70.tmp"
"c:\windows\SysWow64\FAPEB1E.tmp"
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2427249020-676195603-2020848152-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2427249020-676195603-2020848152-1000UA.job"
"c:\windows\Tasks\HPCeeScheduleForPavilion.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\auxhazr
c:\program files (x86)\dgcuhfvzi
c:\program files (x86)\hhsrxmfrnqq
c:\program files (x86)\lgyuppg
c:\program files (x86)\nnlqabaur
c:\program files (x86)\rhplinfqs
c:\program files (x86)\tkjexvdrz
c:\windows\SysWow64\FAP641D.tmp
c:\windows\SysWow64\FAP65C4.tmp
c:\windows\SysWow64\FAPACF3.tmp
c:\windows\SysWow64\FAPADFE.tmp
c:\windows\SysWow64\FAPAF67.tmp
c:\windows\SysWow64\FAPAF98.tmp
c:\windows\SysWow64\FAPB007.tmp
c:\windows\SysWow64\FAPB057.tmp
c:\windows\SysWow64\FAPE80C.tmp
c:\windows\SysWow64\FAPE965.tmp
c:\windows\SysWow64\FAPEA70.tmp
c:\windows\SysWow64\FAPEB1E.tmp
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2427249020-676195603-2020848152-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2427249020-676195603-2020848152-1000UA.job
c:\windows\Tasks\HPCeeScheduleForPavilion.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_dgcuhfvzi
-------\Service_fubptmfwy
-------\Service_hhsrxmfrnqq
-------\Service_nnlqabaur
-------\Service_roeuawwdq
-------\Service_sgaxxeqawxp
-------\Service_SkypeUpdate
-------\Service_tkjexvdrz
-------\Service_uiwowthqxb
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-11 do 2013-01-11 )))))))))))))))))))))))))))))))
.
.
2013-01-11 22:58 . 2013-01-11 22:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-11 22:17 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5AEA7560-CAB1-42A2-A077-3B9355821855}\mpengine.dll
2013-01-11 18:50 . 2013-01-11 18:50 -------- d-----w- c:\program files (x86)\Common Files\muvee Technologies
2013-01-11 18:23 . 2013-01-11 18:48 -------- d-----w- c:\programdata\muvee Technologies
2013-01-11 18:23 . 2013-01-11 18:51 -------- d-----w- c:\users\Pavilion\AppData\Roaming\muvee Technologies
2013-01-11 16:38 . 2013-01-11 16:38 -------- d-----w- c:\program files (x86)\VS Revo Group
2013-01-11 16:17 . 2013-01-11 16:17 -------- d-----w- c:\users\Pavilion\AppData\Roaming\Malwarebytes
2013-01-11 16:17 . 2013-01-11 16:17 -------- d-----w- c:\programdata\Malwarebytes
2013-01-11 16:17 . 2013-01-11 16:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-11 16:17 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-11 16:17 . 2013-01-11 16:17 -------- d-----w- c:\users\Pavilion\AppData\Local\Programs
2013-01-11 15:58 . 2013-01-11 16:07 -------- d-----w- c:\program files (x86)\Screamer Radio
2013-01-11 15:35 . 2013-01-11 15:36 -------- d-----w- C:\rsit
2013-01-11 15:35 . 2013-01-11 15:36 -------- d-----w- c:\program files\trend micro
2013-01-11 15:20 . 2013-01-11 15:20 -------- d-----w- c:\program files\CCleaner
2013-01-10 17:17 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-09 16:43 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-12-30 20:42 . 2013-01-11 15:24 -------- d-----w- c:\users\Pavilion\AppData\Roaming\Media Player Classic
2012-12-21 09:46 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 09:46 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 09:46 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 09:45 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 16:30 . 2012-12-16 16:30 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-12-16 16:30 . 2012-12-16 16:29 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-16 16:29 . 2012-12-16 16:29 -------- d-----w- c:\program files (x86)\Java
2012-12-16 13:10 . 2012-12-16 13:10 -------- d-----w- c:\program files (x86)\Soldier of Fortune II - SP Demo
2012-12-16 13:09 . 2001-06-19 17:53 266293 ----a-w- c:\windows\SysWow64\temp.001
2012-12-16 13:08 . 2001-06-19 17:53 266293 ----a-w- c:\windows\SysWow64\temp.000
2012-12-16 10:08 . 2012-12-16 10:08 -------- d-----w- c:\program files (x86)\Codemasters
2012-12-16 10:07 . 2004-07-15 23:20 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2012-12-16 10:07 . 2004-07-15 23:20 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2012-12-16 10:07 . 2004-07-15 23:19 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2012-12-16 10:07 . 2004-07-15 23:18 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2012-12-16 10:07 . 2004-07-15 23:18 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2012-12-16 10:07 . 2012-12-16 10:07 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2012-12-16 10:07 . 2012-12-16 10:07 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2012-12-14 20:58 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-14 20:58 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-14 20:57 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-14 20:57 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 19:34 . 2012-04-08 07:20 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 19:34 . 2011-05-26 09:44 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 17:02 . 2011-08-16 18:46 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-16 16:29 . 2012-08-16 18:04 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-12-16 16:29 . 2011-05-26 09:45 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-30 04:45 . 2013-01-09 16:43 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-28 05:12 . 2012-11-28 05:13 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EBC4D022-A24B-4D2E-9804-1D40DC3C5D83}\gapaengine.dll
2012-11-07 16:58 . 2012-11-03 22:36 303616 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-11-04 13:29 . 2012-11-03 22:36 42696 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-10-16 08:38 . 2012-11-28 15:43 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 15:43 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 15:43 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
.
c:\users\Pavilion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 iscFlash;iscFlash;c:\users\Pavilion\AppData\Local\Temp\7zS334F.tmp\iscflashx64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-27 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 eusk2par;Aladdin SmartKey Parallel Driver;c:\windows\system32\Drivers\eusk2par-amd64.sys [2008-12-18 32336]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys [2006-12-13 65024]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-05 144896]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-28 295424]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-01-20 1088544]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 09:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-05 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-05 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-05 410648]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-01-29 6160928]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-13 995840]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10005&barid={F3E36216-0E30-11E2-8D84-C80AA9E98E32}
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Pavilion\AppData\Roaming\Mozilla\Firefox\Profiles\fte4yckd.default-1349757073024\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-Opentab - c:\users\Pavilion\AppData\Roaming\Opentab\Opentabuninstall.exe
AddRemove-QuickZone - c:\users\Pavilion\AppData\Roaming\QuickZone2\QZoneRemove.exe
AddRemove-ShoppingBox - c:\program files (x86)\ShoppingBox\ShoppingBoxUninst.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
**************************************************************************
.
Celkový čas: 2013-01-12 00:04:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-01-11 23:04
ComboFix2.txt 2013-01-11 21:18
.
Před spuštěním: Volných bajtů: 40 596 660 224
Po spuštění: Volných bajtů: 40 519 426 048
.
- - End Of File - - 1E0AE6BF60A23B32DFACCBEC3AF93ABE

[Márty84]

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Search a program zacne pracovat.
Az skonci, vyplivne na vas log (pokud ne, najdete ho zde C:\AdwCleaner[R?].txt ), ten mi sem zkopirujte.


Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu, kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte

[FieryDuck]

tady je dalsi log


RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Pavilion [Práva správce]
Mód : Kontrola -- Datum : 01/12/2013 11:47:16

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 8 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> NALEZENO
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJ] HKLM\[...]\System : EnableLUA (0) -> NALEZENO
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST9320423AS +++++
--- User ---
[MBR] b7b5082aecb05314c2f317cb9076f8fa
[BSP] fb57ed3beece0ef5038d2596e6d3d6cb : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 289327 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 592951296 | Size: 15614 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1]_S_01122013_02d1147.txt >>
RKreport[1]_S_01122013_02d1147.txt